VitaTrack is a health and wellness platform operated by VitaTrack, with offices in Cardiff and Neath, Wales, United Kingdom.
We are committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For any privacy-related queries, contact us at: privacy@vitatrack.co.uk
We collect and process the following categories of personal data:
- Identity data: Your full name and email address
- Health data (Special Category): Blood test results, biomarker values, laboratory reference ranges, and collection dates
- Technical data: Login activity and session information
- Usage data: How you interact with the platform
Your blood test results are classified as Special Category data under UK GDPR Article 9. This means we apply the highest level of protection to this information.
We process this data on the legal basis of explicit consent (Article 9(2)(a)) and for the purposes of preventive or occupational medicine (Article 9(2)(h)).
You may withdraw your consent at any time by contacting us. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
We use your personal data to:
- Provide you with access to your blood test results
- Display your results with explanations and reference ranges
- Allow authorised administrators to upload and manage your reports
- Maintain the security and integrity of the platform
We do not use your data for marketing, advertising, or any automated decision-making that produces legal or similarly significant effects.
Your data is stored securely using Supabase, with servers located in the EU West (Ireland) region. This ensures your data remains within the European Economic Area and is protected under equivalent data protection standards.
We implement appropriate technical and organisational measures to protect your data including:
- Encrypted data storage and transmission (TLS/SSL)
- Row-level security ensuring patients can only access their own data
- Role-based access controls limiting admin access
- Authenticated access — no data is publicly accessible
We do not sell, rent, or share your personal data with third parties for commercial purposes.
Your data may be accessed by:
- Authorised VitaTrack administrators for the purpose of uploading and managing your reports
- Supabase (our data processor) solely for the purpose of secure data storage
Under UK GDPR you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data
- Right to restriction: Request we limit how we use your data
- Right to data portability: Request your data in a machine-readable format
- Right to object: Object to processing of your personal data
- Right to withdraw consent: Withdraw consent at any time
To exercise any of these rights, contact us at privacy@vitatrack.co.uk. We will respond within 30 days.
We retain your personal data for as long as you have an active account with VitaTrack. If you request deletion of your account, we will delete your personal data within 30 days, unless we are required by law to retain it.
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
We may update this privacy policy from time to time. We will notify you of any significant changes by email or through the platform. The date at the top of this page indicates when the policy was last updated.