Privacy Policy
Effective Date: April 19, 2026 · Version 1.1
1. Introduction
Sinchi Lab LLC (“we,” “our,” or “us”) operates this website and the following products: VitaK. This Privacy Policy explains how we collect, use, disclose, and protect your personal information, including sensitive health data, across all our products and services.
VitaK is a health tracking application designed for patients taking anticoagulant medication. Because our products process health-related information, we take your privacy seriously. Please read this policy carefully before using our services. Additional products may be added in the future and this policy will be updated accordingly.
2. Information We Collect
Health Data
- INR (International Normalized Ratio) lab results
- Medication type and dosage logs (warfarin or acenocoumarol)
- Food intake logs with nutritional content (calories, Vitamin K, protein, carbs, fat)
- Food photographs (optionally submitted for AI nutritional analysis)
Voice Recordings
- Audio recordings submitted for food logging via voice transcription
- Voice recordings are processed and immediately discarded after transcription; they are not stored long-term
Account Data
- Email address (provided via Google OAuth sign-in)
- Google profile name
Technical Data
- Device type and browser information
- App usage patterns (pages visited, feature usage)
- Error logs (without health data content)
Local Device Data
- Offline data cached on your device via browser local storage and service worker cache for offline functionality
3. Legal Basis for Processing
We process your data under the following legal bases:
- Your Consent: For AI-powered food image analysis and voice transcription. These features are optional—you can log food manually without using photos or voice.
- Performance of Service: For core health tracking features (storing and displaying your INR, medication, and food logs).
- Legitimate Interest: For service security, error monitoring, and aggregate analytics to improve the app.
You may withdraw your consent for optional AI features at any time by simply not using those features.
4. How We Use Your Data
- Health Tracking: Store and display your health metrics, trends, and history
- AI Food Analysis (optional): Analyze food photos to estimate nutritional content, with emphasis on Vitamin K. Powered by Anthropic Claude. Images are sent without user identifiers and are not used to train AI models.
- Voice Transcription (optional): Convert voice recordings to text for food logging. Powered by OpenAI Whisper. Audio is sent without user identifiers, processed in real-time, and not retained.
- Subscription Management: Process payments and manage your subscription status
- Service Improvement: Aggregate, anonymized analytics to improve the app
5. How We Share Your Data
We share data with the following third-party services solely to operate the app:
| Service |
Data Shared |
Purpose |
| Amazon Web Services (AWS) |
All data (encrypted) |
Infrastructure hosting |
| Anthropic (Claude AI) |
Food images only (no user identifiers) |
Nutritional analysis |
| OpenAI (Whisper) |
Audio recordings only (no user identifiers) |
Voice transcription |
| LemonSqueezy |
Email address |
Payment processing |
| Google |
Email, profile name (via OAuth) |
Authentication |
We do not sell your personal data. We do not share your data for advertising or marketing purposes.
6. AI Processing and Automated Decision-Making
Our products (including VitaK) use AI services to assist with food logging:
- Anthropic Claude analyzes food photographs to estimate nutritional content (calories, Vitamin K, protein, carbs, fat). This analysis is assistive only—it provides estimates, not medical advice.
- OpenAI Whisper transcribes voice recordings into text for food logging convenience.
Both services receive data without user-identifying information. Neither service uses your data to train their AI models (per their API data usage policies).
AI features are entirely optional. You can log all food data manually. No automated decisions are made about your health or treatment based on AI analysis.
7. Biometric Data
Our products collect voice recordings when you use the optional voice transcription feature. In some jurisdictions (including Illinois under the Biometric Information Privacy Act), voice recordings may be classified as biometric data.
- Purpose: Voice recordings are collected solely for transcription into text to facilitate food logging.
- Handling: Recordings are transmitted to OpenAI’s Whisper API for processing and are not stored by Sinchi Lab LLC after transcription is complete.
- Third-party sharing: Recordings are shared only with OpenAI for transcription.
- Consent: By using the voice recording feature, you consent to this collection and processing. You may decline to use this feature at any time.
8. Data Security
- All data encrypted at rest (AES-256 via AWS)
- All data encrypted in transit (TLS 1.2+)
- Authentication via Google OAuth with PKCE
- API access requires valid authentication tokens
- Strict user data isolation (you can only access your own data)
- Audit logging via AWS CloudTrail
9. Data Retention
- Health data: Retained until you delete them or request account deletion
- Food images: Retained until you delete the associated food log
- Voice recordings: Not retained after transcription is complete
- Audit logs: Retained for 90 days
10. Your Rights
You have the right to:
- Access: View all your health data through the app at any time
- Delete: Delete individual records, or request full account deletion by contacting us
- Correct: Edit your health records at any time through the app
- Data Portability: Request an export of your data by contacting us
- Withdraw Consent: Stop using optional AI features at any time
- Non-Discrimination: We will not discriminate against you for exercising these rights
11. Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Categories of Personal Information Collected
- Identifiers: Email address, name (via Google OAuth)
- Health information: INR values, medication logs, food intake logs
- Internet/electronic activity: App usage data, device information
- Audio data: Voice recordings (if you use voice transcription)
- Visual data: Food photographs (if you use photo analysis)
Your California Rights
- Right to Know: Request details about the personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive Information: You may request that we limit our use of your sensitive personal information to what is necessary to provide the service
Contact us using the information below to exercise your rights. We will respond to verifiable requests within 45 days.
Shine the Light
California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information for direct marketing.
12. Local Storage and Offline Data
Our products store data locally on your device to enable offline functionality:
- Browser Local Storage: Caches your health data so the app works without an internet connection
- Service Worker Cache: Stores app assets (HTML, CSS, JavaScript) for offline loading
- No cookies: We do not use HTTP cookies for tracking or analytics
This local data remains on your device and is not transmitted to any third party. You can clear local data through your browser settings.
13. “Do Not Track” Signals
Sinchi Lab LLC does not track users across third-party websites. We honor “Do Not Track” browser signals. We do not use third-party tracking or analytics services that track you across other websites.
14. Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify affected users within 60 days of discovery (or sooner if required by applicable state law)
- Provide details about what data was affected
- Describe steps taken to address the breach
- Offer guidance on protective actions you can take
15. Children’s Privacy
Our products are not intended for children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
16. International Data Transfers
Sinchi Lab LLC’s infrastructure is hosted in the United States (AWS US-East-1 region). If you access our products from outside the United States, your data will be transferred to and processed in the United States.
17. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the effective date and version number at the top of this policy
- Notify you via email or in-app notification before the changes take effect
- Obtain fresh consent where required by law
18. Contact Information
For privacy questions, data requests, or to exercise your rights:
- Email: hello@sinchilab.com
- Response Time: We will respond to requests within 45 days