Skip to main content
Your health data is among the most sensitive information you share with any service, and Veyda treats it accordingly. This page explains exactly what data Veyda collects, how it is stored and protected, who can access it, and what rights you have as a user. If you have questions not answered here, contact us at support@veyda.com.
Veyda is a health intelligence platform, not a medical device or healthcare provider. The insights and recommendations Veyda provides are for informational and wellness purposes only and do not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for medical decisions.

What Veyda collects

Veyda collects only the data necessary to generate your health insights and operate the platform. Health metrics from connected devices and apps When you authorize a connection to a wearable or health app, Veyda receives the health data that source makes available — such as heart rate, sleep stages, step counts, workout summaries, and blood oxygen levels. The specific metrics available depend on the capabilities of each connected source. Account and profile information To create and manage your account, Veyda stores your email address, name, password (hashed and salted — never stored in plain text), and the health profile details you provide during onboarding, such as age, biological sex, height, weight, and health goals. Aggregated app usage data Veyda collects anonymized, aggregated data about how features are used across the platform — for example, which insight categories are most viewed or how often users manually log data. This data cannot be linked back to individual users and is used solely to improve the product. What Veyda does NOT collect
  • Location data — Veyda does not access your device’s location unless you explicitly grant permission for a specific feature, such as outdoor route mapping for a workout. You can revoke this permission at any time in your device’s system settings.
  • Contacts — Veyda never accesses your contacts, address book, or social graph.
  • Financial data — Payment transactions are processed by the App Store or Google Play. Veyda does not store your credit card number, bank account details, or any other financial information.

Data storage and encryption

Encryption at rest All health data stored in Veyda’s systems is encrypted using AES-256, the same standard used by financial institutions and government agencies. Encryption in transit Data transmitted between your device and Veyda’s servers is protected by TLS 1.3, ensuring that your health metrics cannot be intercepted in transit. SOC 2 compliant infrastructure Veyda stores all user data in data centers that have achieved SOC 2 Type II certification. This certification requires independent audits of security, availability, and confidentiality controls on an ongoing basis. No third-party data sharing Veyda does not share your individual health data with third parties, advertisers, data brokers, employers, or insurers. Your data is not used to train shared models or sold in any form.

Your data rights

Export your data

You can download a complete export of all health data and insights associated with your account at any time. Go to Settings → Privacy → Export Data and select your preferred file format. Your export will be ready to download within a few minutes for most accounts.

Delete your data

To permanently delete your account and all associated data, go to Settings → Privacy → Delete Account and submit a deletion request. Deletion requests are processed within 30 days. During this window, your account is deactivated and inaccessible.
Deleting your account is permanent and irreversible. All health data, insights, and account information are removed from Veyda’s systems and cannot be recovered. Export your data before submitting a deletion request if you want a local copy.

Correct your data

You can update your health profile — including age, biological sex, height, weight, and health goals — at any time from Settings → Health Profile. Changes take effect immediately and are factored into future insight calculations.

Access controls

Internal access Access to user health data within Veyda is restricted to a small number of authorized engineers. Internal access is granted only for specific support or debugging purposes and is governed by least-privilege principles — engineers can access only the minimum data necessary to resolve the issue at hand. Audit logging Every instance of internal access to user health data is recorded in a tamper-resistant audit log. Logs include the engineer’s identity, the reason for access, the data accessed, and a timestamp. Logs are reviewed regularly as part of Veyda’s security program. Your control over connected apps You can revoke Veyda’s access to any connected device or app at any time from Settings → Connections. Revoking a connection stops future data collection from that source immediately. If you want data previously collected from that source removed from your account, submit a partial data deletion request through Settings → Privacy.

Compliance

Veyda is not a HIPAA-covered entity as defined under U.S. law — Veyda is a consumer wellness platform, not a healthcare provider, health plan, or healthcare clearinghouse. Accordingly, Veyda is not subject to HIPAA’s regulatory requirements.That said, Veyda voluntarily aligns its data handling practices with HIPAA principles: health data is encrypted at rest and in transit, access is strictly controlled and audited, data is never disclosed to third parties without explicit user consent, and users have the right to access and delete their data.
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):
  • Right of access — Request a copy of the personal data Veyda holds about you.
  • Right to rectification — Correct inaccurate personal data at any time through your account settings.
  • Right to erasure — Request deletion of your personal data. Submit a request through Settings → Privacy → Delete Account.
  • Right to data portability — Export your data in a machine-readable format via Settings → Privacy → Export Data.
  • Right to object — Object to processing of your personal data in certain circumstances.
  • Right to restrict processing — Request that Veyda limit how your data is used while a dispute is being resolved.
To exercise any of these rights or to contact Veyda’s data protection team, email support@veyda.com with the subject line “GDPR Request.”
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the following rights:
  • Right to know — Request disclosure of the categories and specific pieces of personal information Veyda has collected about you, including the sources, purposes, and any third parties with whom it is shared.
  • Right to delete — Request deletion of personal information Veyda has collected, subject to certain exceptions.
  • Right to opt out of sale — Veyda does not sell personal information. There is nothing to opt out of.
  • Right to non-discrimination — Veyda will not discriminate against you for exercising any of your CCPA rights.
To submit a CCPA request, email support@veyda.com with the subject line “CCPA Request” and include your registered email address.