← Legal Information

Privacy Policy

  • Vitamin CHE Mobile Application
  • Effective Date: February 20, 2026
  • Last Updated: February 20, 2026

1. INTRODUCTION

Elena Chemezova (Business Identification Number: 7908300050270), operating under the laws of the Republic of Kazakhstan, is committed to protecting the privacy and personal data of users ("you," "your," "User") of the Vitamin CHE mobile application ("App").

This Privacy Policy describes:

  • What personal information we collect
  • How we use, process, and protect your data
  • Your privacy rights under international law
  • How to exercise your rights

Legal Compliance: This Privacy Policy complies with:

  • GDPR (General Data Protection Regulation - EU)
  • CCPA (California Consumer Privacy Act - USA)
  • PIPEDA (Personal Information Protection and Electronic Documents Act - Canada)
  • Kazakhstan Law on Personal Data and its Protection

Contact Information:

  • Data Controller: Elena Chemezova
  • Email: elena@chemezova.com
  • Jurisdiction: Republic of Kazakhstan

Primary Markets: USA, Canada, UK, EU, CIS

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide

We collect information you voluntarily provide when you:

a) Create an Account:

  • Email address
  • Username or display name
  • Password (encrypted and hashed)
  • Country/region

b) Use Interactive Features:

  • Search queries for vitamins and supplements
  • Saved favorites or bookmarks
  • Notes or personal health logs (stored locally on your device unless you opt to sync)

c) Contact Us:

  • Name and email address
  • Message content and correspondence records

d) Participate in Surveys or Feedback:

  • Responses to voluntary questionnaires
  • Product review ratings

We Practice Data Minimization: We collect only the minimum information necessary for App functionality.

2.2 Automatically Collected Information

a) Device and Usage Data:

  • Device type, model, operating system version
  • Unique device identifiers (IDFA, Android Advertising ID)
  • IP address (anonymized where possible)
  • App version and crash reports
  • Pages viewed, features used, time spent in App

b) Location Data (Optional):

  • Approximate location based on IP address (for regional content customization)
  • Precise geolocation only if you grant explicit permission (used for finding nearby retailers)

c) Cookies and Tracking Technologies:

  • Session cookies for App functionality
  • Analytics cookies to improve user experience
  • See Section 9 and our separate Cookie Policy for details

2.3 Information from Third Parties

a) Affiliate Partners:

  • If you make a purchase through an affiliate link (e.g., iHerb), the partner may share limited transaction data (order confirmation, not payment details) to attribute the referral.

b) Social Media Login (If Applicable):

  • If you log in via social media (Facebook, Google), we receive basic profile information you authorize (name, email, profile photo).

c) Public Databases:

  • We may supplement product information with publicly available research, clinical studies, and regulatory databases.

2.4 Sensitive Personal Information

WE DO NOT INTENTIONALLY COLLECT:

  • Medical diagnoses or health conditions
  • Prescription medication lists
  • Genetic or biometric data
  • Financial information (credit cards, bank accounts)

If you voluntarily include sensitive health information in free-text fields (notes, messages), we recommend against it. Such information is encrypted but increases your privacy risk.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

We use collected data to:

a) Provide Core App Services:

  • Display personalized vitamin and supplement information
  • Operate the Compatibility Table and search functionality
  • Process AI Consultant queries
  • Save your preferences and favorites

b) Improve App Performance:

  • Analyze usage patterns to enhance features
  • Troubleshoot technical issues and bugs
  • Conduct A/B testing for interface improvements

c) Communicate with You:

  • Send service updates and security alerts
  • Respond to support inquiries
  • Provide optional promotional content (with consent)

d) Ensure Security:

  • Detect and prevent fraud or abuse
  • Enforce Terms of Service
  • Protect intellectual property rights

e) Comply with Legal Obligations:

  • Respond to lawful government requests
  • Fulfill regulatory reporting requirements
  • Defend legal claims

3.2 Marketing and Affiliate Operations

a) Affiliate Link Tracking:

  • We track clicks on affiliate links to attribute commissions (no payment data is accessed)
  • Anonymous performance metrics (click-through rates, conversion rates)

b) Personalized Recommendations:

  • Product suggestions based on your search history and favorites (processed locally where possible)

c) Email Marketing (Opt-In Only):

  • Newsletter with health tips, new products, and App updates
  • You can unsubscribe at any time via the link in every email

3.3 Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

Purpose: Core App functionality

  • Legal Basis: Contractual Necessity (Terms of Service)

Purpose: Service improvement

  • Legitimate Interest (enhancing user experience)

Purpose: Marketing emails

  • Legal Basis: Consent (opt-in required)

Purpose: Legal compliance

  • Legal Basis: Legal Obligation

Purpose: Security and fraud prevention

  • Legal Basis: Legitimate Interest (protecting users and business)

4. HOW WE SHARE YOUR INFORMATION

4.1 No Sale of Personal Data

WE DO NOT SELL, RENT, OR TRADE YOUR PERSONAL INFORMATION TO THIRD PARTIES FOR MONETARY COMPENSATION.

4.2 Service Providers and Processors

We share data with trusted third-party service providers who assist with:

a) Cloud Hosting and Infrastructure:

  • Servers, databases, and content delivery networks (CDNs)
  • Processors: AWS, Google Cloud, or similar (GDPR-compliant Data Processing Agreements in place)

b) Analytics and Performance Monitoring:

  • Usage statistics and crash reporting
  • Providers: Google Analytics, Firebase, or similar (anonymized where possible)

c) Customer Support:

  • Help desk and ticket management systems
  • Providers: Zendesk, Intercom, or similar

d) Email Communications:

  • Newsletter delivery and transactional emails
  • Providers: SendGrid, Mailchimp, or similar

All service providers:

  • Are contractually bound to protect your data
  • May only use data for specified purposes
  • Comply with applicable data protection laws

4.3 Affiliate Partners

When you click an affiliate link and visit a partner site (e.g., iHerb):

  • You leave the Vitamin CHE App and are subject to the partner's privacy policy
  • We share a referral identifier (not linked to your personal profile)
  • The partner may use cookies to track your session and attribute purchases

We are NOT responsible for partner privacy practices. Review their policies independently.

4.4 Legal Disclosures

We may disclose personal information if required by law or in good faith belief that such action is necessary to:

  • Comply with subpoenas, court orders, or legal processes
  • Protect the rights, property, or safety of Elena Chemezova, users, or the public
  • Investigate fraud, security breaches, or Terms of Service violations
  • Defend against legal claims or regulatory investigations

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets:

  • Your personal data may be transferred to the acquiring entity
  • You will be notified via email or in-app notice
  • The new entity must honor this Privacy Policy or obtain your fresh consent

5. INTERNATIONAL DATA TRANSFERS

5.1 Cross-Border Transfers

The Owner is based in Kazakhstan. If you are located in the EU, USA, Canada, or UK, your personal data may be transferred to and processed in Kazakhstan or other countries where our service providers operate.

5.2 Safeguards for EU/UK Users

For transfers outside the European Economic Area (EEA) or UK, we implement:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy Decisions (where the destination country is deemed adequate by the EU)
  • Binding Corporate Rules (for multinational processors)

5.3 Your Consent

By using the App from the EU/UK, you explicitly consent to international data transfers under these safeguards.

6. DATA RETENTION

6.1 Retention Periods

We retain personal information only as long as necessary for the purposes outlined in this Privacy Policy:

Retention periods:

  • Account information: Until account deletion + 30 days
  • Usage logs and analytics: 24 months (anonymized after 90 days)
  • Customer support records: 3 years after last contact
  • Marketing consent records: Until withdrawal + 2 years (for compliance proof)
  • Legal hold data: Duration of legal matter + 1 year

6.2 Deletion and Anonymization

After retention periods expire:

  • Personal data is securely deleted or irreversibly anonymized
  • Anonymized data (no longer personally identifiable) may be retained indefinitely for research and statistical purposes

7. YOUR PRIVACY RIGHTS

7.1 Rights Under GDPR (EU/UK Users)

You have the following rights:

a) Right to Access:

  • Request a copy of your personal data we hold
  • Receive information about how it's processed

b) Right to Rectification:

  • Correct inaccurate or incomplete data

c) Right to Erasure ("Right to be Forgotten"):

  • Request deletion of your personal data under certain conditions

d) Right to Restriction:

  • Limit how we process your data in specific circumstances

e) Right to Data Portability:

  • Receive your data in a structured, machine-readable format
  • Transmit your data to another service provider

f) Right to Object:

  • Object to processing based on legitimate interests
  • Opt out of direct marketing at any time

g) Right to Withdraw Consent:

  • Withdraw consent for processing that requires it (does not affect prior processing)

h) Right to Lodge a Complaint:

  • File a complaint with your local data protection authority (DPA)

7.2 Rights Under CCPA (California Users)

California residents have the right to:

a) Know:

  • What personal information is collected
  • Whether it's sold or disclosed, and to whom
  • Categories of sources and business purposes

b) Delete:

  • Request deletion of personal information (subject to exceptions)

c) Opt-Out:

  • Opt out of "sale" of personal information (Note: We do NOT sell data)

d) Non-Discrimination:

  • Exercise privacy rights without discriminatory treatment

e) Authorized Agents:

  • Designate an authorized agent to make requests on your behalf

7.3 Rights Under PIPEDA (Canadian Users)

Canadian users can:

  • Access personal information held by the organization
  • Challenge accuracy and completeness of data
  • Withdraw consent for optional processing
  • File complaints with the Privacy Commissioner of Canada

7.4 How to Exercise Your Rights

Email: elena@chemezova.com Subject Line: "Privacy Rights Request - [Your Specific Request]"

Include:

  • Your full name and email address associated with your account
  • Specific right you wish to exercise (access, deletion, correction, etc.)
  • Verification information (to confirm your identity)

Response Time:

  • We respond to valid requests within 30 days (or as required by local law)
  • Complex requests may require an extension; we will notify you

Verification: To protect your privacy, we may request additional information to verify your identity before processing requests (e.g., confirming email address or answering security questions).

8. DATA SECURITY

8.1 Security Measures

We implement industry-standard technical and organizational measures:

a) Encryption:

  • Data in transit: TLS/SSL encryption (HTTPS)
  • Data at rest: AES-256 encryption for databases
  • Passwords: Bcrypt or Argon2 hashing (never stored in plaintext)

b) Access Controls:

  • Role-based access limitations
  • Multi-factor authentication for administrative accounts
  • Regular access audits

c) Infrastructure Security:

  • Firewalls and intrusion detection systems
  • Regular security patches and updates
  • DDoS protection

d) Data Minimization:

  • Collection limited to necessary information
  • Automatic deletion of unnecessary data

e) Employee Training:

  • Confidentiality agreements with staff and contractors
  • Privacy and security awareness training

8.2 Limitations

No system is 100% secure. While we employ reasonable safeguards, we cannot guarantee absolute security. Risks include:

  • Unauthorized access by sophisticated attackers
  • Hardware or software failures
  • Transmission interception

You are responsible for:

  • Maintaining the confidentiality of your login credentials
  • Using strong, unique passwords
  • Reporting suspicious activity immediately

8.3 Breach Notification

In the event of a data breach that compromises your personal information:

  • We will notify affected users within 72 hours (or as required by local law)
  • Notification will include the nature of the breach, data affected, and recommended actions
  • We will report to relevant data protection authorities as legally required

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Types of Cookies We Use

a) Essential Cookies:

  • Required for App functionality (e.g., session management, authentication)
  • Cannot be disabled without impairing the App

b) Analytics Cookies:

  • Track usage patterns, page views, and feature interactions
  • Help us improve the App and identify bugs

c) Marketing Cookies:

  • Used to deliver personalized recommendations and affiliate link tracking
  • Can be disabled through settings

d) Third-Party Cookies:

  • Set by affiliate partners when you click outbound links
  • Governed by the third party's privacy policy

9.2 Managing Cookies

In-App Settings:

  • Navigate to Settings > Privacy > Cookie Preferences
  • Toggle optional cookies on/off

Device Settings:

  • iOS: Settings > Privacy > Tracking
  • Android: Settings > Google > Ads > Opt out of Ads Personalization

Browser (if applicable):

  • Most browsers allow you to refuse cookies or delete existing ones

Note: Disabling essential cookies may impair App functionality.

9.3 Do Not Track (DNT)

Some browsers offer a "Do Not Track" signal. The App does not currently respond to DNT signals, but you can control tracking through in-app settings.

For detailed information, see our separate Cookie Policy.

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

The Vitamin CHE App is NOT intended for children under 18 years of age.

We do not knowingly collect personal information from minors under 18 (or the applicable age of majority in your jurisdiction) without parental consent.

10.2 Parental Control

If you believe a child under 18 has provided personal information to us:

  • Contact us immediately at elena@chemezova.com
  • We will delete the information within 7 days of verification

10.3 Parental Consent (Where Required)

In jurisdictions requiring parental consent for minors (e.g., COPPA in the USA for children under 13):

  • We request explicit parental consent before collecting data from minors
  • Parents may review, delete, or refuse further collection of their child's information

11. THIRD-PARTY LINKS AND SERVICES

11.1 External Websites

The App contains links to third-party websites and services, including:

  • Affiliate e-commerce platforms (iHerb, etc.)
  • Research sources and clinical study databases
  • Social media platforms

11.2 No Responsibility

We are NOT responsible for the privacy practices or content of third-party sites. When you leave the App:

  • You are subject to the third party's privacy policy and terms
  • We have no control over their data collection or security measures

11.3 Recommendation

Always review the privacy policies of external websites before providing personal information.

12. CHANGES TO THIS PRIVACY POLICY

12.1 Updates

We may update this Privacy Policy periodically to reflect:

  • Changes in legal requirements
  • New App features or data practices
  • User feedback and privacy best practices

12.2 Notification

Material changes will be communicated via:

  • In-app notification upon your next login
  • Email to registered users (for significant changes)
  • Posting the updated policy with a revised "Last Updated" date

12.3 Continued Use

Continued use of the App after changes become effective constitutes acceptance of the revised Privacy Policy. If you do not agree, you must stop using the App and request account deletion.

12.4 Version History

Previous versions of this Privacy Policy are archived and available upon request.

13. CONTACT US

13.1 Privacy Inquiries

For questions, concerns, or requests related to this Privacy Policy:

Email: elena@chemezova.com Subject: "Privacy Inquiry - Vitamin CHE"

Response Time: We strive to respond within 5 business days for general inquiries and 30 days for rights requests.

13.2 Data Protection Officer (DPO)

For EU/UK users, you may contact our designated representative: Email: elena@chemezova.com (same contact; specify "DPO Request")

13.3 Supervisory Authorities

You have the right to lodge a complaint with your local data protection authority:

14. ACKNOWLEDGMENT

BY USING THE VITAMIN CHE APP, YOU ACKNOWLEDGE THAT:

✓ You have read and understood this Privacy Policy

 ✓ You consent to the collection, use, and sharing of your information as described 

✓ You understand your privacy rights and how to exercise them 

✓ You agree to international data transfers (for users outside Kazakhstan) 

✓ You will keep your account credentials secure

IF YOU DO NOT AGREE, YOU MUST STOP USING THE APP IMMEDIATELY.

  • Document Version: 1.0
  • Effective Date: February 20, 2026
  • Data Controller: Elena Chemezova (BIN: 7908300050270)
  • Contact: elena@chemezova.com