Open Vital is operated by Codelio.
Last updated:
Depending on how you use Open Vital, we may collect account information such as your email address, account ID, session information, referral code, and profile details you choose to provide.
We may also process health, wellness, and activity information from supported sources such as Garmin Connect, Apple Health, Strava, device permissions, and data you enter in the app.
When you connect your Garmin account, Open Vital accesses the following data types from Garmin Connect via the Garmin Companion SDK:
This data is used to compute recovery scores, sleep analysis, healthspan estimates, activity dashboards, and related app features within Open Vital. Garmin data is synchronized to Open Vital backend services to enable cross-device access and historical tracking. We do not share your Garmin data with third parties except as described in the Sharing section below.
When you enable Apple Health, Open Vital may read and write health data types including heart rate, HRV, sleep analysis, steps, and activity summaries through the Apple HealthKit framework. This data is used for the same purposes described above.
We use your data to authenticate your account, sync integrations, display dashboards, compute recovery, sleep, healthspan, and related app features, operate communities and leaderboards you choose to join, and provide AI coach responses you request.
Core health processing is part of providing the service. Optional app analytics, where offered, should be controlled separately from that core processing.
We do not sell your personal data. We may share information with infrastructure and service providers, integration partners needed to operate the app, AI providers used for coaching functionality, other users through community features you choose to use, and legal authorities where required.
Open Vital currently uses both device-side storage and backend storage. Current implementation examples include account records, profile data, Garmin session records, community records, leaderboard summary snapshots, and audit log records.
Current backend retention examples include 30-day auth sessions, 30-day leaderboard summaries, 30-day invite lookup records, and 180-day audit logs. Other account, profile, integration, and community records may remain until deleted, disconnected, or removed under an applicable request flow.
More generally, we retain personal data for as long as reasonably necessary to provide the service, operate and secure the product, support the user relationship, or comply with legal obligations. We may retain de-identified or aggregated data that no longer identifies you.
You can disconnect supported integrations, leave communities, log out, and request account or data deletion. Privacy and deletion requests can currently be sent to [email protected].
Open Vital may process health-related and wellness-related information to provide core product features. Open Vital is not a medical device or emergency service, and its insights and coaching are not a substitute for professional medical advice.
We use reasonable measures to protect the service, including HTTPS in transit, hashed passwords in the current auth service, and server-side handling of integration credentials.
Open Vital is operated by Codelio, a company registered in France.
Questions about this policy can be sent to [email protected].
This page is rendered from the latest approved file in `documentation/flutter-app/privacy-and-consent/copy/current/`.