Vida Life Logo

Privacy Policy

Last updated: November 3, 2025

Table of Contents

  • Introduction
  • Information We Collect
  • Information We DON'T Collect
  • How We Use Your Information
  • When You Leave a Community
  • Data Security
  • Regional Compliance
  • Your Rights
  • Data Retention
  • Third-Party Services
  • Children's Privacy
  • Changes to This Policy
  • Contact Us

Introduction

Vida Life ("we," "us," or "our") is committed to protecting your privacy, especially given the sensitive nature of health-related communities. This Privacy Policy explains how we collect, use, and safeguard your information when you use our platform.

We've designed Vida Life with privacy at its core. We collect only the minimum information necessary to provide our services and never sell or share your personal data with third parties for marketing purposes.

Information We Collect

Authentication Information

  • OAuth provider identifiers (e.g., Apple ID, Google ID, Microsoft ID, Yahoo ID)
  • SHA-256 hash of your email address (for magic link authentication) - we never store your actual email
  • Authentication provider name (Apple, Google, Microsoft, Yahoo, or email domain)

Profile Information

System-Assigned:

  • Pulse username (automatically generated)

User-Controlled:

  • Display name and nickname
  • Optional bio
  • Optional institution affiliation and position
  • Optional profile and banner images

Activity Data

  • Posts, messages, and comments you create
  • Community memberships and roles
  • User blocking relationships
  • Timestamps (account creation, last active)

App Usage & Preferences

  • Recent searches (institutions and rare diseases)
  • Favorite institutions and rare diseases
  • User preferences (color theme)
  • Last institution visited
  • Acknowledged institution guidelines

Technical Data

  • Device tokens for push notifications

Information We DON'T Collect

We are committed to minimal data collection. We do NOT collect:

  • Email addresses - We only store SHA-256 hashes for magic links
  • Phone numbers
  • Physical addresses
  • Government-issued IDs
  • Payment or financial information
  • IP addresses for tracking purposes
  • Precise location data
  • Cookies or tracking pixels
  • Browser fingerprints

How We Use Your Information

We use the information we collect solely to provide and improve Vida Life's services:

  • Authenticate your account and maintain your session
  • Connect you with relevant health communities
  • Enable secure messaging between community members
  • Send important notifications about your communities
  • Maintain platform safety and prevent abuse
  • Provide customer support when requested
  • Comply with legal obligations

When You Leave a Community

We respect your right to leave any community and ensure your privacy is protected when you do:

What happens to your content:

  • Public posts - Reassigned to "Anonymous User" to preserve community knowledge
  • Private channels - Completely deleted along with all attachments
  • Public channel messages (e.g., Healing support groups) - Reassigned to "Anonymous User"
  • Direct messages - Reassigned to "Anonymous User" but retained for other participants

Account deletion:

  • Your user record and all metadata are completely deleted
  • No personal data remains that could identify you
  • If you rejoin later, you start fresh with no connection to previous activity

Note: Content reassigned to "Anonymous User" helps preserve valuable community knowledge and support discussions while protecting your privacy.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption at rest - PostgreSQL database encrypted with LUKS
  • Encryption in transit - All data transmitted via TLS/SSL, with Ably securing real-time messaging channels
  • Secure file access - Signed URLs with automatic expiration
  • Email privacy - SHA-256 hashing for magic link emails
  • No password storage - OAuth-only authentication
  • Regular security audits - Continuous monitoring and updates

Regional Compliance

GDPR (European Union)

  • Lawful basis: Legitimate interests for basic operations, explicit consent for health data
  • Special category data: Health information processed only with explicit consent
  • Your rights: Access, rectification, erasure, portability, restriction, and objection
  • Data transfers: Standard contractual clauses for international transfers

PIPEDA (Canada)

  • Consent obtained for all collection and use
  • Limited collection to necessary purposes only
  • Safeguards appropriate to data sensitivity
  • Access and correction rights guaranteed

HIPAA (United States)

Note: Vida Life is not a HIPAA-covered entity because we are a peer-to-peer support platform, not a healthcare provider, health plan, or healthcare clearinghouse. HIPAA only applies to these specific types of organizations and their business associates.

As a community platform where users voluntarily share their experiences, we follow security best practices and give you full control over what health information you choose to share.

Your Rights

Regardless of your location, you have the following rights regarding your personal information:

  • Access - Request a copy of your personal data
  • Correction - Update or correct inaccurate information
  • Deletion - Delete your account and associated data
  • Portability - Export your data in a machine-readable format
  • Restriction - Limit how we process your data
  • Objection - Object to certain types of processing
  • Withdraw consent - Withdraw previously given consent at any time

To exercise any of these rights, please contact us at [email protected].

Data Retention

  • Active accounts - Data retained while your account remains active
  • Deleted accounts - Data is deleted immediately without option to recover
  • Anonymized content - Retained indefinitely for community benefit
  • Email hashes - Deleted with your account; you can rejoin anytime by reapplying
  • Legal obligations - Some data may be retained longer if required by law

Third-Party Services

We use minimal third-party services to operate Vida Life:

  • Authentication providers - Apple, Google, Microsoft, and Yahoo for OAuth (no data shared back)
  • Mailjet - For sending magic link emails (no retention of email content)
  • Ably - Encrypted real-time messaging infrastructure for instant communication between users
  • Cloudflare - CDN for serving images only (no personal data)
  • Cloudflare R2 - Secure storage for uploaded files and documents
  • Mixpanel - Analytics using only your anonymized user ID (UUID), never your personal information. When you leave a community, we initiate a deletion request for your analytics data. Mixpanel provides GDPR and CCPA compliant data management tools

Children's Privacy

We take special care to protect the privacy of minors:

  • Users under 16 require parental or guardian consent
  • Enhanced privacy protections for minor accounts
  • Parents can request access to or deletion of their child's information
  • We do not knowingly collect data from children under 13 without parental consent

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We'll update the "Last updated" date at the top
  • The information contained in this website is subject to change without notice
  • Your continued use after changes means you accept the updated policy
  • You can always view the current policy at this URL

Contact Us

For questions about this Privacy Policy, please contact us:

Privacy inquiries: [email protected]

Mailing Address:

Vida Life Foundation

Legal Department

1769 Hillsdale Ave #24955

San Jose, CA 95154

USA

© 2025 Vida Life. All rights reserved.||