We collect only what we need to make the app work: your email, password (hashed, not stored in plain text), and the family data you put into the app. We don't sell your data. We don't advertise to you. We take special care with kids' information because this is a family app. You can delete your account and data at any time by emailing [email protected].
Vital XP (“we,” “us,” “our,” or “the Service”) is operated by Gabrielle McIntosh, a sole proprietor doing business as Vital XP, based in Tennessee, USA. You can reach us at [email protected].
This Privacy Policy explains what information we collect when you use vitalxp.app, app.vitalxp.app, or any related services (collectively, “the Service”), how we use it, and the choices you have.
When you create a Vital XP account, we collect:
Inside your account, you create profiles (for yourself, partners, and children). For each profile we store:
When you purchase a Vital XP subscription or lifetime membership, payment is processed by Stripe. We do NOT store your credit card number, CVC, or full billing details on our servers. We store only:
See Section 11 for more on Stripe.
When you submit feedback through the app's "Founding Family Feedback" form, we store your feedback text, the email address associated with your account, and basic profile context (e.g., your current age tier).
Like most websites, we automatically collect limited technical data:
This is processed by our infrastructure provider Cloudflare. We don't use third-party trackers, ad pixels, Google Analytics, or Meta/Facebook pixels.
We use your information only to:
We do not: sell your personal data, rent it, share it with advertisers, or use it to build advertising profiles.
We share information only with the small number of service providers required to operate Vital XP:
Each of these providers is bound by their own privacy and security commitments. We share only what's necessary for each provider to do its job.
We may also disclose information if required by law (e.g., subpoena, court order) or if necessary to protect rights, safety, or property.
Vital XP is designed for families and includes age tiers for children. Accounts are created and controlled by parents, not by children directly.
We do not knowingly collect personal information directly from children under 13 without verifiable parental consent. When a parent creates a child profile within their Vital XP account, the parent:
Children cannot create their own accounts in Vital XP. They can only log in to profiles a parent has set up. We do not ask children for any contact information, we do not communicate directly with children, and we do not display third-party advertising in the app.
If you believe a child has provided us with personal information without parental consent, please email [email protected] and we will investigate and delete the information promptly.
Your data is stored primarily on Cloudflare's global network, including their D1 database (SQLite) and Workers compute platform. Cloudflare replicates data across regions for reliability.
On your device, the Vital XP app stores:
Uninstalling the app or clearing your browser data will remove these local copies. Your cloud data remains until you delete your account.
We take reasonable steps to protect your data:
No system is 100% secure. If we ever become aware of a security incident that affects your data, we will notify you promptly in accordance with applicable law.
Depending on where you live, you may have the right to:
To exercise any of these rights, email [email protected]. We'll respond within 30 days. We may need to verify your identity before acting on a request.
You can also export your family's data anytime from within the app (Settings → Family Admin → "💾 Export All Data").
California residents: You have specific rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know, delete, correct, and opt out of sales (we don't sell data). Contact us to exercise these rights.
EU/UK residents: If you are in the European Economic Area or United Kingdom, we process data under the legal bases of contract performance, legitimate interests, and/or consent. You have rights under the GDPR/UK GDPR, including the right to lodge a complaint with a supervisory authority.
Vital XP uses browser localStorage (not HTTP cookies in the traditional sense) to keep you logged in and cache your family's data for speed and offline use. We do not use third-party tracking cookies, advertising cookies, or social-media cookies.
You can clear localStorage at any time through your browser settings. Doing so will log you out of the Vital XP app.
All payments are processed by Stripe, Inc.. When you click a payment button, you're sent to Stripe's secure checkout page. Stripe handles your credit card, billing address, and tax information directly; we never see your full card number.
Stripe may use cookies and collect additional data in accordance with its own privacy policy: stripe.com/privacy.
After a successful payment, Stripe notifies our system via a cryptographically signed webhook. We store only a subscription reference, not payment details.
Vital XP is operated from the United States. If you access the Service from outside the U.S., your data will be transferred to and stored on servers in the U.S. and other regions where Cloudflare and our providers operate. By using the Service, you consent to this transfer.
We may update this Privacy Policy occasionally. When we make material changes, we'll notify you by email and/or by a prominent notice in the app before the changes take effect. The "Effective Date" at the top of this page will reflect the latest revision.
Questions, concerns, or requests? Email [email protected]. We aim to respond within 2 business days, and within 30 days at the absolute latest for formal data requests.
Operator: Gabrielle McIntosh, doing business as Vital XP
Jurisdiction: Tennessee, USA
Contact: [email protected]
A mailing address is available upon request for formal legal notices.