Legal · Consumer Health Data Privacy Policy
Consumer Health Data Privacy Policy
This is the Consumer Health Data Privacy Policy required by Washington’s My Health My Data Act, codified at RCW 19.373. It is a separate notice from our general Privacy Policy at /legal/privacy-policy. It is published as a standalone document on this page, with a distinct link from the home page, the website footer, the app’s listing on the Apple App Store, and inside the App, in compliance with RCW 19.373.020.
This Policy describes how Vaely (“we”, “our”, or “us”) handles consumer health data (“CHD”) of Washington residents. It uses no marketing language. It states facts.
The principal fact you should know is this: the Vaely mobile application does not transmit consumer health data to Vaely. The App is designed so that all health-related content you log stays on your device. We have no servers that receive your CHD. The categories below describe the limited circumstances in which CHD might be inferred from information you voluntarily send us through other channels (such as our contact form).
1. The Seven Required Elements
RCW 19.373.020 requires this notice to disclose seven elements. We disclose each in turn.
1.1 Categories of consumer health data collected
We do not collect consumer health data through the App. The App stores all health-related content on your device.
We may incidentally come into possession of consumer health data only if you choose to send it to us through one of the following channels:
- The contact form on our website, if you write to us about a health-related issue (for example, “I’m a person with fibromyalgia and the App is not behaving correctly when I log a flare”).
- Email correspondence to tezaapps@gmail.com, where you describe a health-related condition or symptom.
- A Data Subject Request submitted by you that includes consumer health data.
In those limited cases, the categories of CHD we may receive are limited to:
- Health condition or symptom information you describe in your message.
- Diagnosis information you describe.
- Medication or treatment information you describe.
- Any other CHD as defined in RCW 19.373.010(8) that you choose to include.
We do not collect biometric data, precise location, gender-affirming care information, reproductive or sexual-health information, mental-health information, neural data, or genetic data, except to the extent you voluntarily include it in correspondence with us.
1.2 Sources of consumer health data
The only sources of CHD we receive are:
- You, when you voluntarily submit a contact form, email, or DSAR that includes CHD.
We do not buy or otherwise obtain CHD from data brokers, advertising networks, social-media platforms, or any other third party.
1.3 Categories of sources from which we collect
- The consumer (you), directly. This is the only source.
1.4 Purposes of collection and processing
CHD that we incidentally receive in correspondence is used for the following purposes only:
- To respond to the question, request, or report you sent us.
- To diagnose and fix technical issues you have reported.
- To respond to and document your data subject request as required by law.
- To comply with legal obligations (for example, retention of records of DSAR fulfillment).
We do not process CHD for advertising, marketing, profiling, automated decision-making about you, training of artificial intelligence systems, or any purpose not strictly necessary to respond to you.
1.5 Categories of consumer health data shared
We do not share consumer health data, in any category, with any party.
If a court order, subpoena, or other lawful process required us to disclose CHD that is in our possession (for example, an email you sent us), we would do so only after independent verification, and only to the issuing authority. To date, no such request has been made.
1.6 Specific affiliates and third parties to whom CHD is sold or shared
None. We have not sold, and we will not sell, consumer health data to any party for any purpose. The MHMDA prohibits the sale of CHD without the separate, valid authorization required by RCW 19.373.030, and we do not seek such authorization. We have no affiliates that receive CHD.
| Recipient name | Role | CHD shared | Purpose |
|---|---|---|---|
| (none) | (none) | (none) | (none) |
If we ever begin to share CHD with any affiliate or third party, we will (a) update this notice in advance, (b) seek your separate affirmative consent to the sharing as required by RCW 19.373.030, and (c) honor any withdrawal of that consent.
1.7 How you may exercise your rights
You may exercise any of the rights listed in Section 2 by writing to:
Please put one of the following in the subject line:
- “MHMDA Right to Confirm” — to confirm whether we have collected, shared, or sold your CHD.
- “MHMDA Right to Access” — to receive a copy of your CHD that we hold.
- “MHMDA Right to Delete” — to have your CHD deleted from our records.
- “MHMDA Withdraw Consent” — to withdraw any consent you have given.
- “MHMDA Third Party List” — to receive a list of every third party and affiliate to whom we have shared or sold your CHD (the answer will be “none”).
We will acknowledge your request within 10 business days and respond fully within 45 days. If reasonably necessary, we may take an additional 45 days, in which case we will inform you of the extension and the reasons within the first 45-day period.
We will verify your identity before fulfilling any request. For email requests, we will verify by replying to the email address from which the request was sent. If we cannot verify identity, we will tell you and request additional information.
We will not discriminate against you for exercising any right. We will not deny services, charge different prices, or provide a different level of quality because you exercised a right under MHMDA.
2. Your Rights under the My Health My Data Act
You have the following rights with respect to your consumer health data under RCW 19.373:
- The right to confirm whether we are collecting, sharing, or selling your CHD.
- The right to access your CHD that we hold, including a list of all third parties and affiliates with whom we have shared your CHD and active contact information for each.
- The right to withdraw consent to our collection and sharing of your CHD.
- The right to deletion of CHD we hold about you.
- The right not to be discriminated against for exercising any right.
These rights do not require Vaely to take action with respect to data on your own device, because we do not have a copy of that data. Your data on your device is yours.
3. Consent
Where consent is required for us to collect or share CHD under RCW 19.373.030, we obtain affirmative, separate, freely given, specific, informed, and unambiguous consent before doing so. Because we do not, in ordinary operation, collect CHD through the App, the principal point at which consent is implicated is when you choose to write to us in correspondence that includes CHD; in that case, your act of voluntarily submitting the message is your affirmative authorization for us to use that information for the limited purposes set out in Section 1.4.
We will never sell your CHD. The MHMDA-mandated authorization for sale of CHD (RCW 19.373.030(2)) is not requested.
4. Geofencing
We do not use geofencing within 2,000 feet of any healthcare facility, mental health facility, or location offering reproductive or sexual healthcare, in compliance with RCW 19.373.040.
5. Security
We use the security measures described in Section 14 of our Privacy Policy. The most important is architectural: your CHD is not on our servers, because we do not have servers that receive it.
6. Updates to This Policy
When we update this Policy, we will update the “Effective date” and “Version” at the top, archive the previous version on the website, and post a notice on the home page. We will not retroactively use CHD in ways materially different from the disclosures in effect at the time the CHD was collected, without obtaining new consent.
7. Contact
For all questions about this Consumer Health Data Privacy Policy, or to exercise any right described above, write to:
If you believe Vaely has violated MHMDA, you have the right to file a complaint with the Washington State Attorney General’s Office at atg.wa.gov. The MHMDA also provides a private right of action under Washington’s Consumer Protection Act, RCW 19.86.
Effective 6 May 2026. Version 1.0.0. This is the first version of this Policy.
The architecture is the point.
The legal documents above describe what we do, what we never do, and the rights you have. The proof is in the App Store privacy label and the source code, not the paragraphs.