DermAdventures LLC d/b/a Veldheer Lineman Vault ("VLV", "we", "our", "us")
Effective date: May 17, 2026
Last updated: May 17, 2026
This Privacy Policy describes how VLV collects, uses, discloses, and protects information when you use the Veldheer Lineman Vault mobile app and related services (the "Service"). By using the Service, you agree to this Policy.
1. Who we are
DermAdventures LLC, a Michigan limited liability company, operates the Service under the brand "Veldheer Lineman Vault". Contact: support@veldheerlinemanvault.com.
2. Information we collect
You provide directly:
Account info: email address, password (stored only as a salted scrypt hash), display name, biometric login preference.
Athlete profile: date of birth (year/month/day), height, weight, target weight, jersey number, playing level (high school / college / pro), positions, season status, injury areas, dietary restrictions, profile photo.
Training, nutrition, and recovery inputs: workout logs, RPE, PRs, meals, plate photos, voice notes (transcribed by Whisper), recipe selections, fast-food and gas-station lookups, in-season schedule, intake notes.
Community ("Tribe") content: posts, comments, reactions, profile bio, film clips, embedded media, mentions.
Communications you send us, including support requests and feedback.
Collected automatically:
Device info: device model, OS version, language, time zone, app version, build number.
Diagnostics: anonymized crash and performance data via Sentry (when enabled).
Logs: per-request X-Request-Id, IP address, endpoint, status code, latency. Pino redacts known PII fields.
Local storage: AsyncStorage, SecureStore, and TanStack Query cache for app state.
From integrations you connect:
Apple Health (iOS) — read-only access, only after you grant permission, to: sleep stages, HRV, resting heart rate, heart rate, active energy, steps, VO2 max, respiratory rate. Data is stored only in your VLV account on our servers and on your device; the most recent 30 days of derived daily snapshots are kept in app storage. We do not use Apple Health data for advertising or marketing, we do not sell it, and we do not share it with third parties. We do not use Apple Health data for any purpose other than the app functionality described in this Policy. Apple Health data is never used to qualify you for insurance, employment, or credit. When you revoke permission in iOS Settings → Privacy & Security → Health, or when you delete your VLV account in Settings → Account → Delete Account, all Apple Health data we have derived from your readings is deleted.
RevenueCat — subscription status and entitlements.
Apple App Store / Google Play — purchase confirmations only; we never see your payment card.
Resend — transactional email delivery.
Google Maps Places — when you search for fast food or gas stations near you, your coordinates are sent to Google to perform the lookup.
Foursquare — venue data lookups for nearby places.
3. How we use information
Operate, maintain, secure, and improve the Service.
Generate personalized training plans, nutrition guidance, recovery insights, and AI-generated outputs.
Compute readiness signals from Apple Health data.
Authenticate you and prevent fraud, abuse, and unauthorized access.
Process subscriptions through RevenueCat / Apple / Google.
Send transactional and service-related messages.
Comply with legal obligations.
De-identify and aggregate data to improve the Service.
We do not sell or rent personal information. We do not use your data to train third-party AI models, and we contractually require our AI providers (OpenAI, Google Gemini, Anthropic via OpenRouter, Whisper) not to train their models on it.
4. AI providers (sub-processors)
OpenAI (GPT-5.5, Whisper): Plate analysis, fridge scan, In-Season Architect plan generation, voice transcription.
Google Gemini (3 Flash): Structured schedule generation, food macro lookups, daily command.
Anthropic Claude (Sonnet 4.6 via OpenRouter): Vaulty AI chat, Fuel Forge, recovery protocols, Quick Forge, daily planner, schedule nutrition plans, "Vaulty's Take" health insights.
These providers process your inputs to return outputs. We do not authorize them to retain inputs for training. See each provider's privacy policy for their independent practices.
When you tap "Report" on any AI response inside the app, we store the report — your user ID, the AI surface (plate analysis, Fuel Forge, Architect plan, Season Blueprint, etc.), the reason you selected, any optional written details, and a snapshot of the AI response in question — so our team can review the content, take it down or correct it if warranted, and improve the underlying model. Reports are visible only to VLV staff and are retained while your account is active.
5. How we share information
We share information only with:
Service providers acting on our behalf (Replit hosting, Google Cloud Storage, RevenueCat, Resend, Sentry, the AI providers above, Google Maps, Foursquare).
In response to legal process — subpoenas, court orders, or government requests we believe in good faith require disclosure.
To protect rights, safety, and property — ours, yours, or any third party's.
In a corporate transaction — merger, acquisition, financing, or sale of assets, subject to reasonable confidentiality protections and continued application of this Policy.
With your consent.
6. Children's privacy (COPPA)
The Service is intended for users 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, contact support@veldheerlinemanvault.com and we will delete it. Users 13–17 should use the Service only with the knowledge and consent of a parent or legal guardian.
7. Your rights and choices
Depending on your jurisdiction (including California, Virginia, Colorado, Connecticut, Utah, the EU/EEA, and the UK), you may have the right to: access, correct, delete, port, or restrict processing of your personal information; withdraw consent (e.g., disconnect Apple Health in iOS Settings); opt out of "sales" or "sharing" of personal information (we do not sell); and appeal our decision on a request.
To exercise any of these, email support@veldheerlinemanvault.com or use Settings → Account → Delete Account in the app. We will verify your request and respond within 45 days (or as required by law). We will not discriminate against you for exercising a right.
California "Shine the Light" (Cal. Civ. Code § 1798.83): We do not share personal information with third parties for their direct marketing purposes.
8. Data retention
We keep personal information only for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Apple Health snapshots are kept for 30 days on-device. Account data is deleted within 30 days of an account deletion request, except where retention is required by law or for legitimate business purposes (e.g., financial records, fraud prevention, backups, which are purged in their normal cycle).
9. Security
We use scrypt password hashing, refresh-token rotation, encryption in transit (TLS), per-request rate limiting, IP rate limiting on auth, magic-byte upload validation, hardened security headers (Helmet), AI cost guardrails, ownership middleware, and structured logging with PII redaction. No system is 100% secure; you are responsible for keeping your credentials confidential and notifying us immediately of any suspected unauthorized access.
10. International transfers
We are based in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards (such as standard contractual clauses).
11. Third-party links and services
The Service may link to third-party sites or services. We are not responsible for their privacy practices.
12. Do Not Track
The Service does not respond to "Do Not Track" browser signals.
13. Apple privacy disclosures
Our App Store privacy labels reflect the data types listed in this Policy and in our app.json privacy manifest (NSPrivacyCollectedDataTypes). We do not engage in tracking as defined by Apple's App Tracking Transparency framework.
14. Changes to this Policy
We may update this Policy from time to time. Material changes will be announced in the app and reflected in the "Last updated" date. Continued use after the effective date constitutes acceptance.
15. Contact
DermAdventures LLC d/b/a Veldheer Lineman Vault
Email: support@veldheerlinemanvault.com
Postal address: Available on written request.
Legal