Privacy Policy | Vitals Challenge by Optimyze
VITALS CHALLENGE — POWERED BY OPTIMYZE

Privacy
Policy

20 May 2026
20 May 2026
United Arab Emirates
Optimyze Health & Fitness Boutique, Abu Dhabi
This Privacy Policy explains how Vitals Challenge, operated by Optimyze Health & Fitness Boutique ("Optimyze", "we", "us", or "our"), collects, uses, and protects your personal and health data when you participate in the Vitals Challenge corporate wellness program. By using the platform, you agree to the practices described in this policy.
01

Information We Collect

We collect the following categories of information to operate the Vitals Challenge platform:

  • Account Information — Your name, email address, date of birth, gender, and employer (company) when you register.
  • Health & Fitness Data — Daily step count, heart rate variability (HRV), sleep duration, and biological age scores collected via connected wearable devices or manual entry.
  • Wearable Device Data — When you connect a wearable device (Apple Watch, Fitbit/Google Health, Whoop, Garmin, Samsung), we access health metrics you authorise through that device's official API.
  • Usage Data — How you interact with the platform including login times, pages visited, and features used.
  • Communications — Messages you send us via WhatsApp, email, or the platform's coaching interface.
02

How We Use Your Information

Your data is used exclusively for the following purposes:

  • Calculating your biological age, step scores, HRV trends, and program leaderboard ranking
  • Generating personalised AI coaching messages based on your health data
  • Producing monthly wellness reports for your employer's HR team (aggregate and individual)
  • Sending program notifications, event reminders, and weekly coaching summaries
  • Improving the accuracy of our biological age calculation models
  • Complying with legal obligations under UAE law

We do not use your health data for advertising, profiling, or any purpose unrelated to the Vitals Challenge program.

03

Wearable Device Integrations

When you connect a wearable device to Vitals Challenge, we access only the health data you explicitly authorise. Each integration operates as follows:

  • Apple Health — Data is sent from your device via an iOS Shortcut you install. We receive only the data types you permit (steps, HRV, sleep).
  • Google Health / Fitbit — We access your data via Google's OAuth 2.0 system. You can revoke access at any time from your Google account settings.
  • Whoop — We access recovery, HRV, and sleep data via Whoop's official developer API using OAuth 2.0. You can disconnect at any time from your Whoop app.
  • Garmin & Samsung — Accessed via their respective official APIs with your explicit authorisation.

You may disconnect any wearable at any time from your account settings. Disconnecting stops future data collection but does not delete historical data already collected.

04

Data Sharing

We share your data only in the following limited circumstances:

  • Your Employer — Your company's HR administrator can view your individual scores, biological age, and step data as part of the corporate wellness program you enrolled in. You acknowledged this when joining the program.
  • AI Processing — Your anonymised health metrics are sent to Anthropic's Claude API to generate personalised coaching messages. Anthropic does not retain this data beyond the immediate request.
  • Service Providers — We use trusted third-party services (database hosting, email delivery) that process data on our behalf under strict data processing agreements.
  • Legal Requirements — We may disclose data if required by UAE law or a valid court order.

We never sell your personal or health data to any third party. Ever.

05

Data Security

We take the security of your health data seriously. Our security measures include:

  • All data transmitted over HTTPS/TLS encryption
  • Database encryption at rest
  • OAuth tokens stored encrypted, never in plain text
  • Access controls limiting which staff can view individual health data
  • Regular security reviews of our infrastructure
06

Data Retention

We retain your data for the duration of the wellness program plus 12 months, to allow for reporting and analysis. After this period, personal health data is deleted or anonymised.

If you request deletion of your data before the retention period ends, we will action your request within 30 days, subject to any legal obligations requiring us to retain certain records.

07

Your Rights

Under UAE data protection regulations and international best practices, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for data processing at any time
  • Disconnect any wearable device integration
  • Request a copy of your data in a portable format

To exercise any of these rights, contact us using the details below.

08

Children's Privacy

The Vitals Challenge platform is designed for corporate employees and is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

09

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the platform. Your continued use of the platform after changes constitutes acceptance of the updated policy.

Contact Us

For any questions about this Privacy Policy or to exercise your data rights, contact us at:

Optimyze Health & Fitness Boutique
Bloom Gardens Retail 3, Al Muntazah — Zone 1
Abu Dhabi, United Arab Emirates

WhatsApp: +971 50 886 4767
Website: optimyze.ae

Copyright © 2026 Optimyze. All rights reserved
Design by - Digital Circle
Whatsapp Instagram