Viora Vitals — Privacy
Last updated
layout: default title: Privacy Policy
Privacy Policy
Last updated: July 15, 2026
Viora Vitals ("the App", "we", "us") is built by Stefan Pihlanen ("the Developer"). This Privacy Policy explains what data the App handles and how it is used.
Summary: The App is designed for privacy. All your data stays on your device and, if you choose, in your personal iCloud account. We do not run any server, do not collect analytics, do not track you, and cannot see your data.
1. Data we handle
The App lets you track and view the following types of data locally on your device:
- Health & fitness data from Apple Health (HealthKit): steps, distance, workouts, sleep, heart rate, heart rate variability, resting heart rate, VO2 Max, respiratory rate, blood oxygen, active energy, basal energy, stand hours, flights climbed, mindful minutes, weight, body fat, lean body mass.
- Data you enter manually: habits, habit completions, medications and doses, water intake, symptoms, progress photos, weight entries, challenges, notes.
- App preferences: settings, notification schedules, focus areas, appearance mode.
- Subscription status (if you subscribe to Viora Pro): handled by Apple's App Store and StoreKit. We receive only entitlement information (whether you have an active subscription), never payment details.
2. How your data is stored
- On your device — all data is stored locally using Apple's SwiftData framework.
- In your iCloud account (optional) — if you enable iCloud Backup, the App writes an encrypted backup to your private iCloud container using Apple's CloudKit. This data is only accessible from devices signed in to your Apple ID.
- In HealthKit — health data read from Apple Health stays in Apple Health. The App reads it with your permission but does not copy it elsewhere. The App writes back only walk workouts you explicitly log through the "Log walk" feature.
3. What we do NOT do
- We do not operate any server, database, or cloud service for your data.
- We do not collect analytics, telemetry, crash reports, or usage statistics.
- We do not use any third-party tracking SDKs (no Firebase, no Google Analytics, no Facebook Pixel, no Sentry, etc.).
- We do not share, sell, or rent your data to anyone.
- We do not use your data to train AI models.
- We do not have accounts, login, or servers — so there is nothing for us to breach.
4. Google Health and Fitbit data
If you choose to connect Google Health, Viora Vitals requests only read-only Activity & Fitness, Health Metrics & Measurements, and Sleep access shown in the Google authorization flow. Depending on what your Fitbit account provides, this can include steps, active energy, active minutes, HRV, resting heart rate, respiratory rate, blood oxygen, sleep temperature, VO2 max, weight, body-fat percentage, main sleep, sleep stages, restless-sleep context, and naps.
Viora downloads this data directly from Google Health to your device. It uses the data only to provide the health and fitness features you choose, such as Sleep Analysis, overnight and recovery signals, Heart & Fitness, Body, Activity, trends, and source-aware insights. When Apple Health and Google Health may represent the same event, Viora chooses one source according to metric-specific reconciliation rules; it does not blindly add overlapping data.
Viora stores the OAuth credential in the iOS Keychain and keeps its working health-data copy on the user's device. Viora does not operate a health-data backend, sell Google Health or Fitbit data, use it for advertising, use it for credit decisions, or use it to train AI models. Viora does not share Google Health data with third parties except when the user explicitly uses an iOS sharing or export action and chooses the destination.
Users can disconnect Google Health in Viora at any time. Viora removes its local OAuth credential and local Google Health cache, then returns to Apple Health where available. Disconnecting does not delete Fitbit or Google Health data held in the user's Google account; Google's own account, retention, and deletion controls apply to that source data.
The use of information received from Google Health API and/or Developer Tools will adhere to the Google Health API Developer and User Data Policy, including the Limited Use requirements.
5. Third parties
The third parties involved are:
- Apple — HealthKit (on-device health data access), CloudKit / iCloud (optional backup in your own iCloud account), StoreKit / App Store (subscription management and payments).
- Google — Google Health API (optional, only if you connect Fitbit through Google Health).
Apple's privacy practices are described in Apple's Privacy Policy. Google's practices are described in Google's Privacy Policy.
6. Your rights and controls
- View and edit — all data is visible and editable inside the App.
- Export — you can export your data as CSV from Settings → Support → Export Data.
- Delete — you can delete individual items inside the App, or wipe everything via Settings → Data & Sync → Reset App.
- Revoke HealthKit access — at any time in iOS Settings → Privacy & Security → Health → Viora Vitals.
- Disconnect Google Health — at any time in Viora Vitals Settings. This removes the local OAuth credential and local Google Health cache.
- Disable iCloud Backup — at any time in Settings → Data & Sync.
- Cancel subscription — via iOS Settings → Apple ID → Subscriptions.
7. Children's privacy
The App is not directed at children under 13. We do not knowingly collect data from children.
8. Security
Data on your device is protected by iOS sandboxing and device encryption. iCloud backups are encrypted in transit and at rest by Apple. We recommend you set a passcode or use Face ID / Touch ID on your device.
9. Changes to this policy
We may update this policy as the App evolves. The "Last updated" date at the top will reflect any changes. Material changes will be noted in release notes.
10. Contact
For privacy questions or concerns:
- Email: support@samladit.se
- Developer: Stefan Pihlanen, Sweden
11. Governing law
This policy is governed by Swedish law.