Sign in Start free →
Privacy Policy

How we handle your data.
In plain language.

Effective date: May 2026 · Version 1.0 · Subject to legal review before public launch

Contents
  1. Our commitment
  2. What we collect
  3. How we use it
  4. What we never do
  5. When data is shared
  6. Aggregate and anonymized data
  7. How we protect it
  8. Your rights
  9. Deletion and export
  10. Children
  11. Changes to this policy
  12. Contact
🔒
The short version

We collect what we need to run your system. We use it only for your benefit. We never sell it. You can export or delete everything at any time. These commitments were made before the first customer joined and cannot be changed by any offer that arrives later.

1. Our Commitment

Vithropic is a data intelligence platform. The entire value we provide depends on accumulating accurate, personal context about your financial and health life. That means we hold some of the most sensitive data a person can share.

We made three founding commitments before this company launched:

  • We will never sell your data. To anyone. Ever. Your data is not a revenue source. Subscriptions are.
  • We will not sell this company for what it holds. If acquisition offers come — and they will — the data you've entrusted to us is not part of any transaction.
  • We will not compromise these commitments to scale faster. Growth does not override the promises made on day one.

This privacy policy is the legal expression of those commitments. It governs how Vithropic, Inc. ("Vithropic," "we," "us") collects, uses, and protects information about users ("you") of our platform at vithropic.com and our related applications.

2. What We Collect

Account information

When you create a Vithropic account, we collect your name, email address, and the tier you select. We do not collect payment information directly — all billing is handled by our payment processor (Stripe) and we receive only a tokenized payment reference.

Financial data

With your explicit permission, we connect to your financial accounts through a bank-grade account aggregation service. This includes transaction history, account balances, investment holdings, and loan balances. We receive this data in read-only form — we cannot initiate transfers or move money. Your banking credentials are never shared with or stored by Vithropic.

Health and fitness data

On Intelligence and Wealth tiers, with your explicit permission, we receive health data through Google Health Connect (Android) or Apple HealthKit (iOS). This may include sleep duration and stages, heart rate, heart rate variability, activity data, step counts, and data from connected wearable devices. We receive only the data you explicitly authorize through your device's health platform.

Daily check-in responses

Our daily check-in system asks short, structured questions about how you're feeling and how your week is going. These responses are stored and used to calibrate your personal intelligence system.

Usage data

We collect basic usage information — which features you use, when you log in, and how you interact with your briefings. This is used to improve the product and understand how the system is working for you.

Device and browser data

We collect standard technical information including your browser type, operating system, IP address, and device identifiers. This is used for security monitoring and service delivery.

3. How We Use It

Everything we collect is used for one purpose: making your Vithropic system work better for you.

  • Running the intelligence agents that monitor your accounts and health data on your behalf
  • Generating your personalized weekly briefings
  • Detecting anomalies, opportunities, and patterns in your financial and health data
  • Calibrating your personal baseline and adjusting it as your life changes
  • Producing peer intelligence benchmarks using anonymized, aggregated data across similar profiles
  • Sending you communications about your account, briefings, and significant system events
  • Improving the product — how the agents work, how briefings are generated, how patterns are detected

We do not use your data to train general AI models that will be used for purposes unrelated to your Vithropic system.

4. What We Never Do

  • Sell your personal data to any third party, ever
  • Share your personal data with advertisers
  • Use your data to serve you targeted advertising
  • Allow your financial account credentials to be stored by Vithropic
  • Access your accounts beyond the read-only permissions you grant
  • Share your individual data with your employer, insurer, or any institution that could use it adversely
  • Use your health data for insurance underwriting purposes

5. When Data Is Shared

Your personal data is shared only in these specific, limited circumstances:

Service providers

We work with third-party service providers who help us operate the platform — cloud infrastructure, account aggregation, payment processing, and email delivery. These providers process data only on our behalf and under strict data processing agreements. They cannot use your data for their own purposes.

Legal requirements

We may disclose data if required by law, court order, or governmental authority. Where legally permitted, we will notify you before complying with such a request.

Business transfers

Vithropic is built to remain independent and privately held. We have made a founding commitment not to sell this company, merge it, or take it public. We work for our customers — not for investors or shareholders. In the extraordinary and unforeseen event that a corporate transaction occurred despite that commitment, your data would transfer only to a successor entity bound by these same privacy commitments, and you would be notified and given the opportunity to delete your data before any transfer.

With your consent

We will share data for any other purpose only with your explicit, informed consent.

6. Aggregate and Anonymized Data

Vithropic uses anonymized, aggregated data to power peer intelligence benchmarks — showing how similar profiles compare on savings rates, spending patterns, health metrics, and other dimensions.

Before any data contributes to these benchmarks, all personally identifying information is removed. The resulting statistics cannot be traced back to any individual. We apply a minimum cohort size of 50 profiles before publishing any benchmark — below this threshold, no benchmark is surfaced because individual reverse-identification becomes theoretically possible.

On deletion and aggregate contributions

When you delete your account, all your personal data is deleted. Any anonymized statistical contributions already mixed into aggregate benchmarks cannot be individually extracted — they were anonymized before contribution and no longer exist as your data within the statistical population. This is disclosed because you deserve to know it.

7. How We Protect It

All data stored by Vithropic is encrypted at rest using AES-256 encryption. All data in transit uses TLS 1.3. Secrets and credentials are stored in a dedicated, access-controlled vault — never in code or configuration files. Every access to sensitive resources is logged and audited.

We conduct quarterly automated vulnerability scans, semi-annual full penetration tests by independent third-party firms, and an annual comprehensive security review. Results are published in our annual transparency report.

For full security details, see our Security page.

8. Your Rights

You have the following rights with respect to your personal data:

  • Access. You can view all data Vithropic holds about you from your account dashboard.
  • Correction. You can update inaccurate personal information at any time.
  • Portability. You can export all your data in standard formats (CSV, JSON) at any time.
  • Deletion. You can request deletion of all your personal data. We will complete this within 30 days and send confirmation.
  • Restriction. You can restrict how certain data is used, including opting out of aggregate benchmark contributions.
  • Objection. You can object to processing of your data at any time by contacting us.

California residents have additional rights under the California Consumer Privacy Act (CCPA). EU and UK residents have additional rights under the General Data Protection Regulation (GDPR). To exercise any of these rights, contact us at our contact page.

9. Deletion and Export

To export your data: navigate to Account Settings → Data → Export. You will receive a download link within 24 hours containing all your personal data in standard formats.

To delete your account: navigate to Account Settings → Data → Delete Account. All personal data will be removed within 30 days. Your financial account connections are severed immediately upon request. You will receive a confirmation email when deletion is complete.

Deleting your account cancels your subscription effective at the end of your current billing period.

10. Children

Vithropic is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will delete it promptly. If you believe a child under 13 has created an account, contact us at our contact page.

11. Changes to This Policy

We will notify you of material changes to this privacy policy by email at least 30 days before they take effect. We will also post a notice on vithropic.com. If you disagree with any changes, you may delete your account before they take effect.

We will never make changes that reduce your privacy rights without explicit consent. Changes that strengthen your rights may take effect immediately.

12. Contact

For privacy questions, rights requests, or concerns:

Response time: Within 48 hours for all requests
Rights requests: Completed within 30 days
Note: This privacy policy was drafted to reflect Vithropic's actual practices and founding commitments. It is subject to review by a qualified privacy attorney before the platform's public launch. The commitments expressed here are binding regardless of the review outcome.