Privacy Policy

1. Data Controller

Messieurs Dames UG (haftungsbeschränkt)
Heimrad-Prem-Str. 4
93426 Roding, Germany

Managing Director: Markus J. Baier

Commercial Register: Local Court of Regensburg, HRB 21978

For data protection inquiries, contact us at: info@viqolabs.com

2. Data We Collect

2.1 Account Data

Upon registration: email address, name, date of birth, gender, health goals.

2.2 Health Data

• Sleep data (duration, quality, stages)
• Heart rate and HRV (heart rate variability)
• Recovery and strain
• Nutrition data and meals
• Mood, stress, and mental health
• Biomarkers and lab values (manually imported)
• Body composition (weight, body fat, etc.)
• Substance consumption (alcohol, caffeine, etc.)
• Social interactions

2.3 Wearable Data

With your explicit consent, we connect the following services via OAuth 2.0:

• WHOOP (Recovery, Sleep, Workouts, HRV)
• Withings (Weight, Body Composition, Blood Pressure)
• Oura Ring (Readiness, Sleep, Activity)
• Garmin (Body Battery, Sleep, SpO2, Training)

3. Purpose of Processing

• Calculation of your personal VitaScore
• AI-powered health recommendations (LongevityAI)
• Pattern and correlation detection (Health DNA)
• Predictions and scenarios (Predictive Recovery)
• Personalized micro-experiments
• Daily briefings and smart alerts
• Improving prediction accuracy over time

4. AI Processing

For personalized recommendations and analyses, we use AI models (OpenAI). Your health data is processed in anonymized form. AI analysis serves exclusively to personalize your user experience. Your data is not used to train AI models.

Note: ViQO does not replace medical advice. All recommendations and predictions are for informational purposes and do not constitute medical diagnoses.

5. Data Security

• TLS/SSL encryption of all data transfers
• Row-Level Security (RLS) in the database — each user can only see their own data
• OAuth 2.0 / OAuth 1.0a for wearable integrations
• Hosting in the EU (Supabase, Vercel)
• No storage of passwords in plain text

6. Your Rights (GDPR)

You have the following rights under the GDPR:

• Art. 15 — Access: You can request information about the data we store about you at any time
• Art. 16 — Rectification: You can correct inaccurate data at any time
• Art. 17 — Erasure: You can request the complete deletion of all your data. We conduct an audited deletion process.
• Art. 20 — Data portability: You can download your data as a JSON export at any time
• Art. 7(3) — Withdrawal: You can withdraw your consent at any time

All rights can be exercised directly in the app under Account → Settings or by email to privacy@viqo-labs.com.

7. Data Sharing

We do not sell your data. Data is only shared with:

• Supabase (Database hosting, EU)
• Vercel (App-Hosting)
• OpenAI (AI analysis, anonymized)
• Stripe (Payment processing — only for paid subscriptions)
• Wearable providers (WHOOP, Withings, Oura, Garmin — only with your explicit consent via OAuth)

8. Data Retention

Your data is stored as long as your account is active. After account deletion, all data is completely and irrevocably deleted within 30 days. Deletion logs are retained for 90 days (proof of deletion).

9. Cookies & Tracking

ViQO uses only technically necessary cookies for authentication. We do not use tracking, advertising cookies, or analytics services.

10. Changes

We reserve the right to update this privacy policy as needed. We will notify you of material changes by email or in-app notification.