AIVITA Logo

AIVITA Privacy and Cookie Policy

Last updated: March 31, 2026

1. Introduction

At AIVITA, we are committed to protecting your privacy and safeguarding your personal and health-related data. This privacy and cookie policy explains how AIVITA ApS ("AIVITA," "we," "us," or "our"), based in Denmark, collects, uses, stores, and protects your information. AIVITA is a health coaching app that delivers personalized lifestyle recommendations. This policy complies with the GDPR, the EU ePrivacy Directive, and Danish data protection laws.

For questions, contact us at [email protected].


2. Data Controller

AIVITA ApS Kong Georgsvej 17, 2950 Vedbæk, Denmark CVR: 45641694 Email: [email protected]


3. What Data We Collect

Personal information: Name, email, date of birth, gender, country, postal code, and height.

Special categories (health data, GDPR Art. 9): Data from fitness trackers (steps, heart rate, sleep, recovery), lab test results, and qualitative responses from the journaling system. Processing of health data requires your explicit consent.

Other data: Location context (postal code, city, country), usage data (challenge participation, message ratings, points, badges), technical data (IP address, device type), push notification tokens, and payment data (subscription and transactions — full card details are processed exclusively by Stripe/RevenueCat and never stored by AIVITA).


4. How We Use Your Data

AIVITA uses your data to:

  • Generate personalized health recommendations via our HealthSync AI.
  • Support gamified challenges and track progress.
  • Deliver weekly and monthly health reports.
  • Suggest relevant health tests.
  • Send push notifications with coaching messages and reminders.
  • Improve the service by analyzing usage patterns.

5. Legal Basis

Purpose Legal Basis
User account and profile Art. 6(1)(b) Contract
Personalization (age, gender, height) Art. 6(1)(a) Consent
Health data and AI recommendations Art. 6(1)(a) Consent + Art. 9(2)(a) Explicit consent
Apple Health synchronization Art. 6(1)(a) Consent + Art. 9(2)(a) Explicit consent
Payment and subscription Art. 6(1)(b) Contract + Art. 6(1)(c) Legal obligation
Accounting records Art. 6(1)(c) Legal obligation (Danish Bookkeeping Act)
Push notifications Art. 6(1)(b) Contract
App improvement and analytics Art. 6(1)(f) Legitimate interest
Email newsletters Art. 6(1)(a) Consent

You can withdraw your consent at any time via "My Profile > Delete Profile" or by contacting [email protected]. Withdrawal does not affect the lawfulness of prior processing.


6. AI and Automated Decisions

AIVITA uses artificial intelligence (HealthSync AI) to generate personalized health recommendations based on your health data, journal responses, and wearable data. The AI model analyzes your data and cross-references it with health science knowledge.

AI-generated recommendations are advisory and do not constitute medical advice. No automated decisions have legal or similarly significant effects on you.


7. Recipients of Your Data

We never sell your personal data. We share data with the following recipients:

Data processors (user data):

Processor Service Country
DigitalOcean Hosting and data storage EU (NL/DE)
OpenAI AI-generated health recommendations EU servers
Stripe Payment processing (website) USA
RevenueCat Subscription management (App Store) USA
Apple APNs Push notifications USA
Mailchimp Newsletters USA

We also use processors for internal administrative purposes (payroll, bookkeeping, project management, communication). These processors do not have access to user health data.

Joint controllership (Meta): For ad measurement via Meta Pixel/Conversions API, AIVITA and Meta Platforms Ireland Ltd are joint controllers under GDPR Art. 26. Meta only sets cookies with your consent.

Authorities: When legally required.


8. Third Country Transfers

Some of our processors are based in the USA. We protect your data through EU-US Data Privacy Framework certification and EU Standard Contractual Clauses (SCC). All user data is stored on EU servers (Amsterdam/Frankfurt). OpenAI has EU Data Residency enabled.


9. Retention and Deletion

Data Retention
Account and profile data Until you delete your account. Accounts inactive for 24 months are deleted after a 30-day email reminder.
Health data Until account deletion. Deleted within 2 days of a valid request.
AI-generated data Deleted within 30 days of a valid request.
Payment and transaction data 5 years (Danish Bookkeeping Act).
Newsletter (email) Until you unsubscribe.
Push notification tokens Until account deletion.

Delete your account: In the app via "My Profile > Delete Profile" (immediate) or by email to [email protected] (within 2 days).


10. Your Rights

Under the GDPR, you have the right to:

  • Access — learn what data we hold about you (Art. 15)
  • Rectification — have inaccurate data corrected (Art. 16)
  • Erasure — have your data deleted (Art. 17)
  • Restriction — require processing to be restricted (Art. 18)
  • Data portability — receive your data in a machine-readable format (Art. 20)
  • Objection — object to processing based on legitimate interest (Art. 21)
  • Withdrawal of consent — at any time (Art. 7)

Contact [email protected] — we respond within 30 days.

You may lodge a complaint with the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark ([email protected], www.datatilsynet.dk).


11. Data Security

Data is encrypted in transit and at rest, stored on EU servers, and access is limited to authorized personnel with two-factor authentication and logging. We have data processing agreements with all processors and breach response procedures within 72 hours.


12. Cookies

Necessary cookies: Session management and security (session-based, cannot be disabled).

Analytics: We use Plausible.io, which is cookie-free and does not collect personal data.

Marketing cookies (require consent): If you visit us via a Meta ad, Meta may set cookies (_fbp, _fbc) for ad measurement (90 days). These are only set with your consent via our cookie banner.

You can change or withdraw your cookie consent at any time via the cookie settings on our website.


13. Changes

We may update this policy and will inform you of significant changes via email or in the app.


14. Contact

AIVITA ApS Kong Georgsvej 17, 2950 Vedbæk, Denmark CVR: 45641694 Email: [email protected]