Vital Logger Privacy Policy

Who We Are

This policy applies to Vital Logger, the Vital Logger mobile app, and the Vital Logger API at https://vital-logger.sirjhep.dev. For privacy questions, deletion requests, or data requests, contact contact@sirjhep.dev.

Data We Collect

Device-only mode

If you use Vital Logger without signing in, your vital logs, notes, optional OCR scan photos, health profile, reports, reminders, theme preferences, and recent-list preferences are stored on your device. Health logs and profile details use app-owned local storage, and session tokens use OS-backed secure storage where available. Vital Logger does not send local-only health data to our API unless you later sign in and choose cloud backup.

Account data

If you create an account, we collect your name, email address, password credentials stored as a salted hash, email verification state, password reset state, and authentication records needed to keep you signed in.

Optional cloud backup data

If you sign in and turn on cloud backup, we process the health data needed to provide backup, restore, and sync features. This can include vital measurements, timestamps, units, notes, optional OCR scan photo attachments, health reference profile fields such as date of birth, sex used for health references, height, generated reports, and sync metadata.

Transactional email data

We use email to verify accounts and reset passwords. These messages include your email address and a verification or reset link.

Support and crash-report data

If you contact support or choose to send an app error report, the dedicated support service may collect the information you submit, such as email address, name, ticket text, optional screenshots, app version, platform, device details you provide, error message, stack trace, and limited diagnostic context. Please avoid including sensitive health details in support messages or screenshots unless needed to solve the issue.

Technical data

When you use the API or privacy page, service infrastructure may process request metadata such as IP address, user agent, request path, timestamps, and error logs. We use this data to operate, secure, debug, and monitor the service.

How We Use Data

• Provide vital logging, local history, calendar views, reports, reminders, and profile-based reference cues.
• Create and secure accounts, verify email addresses, reset passwords, and maintain sessions.
• Back up and sync health data only when you choose cloud backup.
• Respond to support tickets, troubleshoot reported bugs, and improve app stability when you choose to send diagnostics.
• Detect, prevent, and investigate abuse, fraud, service errors, and security issues.
• Comply with legal obligations and enforce applicable terms.

Sharing And Service Providers

We do not sell your health data. We do not use health data for advertising. We use service providers only to operate Vital Logger:

• Cloudflare hosts the Worker API, support Worker, D1 databases, Workers KV namespaces, R2 buckets, and related infrastructure.
• Resend sends transactional email such as verification and password reset messages.
• Payment or app-store providers may process purchases if ad-free upgrades are added later. Those providers should not receive your vital measurements from Vital Logger.
• Legal or safety disclosures may happen if required by law, to protect rights and safety, or to respond to valid legal process.

If ads are added later, the app will provide a dedicated ad space and the privacy policy will be updated before release. Health data should not be used to target ads.

Your Choices And Controls

• Use this device only: You can use the app without an account. Your health logs stay local to the device.
• Cloud backup toggle: Signed-in users can turn cloud backup on or off in Settings > Privacy & Backup.
• Crash report preference: You can choose whether Vital Logger asks before sending diagnostic reports, sends them automatically, or never sends them.
• Clear Recent Measurements: Clearing Recent hides dashboard rows only. It does not delete the underlying log entries.
• Delete cloud health data: Signed-in users can delete backed-up vitals, reports, and profile health details while keeping local device data.
• Local deletion: You can remove local app data by deleting entries in the app, clearing the app's storage, or uninstalling the app from your device.

Support And Diagnostics

Support tickets can be submitted from the app or at https://support.vital-logger.sirjhep.dev. You may submit a ticket by providing an email address so we can reply. Ticket threads use a private access token; keep that token confidential.

Crash and error reports are optional. Vital Logger can ask before sending a diagnostic report, send reports automatically if you choose that setting, or never send them. Reports are used only for troubleshooting and product quality, not advertising.

Deletion And Retention

Local-only health data remains on your device until you delete it, clear app storage, or uninstall the app. Cloud-backed health data remains in the service until you delete individual entries, delete cloud health data, or request account deletion.

To delete your account in the app, go to Settings > Privacy & Backup > Delete account. If you no longer have app access, use the account deletion page at https://vital-logger.sirjhep.dev/delete-account or email contact@sirjhep.dev from the email address on your account. We will delete or de-identify account data unless we need to retain limited information for security, fraud prevention, legal compliance, dispute resolution, or service integrity.

Password reset tokens and email verification tokens are designed to expire and are stored as hashes. Operational logs are kept only as long as reasonably needed for security, debugging, and service operations.

Security

Vital Logger uses HTTPS, password hashing, email verification, short-lived reset tokens, JWT sessions with rotating signing keys, authenticated image attachment delivery, OS-backed secure token storage where available, and Cloudflare platform controls. No method of storage or transmission is perfect, but we design the service to limit cloud collection to the features you choose.

Children And Other People's Data

Vital Logger is not directed to children under 13. Some users may record measurements for a child, dependent, or family member. If you enter someone else's information, you are responsible for having the right to do so and for choosing whether it stays local or is backed up to your account.

Changes To This Policy

We may update this policy as Vital Logger changes. The updated page will show a new "Last updated" date. Material changes should be reflected before new data practices are used.

Contact

Email contact@sirjhep.dev for privacy questions, data access requests, deletion requests, or concerns about this policy.