How the Vireo app collects, uses, and protects your personal and health data.
Effective 23 June 2026 · Vireo · vireo.coach
In short. Vireo is an app for a nutritionist to work with their
clients. We collect only the data needed for that service: your profile, food diary,
and health metrics (weight, water, activity). We do not sell your
data, show no ads, and do not track you across other
apps. Health data is processed only with your explicit consent, and you can delete your
account together with all your data at any time.
01 Who is responsible for your data
The controller of your personal data is Yurii Stetsura, the author
and operator of the Vireo app (“we”, “Vireo”). For any privacy
question, contact yurii.stetsura@vireo.coach.
Vireo is a business-to-business-to-consumer (B2B2C) service: a nutritionist manages
their clients in the app. If you are a client, your nutritionist sees the data you
enter as part of your work together (profile, diary, metrics, messages). The
nutritionist is a separate controller for how they use that data in their practice.
02 What data we collect
We collect only what you enter yourself, plus the technical data needed for the app to work.
Account data
Email — to sign in and verify your account.
Name, and a phone number (optional).
Password — stored only as a cryptographic hash; we never see it in plain text.
Role (client or nutritionist) and settings (theme, language, notifications).
Client profile
Sex and date of birth (optional) — to calculate targets.
Dietary restrictions and allergies (e.g. lactose-free, vegetarian, gluten-free, free text).
Diary and health metrics
Food diary — meals with their calories and macronutrients, by day.
Weight over time, water intake, physical activity and calories burned.
Targets and meal plans set by your nutritionist.
Steps — the step counter reads your phone’s motion sensor; step history is not stored on the server.
Communication and bookings
Chat messages between client and nutritionist, reviews, and the nutritionist’s private notes.
Consultation bookings and schedule, including video calls.
Technical device data
Push notification token, platform (iOS/Android), app version, device language and time zone.
Connection logs (including the IP address used for a request) — for security and diagnostics.
What we do not collect
precise location (GPS)advertising identifiersclipboardcontactsbiometricsmedical diagnoses or prescriptionsdata from other apps
The app contains no third-party advertising and no tracking analytics. We do not
profile you for marketing and make no automated decisions about you without human
involvement.
03 Device permissions
The app requests permissions only when you use the relevant feature:
Camera — scanning product barcodes and video consultations.
Microphone — video calls only.
Motion sensor — the step counter.
Notifications — reminders and messages from your nutritionist.
You can revoke any permission in your phone settings; the related feature will simply become unavailable.
04 Why we use your data, and on what legal basis
Purpose
Legal basis
Creating an account and providing the service (diary, working with your nutritionist)
Performance of a contract with you
Processing health and nutrition metrics
Your explicit consent (special-category data)
Push notifications and reminders
Your consent (can be turned off anytime)
Account security, abuse prevention, diagnostics
Our legitimate interest
Compliance with legal obligations
Legal obligation
05 Health data — handled separately
Weight, nutrition, activity, restrictions and allergies are a special
category of personal data (data concerning health). We process them only on
the basis of your explicit consent, which you give when you enter
this data into the app.
You can withdraw consent at any time by stopping entering data or deleting your account.
We use this data only within the app — to show your progress and let your nutritionist support you.
Vireo is not a medical device and does not diagnose; the app does not replace a doctor’s advice.
06 Who we share data with
We do not sell data. We use vetted processors that help the app run and receive only the minimum they need for their function:
Service
Purpose
What data
Apple (TestFlight / App Store)
Beta distribution
Tester account data, crash diagnostics
Hetzner
Server and database (Germany, EU)
All app data (storage)
Cloudflare
Network, protection, delivery
Connection technical data
Firebase Cloud Messaging (Google)
Push notifications
Device token, notification text
Daily.co
Video consultations
Video call connection
OpenFoodFacts
Barcode product lookup
Only the barcode (no personal data)
Email provider
Verification and recovery emails
Email, one-time code
We may also disclose data where required by law or to protect the rights and safety of users.
07 International transfers
Primary data storage is located in the European Union (Germany).
Some processors (e.g. Apple, Google, Daily.co) may process technical data in the US
or other countries. Where they do, transfers rely on Standard Contractual Clauses and
other safeguards permitted by law.
08 How long we keep it
Account and diary data are kept for as long as your account exists.
When you delete your account, we delete the data associated with you (profile, diary, metrics, messages), except where the law requires a retention period.
Technical session and device tokens are purged automatically over time.
09 Your rights
Under data protection law (including the GDPR and Ukraine’s Law “On Personal Data Protection”) you have the right to:
Access — learn what data we hold about you.
Rectification — correct inaccurate data (most of it directly in the app).
Erasure — delete your account and data.
Restriction and objection — to certain processing.
Portability — receive a copy of your data.
Withdraw consent — at any time, without affecting prior lawful processing.
Complaint — to a data protection supervisory authority.
To exercise your rights, email yurii.stetsura@vireo.coach. You can also delete your account from within the app settings.
10 Security
Connections to the server are encrypted (HTTPS/TLS).
Passwords are stored only as hashes; verification codes are stored hashed as well.
We apply brute-force protection, temporary account lockout, and session token rotation.
No service can guarantee absolute security, but we apply industry practices to protect your data.
11 Children
Vireo is not intended for persons under 16 years of age. We do not
knowingly collect children’s data. If a minor uses the app, it should be under the
supervision of a parent or guardian and their nutritionist. If you believe a child
has provided us data without consent, contact us and we will delete it.
12 Changes to this policy
The app is in beta and evolving. We may update this policy; we will announce material
changes in the app or by email. The effective date is always shown at the top.