Privacy Policy

Last updated: October 31, 2025

Introduction and scope

The Vitals (“The Vitals”, “we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access our website thevitals.in and any associated applications or online properties (collectively, the “Platforms”), and when we deliver our services (the “Services”).
By using Platforms that link to this Privacy Policy, you agree to be bound by it and should read it together with our Terms of Use. Links from our Platforms may lead to external websites that are not covered by this Policy; please review their privacy policies as we are not responsible for their practices.

Fair use and location integrity

By agreeing to this Policy, you confirm that you will not access our Services using mechanisms that conceal or falsify your geo‑location (for example, VPNs). If you do so, we disclaim responsibility for any processing that results from such access.

Information we collect

Information you provide

We collect personal information when you:

Access or use our Platforms
Register an account or subscribe to newsletters or paid services
Submit inquiries, feedback, or participate in surveys
Engage with community features, comments, or events
Make a purchase or update billing details

Categories of data may include:

Identification: name, date of birth, gender, profile image, professional qualifications, specialty, and location
Login and social sign-in identifiers: Google, LinkedIn, Apple, or similar
Contact: email address and phone number
Transactional: subscription tier, invoices, and payment confirmations (payment card data is processed by our payment gateway; we do not store full card details)
Preferences and interactions: marketing preferences, survey responses, and feedback

Information collected automatically

When you use the Platforms, we automatically collect:

Usage and activity logs: pages viewed, links clicked, referral URLs, timestamps
Network and device data: IP address, approximate location, device and browser identifiers (e.g., cookie ID, device ID, AAID/iDFA), OS, browser version, app version, screen size, CPU and connection speed
Technical events: errors, performance metrics, session duration, and authentication events

We use cookies, SDKs, and similar technologies to distinguish users, maintain sessions, help secure the Platforms, and improve your experience. You can manage cookie preferences through your browser settings and any cookie banner controls we provide.

Information from other sources

We may receive information about you from:

Publicly available sources and content you share publicly (including social media profiles you connect)
Your interactions with our social pages, groups, and posts
Service providers and partners that support our Services (e.g., analytics, advertising, email delivery, payment, hosting, security)

When receiving information from third parties, we use it as described in this Policy and for defined, compatible purposes.

How we use your information

We process personal information for the following purposes:

Account access and authentication; user identification and profile management
Providing content, subscriptions, newsletters, and paid features
Personalizing content recommendations and user experience
Delivering location-aware features (where enabled)
Communicating service updates, announcements, and customer support responses
Sending marketing communications, surveys, and offers (with opt‑out controls)
Fulfilling contractual and legal obligations
Protecting our Services, preventing fraud/abuse, and maintaining security
Research, analytics, and product improvement
Developing new features and services (including with service providers and partners)

Marketing, measurement, and analytics

We may use web beacons, pixels, cookies, and similar tools to:

Understand engagement, measure email opens and link clicks for opted‑in subscribers
Tailor content and improve functionality and performance
Report aggregate, de‑identified geographic and audience insights to partners and advertisers

Where third‑party partners place tags or beacons, they are required to disclose such use in their own policies. Preferences may be stored per browser/device.

Legal bases for processing

Where applicable, we rely on one or more of the following legal bases:

Your consent (e.g., marketing, certain cookies)
Performance of a contract (e.g., providing a subscription)
Compliance with legal obligations
Legitimate interests (e.g., service improvement, security, fraud prevention), balanced against your rights and expectations

We may share personal information with:

Service providers and processors that help operate our business (e.g., hosting, cloud, security, analytics, advertising, payment processing, customer support, email/SMS delivery)
Affiliates and professional advisors under appropriate safeguards
Advertising and measurement partners to deliver and assess content/ads, subject to your choices and applicable law
Social platforms or single sign‑on providers when you choose to connect or interact via those services

We may also disclose information:

To comply with law, legal process, or enforceable government requests
To protect safety, security, rights, or property of our users, the public, or The Vitals
To prevent, investigate, or respond to suspected fraud, abuse, or security incidents
In connection with a corporate transaction (merger, acquisition, financing, sale of assets); where feasible, you will be notified of any material changes to data practices

We do not sell your personal information. Where required by law, we provide opt‑out mechanisms for targeted advertising or certain sharing.

Data retention

We retain personal information only as long as necessary for the purposes described in this Policy, taking into account legal, tax, accounting, and regulatory requirements, dispute resolution, security, and fraud prevention. Retention periods vary by record type and context. After the applicable period, we delete or de‑identify data.

Your choices and rights

Subject to applicable law, you may:

Access your personal data and request a copy
Request correction of inaccurate or incomplete data
Withdraw consent where processing is based on consent
Object to or restrict certain processing
Request deletion of your account and personal data
Opt out of marketing communications at any time via unsubscribe links or account settings
Manage cookies via browser settings and our cookie controls where available

We may need to verify your identity before fulfilling requests. Certain information may be retained to comply with law, resolve disputes, or enforce agreements. If you maintain multiple accounts, submit separate requests for each.

Data deletion

If you wish to delete your personal information and close your account:

Use any available in‑product deletion options in your account settings; or
Contact our Grievance Officer (details below)

After processing, you will receive a confirmation. Residual copies may persist for a limited time in backups. Logs may be retained without direct identifiers. Where we suspend accounts for fraud/safety, some data may be retained to prevent re‑registration.

Security

We implement commercially reasonable technical, organizational, and physical safeguards to protect personal information against unauthorized access, loss, misuse, alteration, or destruction. Data is transmitted over secure connections (look for “https”) and stored on secure infrastructure. You are responsible for keeping your account credentials confidential. No system is completely secure; risk cannot be eliminated.

International data transfers

We may transfer and process personal information outside India with service providers or partners subject to lawful transfer mechanisms and appropriate safeguards designed to ensure a level of protection comparable to applicable laws. Contractual safeguards and assessments are applied where required.

Children’s privacy

Our Services are intended for individuals who have attained the age of majority. Minors may use the Services only under the supervision of a parent or legal guardian. Parents/guardians should not allow minors to submit personal information. If we learn that we collected personal data from a minor without appropriate consent, we will take steps to delete it. Parents/guardians may contact our Grievance Officer for redressal.

Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in technology, law, or our practices. Updates will be posted on this page and, where appropriate, notified via email or in‑service notice. Your continued use after the effective date constitutes acceptance of the updated Policy. Previous versions may be available on request.

Account deletion steps (if mobile app is offered)

If The Vitals provides a mobile app, you can typically delete your account by opening the app, navigating to your profile or settings, selecting “Delete Account,” and confirming. If no app exists or if you face issues, please contact our Grievance Officer.

Contact and grievance redressal

Email: contact@thevitals.in
Subject line: “Grievance:” followed by your subject.

When you write to us, please include:

Your full name and contact details
A clear description of your request or concern
Whether the information concerns personal or sensitive personal data
A good‑faith statement that the information in your request is accurate and pertains to you

We may contact you to confirm or seek additional details to process your request.

Additional notices for India

Where India’s data protection requirements (including any sectoral or state‑level rules) apply, we will comply with lawful bases for processing, retention, security safeguards, cross‑border transfer conditions, breach notification duties, and grievance redressal obligations as required. Where consent is required, you may withdraw it at any time without affecting prior lawful processing.