Legal
Privacy Policy
We built Vibimine around a simple principle: your health data belongs to you. This policy explains, in plain language, what we collect, why, and the choices you have.
Last updated:
Information we collect
We collect information in three ways: information you give us, information collected automatically, and information from service partners.
- Information you provide account details (name, email, date of birth), health intake responses, messages you send to your care team, and diagnostic results processed on your behalf.
- Collected automatically device and browser information, IP address, pages visited, and interaction events. Analytics collection only occurs with your consent (see Cookie Policy).
- From partners laboratory partners that process your at-home diagnostic kits, and identity-verification providers where required for clinical care.
How we use information
We use personal information to:
- Deliver the service process diagnostics, generate insights, and connect you with licensed clinicians.
- Operate and secure the platform, including fraud prevention and abuse detection.
- Communicate with you about your care, your account, and with consent product updates.
- Improve the product using aggregated, consent-based analytics.
- Comply with legal obligations that apply to healthcare services.
We do not sell your personal information, and we never use your health information for advertising.
Analytics
With your consent, we use Google Analytics, PostHog, and Microsoft Clarity to understand how the site is used. Analytics data is aggregated and used only to improve the product. We implement Google Consent Mode v2, which means no analytics identifiers are stored unless you grant analytics consent. Health information from your account is never shared with analytics providers.
AI features
Some features use AI models to generate insights from your health data for example, explaining results or drafting suggestions that a licensed clinician reviews before they reach your care plan. AI outputs affecting your care are always reviewed by a clinician; AI never makes medical decisions alone.
- Your health data is processed by AI providers only to deliver the feature you are using never to train their general-purpose models without your explicit consent.
- We share the minimum data needed for each request and require confidentiality and security commitments from AI providers.
- AI interactions may be logged for safety review and quality assurance, retained under the schedule in Data retention.
Advertising
With your consent, we use advertising tags (Google Ads, Meta, LinkedIn, Reddit, TikTok) to measure marketing campaigns and reach people who may benefit from our programs. Without marketing consent, none of these tags load and no advertising identifiers are stored. Advertising is based only on your visit to our marketing pages never on your health data, intake answers, or results.
Payment processing
Payments are handled by a PCI-DSS-compliant payment processor. We never see or store your full card number; we retain only the transaction record needed for billing, refunds, and accounting.
Account information
You can review and update your account information at any time from your settings. You may request account deletion; we will delete your data except where healthcare record-keeping laws require retention (see Data retention below).
Security
We protect your information with encryption in transit and at rest, role-based access controls, audit logging, and continuous monitoring. Our practices are described in detail on the Security page. No system is perfectly secure; if a breach affects your data we will notify you as required by law.
Data retention
We keep personal information only as long as needed for the purposes described here. Medical records are retained for the period required by applicable medical record-keeping laws, which varies by state. Analytics data is retained per each provider's configured retention window.
International transfers
Our services are hosted in the United States. If you access the service from outside the U.S., your information will be transferred to and processed in the U.S. Where required, we rely on appropriate transfer safeguards.
Children
The service is intended for adults 18 and over. We do not knowingly collect information from children under 13 (or the higher age required by local law). If you believe a child has provided us information, contact us and we will delete it.
Your rights
Depending on where you live, you may have the right to:
- Access a copy of the personal information we hold about you.
- Correct inaccurate information.
- Delete your information (subject to medical record-keeping requirements).
- Opt out of analytics and marketing at any time via the preferences center.
- Not be discriminated against for exercising any of these rights.
To exercise a right, email privacy@vibimine.example. We will verify your identity and respond within the timeframe required by applicable law.
Contact us
Vibimine Health, Inc.
[Registered business address pending legal review]
privacy@vibimine.example
