Legal hub

Vanta Legal

Data Safety Summary

A user-facing summary of the kinds of data Vanta may collect, why it is used, and how it is protected.

Last updated: May 12, 2026

These pages are transparency and compliance drafts for Vanta. They should be reviewed before production or Play Store submission.

Data Vanta May Collect

  • Personal information such as email, username, and optional profile details.
  • Health and fitness data such as workouts, body metrics, nutrition logs, water, supplements, sleep, recovery, strain, and WHOOP data if connected.
  • App activity such as account state, sync actions, and app-generated summaries.
  • User content such as tasks, habit logs, workout plans, and journal entries.
  • Device or app information only as needed for the website and Android wrapper to function.

Data Sources

  • Data entered directly by the user.
  • Data imported from a connected WHOOP account after user authorization.
  • App-generated analytics, summaries, streaks, and progress calculations.

Purpose

  • App functionality.
  • Analytics and progress tracking.
  • Account management and authentication.
  • Security, abuse prevention, and troubleshooting.
  • WHOOP sync and display when authorized by the user.

Data Sharing

Vanta does not sell user data.

  • Service providers such as Supabase and Vercel process data needed to operate the app.
  • WHOOP data is accessed only when the user connects WHOOP and grants authorization.
  • Google Play may process app distribution and install information for Android users.

Security

  • Data is transmitted over HTTPS.
  • Journal content is intended to be encrypted client-side before storage.
  • Account access is protected by Supabase authentication.
  • Database access controls are used where applicable.

Deletion And Controls

  • Users can request account and data deletion through support.
  • Users can disconnect WHOOP where the app provides that option.
  • Deleting a Vanta account does not delete the user's WHOOP account.

Contact