Privacy Policy

Effective date: January 29, 2026

Introduction

Vially ("we", "our", "the App") is a health tracking application for iOS. This Privacy Policy explains what data we collect, how we use it, and the choices you have. We built Vially with a simple principle: your health data belongs to you.

By downloading or using Vially, you agree to this Privacy Policy. If you do not agree, please do not use the App.

Where This Policy Applies

This policy covers the Vially iOS application available on the Apple App Store and the Vially website at vially.app. Different features may handle data differently — we explain each below.

What We Collect (and Why)

Vially is designed to minimize data collection. Here is a complete breakdown of the data involved when you use the App:

Health & Medication Data

This includes medication logs, injection records, dose schedules, weight entries, body measurements, side effect logs, mood tracking, and lab results. All of this data is stored locally on your device using an encrypted SQLite database. We never have access to it, and it never leaves your phone unless you explicitly initiate a backup or export.

Apple Health Integration

If you enable Apple Health sync, Vially reads and writes weight data directly between the App and Apple Health on your device. This data transfer is entirely local — it does not pass through any external server. You can enable or disable this at any time in the App's settings.

AI Lab Scanning (Vially Pro)

Vially Pro's lab scanning feature processes photos of your blood work to extract biomarker values. When you use this feature, images may be sent to a secure third-party AI processing API (Google Gemini). Images are processed in real-time and are not stored on any server after processing is complete. No health data from scanned results is transmitted — only the image itself during processing.

Subscription & Purchase Data

Vially uses RevenueCat to manage Pro subscriptions. RevenueCat receives:

• An anonymous app user ID (not linked to your identity)
• Purchase transaction data from Apple
• Subscription status and entitlement information

RevenueCat does not receive any of your health data. All purchase processing is handled by Apple's App Store.

Device & Usage Information

Vially does not include any third-party analytics, advertising, or behavioral tracking SDKs. We do not collect device identifiers, IP addresses, location data, or usage analytics.

Website

The Vially website (vially.app) is a static site. We do not use cookies, analytics trackers, or any form of user tracking on our website.

Where & How We Store Your Data

Data Type	Storage Location	Encryption
Health & medication data	On-device (SQLite)	iOS Data Protection
App settings & preferences	On-device (MMKV)	iOS Data Protection
Sensitive credentials	On-device (Keychain)	Secure Enclave
Subscription status	RevenueCat servers	Encrypted in transit & at rest

How Long We Keep Your Data

Since your health data is stored on your device, it persists as long as you have the App installed. If you delete the App, all local data is permanently removed. Subscription records at RevenueCat follow their data retention policy.

What We Don't Collect

To be completely clear, we never collect:

• Personal health information or medication data
• Weight, body measurements, or lab results
• Names, email addresses, or account credentials (there are no accounts)
• Usage analytics or behavioral data
• Location data
• Device identifiers for tracking purposes
• Advertising identifiers

Who We Share Data With

We do not sell, rent, or trade any user data. The only third parties involved are:

Service	Purpose	Data Shared
Apple (App Store)	Payment processing	Purchase transactions
RevenueCat	Subscription management	Anonymous user ID, subscription status
Google Gemini API	Lab result scanning (Pro)	Lab photo (processed in real-time, not stored)

Your Privacy Rights

Because your data lives on your device, you have full control at all times:

• Access: All your data is visible in the App at any time.
• Export: You can export your data from within the App.
• Delete: Delete individual records in the App, or delete the App entirely to remove all data.
• Apple Health: Manage Apple Health permissions in your device's Settings > Privacy & Security > Health.

If you are located in the EU (GDPR), California (CCPA), or any jurisdiction with data protection laws, your rights are respected by default because we do not collect or store your personal data on our servers.

iCloud Backup

If you use iCloud backup on your iOS device, your Vially data may be included in your device-level backup. This is managed by Apple's iCloud service and encrypted according to Apple's security standards. Vially does not operate its own cloud sync service.

Notifications

Dose reminders and notifications are scheduled locally on your device using iOS notification APIs. No notification data is sent to external servers.

Children's Privacy

Vially is not intended for use by children under 17. We do not knowingly collect information from children. If you believe a child has used the App, please contact us.

International Data Transfers

Since health data stays on your device, no international transfers of personal health data occur. Subscription data processed by RevenueCat may be stored in the United States, subject to RevenueCat's privacy practices and applicable safeguards.

Changes to This Policy

We may update this policy to reflect changes in the App or legal requirements. Updates will be posted on this page with a revised effective date. Since we don't collect email addresses, we encourage you to review this page periodically.

Contact Us

If you have questions about this privacy policy, contact us at [email protected].