Privacy Policy

Vitara ("we", "us", or "our") is operated by Zynclave Tech Private Limited. This Privacy Policy explains how we collect, use, and protect your information when you use the Vitara mobile application and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you have questions, contact us at info@zynclave.com.

2.1 Information You Provide

• Account information (email address, display name) when you sign in with Google.
• Profile data you enter (age, weight, height, fitness goals, activity level).
• Health and fitness data you log (water intake, meals, workouts, progress measurements).
• Your encryption passphrase is never transmitted or stored by us — it is used locally on your device to derive encryption keys.

2.2 Automatically Collected Information

• Device type, operating system version, and app version.
• Crash reports and performance diagnostics (anonymized).

2.3 Health Platform Data

If you connect Apple Health (iOS) or Health Connect (Android), Vitara may read and write health data (e.g., dietary water, active energy) with your explicit permission. This data stays on your device and is only synced to our servers in encrypted form if you enable Cloud Sync.

When you enable Cloud Sync, all your health and fitness data is encrypted on your device before leaving it. We use AES-256-GCM encryption with a Data Encryption Key (DEK) that is wrapped by a Key Encryption Key (KEK) derived from your passphrase via PBKDF2 (600,000 iterations).

We cannot read, access, or decrypt your health data. Your passphrase never leaves your device. If you lose your passphrase, we cannot recover your synced data.

• To provide and maintain the Service.
• To sync your encrypted data across your devices when you enable Cloud Sync.
• To send you water reminders and workout notifications you configure.
• To improve the app through anonymized crash reports and usage analytics.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

• Local data is stored on your device using SQLite/Room (Android) or SwiftData (iOS).
• Cloud-synced data is stored in encrypted form on Supabase infrastructure (hosted on AWS). We only store ciphertext — never plaintext health data.
• Authentication tokens are stored securely using Android Keystore or iOS Keychain.

You can delete all your local data at any time from the Profile screen in the app. If you have Cloud Sync enabled, you can request deletion of your server-side data by contacting us at info@zynclave.com. We will process deletion requests within 30 days.

Vitara integrates with the following third-party services:

• Google Sign-In — for authentication. Subject to Google's Privacy Policy.
• Supabase — for cloud data storage and authentication infrastructure.
• Apple Health / Health Connect — for health data integration (optional, user-initiated).

Vitara is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, please contact us at info@zynclave.com and we will promptly delete it.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Export your data in a portable format.
• Withdraw consent for data processing.

To exercise any of these rights, contact us at info@zynclave.com.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy, please contact us:

• Email: info@zynclave.com
• Company: Zynclave Tech Private Limited