Skip to content

Privacy Policy

VitalCausality — Personal Health Diary Last updated: February 18, 2026

1. Introduction

VitalCausality ("we," "our," or "the App") is a personal health diary application developed by FortyTwo Apps that helps you log health-related events, track biometric data, and identify patterns through AI-assisted analysis. This Privacy Policy explains how we collect, use, store, and protect your information.

2. Data We Collect

2.1 Health Logs (User-Provided)

  • Text entries describing health events, symptoms, meals, activities, and observations
  • Images attached to log entries (e.g., scanned documents, food photos)
  • Common items you save for reference (medications, supplements, routines)
  • Routine actions you configure for recurring health events

2.2 Biometric Data (via Health Connect)

When you grant permission, the App reads the following categories from Android Health Connect (read-only): - Activity (steps, exercise sessions, distance) - Body measurements (weight, height, body fat) - Body temperature - Cycle tracking - Nutrition - Sleep - Vitals (heart rate, blood pressure, blood oxygen, respiratory rate) - Wellness data

We never write data to Health Connect. You can revoke Health Connect permissions at any time.

2.3 Account Information

  • Email address and display name (via Firebase Authentication with Google Sign-In)
  • Firebase user identifier (UID)

Account sign-in is optional and only required for Premium subscription features (cloud backup, remote AI processing).

2.4 Profile Information

  • Name, date of birth, biological sex (for medical context)
  • Medical conditions, allergies, medications, family health history
  • All profile data is stored locally on your device and is optional

2.5 Usage Analytics and Crash Reports

  • Anonymous usage statistics collected via Firebase Analytics
  • Crash logs and diagnostics collected via Firebase Crashlytics
  • These help us identify bugs and improve the App. They do not contain your health data.
  • You can disable crash reporting in the App's Settings.

2.6 Advertising Data

  • For users on the Free and Basic subscription tiers, the App displays banner advertisements via Google AdMob
  • AdMob may collect device advertising identifiers and ad interaction data
  • No personalized health-related advertising is displayed
  • Premium subscribers see no advertisements

2.7 Purchase Information

  • If you subscribe to Basic or Premium tiers, Google Play Billing processes the transaction
  • We receive a purchase token and subscription status from Google Play — we do not see or store your payment method details (credit card, etc.)
  • A hashed (SHA-256) version of your Firebase UID is attached to purchases for fraud prevention

3. How We Store Your Data

3.1 Local Storage

  • All health logs, events, and personal data are stored on your device in an encrypted database (SQLCipher with AES-256 encryption)
  • The encryption key is generated on your device, protected by the Android Keystore system, and never leaves your device
  • Attached images are stored in the App's private storage directory, inaccessible to other apps
  • Subscription tier status is cached locally in encrypted storage (EncryptedSharedPreferences)

3.2 Cloud Backups (Premium Only)

  • If you enable cloud backup, encrypted copies of your data are stored in Firebase Storage at the path users/{your-uid}/backups/
  • Backups are initiated only by you (manually or via a schedule you configure)
  • You can delete cloud backups at any time from the Settings screen

4. AI Processing

4.1 On-Device AI

By default, text processing uses an on-device AI model (Gemma). Your data stays entirely on your device and is never transmitted externally.

4.2 Cloud AI (Premium Only)

If you explicitly select Cloud AI (available only with a Premium subscription), your text entries are sent to a Google Cloud Run endpoint authenticated via Firebase Auth. In this case: - Only the text content necessary for processing is transmitted - Data is transmitted over HTTPS (TLS encrypted in transit) - The cloud service does not permanently store your health data - Images are currently processed on-device only and are not sent to the cloud

5. Subscription Tiers

The App offers three subscription tiers: - Free: Core features with on-device AI, banner and rewarded advertisements - Basic: Extended features, custom reminders, no rewarded advertisements, banner advertisements - Premium: All features including Cloud AI, medical reports, cloud backup, multi-profile, no advertisements

Subscriptions are managed through Google Play. You can change or cancel your subscription at any time through Google Play Store settings.

6. Third-Party Services

Service Purpose Data Shared
Firebase Authentication User sign-in (Premium) Email, display name
Firebase Analytics Usage statistics Anonymous interaction events
Firebase Crashlytics Crash reporting Device info, crash stack traces
Firebase Storage Cloud backups (Premium) Encrypted backup files
Google Cloud Run Cloud AI processing (Premium) Text entries (when Cloud AI selected)
Google Play Billing Subscription management Purchase tokens, subscription status
Google AdMob Advertising (Free/Basic) Device advertising ID, ad interaction data
Health Connect Biometric data sync None (read-only from Health Connect)

7. Data Retention

  • Local data: Retained on your device until you delete it. Use the Danger Zone in Settings to selectively delete events, insights, common items, routine actions, Health Connect data, logs, user profile, or perform a full reset.
  • Cloud backups: Retained until you manually delete them or delete your account.
  • Analytics data: Retained per Google's standard Firebase Analytics retention policies.
  • Crash reports: Retained per Google's standard Firebase Crashlytics retention policies.
  • Ad data: Retained per Google AdMob's standard data retention policies.
  • Purchase data: Retained by Google Play for the duration of the subscription relationship.

8. Your Rights

You have the right to: - Access all your health data directly within the App - Delete your data selectively or entirely via the Danger Zone in Settings (in-app data deletion) - Export your insights as text or PDF, and generate medical visit reports as PDF documents - Disable cloud features and use the App fully offline - Revoke Health Connect permissions at any time - Disable crash reporting and analytics via Settings - Cancel your subscription at any time through Google Play Store

For EU/EEA users under GDPR, you additionally have the right to data portability and the right to lodge a complaint with your local supervisory authority.

9. Data Sharing

We do not sell, rent, or share your personal health data with third parties. Data is only transmitted to the third-party services listed in Section 6, strictly for the purposes described.

AdMob may use device advertising identifiers for ad serving and measurement. No health data is shared with advertisers.

10. Children's Privacy

VitalCausality is not intended for use by children under the age of 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.

11. Security

We implement industry-standard security measures including: - AES-256 database encryption (SQLCipher) - Android Keystore for encryption key management - EncryptedSharedPreferences for sensitive cached data - Firebase Authentication for secure cloud access - HTTPS for all network communications - No API keys or secrets stored in the application binary - SHA-256 hashing of user identifiers for purchase fraud prevention

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App. Continued use after changes constitutes acceptance of the updated policy.

13. Contact

For questions or concerns about this Privacy Policy, contact us at: fortytwoapps.services@gmail.com