Privacy Policy

Vitara ("we", "us", or "our") is operated by Zynclave Tech Private Limited. This Privacy Policy explains how we collect, use, and protect your information when you use the Vitara mobile application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you have questions, contact us at info@zynclave.com.

2.1 Information You Provide

• Account information (email address, display name) when you sign in with Google.
• Profile data you enter (age, weight, height, fitness goals, activity level).
• Health and fitness data you log (water intake, meals, workouts, progress measurements).
• Your encryption passphrase is never transmitted or stored by us — it is used locally on your device to derive encryption keys.

2.2 Automatically Collected Information

• Device type, operating system version, and app version.
• Crash reports and performance diagnostics (anonymized).

2.3 Health Platform Data

If you connect Apple Health (iOS) or Health Connect (Android), Vitara may read and write health data (e.g., dietary water, active energy) with your explicit permission. This data stays on your device and is only synced to our servers in encrypted form if you enable Cloud Sync.

When you enable Cloud Sync, all your health and fitness data is encrypted on your device before leaving it. We use AES-256-GCM encryption with a Data Encryption Key (DEK) that is wrapped by a Key Encryption Key (KEK) derived from your passphrase via PBKDF2 (600,000 iterations).

We cannot read, access, or decrypt your health data. Your passphrase never leaves your device. If you lose your passphrase, we cannot recover your synced data.

• To provide and maintain the Service.
• To sync your encrypted data across your devices when you enable Cloud Sync.
• To send you water reminders and workout notifications you configure.
• To improve the app through anonymized crash reports and usage analytics.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

• Local data is stored on your device using SQLite/Room (Android) or SwiftData (iOS).
• Cloud-synced data is stored in encrypted form on Supabase infrastructure (hosted on AWS). We only store ciphertext — never plaintext health data.
• Authentication tokens are stored securely using Android Keystore or iOS Keychain.

You can delete all your local data at any time from the Profile screen in the app. If you have Cloud Sync enabled, you can request deletion of your server-side data by contacting us at info@zynclave.com. We will process deletion requests within 30 days.

Vitara integrates with the following third-party services:

• Google Sign-In — for authentication. Subject to Google's Privacy Policy.
• Supabase — for cloud data storage and authentication infrastructure.
• Apple Health / Health Connect — for health data integration (optional, user-initiated).
• RevenueCat — for subscription lifecycle management and entitlement verification (see Section 8).
• Apple App Store / Google Play Billing — for payment processing and receipt validation (see Section 8).

Vitara offers an optional premium tier (Vitara Pro) via in-app purchase. When you subscribe, make a one-time purchase, or restore a prior purchase, the following applies:

8.1 What We Do Not Collect

We never receive or store your credit card, debit card, UPI, or any banking information. All payment is processed entirely by Apple (on iOS / iPadOS) and Google (on Android). Apple and Google handle billing, tax, refund processing, and card storage. Their handling of that data is governed by their own privacy policies.

8.2 What We Do Receive

We use RevenueCat, a subscription-management platform, to verify purchases and grant access to Pro features. Through RevenueCat and the Apple / Google billing systems, we may receive:

• A pseudonymous purchase identifier (RevenueCat "app user id") that we link to your Vitara account only if you sign in; otherwise it is anonymous.
• The specific product purchased (e.g., vitara_monthly, vitara_yearly, vitara_lifetime).
• Subscription state — active, expired, in grace period, trial, billing retry, or cancelled.
• Purchase date, renewal date, and expiration date.
• Platform and country of the store account (e.g., iOS / US).
• Opaque receipt tokens used solely to verify the purchase with Apple / Google.

8.3 How We Use Payment Data

• To unlock Pro features on your account and devices.
• To sync your Pro entitlement across the devices you sign in to.
• To provide customer support for billing questions.
• To comply with applicable tax, accounting, and platform requirements.

We do not use purchase data for advertising, targeting, or resale.

8.4 Third Parties Involved in Payment

• Apple — payment processing and receipt validation for iOS / iPadOS. See Apple's Privacy Policy.
• Google — payment processing and receipt validation for Android. See Google Play's Privacy Policy.
• RevenueCat — subscription lifecycle, entitlement, and webhook delivery. See RevenueCat's Privacy Policy at revenuecat.com/privacy.

8.5 Cancellation, Refunds, and Data Retention

You can manage or cancel subscriptions in Apple ID Subscriptions or Google Play Subscriptions at any time. Subscription-state records are retained for as long as needed to provide the Service, fulfill legal and tax obligations, and resolve disputes. If you request account deletion, your subscription-state records are deleted or anonymized within 30 days, subject to legal retention requirements.

Vitara is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, please contact us at info@zynclave.com and we will promptly delete it.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Export your data in a portable format.
• Withdraw consent for data processing.

To exercise any of these rights, contact us at info@zynclave.com.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy, please contact us:

• Email: info@zynclave.com
• Company: Zynclave Tech Private Limited