Privacy Notice

Last updated: April 2026 · vitawallet.eu

1. Who we are

Vita Wallet operates vitawallet.eu, a secure health document delivery and storage platform. We are the data controller for patient wallet data and act as a data processor for documents sent by healthcare businesses (labs, clinics).

⚠️ This notice is a working draft pending legal review. Please engage a Cyprus-qualified lawyer to finalise before going live with real patient data.

2. What data we collect

  • Account data: name, email address, password (hashed)
  • Health documents: PDF and image files sent by healthcare providers
  • Document metadata: test type, date, doctor name, clinic name
  • Delivery data: your name and email address are used only to send you a secure link — they are deleted from our systems once the email is dispatched. We retain only a one-way cryptographic hash of your email to detect duplicate or repeat deliveries.
  • Access logs: hashed IP addresses and timestamps (no raw IPs stored)
  • Consent record: timestamp of when you agreed to this notice

3. Health data (GDPR Article 9)

Your health documents are special category data under GDPR Article 9. We process this data only on the basis of your explicit consent, which you give when creating your wallet. You may withdraw consent and delete all your data at any time.

4. How we use your data

  • To deliver health documents from labs and clinics to you securely
  • To store your documents in your personal wallet
  • To provide access logs to the sending business confirming delivery

We do not sell, share, or use your health data for advertising or profiling.

5. Where your data is stored

All data is stored on servers located in Frankfurt, Germany (EU) using Supabase infrastructure. Your data never leaves the European Union.

6. How long we keep your data

  • Delivery name and email: deleted immediately after the secure link email is sent — not retained in readable form
  • Delivery records (metadata, access logs): 30 days from sending (configurable by the business)
  • Wallet documents: until you delete them or close your account
  • Account data: until you request deletion

7. Your rights

Under GDPR you have the right to: access your data, correct it, delete it, restrict processing, and withdraw consent. To exercise any of these rights, email privacy@vitawallet.eu. We will respond within 30 days.

8. Deleting your account

To delete your account and all associated health data, email privacy@vitawallet.eu with the subject "Delete my account". We will complete the deletion within 72 hours and confirm by email.

9. Contact

For any privacy questions: privacy@vitawallet.eu