Privacy Policy
Effective date: 27 March 2026
1. Who we are
VAIM is operated by VAIM LTD (Company Number: 17004247), registered at 86-90 Paul Street, London, EC2A 4NE, United Kingdom. References to “VAIM”, “we”, “us”, or “our” in this policy refer to VAIM LTD.
If you have questions about this policy or how we handle your data, contact us at: hello@vaim.co
2. What data we collect
Account data When you create an account we collect your email address, chosen username, first name, last name, gender, and age bracket. This is required to provide the service.
Photos you upload To use the scanning features you upload photos of your face and body. These images are transmitted to our AI analysis service (Google Gemini) and then stored in our cloud infrastructure (Supabase). Photos are used solely to generate your scores and are not used for any other purpose.
Scan results and scores We store the scores, classifications, archetype assignments, metric breakdowns, and confidence ratings generated from your photos.
Usage data We collect data about how you use the app including habit logs, goal entries, AI Coach conversations, and weekly report activity.
Payment data Payments are processed by Stripe. We do not store your card details. We receive and store a Stripe customer ID and subscription status only.
Technical data We collect standard technical information including your IP address, browser type, device type, and session data for the purposes of security and service operation.
3. Why we collect it and the legal basis
| Purpose | Legal basis |
|---|---|
| Providing the scanning and scoring service | Performance of contract |
| Storing your progress history | Performance of contract |
| Processing your subscription payment | Performance of contract |
| Sending transactional emails (account, billing) | Performance of contract |
| Improving the accuracy and quality of the service | Legitimate interests |
| Detecting fraud and abuse | Legitimate interests |
| Complying with legal obligations | Legal obligation |
We do not use your photos or biometric data for training AI models, advertising, or any purpose beyond generating your personal scores.
4. Photos and biometric data
Your photos are processed by Google Gemini via a server-side edge function. Photos are transmitted over encrypted connections. After analysis, photos are stored in Supabase cloud storage and associated with your account.
Because photos of your face may constitute biometric data under applicable law, we treat this category with additional care:
- We do not sell or license your photos to any third party
- We do not use your photos to identify you beyond the context of your own account
- We do not use your photos for advertising or marketing without your explicit consent
- You can delete your account and all associated photos at any time via the app
5. Who we share data with
We share data only with the following service providers, strictly for the purpose of operating the service:
Supabase — database, authentication, file storage, and edge functions. Data is stored on Supabase infrastructure. supabase.com/privacy
Google (Gemini API) — AI analysis of your uploaded photos. Photos are transmitted to Google’s API for processing. ai.google.dev/terms
Stripe — payment processing and subscription management. stripe.com/privacy
We do not sell your data. We do not share your data with advertisers. We do not use your data for purposes beyond operating VAIM.
6. Community and leaderboard
If you opt in to the community leaderboard, your username, overall score, face score, posture score, and front-facing photo will be visible to other VAIM users. This is entirely optional and off by default. You can turn this off at any time in your profile settings and your data will be removed from public views.
7. Data retention
We retain your account data and scan history for as long as your account is active. If you delete your account, we will delete your personal data and photos within 30 days. Aggregated, anonymised data may be retained indefinitely as it cannot be used to identify you.
Stripe transaction records are retained as required by financial regulations (typically 7 years).
8. Your rights under UK GDPR
As a UK-based service you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — request deletion of your data (“right to be forgotten”)
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where we rely on consent, you can withdraw it at any time
To exercise any of these rights, contact us at hello@vaim.co. We will respond within 30 days.
If you are unsatisfied with our response you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
9. Cookies
We use essential cookies and local storage for session management and authentication. We do not use advertising cookies or third-party tracking cookies. You cannot opt out of essential cookies as they are required for the app to function.
10. Security
We use industry-standard security measures including encrypted data transmission (HTTPS/TLS), Supabase’s built-in row-level security, and Stripe for payment handling. No system is completely secure — if you have concerns about your account please contact us immediately at hello@vaim.co.
11. Children
VAIM is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account please contact us at hello@vaim.co and we will delete it promptly.
12. Changes to this policy
We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of the service after changes constitutes acceptance.
13. Contact
VAIM LTD Company Number: 17004247 86-90 Paul Street London EC2A 4NE United Kingdom