1. Our Commitment to Your Privacy
Vector Ventures Holdings Pty Ltd (ACN 698 553 758) ("Vector", "we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect information about you when you use the Vector application ("App").
We handle your information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles ("APPs"), and the Health Records Act 2001 (Vic). Health information is treated as sensitive information under both Acts and is handled with additional care.
"Services" in this Policy means the Vector mobile application, website, and all associated health analysis features, including biological age estimation, biomarker tracking, health scoring, personalised wellness insights, lab referral ordering, and any other features we make available from time to time.
2. What Information We Collect
2.1 Account Information
When you create an account, we collect:
- First name and last name
- Email address
- Date of birth
- Biological sex (used to apply sex-specific reference ranges)
2.2 Pathology and Biomarker Data
When you upload a pathology report, we process the text content of the report to extract biomarker readings (e.g. glucose, cholesterol, HbA1c). The source PDF is discarded after extraction; only the extracted numerical values, units, and collection dates are stored. This constitutes health information for the purposes of the Privacy Act.
2.3 Apple HealthKit Data
With your explicit permission through iOS, we access the following data from Apple HealthKit:
- Heart rate variability (HRV)
- Resting heart rate
- VO2 max estimates
- Sleep data (deep sleep, REM sleep, sleep regularity)
- Activity and exercise data (light, moderate, and vigorous intensity minutes)
HealthKit data is processed on your device and used to compute your wellness scores. It is not uploaded to our servers or stored in our database. It is not used for advertising, marketing, or any purpose other than providing you with your personalised wellness results within the App.
2.4 Lab Referral Data
If you use the lab referral feature, we transmit your first name, last name, and email address to iMedical to facilitate the pathology order. No payment or financial details are handled by Vector.
2.5 Usage and Technical Data
We may automatically collect device type, operating system version, app version, crash reports, error logs, and general usage analytics. This data is collected in aggregate or de-identified form and is used to improve the App.
3. How We Use Your Information
We use your information to:
- Create and manage your account
- Analyse your biomarker data and deliver health metrics, scores, and insights
- Generate personalised wellness insights and recommendations
- Pre-fill and submit lab referral orders on your behalf (with your authorisation)
- Send transactional communications related to your account
- Improve and develop the App (using de-identified or aggregated data)
- Comply with our legal obligations
We do not use your personal information for direct marketing without your separate consent.
4. AI Processing
The App uses Google Gemini to generate contextual health insights. When you request AI-generated insights, the following information is transmitted to Google's API via our servers: biomarker values, units, and status classifications; your age and biological sex; pathology history; and wearable health metrics.
This data does not include your name, email address, or any account identifier. Your account identity is known to our servers but is not forwarded to Google.
AI-generated insights are cached on our servers. Where AI processing is unavailable, the App falls back to deterministic, rules-based insights that run entirely on-device.
5. How We Share Your Information
We do not sell your personal information to third parties. We share your information only in the following circumstances:
5.1 Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, and data storage | United States |
| Google LLC (Gemini API) | AI-powered health insight generation | United States |
| iMedical | Lab referral order processing | Australia |
| Lightpanda | Automated browser processing for lab orders | Varies |
| Apple Inc. (HealthKit) | Health data framework (on-device only) | N/A |
5.2 Legal Requirements. We may disclose your information if required by law, court order, or a lawful request from a government authority.
5.3 Business Transfers. If Vector is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.
5.4 With Your Consent. We may share your information for other purposes with your express consent.
6. Health Information — Additional Protections
Health information is sensitive information under the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic). We collect and use health information only with your consent, and only for the primary purpose for which it was collected.
7. HealthKit — Apple Requirements
In compliance with Apple's guidelines:
- HealthKit data is used only to provide and improve health and fitness features
- HealthKit data is not used for advertising or marketing
- HealthKit data is not sold or disclosed to third parties for advertising or data brokers
- HealthKit data is not stored on our servers — it is processed on-device only
8. Data Security
We implement appropriate technical and organisational measures including encrypted data transmission (TLS/HTTPS), Supabase row-level security, password hashing, secure authentication, and restricted internal access on a need-to-know basis.
9. Data Retention
- Account data: retained while your account is open and for up to 7 years after closure
- Biomarker data: retained while your account is open; deleted on closure
- HealthKit data: not retained on our servers
- AI insight cache: retained for up to 120 days
- Usage analytics: retained in de-identified form for up to 2 years
10. Your Rights
10.1 Access. Request access to the personal information we hold about you (APP 12). We will respond within 30 days.
10.2 Correction. Request correction of inaccurate, out-of-date, or incomplete information (APP 13). We will respond within 30 days.
10.3 Deletion. Request deletion of your account and associated data through the App settings or by contacting legal@vector.healthcare. We will process deletion requests within 30 days.
10.4 Complaints. If you believe we have breached the Privacy Act, contact us first. If unsatisfied, lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
11. Children
The App is not directed at children under 18 years of age. We do not knowingly collect personal information from children under 18.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Continued use of the App after the effective date constitutes your acceptance of the changes.
13. Contact Us
Privacy Officer
Vector Ventures Holdings Pty Ltd · ACN 698 553 758
Email: legal@vector.healthcare
Last updated 2 June 2026.