Privacy, plainly.

Vital Report (the “App”) is published by Neon Summit LLC (“we,” “us,” “our”), a Massachusetts limited liability company.

• Legal entity: Neon Summit LLC
• Mailing address: 1 Soares Farm Rd, West Bridgewater, MA 02379, United States
• Support email: support@neonsummit.co

Neon Summit LLC is the data controller for any personal information handled through the App.

This policy describes how the App handles information. It applies to the Vital Report iOS application, its widgets, its Siri/App Intents integration, and any features described in this policy.

It does not apply to third-party services you may independently use in connection with the App (such as Apple Health, iCloud, or Google Drive/Sheets), which are governed by their own privacy policies.

We want to be explicit about this because many health apps do the opposite. The App does not:

• Collect, upload, or transmit your Apple Health data or Clinical Health Records to our servers. We operate no servers that receive your health data. We have no database of your health data.
• Use advertising identifiers (IDFA), the AppTrackingTransparency framework, SKAdNetwork, or any form of cross-app or cross-site tracking.
• Include any third-party analytics, attribution, crash-reporting, or advertising SDK (no Firebase, Mixpanel, Amplitude, Segment, Sentry, Crashlytics, Facebook/Meta, TikTok, Adjust, Branch, or similar).
• Build behavioral profiles about you.
• Sell, rent, or share your personal information for monetary or other valuable consideration.
• Use your health data for advertising, marketing, or any purpose other than providing features you have asked for, as required by Apple’s HealthKit and Clinical Health Records guidelines.

The App reads the following categories of information from your device with your explicit permission, and processes them locally on your device. This information never leaves your device except through export paths that you explicitly initiate (see §07).

4.1  Apple Health & Fitness data

With your permission, the App reads categories you select, which may include: heart rate, resting heart rate, heart rate variability, blood oxygen, respiratory rate, body temperature, blood pressure, body mass and composition, steps, distance, active and resting energy, workouts, exercise minutes, stand hours, sleep analysis, menstrual and reproductive data, nutrition data, hydration, mindful minutes, and similar HealthKit categories supported by iOS.

The App reads this data to:

• Display dashboards, charts, trend lines, and your current-day values.
• Compute on-device insights (trends, anomalies, correlations, and a health-score summary).
• Generate reports (PDF, CSV, JSON) that you review and choose where to send.
• Power Home Screen and Lock Screen widgets via a shared on-device container.
• Drive optional scheduled exports to destinations you configure.

4.2  Clinical Health Records

If you grant access, the App may also read categories from the HealthKit Clinical Health Records API (for example, lab results, medications, conditions, procedures, immunizations, vitals, and allergies) to display them and include them in reports you generate.

4.3  Preferences and App state

The App stores settings on your device using iOS-provided mechanisms (UserDefaults, App Group containers, and the Keychain). This includes:

• Your chosen theme, default report format, selected metrics, dashboard preferences, and onboarding progress.
• Automation definitions (schedules you create for recurring exports).
• Subscription entitlement state reflected from Apple.
• A rate-limit counter for feedback submissions.
• OAuth tokens for optional destinations you have signed into (for example, Google Sheets), stored in the iOS Keychain.

This information is stored locally. It is not transmitted to us.

When you use the in-app Send Feedback form (or the equivalent Siri/Shortcuts action), the App sends the contents of that form to a third-party email-relay service (“Web3Forms”) that delivers it to our support inbox at support@neonsummit.co. A feedback submission contains:

• A satisfaction rating and category you select.
• The free-text message you type.
• Your email address, if you choose to provide one (optional).
• App metadata useful for troubleshooting: App name, App version, iOS version, device model, and your subscription tier (e.g., Free or Pro).
• A timestamp.

If you email us directly at support@neonsummit.co, we receive the information you include in that email.

Vital Report Pro is sold through Apple’s In-App Purchase system. When you buy a subscription or a lifetime unlock:

• Apple processes your payment. We do not receive your payment card, full name, billing address, or Apple ID.
• The App receives a signed receipt from Apple that tells it which product you own and whether it is still active.
• Apple provides us, in aggregate and anonymous form through App Store Connect, standard commercial information such as total unit sales, refunds, and territories. This is Apple’s data, governed by Apple’s policies.

See Apple’s privacy policy at apple.com/legal/privacy for details.

The App includes features that let you move your data off-device to destinations you choose. In every case, the transfer happens because you tap a button or configure a scheduled automation; the App never initiates such transfers on its own.

• Files / iCloud Drive / AirDrop / Share Sheet / Email. The App hands a file you generated to iOS, which delivers it to the destination you pick. We do not see the contents.
• Google Sheets (optional). If you choose Google Sheets as an export destination, you sign into Google inside the App using Google’s official sign-in SDK. The App uses your Google access token to create or update a spreadsheet in your own Google account containing the data you selected. Your token is stored in the iOS Keychain on your device and can be revoked at any time in your Google Account settings.
• Widget data. Summaries used by the Home Screen and Lock Screen widgets are written to an on-device App Group container shared between the App and its widgets. This data never leaves the device.
• Scheduled automations. If you configure a recurring export, it runs on your device via iOS background task scheduling and delivers to the destination you previously configured, using the same mechanisms above.

In all cases, you are the one choosing the destination, and your data leaves the device only along the path you selected.

To summarize, we use information only for the following purposes:

• Provide the App’s features you have requested (dashboards, insights, reports, widgets, exports, automations).
• Process purchases and subscription entitlements through Apple.
• Respond to your support requests and improve the App based on your feedback.
• Protect the App against abuse (for example, rate-limiting feedback submissions).
• Comply with law, including Apple’s App Store Review Guidelines and applicable privacy laws.

We do not use your information for advertising, profiling, automated decision-making with legal effect, or any purpose not described in this policy.

Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:

• Consent — for reading Apple Health data and Clinical Health Records, and for any optional third-party integration you sign into (such as Google Sheets). You may withdraw consent at any time in iOS Settings → Privacy & Security → Health, or within the relevant third-party service.
• Performance of a contract — to deliver the App, including subscription features you have purchased.
• Legitimate interests — to respond to support requests, prevent abuse, and maintain the security and integrity of the App. Where we rely on legitimate interests, we have assessed that these interests are not overridden by your rights and freedoms.
• Compliance with legal obligations — where we must process information to meet a legal requirement.

• Health data and Clinical Health Records are stored by Apple on your device and in your iCloud (if you have iCloud Health sync enabled). The App reads them through the HealthKit API; the App does not maintain its own copy on any server.
• Preferences, automations, and cached summaries are stored locally on your device.
• OAuth tokens for optional integrations are stored in the iOS Keychain, which is protected by your device passcode and Secure Enclave.
• Feedback submissions are transmitted over HTTPS to Web3Forms, which delivers them to our support inbox. Retention at Web3Forms is governed by their policy.
• Support emails are stored in our email provider’s systems for as long as needed to respond and maintain a reasonable support history.

We use industry-standard safeguards — HTTPS/TLS for all network traffic, Keychain-protected credential storage, no direct network access to health data, and App Sandbox isolation provided by iOS. No system is perfectly secure, but we aim to apply the protections reasonably available to a modern iOS application.

• On-device data persists for as long as the App is installed. Deleting the App removes the App’s local data, including preferences, automation definitions, cached summaries, and stored OAuth tokens.
• Apple Health data and Clinical Health Records are governed by iOS and Apple Health’s own settings, not by us. Revoking HealthKit access or deleting health data is done in iOS Settings → Privacy & Security → Health, or in the Apple Health app.
• Feedback submissions and support correspondence are retained for up to 24 months from the date of submission, unless we need to keep them longer to resolve an open issue or comply with a legal obligation, after which we delete or anonymize them.

You have strong control over your data in the App:

• Revoke HealthKit access at any time: iOS Settings → Privacy & Security → Health → Vital Report.
• Revoke Clinical Health Records access in the same place.
• Revoke Google Sheets access at myaccount.google.com/permissions (also available in the App via Settings → Destinations).
• Delete the App to remove all of its on-device data, including stored preferences, automation definitions, cached widget data, and OAuth tokens.
• Manage, cancel, or request a refund for your subscription: iOS Settings → [Your Name] → Subscriptions, or at apps.apple.com/account/subscriptions.
• Contact support at support@neonsummit.co for any other data request.

Depending on where you live, you may have additional rights under applicable law (see §13 and §14 below). To exercise any such right, email support@neonsummit.co. We will verify your request using the email address it was sent from, respond within the timeframes required by law, and will not discriminate against you for exercising any right.

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the following rights:

• Right to know what personal information we have collected about you and how we use it.
• Right to delete personal information we have collected from you, subject to certain exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing of personal information.
• Right to limit use of sensitive personal information.
• Right not to be discriminated against for exercising these rights.

The categories of personal information we may receive (as defined in the CCPA) are:

• Identifiers — the email address you voluntarily provide in feedback.
• Internet or other electronic network activity — nothing, beyond what you voluntarily submit in feedback.
• Sensory or health information — only processed on your device, never received by us.
• Inferences — we do not derive inferences about you on our servers; on-device insights are not transmitted.

To exercise your rights, email support@neonsummit.co. You may also authorize an agent to make a request on your behalf; we will require reasonable verification.

In addition to the rights described in §12, if you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the right to:

• Access the personal information we hold about you.
• Rectify inaccurate or incomplete information.
• Erase your information (“right to be forgotten”), subject to legal retention requirements.
• Restrict or object to certain processing.
• Data portability — receive your information in a structured, machine-readable format.
• Withdraw consent at any time (without affecting processing done before withdrawal).
• Lodge a complaint with your local data protection authority. A list of EU authorities is available at edpb.europa.eu. UK users may contact the Information Commissioner’s Office.

To exercise these rights, email support@neonsummit.co.

For transparency, here is the complete list of third parties that may receive information in connection with the App, and what each one receives:

We do not use any other third-party service that processes personal information about you.

Neon Summit LLC is based in the United States. If you are outside the United States, any information you send us (for example, a feedback submission or support email) will be transferred to and processed in the United States. For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards where required, including Standard Contractual Clauses with our service providers where applicable.

Vital Report is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction, such as 16 in parts of the EEA). We do not knowingly collect personal information from children. Apple Health itself imposes age-based limits on certain data categories. If you believe a child has provided us with personal information, please contact support@neonsummit.co and we will delete it.

We may update this Privacy Policy from time to time to reflect changes in the App, in our practices, or in applicable law. When we make a material change, we will update the “Last Updated” date at the top of this page, and — for significant changes that affect how we handle your information — we will provide notice within the App or through another reasonable means before the change takes effect. Your continued use of the App after a change becomes effective means you accept the updated policy.

Questions, requests, or concerns about this Privacy Policy or our data practices can be directed to:

Neon Summit LLC
Attn: Privacy
1 Soares Farm Rd
West Bridgewater, MA 02379
United States
Email: support@neonsummit.co