Vanta Legal
Data Safety Summary
A user-facing summary of the kinds of data Vanta may collect, why it is used, and how it is protected.
Last updated: May 12, 2026
These pages are transparency and compliance drafts for Vanta. They should be reviewed before production or Play Store submission.
Data Vanta May Collect
- Personal information such as email, username, and optional profile details.
- Health and fitness data such as workouts, body metrics, nutrition logs, water, supplements, sleep, recovery, strain, and WHOOP data if connected.
- App activity such as account state, sync actions, and app-generated summaries.
- User content such as tasks, habit logs, workout plans, and journal entries.
- Device or app information only as needed for the website and Android wrapper to function.
Data Sources
- Data entered directly by the user.
- Data imported from a connected WHOOP account after user authorization.
- App-generated analytics, summaries, streaks, and progress calculations.
Purpose
- App functionality.
- Analytics and progress tracking.
- Account management and authentication.
- Security, abuse prevention, and troubleshooting.
- WHOOP sync and display when authorized by the user.
Data Sharing
Vanta does not sell user data.
- Service providers such as Supabase and Vercel process data needed to operate the app.
- WHOOP data is accessed only when the user connects WHOOP and grants authorization.
- Google Play may process app distribution and install information for Android users.
Security
- Data is transmitted over HTTPS.
- Journal content is intended to be encrypted client-side before storage.
- Account access is protected by Supabase authentication.
- Database access controls are used where applicable.
Deletion And Controls
- Users can request account and data deletion through support.
- Users can disconnect WHOOP where the app provides that option.
- Deleting a Vanta account does not delete the user's WHOOP account.
Contact
Contact: mattarithikreddy@gmail.com