Vitu CareCircle Privacy Policy

Vitu Health B.V. explains exactly how CareCircle collects, uses, stores, and protects personal data so you and your care circle stay informed and empowered at every step.

Contact privacy support

Privacy at a glance

These highlights give you a human-friendly overview of how CareCircle protects personal data. Dive into the full sections below for legally complete details covering every step of the data lifecycle.

Privacy promises

What always stays true

Your data is yours. We do not sell personal data and we never use it for advertising or marketing.
Health data stays private. Health, activity, and location data are collected only with your explicit consent and shared only with your chosen care circle.
EU-first by design. EU user data is stored and processed on EU-based servers.
No hidden monetisation. CareCircle is subscription-based, not data-driven.
You stay in control. You can access, download, restrict, or delete your data at any time.

What we collect

Personal data that powers CareCircle

We collect account, profile, health, activity, technical, and location data only when it is necessary to deliver the services you request.

Sensitive categories (health, activity, precise location) require explicit consent and can be disabled anytime.
Third-party device data is limited to the metrics you choose to sync.

How it is used

Safety, reliability, and support

Personal data enables safety alerts, visualization for your care circle, subscription management, diagnostics, and regulatory compliance—not advertising.

We never sell or share data for behavioral advertising.
Technical data helps keep apps, wearables, and services secure and stable.

Sharing & partners

Private by default

Data is visible only to the care circle members you invite plus vetted processors such as hosting, Shopify commerce, and customer support vendors operating under GDPR-ready agreements.

Emergency disclosures occur only when legally required or to prevent serious harm.
EU data stays in EU data centers with safeguards for any limited international access.

Your choices

Powerful self-serve controls

Access, download, restrict, delete, or port your information from the app or by emailing support@vitu.health.

Most requests are fulfilled directly in settings; the team responds to escalations promptly.
We honor legal retention requirements but otherwise delete data once it is no longer needed.

Self-serve tools

Key privacy controls

Privacy dashboard: Manage health, activity, and location sharing with a tap--including revoking device permissions or disabling specific sensors.
Data download: Request an export of your account data, including activity history, SOS events, location records, and synced health metrics.
Deletion & restriction: Delete specific data, close your account, or restrict certain processing while maintaining essential safety functionality.
Questions & complaints: Contact the Vitu Health privacy team at support@vitu.health. You also have the right to lodge a complaint with your local data protection authority.

1. Who we are

Vitu Health B.V. is the data controller

Vitu Health B.V. controls the personal data processed through CareCircle. We oversee compliance with EU privacy laws and respond to every privacy question directly.

Registered address: Groen van Prinstererstraat 98-3, Amsterdam, 1051ER, The Netherlands.
Contact: support@vitu.health for privacy requests, questions, or appeals.

2. Scope

Where this policy applies

This Policy covers the CareCircle mobile apps (iOS and Android), connected wearable devices, vitu.health websites, backend systems, and any customer support interaction tied to these experiences.

Use this Policy together with our Terms of Service for the full contractual picture.
Regional supplements may apply when local laws provide extra protections.

3. Personal data we collect

Only what is required to provide CareCircle

We collect personal data that lets us create accounts, deliver safety insights, and keep systems reliable.

3.1 Information you provide

Account information: name, email, phone number, username, and password.
Profile information: optional photos or other context you choose to share.

3.2 Data collected when you use the services

Activity data: steps, movement, falls, and time at home.
Health data: heart rate, resting heart rate, blood pressure, blood oxygen, blood glucose, body temperature, weight.
Location data: GPS or LBS data needed for safety features.
Device permissions: Bluetooth for wearables, notifications for alerts, and motion sensors for falls.

Health and location data start flowing only after you actively enable them, and you can switch them off at any time.

3.3 Connected devices and integrations

If you connect third-party sensors (for example, blood pressure cuffs or glucose meters) we collect only the readings you choose to sync.

Synced health data is never sold or used for advertising.
We rely on it solely to provide CareCircle features.

3.4 Payments

Orders and subscriptions run through Shopify, our secure payment provider. Vitu Health does not store full payment card numbers.

3.5 Technical and diagnostic data

We collect device model, OS version, crash logs, IP address, and anonymized usage statistics to maintain security, reliability, and performance. Cookies or local storage help keep you signed in.

4. How we use personal data

Focused on core services

We use personal data to deliver the functionality you expect—never for advertising or monetization schemes.

Create and manage accounts, subscriptions, and customer support.
Provide health, activity, and safety experiences including SOS, falls, and care circle visualization.
Maintain security, prevent fraud, localize content, and meet legal obligations.

5. Legal bases for processing (GDPR)

Why we are allowed to process your data

We rely on specific legal bases depending on the processing activity.

Performance of a contract: to deliver the services you subscribe to.
Explicit consent (GDPR Art. 9): for health, activity, and precise location data.
Legal obligation: for records such as accounting and tax.
Legitimate interests: limited technical processing that keeps systems secure and reliable.

You may withdraw consent at any time through app settings. Withdrawal does not impact lawful processing completed before withdrawal.

7. Data location & transfers

EU-first infrastructure

EU user data stays on EU-based servers by default. When global service providers need limited access from outside the EU/EEA, we implement GDPR Chapter V safeguards.

Standard Contractual Clauses or equivalent mechanisms govern international access.
No data transfers occur for advertising or monetization.

8. Data retention

We keep data only as long as needed

Retention periods vary by data type and legal obligations.

Account data: kept until you delete your account.
Health, activity, and location data: deleted when you remove it or close your account.
Technical logs: stored for limited periods (typically 30-90 days) for diagnostics and security.
After deletion, remaining copies are erased within a reasonable timeframe unless law requires longer retention.

9. Your privacy rights (EU)

You stay in control

You can exercise privacy rights directly in the app or by contacting support@vitu.health.

Access, correct, or delete your personal data.
Restrict or object to certain processing.
Withdraw consent at any time.
Receive a portable copy of your data.
Lodge a complaint with your supervisory authority.

10. Security

Technical and organizational safeguards

We apply layered protections to keep personal data safe.

Encryption in transit and at rest.
Strict access controls and logging.
Secure infrastructure reviews and penetration tests.

11. Changes to this policy

Staying transparent about updates

We may update this Policy from time to time. Material changes will be communicated clearly before they take effect.

Continuing to use the services after an update means you accept the new terms.

12. Contact Vitu Health

Talk to our privacy team

Reach our privacy team if you need help completing a request, suspect unauthorized access, or have questions about this Policy. We respond within the timelines required by your jurisdiction.

Email: support@vitu.health
Mail: Vitu Health B.V., Groen van Prinstererstraat 98-3, Amsterdam, 1051ER, The Netherlands

EU/UK residents may also contact their local supervisory authority if they are unsatisfied with our response.

Effective January 1, 2026