Privacy Policy
Last updated: December 13, 2024
Introduction
This Privacy Policy describes how VIRYA (hereinafter "we", "our" or "Virya") collects, uses, stores, and protects your personal data when you use the Virya mobile application (hereinafter "the Application").
We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and French data protection laws.
Data Controller and DPO
Data Controller:
VIRYA
Simplified joint-stock company (SAS) under French law
Share capital: 1,000.00 Euros
Registered office: 73 Rue Marcel Dassault, 92100 Boulogne-Billancourt, France
Trade Register: RCS Nanterre 995 191 343
EUID: FR9201.995191343
Email: contact@virya.coach
Data Protection Officer (DPO):
Email: privacy@virya.coach
For any questions regarding the protection of your personal data, you may contact our DPO at the above address.
1. Personal Data Collected
1.1 Data You Provide Directly
Registration data:
- Email address
- Password (stored in encrypted form)
- First and last name (optional)
- Profile photo (optional)
Personal profile data:
- Date of birth / age
- Gender
- Height
- Current weight and target weight
- Physical activity level
Dietary data and preferences:
- Dietary restrictions
- Food allergies
- Favorite foods and foods to avoid
- Culinary preferences
1.2 Data Generated by Your Use
- Recorded meals and nutritional intake
- Meal photos (if you use image analysis)
- Recorded exercises
- Messages exchanged with the AI agent
- Created or saved recipes
1.3 Automatically Collected Data
- Unique device identifier
- Device type and operating system
- Application version
- IP address
- Push notification token
1.4 Data from Third-Party Sources
- Google Sign-In, Apple Sign-In, Facebook Login: email, name, profile photo
- Apple Health / Health Connect: daily steps, active calories
- Garmin, Fitbit: activity data (if connected)
2. Purposes and Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract performance |
| Providing nutritional coaching service | Contract performance |
| Synchronization with health apps | Explicit consent |
| Sending reminder notifications | Consent |
| Application improvement | Legitimate interest |
3. Health Data - Special Processing
Data relating to your health (weight, medical conditions, physical activity data) is considered sensitive data under the GDPR.
We process this data only with your explicit consent obtained during registration, to provide you with personalized nutritional coaching service.
You may withdraw this consent at any time by contacting our DPO at privacy@virya.coach or by deleting your account.
4. Sharing and Data Recipients
4.1 We Never Sell Your Data
Your personal data is never sold to third parties for advertising or commercial purposes.
4.2 Technical Subcontractors
| Provider | Service | Location |
|---|---|---|
| Firebase (Google) | Authentication, notifications | USA (SCC) |
| Neon | Database hosting | USA/EU |
| Google Cloud | Server hosting | Europe |
| Google Gemini / OpenAI | Artificial intelligence | USA (SCC) |
These providers are subject to data processing agreements (DPA) ensuring the protection of your data in accordance with the GDPR.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of use + 3 years after deletion |
| Meal and nutrition data | Duration of use + 3 years |
| AI conversation history | 12 rolling months |
| Technical logs | 12 months |
After account deletion: Your data is deleted or anonymized within 30 days.
6. Data Security
We implement technical and organizational measures to protect your data:
- Data encryption in transit (HTTPS/TLS)
- Password encryption (bcrypt hashing)
- Secure database with restricted access
- Secure authentication (OAuth 2.0, JWT tokens)
- Supervision by our DPO
In case of data breach: Notification to the supervisory authority within 72 hours and notification to affected individuals if high risk.
7. Your Rights
In accordance with the GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of your data
- Right to data portability: receive your data in a structured format
- Right to object: object to the processing of your data
- Right to withdraw consent: withdraw your consent at any time
8. Exercising Your Rights
By email to the DPO: privacy@virya.coach
Information to provide:
- Your first and last name
- Your email address associated with the account
- The right you wish to exercise
Response time: Maximum 1 month
Complaint to Supervisory Authority: If you believe your rights are not being respected, you may file a complaint with your local data protection authority:
- France (CNIL): www.cnil.fr
- UK (ICO): ico.org.uk
- Germany (BfDI): bfdi.bund.de
9. Minors
The Application is accessible to minors with the authorization of a parent or legal guardian.
For users under 13 years old: We do not knowingly collect data from children under 13. If we discover that a child under 13 has created an account, we will delete it.
10. Artificial Intelligence
The Application uses artificial intelligence (Google Gemini, OpenAI) to analyze your meals and provide personalized suggestions.
AI provides recommendations but no decision with legal or significant effect is made in a fully automated manner.
Data transmitted to AI services is processed with contractual guarantees of non-use for training their models.
11. Changes to This Policy
We may modify this Privacy Policy at any time. In case of substantial modification, we will notify you by notification in the Application or by email.
12. Contact
General inquiries:
VIRYA
73 Rue Marcel Dassault, 92100 Boulogne-Billancourt, France
Email: contact@virya.coach
Personal data protection (DPO):
Email: privacy@virya.coach
13. Additional Information for Specific Jurisdictions
13.1 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your rights
By using the Virya Application, you acknowledge that you have read and understood this Privacy Policy.