Consumer Health Data Privacy Policy

Last updated: June 14, 2026

1. Introduction

Welcome to VegaLoop! VegaLoop LLC (“VegaLoop”, “us”, “we”, or “our”) is the owner and operator of the website https://vegaloop.com (hereinafter referred to as “Service”). The Service includes VegaLoop’s website, web application, iOS and Android mobile applications.

This Consumer Health Data Privacy Policy (“Policy”) applies to personal data defined as “Consumer Health Data” by applicable health laws that is collected from you by us. This Policy supplements our Privacy Policy, which is available on the Service at https://vegaloop.com/privacy/. In the event of a conflict between any other VegaLoop policy and this Policy, this Policy will prevail with respect to Consumer Health Data collected.

2. Consumer Health Data

My Health My Data Act

This Policy has been drafted in accordance with the Washington State My Health My Data Act (“MHMDA”).

Consumer Health Data

Consumer Health Data under MHMDA refers to Personal Data that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. Consumer Health Data may include information relating to physical activity, nutrition, biometrics, body measurements, wellness goals, sleep patterns, fitness activities, heart rate data, body composition metrics, and similar health-related information voluntarily submitted through the Service.

Personal Data

For reference purposes, when used in this Policy, “Personal Data” refers to data about a living individual who can be identified from the data (or from those and other information either in our possession or likely to come into our possession). It refers to information that personally identifies or relates to an individual person. Personal Data may be referred to as personal data, sensitive data or personally identifiable information in data protection laws and regulations.

3. Consumer Health Data We Collect

As described in our Privacy Policy, the Personal Data we collect depends on your interactions with the Service, the features you use, your device settings, connected third-party integrations, and applicable law.

We may collect the following Personal Data, which may also constitute Consumer Health Data under applicable laws and regulations:

• Information relating to nutrition, meals, calorie intake and dietary habits;
• Information relating to workouts, exercise, training sessions, fitness metrics and performance analytics;
• Biometric and body measurement information, including weight, body composition metrics, heart rate data, sleep-related information and similar measurements voluntarily submitted through the Service or validly obtained through connected integrations;
• Information relating to wellness goals, objectives, progress tracking, recommendations, and related health and wellness preferences;
• Other information that may reasonably be used to infer or derive health-related information concerning a consumer.

We may also collect information generated through automated processing systems, algorithms, analytical tools, or wellness recommendation systems relating to nutrition, activity, biometric, or goal-related information.

Directly Provided Consumer Health Data

We may collect Consumer Health Data directly from you when you create an account, use the Service, enter information into the Service, interact with customer support, complete forms or surveys, establish wellness goals, upload biometric, fitness or activity information, or otherwise voluntarily provide information through the Service.

Consumer Health Data from Integrations and Connected Devices

We may collect Consumer Health Data from third-party integrations, connected platforms and devices authorized by you, including fitness devices, wearable devices, nutrition services, health tracking platforms and related third-party applications or services that you choose to connect to the Service.

Consumer Health Data Generated Through Use of the Service

We may generate Consumer Health Data based on the information you provide, information received from connected devices and integrations, your activities within the Service, and your interactions with features, tools, recommendations, wellness programs and analytics available through the Service.

Automatically Collected Consumer Health Data

We may collect usage, log and diagnostic information from devices, browsers, applications and systems used to access the Service, including through cookies, analytics technologies, usage monitoring tools and related technologies.

To the extent that such information is linked to an identifiable individual and identifies or could reasonably be used to infer an individual’s health, wellness or fitness-related characteristics, we will treat such information as Consumer Health Data under this Policy.

4. Use of Your Consumer Health Data

To the extent we collect Consumer Health Data, we may use such information for the purposes set forth in this Policy, in compliance with applicable laws and regulations.

Operation and Management of the Service

We may use Consumer Health Data to provide, operate, maintain and improve the Service and its features.

Insights and Analytical Purposes

We may also use Consumer Health Data to generate wellness insights, analytics, summaries and customized recommendations based on nutrition, activity, biometric, and goal-related information.

We may further use Consumer Health Data to perform analytics, internal development, testing, quality assurance and operational improvements. Additionally, we may use Consumer Health Data to generate aggregated, anonymized, or de-identified analytical information that does not reasonably identify an individual user of the Service.

Security and Fraud Prevention

Where needed, we may use Consumer Health Data to authenticate accounts, maintain security, prevent fraud and detect unauthorized activity in connection with the Service.

Customer Support

When you send us inquiries, requests, or report any issues, we may use your Consumer Health Data to address or respond to such requests and reports.

Legal Obligations

In compliance with applicable laws and regulations, we can use Consumer Health Data to comply with our legal obligations, enforce our policies, and protect our rights.

Consent Granted

We may use your Consumer Health Data for any purpose for which you provided your consent or authorization, where required by applicable law.

5. No Sale of Consumer Health Data

We do not sell Consumer Health Data to third parties. We also do not use Consumer Health Data for targeted advertising or cross-context behavioral advertising purposes.

6. Sharing Consumer Health Data With Third Parties

We may share Consumer Health Data with certain categories of third parties as reasonably necessary to operate, maintain, secure and improve the Service in accordance with applicable laws and regulations. Based on your use of the Service, we may share the following categories of Consumer Health Data:

• account information relating to your health, wellness or fitness activities;
• health, wellness, fitness, nutrition, biometric and related information that you provide using the Service;
• information received from connected devices, wearable devices and authorized third-party integrations;
• health-related preferences, goals, insights, recommendations and inferences generated through your use of the Service; and
• Consumer Health Data generated based on the information you provide.

We may share the foregoing categories of Consumer Health Data with the third parties described below, as reasonably necessary to operate and improve the Service and as otherwise permitted by applicable law.

Service Providers

We may share Consumer Health Data with our service providers that need to know this information to perform their duties for the Service. Service providers may use Consumer Health Data only for authorized purposes and must maintain appropriate confidentiality and security safeguards.

Third Party Integrations

If you connect a third-party platform, wearable device or similar integration to the Service, we may provide Consumer Health Data to those third parties solely to the extent reasonably necessary to provide the requested functionality.

Business Transactions

We may be asked to share Consumer Health Data as part of a business merger, acquisition, financing transaction, sale of assets, bankruptcy proceeding, or similar business transaction involving us provided the sharing is: (i) legally permitted, (ii) reasonably necessary for the transaction, and (iii) subject to confidentiality and security protections. Any information shared will be limited to the extent reasonably necessary for purposes of the transaction.

Legal Requirements

We may share Consumer Health Data where the disclosure is reasonably necessary to comply with applicable laws, regulations, legal obligations, court orders or law enforcement requirements.

We may also disclose Consumer Health Data if the disclosure is reasonably necessary to protect our rights, property, safety, security or legal interests.

User-Directed Sharing

The Service may allow you to share health, wellness, fitness, nutrition or other information with users of the Service, connected services or audiences of your choosing. Where this option is available, we will provide information regarding the categories of information that may be shared and the intended recipient, destination or audience before you complete the sharing action.

Any Consumer Health Data that you choose to share using these features will be disclosed according to your direction and instructions. You acknowledge and understand that information that you choose to share may become accessible to the recipients or audiences you select and may no longer be subject to the protections described in this Policy once received by those recipients.

Confidentiality Requirement

Any service provider or other third party that receives Consumer Health Data from us to process such information on VegaLoop’s behalf shall be required to maintain the confidentiality and security of such information and shall be prohibited from using Consumer Health Data for purposes beyond those authorized by this Policy and applicable law. This requirement does not apply to recipients, audiences or third-party platforms that you select through a user-directed sharing feature, which are addressed in Section 6.5.

7. Consumer Health Data Rights

Subject to applicable law and certain exceptions, residents covered under the Washington MHMDA and other similar laws and regulations in the United States may benefit from the following rights in connection with their Consumer Health Data:

• The right to know whether we are collecting, sharing, or selling their Consumer Health Data;
• The right to access the Consumer Health Data about them that we collected;
• The right to withdraw any consent granted relating to the collection or sharing of their Consumer Health Data;
• The right to request the deletion of their Consumer Health Data.

You may exercise your rights by submitting a request to us by email (support@vegaloop.com). Your request must include sufficient information for us to reasonably verify your identity and process your request. All requests will be reviewed and responded to in a timely manner, in accordance with the requirements set by applicable laws and regulations.

We reserve the right to refuse a request if permitted by applicable law, including where we are unable to verify your identity, or where the request is not sufficiently specific or verifiable. Additionally, we may refuse a request if complying would prevent us from: (i) fulfilling our legal obligations, (ii) maintaining security measures, (iii) detecting fraud, (iv) complying with recordkeeping requirements or (v) carrying out lawful business purposes. We may also refuse requests that are repetitive, excessive or otherwise unfounded.

We will respond to verified requests within the time periods prescribed by applicable law. Where required by applicable law, if we refuse your request in whole or in part, we will provide you with information regarding appeal processes and instructions regarding appeal rights.

8. Data Security

We implemented reasonable safeguards designed to protect Consumer Health Data against unauthorized access, disclosure or destruction.

Consumer Health Data may be encrypted in transit and at rest, where reasonably applicable and feasible. Access to Consumer Health Data will be restricted to authorized personnel, contractors, and service providers who have a legitimate need for such access.

While we implemented commercially reasonable safeguards and security measures, you understand that no method of transmission over the Internet or electronic storage system is completely secure.

9. Retention of Consumer Health Data

We will retain Consumer Health Data only for as long as reasonably necessary to fulfill the purposes described in this Policy, including to comply with our legal obligations, resolve disputes and protect our legal interests.

Where appropriate, Consumer Health Data that is no longer necessary may be deleted, anonymized or aggregated in accordance with applicable laws and regulations.

10. Consumer Health Laws and Regulations

Certain states within the United States have enacted or may enact laws, regulations or consumer privacy policies governing Consumer Health Data, including laws that may be similar to or derived from the Washington MHMDA.

To the extent applicable, we intend for this Policy, together with our Privacy Policy and related privacy disclosures, to apply in a manner reasonably designed to comply with applicable Consumer Health Data laws and privacy regulations. Our objective is for this Policy to align with legal requirements within the United States that govern the collection, processing, storage, sharing, protection, retention and deletion of Consumer Health Data.

Where required by applicable law, we will obtain additional consent, provide policies, recognize or implement additional safeguards relating to Consumer Health Data.

11. Updates to This Policy

We may update this Policy from time to time, at our discretion. We will notify you of any changes by posting the new Policy on the Service.

Any changes to this Policy will be effective as of the date specified in the header. It is your responsibility to review this Policy periodically to remain informed of the latest version. Additionally, where required by applicable law, we may provide additional notice, obtain consent, authorization or other legally required permissions before implementing material changes affecting our Consumer Health Data practices.

Use of the Service following the publication of the updated Policy will be construed as your agreement with the updated Policy, except where applicable law requires notice, consent, authorization or another affirmative action before changes relating to Consumer Health Data may take effect. If you do not agree with any changes made to this Policy, your sole recourse is to cease using the Service.

12. Contact Us

If you have any questions regarding this Policy, or the use or disclosure of your Consumer Health Data, please contact us by email: support@vegaloop.com.