Privacy Policy

Welcome to Vesta ("we", "our", or "us"). We are committed to protecting the personal information you and your patients entrust to us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Vesta nutrition management platform.

By using Vesta, you agree to the collection and use of information in accordance with this policy.

Account information: When you register, we collect your name, email address, professional license number, and any optional profile details (such as a logo) you choose to provide.

Patient data: You may enter patient records including personal details, body measurements, dietary plans, and clinical notes. You are the data controller for this information; we process it on your behalf.

Usage data: We automatically collect information about how you interact with the platform (pages visited, features used, timestamps) to improve our service.

Payment information: Subscription payments are processed by Stripe. We do not store full credit card numbers on our servers.

• To provide, operate, and improve the Vesta platform
• To authenticate your account and enforce security
• To process subscription payments via Stripe
• To send transactional emails (account confirmation, password reset)
• To generate AI-powered nutritional analyses and meal plan suggestions
• To comply with legal obligations

Vesta is designed for use by licensed nutrition professionals. As the practitioner, you are responsible for obtaining appropriate consent from your patients before entering their data into the platform.

Patient data is stored in encrypted databases and is never shared with third parties for advertising or sold in any form. Access is restricted to your account via row-level security controls.

If you are subject to HIPAA (US) or GDPR (EU/EEA), please contact us to discuss a Data Processing Agreement (DPA) or Business Associate Agreement (BAA) as applicable.

Vesta uses OpenAI's API to power AI-driven features such as meal plan generation and nutrient analysis. When you invoke AI features, relevant data (food items, nutrient targets) may be sent to OpenAI. OpenAI's API data is not used to train their models under our API agreement. See OpenAI's Privacy Policy for details.

We also use Supabase for database and authentication services, and Stripe for payment processing. Each provider maintains their own privacy and security standards.

We retain your account and patient data for as long as your account is active. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law.

We use industry-standard security measures including TLS encryption in transit, encrypted storage at rest, and row-level security policies. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise these rights, please contact us at the email below. We will respond within 30 days.

We use essential session cookies required for authentication. We do not use advertising or tracking cookies.

We may update this Privacy Policy from time to time. We will notify registered users by email or in-app notice at least 14 days before material changes take effect.

For privacy-related inquiries, please contact:

Vesta
Email: privacy@vesta.app