← Back to home

Privacy Policy

Effective date: February 28, 2026

Quick Summary

  • We collect personal info, health data, and usage data to provide the Vanta Society experience
  • For Marketplace purchases, we collect shipping/billing addresses and order history
  • For merchants, we collect store data via Shopify to sync products and fulfill orders
  • Photos stay on YOUR device unless you enable backup sync
  • We do NOT sell your personal information
  • RevenueCat processes digital purchases; Razorpay processes physical goods
  • You can delete your account and data anytime
  • We use industry-standard security to protect your data
  • This is NOT medical advice — consult a healthcare provider for health decisions

1. Introduction

Welcome to Vanta Society. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"), our website at www.vantasociety.org, and our Shopify sales channel. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

2. Information We Collect

From App Users — Personal Information

  • Email address (for account authentication)
  • First and last name
  • Profile image (from Google/Apple sign-in)
  • Gender assigned at birth
  • Phone number (optional)
  • Country code (optional)
  • Instagram handle (optional)
  • Invite/referral codes

From App Users — Health and Fitness Data

  • Current weight and target weight
  • Physical statistics and fitness goals
  • Daily task completion data
  • Exercise routine information
  • Mood and energy tracking
  • Evening journal entries
  • Check-in photos (stored locally on your device)

From App Users — Usage Data

  • App usage statistics and interaction data
  • Initiation start date and progress
  • Task completion history and streaks
  • Time spent in the app
  • Features accessed and actions taken

From App Users — Marketplace Data

When you make purchases through our Marketplace, we collect:

  • Shipping addresses (name, phone number, complete address, PIN code)
  • Billing addresses (if different from shipping)
  • Order history and purchase details
  • Product preferences and browsing history within the Marketplace
  • Payment transaction details (processed securely by Razorpay)

From Merchants (via Shopify)

  • Store name and domain
  • Store email and billing address
  • Product catalog data (titles, descriptions, images, prices, inventory levels)
  • Order and fulfillment status for orders created through Vanta

From Customers (via Vanta Platform)

  • Name and email address
  • Phone number
  • Shipping and billing address
  • Order history on Vanta

Automatically Collected

  • Device type and operating system
  • Unique device identifiers
  • App version and crash reports
  • Network information
  • IP address
  • Browser information
  • Usage data and analytics

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the 66-day Initiation challenge and app features
  • Create and manage your user account
  • Generate personalized routines and recommendations using AI
  • Track your progress through the 66-day Initiation program
  • Enable community features like leaderboards (using anonymized data)
  • Process digital purchases (Initiation fee) through Apple App Store and Google Play Store
  • Process physical goods purchases through Razorpay for our Marketplace
  • Deliver Marketplace orders to your shipping address
  • Sync product catalogs from connected Shopify stores
  • Create and manage orders on behalf of merchants
  • Communicate order updates and shipping information
  • Send you check-in reminders and motivational notifications
  • Sync your data across devices (when you enable backup)
  • Improve app performance and user experience
  • Provide customer support
  • Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We do NOT sell your personal information. We may share your information in the following limited circumstances:

Third-Party Service Providers

We share data with trusted service providers who help us operate the app:

  • RevenueCat — Processes in-app purchases for digital goods (Initiation fee) via Apple App Store and Google Play Store
  • Razorpay — Processes payments for physical goods purchased through our Marketplace
  • Shopify — Creates orders and syncs product data in merchant stores
  • Cloud Storage Provider — Securely stores your backup data when you enable sync
  • Analytics Services — Helps us understand app usage to improve features (anonymized data only)
  • Hosting and communication tools — Help us operate the platform

Merchants

Order and customer details necessary to fulfill purchases made through the Marketplace.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, property, or safety, prevent fraud, or protect the safety of our users or the public.

Business Transfers

If Vanta Society is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the app before your information is transferred.

5. Photo Privacy

We take special care with your photos:

  • Evening check-in photos are stored locally on your device by default
  • Photos are NOT automatically uploaded to our servers
  • Photos are only included in cloud backups if you explicitly enable the sync/backup feature
  • We never access, view, or share your photos without your explicit consent
  • You can delete photos at any time from your device

6. Data Security

We implement industry-standard security measures to protect your information:

  • Data transmission is encrypted using SSL/TLS protocols
  • Encrypted API communications (HTTPS/TLS)
  • Secure token storage and HMAC verification for Shopify webhook communications
  • Passwords are hashed and never stored in plain text
  • Access to personal data is restricted to authorized personnel only
  • Regular security audits and updates
  • Secure cloud infrastructure with encryption at rest

7. Data Retention

We retain your information for as long as necessary to provide our services:

  • Active accounts — Data is retained while your account is active
  • Deleted accounts — Personal information is deleted within 30 days of account deletion request
  • Backup data — Deleted from our servers within 90 days of account deletion
  • Merchant data — Retained while the Shopify app is installed; upon uninstallation, account is deactivated and syncing stops
  • Legal obligations — We may retain certain data longer if required by law
  • Anonymized data — We may retain anonymized statistical data indefinitely for research and product improvement

8. Your Privacy Rights

All Users

  • Access — Request a copy of the personal information we hold about you
  • Correction — Update or correct inaccurate information
  • Deletion — Request deletion of your account and associated data (via in-app "Delete Account" button or by contacting us)
  • Data Portability — Request an export of your data in a machine-readable format
  • Opt-Out — Disable notifications and marketing communications

Merchant Rights

  • Uninstall the Vanta app at any time from your Shopify admin
  • Request export of your data
  • Request deletion of your data by contacting support@projectvanta.xyz
  • Control which products are listed on Vanta

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to know if it is sold or disclosed (we do NOT sell your data), and the right to non-discrimination for exercising your rights.

European Residents (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under GDPR, including the right to object to processing, restrict processing, lodge a complaint with your local data protection authority, and withdraw consent at any time. We process personal data based on legitimate interest (operating our platform) and contractual necessity (fulfilling orders).

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@projectvanta.xyz or use the "Delete Account" feature in the app. We will respond to your request within 30 days.

9. Cookies

We use essential cookies to maintain session state and authentication. We do not use third-party advertising cookies.

10. Children's Privacy

The App is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the App, you consent to the transfer of your information to our facilities and service providers located around the world. We ensure appropriate safeguards are in place to protect your information.

12. Third-Party Links and Services

The App may contain links to third-party websites, services, or brands (such as our Marketplace partners). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.

13. Health Disclaimer

The App is designed for general fitness and wellness purposes only. It is NOT a medical device and does NOT provide medical advice, diagnosis, or treatment. The health and fitness data we collect is for tracking your personal progress only. Always consult with a qualified healthcare provider before starting any new exercise program.

14. Push Notifications

With your permission, we may send you push notifications to remind you about daily tasks, check-ins, and motivational messages. You can disable these at any time through your device settings or in-app notification preferences.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date, posting a notice in the App, sending you an email notification (for significant changes), or requiring you to accept the new policy before continuing to use the App. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

16. Apple App Store Compliance

This app complies with Apple's App Store Review Guidelines:

  • Apple is not a sponsor of the 66-day Initiation and is not involved in any way
  • In-app purchases are processed and managed by Apple
  • For purchase-related issues, refunds, or billing questions, contact Apple Support
  • Apple has no obligation or liability with respect to the App or your use of it

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: