Privacy Policy

Last Updated: August 22, 2025

Effective Date: August 22, 2025

1. Introduction

Welcome to the VitaQ Mobile Application (the "Service"), a premium performance tracking and developmental management platform. This Service is operated by C-Tech ("VitaQ," "we," "us," or "our").

This Privacy Policy explains how we collect, use, share, and protect information in relation to our mobile services. This policy applies to all visitors, users, and others who access the Service ("Users"). Your use of our Service is also governed by our Terms of Service.

A core function of our Service is to operate as a "white-label" platform for various organizations such as sports academies, training centers, and educational institutions (each, an "Organization" or "Tenant"). Your Organization is the primary controller of the personal data processed through the Service. We act as a data processor on their behalf.

Understanding Your Data Controller: It is crucial to understand the division of responsibilities regarding your personal data. Your Organization (e.g., your sports academy) is the Data Controller for the personal data you provide through the Service. This means your Organization determines the 'why' and 'how' of processing your data. We, C-Tech, act as a Data Processor on behalf of your Organization. This means we process the data solely according to your Organization's instructions and for the purposes defined by them in our contractual agreement.

For example, if you want to know why your performance data is being collected, ask your Organization. If you have any questions about how your data is used, or wish to exercise your privacy rights, your first and primary point of contact must be the administrators of your Organization. We will only respond to such requests if directed by your Organization or required by law.

2. Information We Collect

We collect the following types of information to provide and improve our Service.

A. Information You or Your Organization Provide Directly:

  • Account Information: When you or your Organization create an account, we collect information such as your name, email address, username, and password (stored in encrypted format).
  • Profile Information: We collect personal details you provide for your user profile, which may include your full name, phone number, date of birth, and gender.
  • Biometric Data (Optional): With your explicit written consent (or that of your parent/guardian if you are a minor), which can be obtained through the app's consent interface and revoked at any time through your Organization's administrators, we may process biometric identifiers such as facial geometry data derived from profile pictures for optional facial recognition login. This feature is completely optional and not required for core app functionality, is subject to automatic deletion after 3 years or upon consent withdrawal, is protected by industry-standard encryption, is never shared with third parties except as required by law, and is subject to additional protections for Illinois residents under BIPA. Where facial recognition involves AI systems, we ensure compliance with regulations like the EU AI Act through risk assessments and transparency measures as instructed by your Organization.
  • Trainee and Guardian Information: For users who are trainees, especially minors, we collect information provided by a parent, legal guardian, or the Organization. This includes the trainee's name, date of birth, and performance data. We also collect information about the relationship between guardians and trainees ("Connections").
  • Performance and Activity Data: We collect all data related to trainee development, including performance evaluations, exercise results, goals, rankings, and any notes or feedback entered by administrators and coaches.
  • User Content: We collect content you may provide through the app, such as profile pictures or videos, for which we require access to your device's Camera and Photo Library.
  • Communications: We may keep a record of any communications between you and us (e.g., support emails) for up to 2 years for quality assurance and legal compliance.

B. Information Collected Through App Permissions:

To provide full functionality, the app may request access to:

  • Contacts: To allow you to easily invite and connect with members and guardians within your Organization by selecting specific contacts. We do not store or access your entire address book; access is limited to the contacts you explicitly choose to share. You can revoke this permission at any time through your device settings, though this may limit invitation features.
  • Camera and Photo Library: To allow you to take and upload profile pictures or training-related media. We access only the specific photos or videos you select to upload. You can revoke this permission at any time through your device settings, though this may limit media upload features.
  • Calendar: To schedule and manage evaluation appointments directly on your device's calendar. We access only the calendar events you choose to create or modify through the app. You can revoke this permission at any time through your device settings, though this may prevent automatic scheduling features.

C. Information We Collect Automatically:

  • Usage Data: We use third-party analytics services, specifically PostHog, to help us measure traffic and usage trends for the Service. This data is typically aggregated and anonymized. You can learn more about PostHog's practices at https://posthog.com/privacy.
  • Device Information: We may collect information about the device you use to access our Service, including the hardware model, operating system and version, app version, and pseudonymized device identifiers. Unique device identifiers are hashed or pseudonymized where possible to prevent direct identification and are used only for Service improvement and security purposes.
  • Log Data: Our servers automatically record information ("Log Data") created by your use of the Service, including IP address (which we may pseudonymize), browser type, referring/exit pages, and date/time stamps.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, operate, maintain, and improve the Service for you and your Organization.
  • Personalization: To personalize your experience, such as displaying your performance progress, upcoming goals, and relevant notifications.
  • Communication: To facilitate communication between you, your coaches, and your guardians within the context of your Organization.
  • Analytics: To monitor and analyze trends, usage, and activities in connection with our Service to improve functionality and user experience.
  • Technical Support: To diagnose or fix technology problems and provide customer support.
  • Legal Compliance: To comply with legal obligations, enforce our terms, detect and prevent fraud, and respond to legal requests.
  • Safety and Security: To protect the safety and security of our Service and users.

4. How Your Information Is Shared

We will not rent or sell your information to third parties outside of our company without your consent, except as noted in this Policy.

A. Sharing with Your Organization (Tenant):

The primary purpose of the Service is to share your performance and profile data with your designated Organization. Administrators and coaches from your Organization will have access to your profile, performance data, and activity within the app to manage your development and training curriculum.

B. Sharing with Third-Party Service Providers:

We may share your information with carefully selected third-party vendors who perform services on our behalf, including:

  • Analytics Providers: PostHog for usage analytics (aggregated data only). Privacy policy: https://posthog.com/privacy
  • Cloud Infrastructure: Amazon Web Services for secure data storage (all data types, encrypted). Privacy policy: https://aws.amazon.com/privacy/
  • Communication Services: SendGrid for transactional emails (email addresses and names only). Privacy policy: https://sendgrid.com/policies/privacy/

These service providers are contractually bound to protect your information, may only use your data to provide services to us, are prohibited from selling or using your data for their own purposes, and are subject to regular security assessments.

C. Legal Requests and Safety:

We may access, preserve, and share your information when we have a good faith belief that it is necessary to comply with a legal obligation, respond to a legal request, enforce our Terms of Service, detect and prevent fraud, or protect against harm.

D. Business Transfers:

If C-Tech is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, security monitoring, mobile-specific security, regular testing, and employee training. However, no method of transmission over the Internet is 100% secure.

6. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify your Organization (as the Data Controller) without undue delay. We will comply with all applicable breach notification laws, including reporting to supervisory authorities (e.g., under GDPR) and supporting notifications to affected individuals as required.

7. Data Retention

We retain your personal information according to a defined schedule, such as for as long as your account is active, for legal compliance (e.g., 7 years for performance data), or until consent is withdrawn for specific data types like biometrics. Upon request from your Organization or after prolonged inactivity, we will securely delete or anonymize data unless retention is required by law.

8. Your Rights and Choices

Depending on your location and applicable laws (e.g., GDPR, CCPA/CPRA), you have rights to access, correct, delete, or port your data, and to object to or restrict certain processing. As we are a data processor, please direct any requests to your Organization's administrators first. If they do not respond within a reasonable time (e.g., 30 days), you may contact us for assistance.

9. Children's Privacy

Our contractual agreements with Organizations obligate them to obtain verifiable parental or guardian consent before collecting personal information from children under the age of 13 (or a higher age as required by local law, such as 16 for GDPR). If you are a parent or guardian with concerns, please contact your Organization first, or contact us if the issue is unresolved.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards through mechanisms like the European Commission's Standard Contractual Clauses (SCCs) and other legally approved data processing addendums.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide notice via email, in-app notifications, or by posting an updated version in the Service at least 30 days in advance.

12. Contact Information

For privacy-related questions, requests, or complaints, please contact:

C-Tech
Privacy Officer
Email: support@vitaq.app
Address: The Millennium Tower - Office 35, 2nd Floor - Hamdan Bin Mohammed St, Al Danah - Zone 1 - Abu Dhabi