Privacy Policy
VitalCausality — Personal Health Diary Last updated: April 13, 2026
1. Introduction
VitalCausality ("we," "our," or "the App") is a personal health diary application developed by FortyTwo Apps that helps you log health-related events, track biometric data, and identify patterns through AI-assisted analysis. This Privacy Policy explains how we collect, use, store, and protect your information.
2. Data We Collect
2.1 Health Logs (User-Provided)
- Text entries describing health events, symptoms, meals, activities, and observations
- Images attached to log entries (e.g., scanned documents, food photos)
- Common items you save for reference (medications, supplements, routines)
- Routine actions you configure for recurring health events
2.2 Biometric Data (via Health Connect)
When you grant permission, the App reads the following categories from Android Health Connect (read-only): - Activity (steps, exercise sessions, distance) - Body measurements (weight, height, body fat) - Body temperature - Cycle tracking - Nutrition - Sleep - Vitals (heart rate, blood pressure, blood oxygen, respiratory rate) - Wellness data
We never write data to Health Connect. You can revoke Health Connect permissions at any time.
2.3 Account Information
- Email address and display name (via Firebase Authentication with Google Sign-In)
- Firebase user identifier (UID)
Account sign-in is optional and only required for Premium subscription features (cloud backup, remote AI processing).
2.4 Profile Information
- Name, date of birth, biological sex (for medical context)
- Medical conditions, allergies, medications, family health history
- All profile data is stored locally on your device and is optional
2.5 Usage Analytics and Crash Reports
- Anonymous usage statistics collected via Firebase Analytics
- Crash logs and diagnostics collected via Firebase Crashlytics
- These help us identify bugs and improve the App. They do not contain your health data.
- You can disable crash reporting in the App's Settings.
2.6 Advertising Data
- For users on the Free and Basic subscription tiers, the App displays banner advertisements via Google AdMob
- AdMob may collect device advertising identifiers and ad interaction data
- No personalized health-related advertising is displayed
- Premium subscribers see no advertisements
2.7 Purchase Information
- If you subscribe to Basic or Premium tiers, Google Play Billing processes the transaction
- We receive a purchase token and subscription status from Google Play — we do not see or store your payment method details (credit card, etc.)
- A hashed (SHA-256) version of your Firebase UID is attached to purchases for fraud prevention
3. How We Store Your Data
3.1 Local Storage
- All health logs, events, and personal data are stored on your device in an encrypted database (SQLCipher with AES-256 encryption)
- The encryption key is generated on your device, protected by the Android Keystore system, and never leaves your device
- Attached images are stored in the App's private storage directory, inaccessible to other apps
- Subscription tier status is cached locally in encrypted storage (EncryptedSharedPreferences)
3.2 Cloud Backups (Premium Only)
- If you enable cloud backup, your data is end-to-end encrypted (E2EE) before leaving your device: a passphrase you choose derives an encryption key via PBKDF2 (600,000 iterations), which wraps a unique backup encryption key using AES-256-GCM
- Encrypted backups are stored in Firebase Storage at the path
users/{your-uid}/backups/ - A key envelope (encrypted key material, never your passphrase) is stored in Firebase Firestore at
users/{your-uid}/e2ee/keyEnvelopeto enable restore on new devices - We cannot decrypt your backups — only your passphrase can unlock them
- Backups are initiated only by you (manually or via a schedule you configure)
- You can delete cloud backups at any time from the Settings screen
4. AI Processing
4.1 On-Device AI
By default, text processing uses an on-device AI model (Gemma) via the LiteRT-LM runtime. You can choose between two local model variants:
- Compact (~529 MB): Fast, lightweight text analysis
- Advanced (~2.6 GB): Higher quality, better multilingual support
Both variants run entirely on your device using GPU or CPU acceleration. Your data stays on your device and is never transmitted externally when using on-device AI.
4.2 Cloud AI (Premium Only)
If you explicitly select Cloud AI (available only with a Premium subscription), your text entries are sent to a Google Cloud Run endpoint authenticated via Firebase Auth. In this case: - Only the text content necessary for processing is transmitted - Data is transmitted over HTTPS (TLS encrypted in transit) - The cloud service does not permanently store your health data
4.3 Image Processing
When you attach images (e.g., lab reports, prescriptions, food photos):
- On-device AI mode: Images are processed locally and never leave your device
- Cloud AI mode (Premium): Images are compressed locally (max 1280 pixels, JPEG quality 80%), converted to base64, and transmitted via HTTPS to our Google Cloud Run endpoint for analysis by medical vision models (MedGemma). Up to 3 images per request are accepted (max ~375 KB each)
- In both cases, images are never stored on our servers — they are held in memory during processing only and discarded immediately after
- Local image files are stored in the App's private directory and are cleaned up automatically (within 24 hours for orphaned files, or immediately when you clear a conversation)
Important: Images you attach may contain personal information (names, dates of birth, addresses). The AI does not automatically redact personal data from images. You are responsible for reviewing what you photograph before submitting.
4.4 Medical Agent (Premium Only)
The Medical Agent is a conversational AI feature that lets you chat about your health data. When using the Medical Agent: - Your recent health events, causal insights, and profile are assembled into a context payload and sent to the cloud endpoint - Conversation history is kept in-memory only (last 5 exchanges) — no chat logs are stored on our servers or on your device - You can optionally attach images to your messages (see Section 4.3) - The Medical Agent does not provide medical diagnoses — it helps you understand your data and prepare for medical visits
5. Subscription Tiers
The App offers three subscription tiers: - Free: Core features with on-device AI, banner and rewarded advertisements - Basic: Extended features, custom reminders, no rewarded advertisements, banner advertisements - Premium: All features including Cloud AI, medical reports, cloud backup, multi-profile, no advertisements
Subscriptions are managed through Google Play. You can change or cancel your subscription at any time through Google Play Store settings.
6. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Firebase Authentication | User sign-in (Premium) | Email, display name |
| Firebase Analytics | Usage statistics | Anonymous interaction events |
| Firebase Crashlytics | Crash reporting | Device info, crash stack traces |
| Firebase Firestore | E2EE key envelope and session management (Premium) | Encrypted key material, device session ID |
| Firebase Storage | Cloud backups (Premium) | End-to-end encrypted backup files |
| Firebase Remote Config | App configuration | Anonymous device identifiers (standard Firebase SDK) |
| Google Cloud Run | Cloud AI processing (Premium) | Text entries and images (when Cloud AI selected) |
| Google Play Billing | Subscription management | Purchase tokens, subscription status |
| Google AdMob | Advertising (Free/Basic) | Device advertising ID, ad interaction data |
| Health Connect | Biometric data sync | None (read-only from Health Connect) |
7. Data Retention
- Local data: Retained on your device until you delete it. Use the Danger Zone in Settings to selectively delete events, insights, common items, routine actions, Health Connect data, logs, user profile, or perform a full reset.
- Cloud backups: Retained until you manually delete them or delete your account.
- Analytics data: Retained per Google's standard Firebase Analytics retention policies.
- Crash reports: Retained per Google's standard Firebase Crashlytics retention policies.
- Ad data: Retained per Google AdMob's standard data retention policies.
- Purchase data: Retained by Google Play for the duration of the subscription relationship.
8. Your Rights
You have the right to: - Access all your health data directly within the App - Delete your data selectively or entirely via the Danger Zone in Settings (in-app data deletion) - Export your insights as text or PDF, and generate medical visit reports as PDF documents - Disable cloud features and use the App fully offline - Revoke Health Connect permissions at any time - Disable crash reporting and analytics via Settings - Cancel your subscription at any time through Google Play Store
For EU/EEA users under GDPR, you additionally have the right to data portability and the right to lodge a complaint with your local supervisory authority.
9. Data Sharing
We do not sell, rent, or share your personal health data with third parties. Data is only transmitted to the third-party services listed in Section 6, strictly for the purposes described.
AdMob may use device advertising identifiers for ad serving and measurement. No health data is shared with advertisers.
10. Children's Privacy
VitalCausality is not intended for use by children under the age of 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.
11. Security
We implement industry-standard security measures including: - AES-256 database encryption (SQLCipher) - Android Keystore for encryption key management - EncryptedSharedPreferences for sensitive cached data - End-to-end encrypted cloud backups (PBKDF2 + AES-256-GCM) - Single active device enforcement via real-time session management - Firebase Authentication for secure cloud access - HTTPS for all network communications - JPEG format validation and path traversal protection for image handling - No API keys or secrets stored in the application binary - SHA-256 hashing of user identifiers for purchase fraud prevention
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App. Continued use after changes constitutes acceptance of the updated policy.
13. Contact
For questions or concerns about this Privacy Policy, contact us at: fortytwoapps.services@gmail.com
Learn more about Vital Causality on our official website.