Privacy policy: VitalDial
Last updated: 9 May 2026
This policy describes how VitalDial (“the App”), published by FatherXLdn (“we”, “us”), collects, uses, and shares information when you use it. If anything here is unclear, email us at hello@fatherxldn.co.uk.
Who we are
FatherXLdn is an independent developer based in the United Kingdom. We're the data controller for personal data processed in connection with the App and our related services, unless a third party (such as Apple, RevenueCat, or the subprocessors listed below) processes data solely under their own terms.
The short version
VitalDial reads health metrics from Apple Health, scores them on your device, and shows you the results. Your raw HealthKit data never leaves your device. The only times anything travels off-device are subscription verification through RevenueCat and the Apple App Store, and the optional AI Coach feature. When you use the AI Coach, your question and derived scores (not raw sensor readings) go through a Cloudflare proxy to an AI provider. Which provider depends on your subscription tier.
What we process
Health data · stays on your device
With your permission, the App reads from Apple HealthKit: heart rate, heart rate variability, resting heart rate, sleep analysis, workouts, active energy, steps, respiratory rate, blood oxygen (SpO₂), and wrist or body temperature. All of that is read locally and used only to compute scores on-device. We don't upload raw HealthKit readings anywhere. You control exactly which categories the App can read in iOS Settings → Health → Apps.
Daily check-in data · stays on your device
You can optionally log a daily check-in: perceived wellness (1-5), stress (1-5), and perceived exertion (RPE 1-10). These are stored on-device using Core Data. If you ask the AI Coach a question, your check-in for that day is included in the context sent to the coach, as described below.
Subscriptions and purchases
Purchases go through the Apple App Store. We don't receive your payment card details. RevenueCat handles subscription and entitlement data under their own policies and gives our Cloudflare Worker what it needs to verify your subscription before unlocking paid features. That amounts to a pseudonymous customer identifier: a stable UUID stored in your device's Keychain, not your name or email address.
AI Coach · optional, paid tiers
When you ask the AI Coach a question, your device sends a request to our Cloudflare Worker proxy. That request contains three things.
- Your pseudonymous user ID, used to verify your subscription tier and track your monthly question quota.
- Derived scores computed on-device: readiness, recovery, sleep, and strain scores, your 21-day personal baselines, any subjective check-in you logged, and the question you asked. This is processed output, not raw HealthKit sensor readings.
- Timestamps and your IP address, which may appear in Cloudflare's infrastructure logs.
The Worker then forwards the question and its context to an AI provider. Which one depends on your tier:
- Free: Google (Gemini)
- Pro: OpenAI (GPT-4o mini)
- Elite: Anthropic (Claude)
Each provider processes the content under their own API policies as a subprocessor. We don't use your questions or scores to train public AI models; retention on the provider side is governed by their API documentation.
Monthly quotas are tracked server-side in Cloudflare KV storage, keyed to your pseudonymous user ID, and expire automatically after 35 days. No API keys are stored on your device.
Legal bases (UK GDPR)
Where UK GDPR applies, we rely on:
- Contract, to provide subscriptions and AI Coach features you've chosen to activate.
- Legitimate interests, to keep the service secure and reliable: quota enforcement, error logging, rate limiting. Balanced against your rights.
- Consent, for HealthKit access. iOS asks you to grant each health category explicitly. You can withdraw access at any time in iOS Settings → Health → Apps.
Retention
All HealthKit data and on-device scores stay on your device until you delete the App or reset your device. Cloudflare KV quota records expire after 35 days. Infrastructure logs, if any, are kept only as long as needed for security and operations. To delete server-side data tied to your pseudonymous user ID, email hello@fatherxldn.co.uk.
Sharing and subprocessors
We don't sell your data. We share it with service providers only as needed to run the App:
- Apple · app distribution and in-app purchases.
- RevenueCat · subscription status and pseudonymous customer identifiers.
- Cloudflare · Worker proxy for AI Coach requests and KV quota storage.
- Google (Gemini) · AI inference for Free-tier AI Coach questions.
- OpenAI · AI inference for Pro-tier AI Coach questions.
- Anthropic · AI inference for Elite-tier AI Coach questions.
International transfers
Some providers operate in the United States or other countries outside the UK. Where required, we rely on Standard Contractual Clauses or adequacy decisions. Get in touch if you need more detail.
Children
The App isn't directed at children under 13 (or the digital consent age in your region). We don't knowingly collect personal information from children. If you believe we have, contact us and we'll delete it.
Your rights
Depending on where you live, you may have the right to access, correct, delete, restrict, or object to certain processing, and to port data or lodge a complaint with a supervisory authority. In the UK that's the ICO at ico.org.uk. To exercise rights against us, email hello@fatherxldn.co.uk. Rights against Apple or RevenueCat are exercised through their own account tools.
Security
All off-device communication uses HTTPS. No API keys are stored on your device. Raw health data never leaves it. No method of transmission is completely secure; use the App only on devices you trust.
Changes
We'll update this policy when we add features or subprocessors, revising the “Last updated” date each time. Where required, we'll notify you in the App or by email. Continued use after changes means you accept the updated policy unless applicable law requires otherwise.