Legal Document

Privacy Policy

Effective Date: February 18, 2026 · Last Updated: February 22, 2026 · Version 2.0

Your health data is yours. My Vital Log is built on the principle that your biometric and symptom data should remain private, secure, and entirely under your control. We do not sell your data, we do not use it for advertising, and we do not share it with third parties without your explicit consent. This policy explains what we collect, why, and how it's protected.

1. Who We Are

My Vital Log ("we," "us," or "our") is a personal health tracking application available at myvitallog.com. The application integrates with the Oura Ring API to provide continuous heart rate monitoring and allows users to log personal health symptoms and conditions.

2. Information We Collect

Data Sources

Data from your Oura Ring (via Oura API)

Heart rate time-series data (beats per minute, timestamps)
Heart rate variability (HRV)
Daily readiness, sleep, and activity summaries
SpO2 (blood oxygen) data if available on your device
Personal profile information (age, weight, height, biological sex) if you grant that scope

Data you enter manually

Symptoms (name, severity rating, notes, timestamp)
Health conditions and diagnoses
Medications and treatments you choose to record
Alert threshold preferences and app settings

Account data

Your Oura user ID (retrieved from the Oura API when you connect your ring — used to link your data across devices)
OAuth2 access tokens for connecting to the Oura API
Cached heart rate data (stored locally in your browser's localStorage for performance)

    Cross-device sync: As of version 2.0, your symptom logs, conditions, and settings are securely stored on our server (hosted on Railway, a SOC 2-compliant cloud provider) and linked to your Oura account ID. This allows your data to sync across all your devices. Heart rate data from Oura is not stored on our servers — it is fetched directly from Oura's servers each time you use the app.
  

3. How We Use Your Information

To display your heart rate data in the dashboard and timeline
To correlate symptom entries with biometric readings at time of logging
To sync your symptoms, conditions, and settings across your devices
To help you maintain a personal record of health conditions and medications
To provide trends and patterns visible only to you

We do not use your data to train machine learning models, sell to advertisers, or share with insurers, employers, or any third party.

4. Data Storage & Security

My Vital Log uses a combination of local and server-side storage:

Server (PostgreSQL on Railway): Your symptoms, conditions, and settings are stored securely in a private database linked to your Oura user ID. Only you can access your data — it is never shared with or visible to other users.
Local (browser localStorage): Heart rate data and your Oura token are cached locally for performance. Clearing your browser data removes the local cache but does not delete your server-stored data.
All data is transmitted over HTTPS (TLS encryption).
Your Oura OAuth2 token is stored locally only — it is never sent to or stored on our servers.

We recommend using My Vital Log on a personal device protected by a screen lock or password.

5. Oura API & Third-Party Data

My Vital Log accesses your Oura Ring data using the official Oura API V2 with your explicit authorization via OAuth2. By connecting your Oura account, you agree to both our Privacy Policy and Oura's Privacy Policy. We only request the minimum scopes necessary:

heartrate — to display continuous heart rate data
daily — for readiness and activity summaries
personal — to retrieve your Oura user ID for account linking
spo2Daily — for blood oxygen data if available
tag — for activity tagging features

You can revoke our access to your Oura data at any time from your Oura account settings.

6. Health Data Disclaimer

My Vital Log is a personal wellness tool and is not a medical device. The data and logs within this application are intended for personal informational purposes only and do not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider regarding any medical condition or health concern.

7. Children's Privacy

My Vital Log is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at the address below.

8. Your Rights

You have full control over your data at all times:

Access: All your data is visible within the app across any device
Deletion: Use the "Delete Account & All Data" button in Settings to permanently remove all your data from our servers
Portability: Use the Export Report feature in Settings to download your data
Revoke Oura access: Disconnect via the app or your Oura account settings
Clear local cache: Clear your browser's localStorage to remove locally cached data (your server data remains intact)

9. Data Retention

Your data is stored on our servers for as long as you have an active account. If you delete your account using the "Delete Account & All Data" option in Settings, all your data is permanently and immediately removed from our database. We do not retain backups of deleted user data beyond 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of My Vital Log after changes constitutes acceptance of the revised policy.

11. Contact Us

Questions about your privacy?

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please reach out:

Email: MyVitalLog@gmail.com
Website: myvitallog.com