Privacy Policy
Last updated: June 10 2026
VitalSynch (“the app”, “we”, “us”) is an offline-first health and fitness
companion. This policy explains what data the app handles, why, and the choices
and rights you have. VitalSynch is operated by İsmail Tunç Kankılıç, located in
Mersin/Turkey. For any privacy question or to exercise your rights, contact
ismail.tunc.kankilic@gmail.com
1. Our offline-first approach
Your data is created and stored on your device first. Synchronization to the
cloud is optional and happens only if you enable cloud backup. The app is fully
usable with no network connection and with cloud backup turned off.
2. Data we handle
Health & fitness data you enter:
– Medication names, schedules, reminders and adherence logs
– Symptoms and symptom-tracking entries
– Workouts and exercise logs
– Body metrics and progress data
– Insights derived from the above
Account data:
– Authentication identifiers managed by AWS Cognito (your email address, or an
Apple private-relay address if you use Sign in with Apple)
Consent records:
– Your consent choices and the policy version you accepted, kept in an on-device
consent log
We do NOT collect usage analytics, advertising identifiers, or location data,
and we do NOT track you across other apps or websites.
3. Why we use your data
– To provide core features: reminders, tracking, logging and insights
– To authenticate you and secure your account
– To synchronize your data across your devices (only if cloud backup is enabled)
We do not sell your personal data, and we never use your health data for
advertising.
4. Legal basis (GDPR)
– Your explicit consent (Art. 6(1)(a) and, for health data, Art. 9(2)(a)) for
processing your health and fitness data and for enabling cloud backup.
– Performance of a contract (Art. 6(1)(b)) for providing your account and the
core service.
Health data is a “special category” under GDPR Art. 9; we process it only with
your explicit, recorded consent and only to provide the service to you.
5. Where your data is stored
On your device: in an encrypted database (SQLCipher) and, for credentials, in the
operating system’s secure storage (Keychain).
In the cloud (only if you enable cloud backup): on Amazon Web Services (AWS)
infrastructure in the AWS Europe (Frankfurt) “eu-central-1” region, within the
EU/EEA. We use:
– AWS Cognito — authentication
– AWS API Gateway + AWS Lambda — secure API access
– AWS DynamoDB — your synchronized records
AWS acts as our data processor. Your synchronized data is stored in the EU and is
not transferred outside the EU/EEA by us.
6. Crash reporting
To keep the app reliable, uncaught technical errors may be sent to Sentry, our
crash-reporting processor. These reports contain technical information (error
type, stack trace, device and OS details) and are not designed to include your
health entries. Crash reporting helps us diagnose and fix problems only.
7. Data retention
– On-device data is kept until you delete it in-app or uninstall the app.
– Cloud data is kept until you delete your account or request deletion, after
which it is removed from our active systems.
8. Your rights
Under GDPR you have the right to access, rectification, erasure (“right to be
forgotten”), restriction, data portability, and to withdraw consent at any time.
You can exercise the main rights directly in the app:
– Manage consents: Settings → Privacy & Data → Manage Consents
– Export your data: Settings → Privacy & Data → Export Data
– Delete your account and data: Settings → Privacy & Data → Delete Account
Withdrawing consent does not affect processing carried out before withdrawal.
For any request you cannot complete in-app, contact ismail.tunc.kankilic@gmail.com
9. Account & data deletion
When you delete your account, we delete your cloud-stored personal data and your
authentication account. Deletion requires an internet connection so that no
server-side data is left behind. Local data is removed when you delete it in-app
or uninstall the app.
10. Children
VitalSynch is not directed to children under [16 / the minimum age in your
country]. We do not knowingly collect data from children below that age.
11. Changes to this policy
We may update this policy. Material changes are reflected by a new policy
version, and you may be asked to review and re-consent within the app.
12. Contact
İsmail Tunç Kankılıç
Mersin/Turkey
ismail.tunc.kankilic@gmail.com