← VILO

PRIVACY POLICY

Effective date: April 12, 2026

1. Introduction

VILO ("VILO", "we", "us", or "our") is an AI life coordinator app operated by White Tiger Consulting LLC. This Privacy Policy explains how we collect, use, and protect your personal information when you use VILO.

By using VILO, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

Questions? Contact us at hello@vilo.life.

2. Information We Collect

Account information. When you sign in with Google or Apple, we receive your name, email address, and profile photo. We use this to create and maintain your VILO account.

Date of birth. During onboarding, we collect your date of birth. This is used to apply age-appropriate content settings, ensure compliance with applicable age requirements, and personalize VILO's recommendations (for example, age influences how fitness and health goals are interpreted). Users under 13 are not permitted to use VILO and this data is used to enforce that requirement.

Google Calendar data. With your explicit permission via Google OAuth, VILO reads and writes your Google Calendar events. This data is used to display your schedule in VILO, create events on your behalf, and provide context to the AI assistant for planning and recommendations.

Apple HealthKit data. With your explicit permission, VILO reads from Apple HealthKit: step count, distance, active energy burned, exercise time, heart rate, resting heart rate, body weight, and sleep analysis. This data is used to give the AI assistant context about your physical state for personalized recommendations. Health snapshots derived from HealthKit data are retained for 90 days. HealthKit data that appears in your chat history is subject to the chat history retention period described in Section 7.

Apple Music data. With your explicit permission via MusicKit, VILO reads your Apple Music listening history, recently played tracks, and top artists. This data is used to generate music recommendations tailored to your taste and current moment.

Usage data. VILO stores the goals, tasks, habits, events, workout logs, and chat messages you create within the app in Firestore (Google Cloud). This data belongs to you and is used to provide the core features of the service.

Device information. For push notifications (iOS), we store an APNs device token. We collect basic device type and OS version for debugging.

Safety event data. VILO operates a content safety system that evaluates certain inputs for potentially harmful content. When the safety system is triggered, we log a hashed (non-reversible) representation of the input, the safety category flagged, and a session identifier. No plaintext message content or personally identifiable information is stored in safety logs. This data is used to monitor and improve the safety system.

3. How We Use Your Information
  • Power the AI assistant (Google Gemini) with context about your life — health, calendar, goals, habits, and music preferences.
  • Generate personalized recommendations for music, daily planning, and fitness.
  • Sync and display your Google Calendar events and create events on your behalf.
  • Send push notifications for reminders, nudges, and assistant responses.
  • Improve the quality of VILO's recommendations over time based on your usage patterns.

We do NOT sell your data. We do NOT use your data for advertising. We do NOT share your data with third parties except as described in Section 6 (Data Sharing).

4. Google API Services

VILO uses Google Sign-In and Google Calendar via the Google API. Our use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

VILO's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use your Google account only to authenticate you and access your Google Calendar as authorized.
  • Google Calendar data is used only to display your events in VILO and to create or modify events on your behalf at your direction.
  • We do not transfer Google user data to third parties except as necessary to provide the VILO service (e.g., processing by Gemini AI as described in Section 6).
  • We do not use Google user data for advertising purposes.
  • We do not allow humans to read your Google user data unless you have given us affirmative consent, it is necessary for security or legal compliance, or it is required to provide the service you requested.
  • We do not use Google user data to train AI models without your explicit, informed consent.

You can revoke VILO's access to your Google account at any time via Google Account Permissions.

5. Apple HealthKit
  • HealthKit data is used only to provide VILO features as described in this policy.
  • HealthKit data is never used for advertising purposes.
  • HealthKit data is never shared with third parties without your explicit consent, except as necessary to provide the service (e.g., processing by the VILO AI).
  • HealthKit data is never sold.
  • You can revoke VILO's access to HealthKit at any time in iOS Settings → Privacy & Security → Health.
6. Data Sharing

We share your data only with the following service providers who help us operate VILO:

  • Google Firebase & Google Cloud — authentication, database (Firestore), and app hosting. Subject to Google's Terms of Service and Privacy Policy.
  • Google Vertex AI / Gemini — AI inference. Your chat context is sent to Gemini to generate responses. Google processes this data under their Cloud terms; it is not used to train Google's models without your consent.
  • Anthropic — AI inference for specific features including music playlist curation and goal milestone generation. Relevant data (music taste profile, goal details) is sent to Anthropic's Claude models to perform these functions. Anthropic processes this data under their API terms; it is not used to train Anthropic's models without your consent. See Anthropic's Privacy Policy at https://www.anthropic.com/privacy.
  • Resend — transactional email (e.g., account notifications). Only your email address is shared for this purpose.

We do not share your data with data brokers, advertising networks, or any party not listed above.

7. Data Retention and Deletion
Data type Retention period
Account information Duration of account
Date of birth Duration of account
Goals, tasks, habits, milestones Duration of account
Chat history 12 months, then automatically deleted
Health snapshots (HealthKit-derived) 90 days
Safety event logs (hashed, no PII) 12 months
Device tokens Duration of account or until revoked

After the retention period, data is automatically and permanently deleted. Data that has been automatically deleted cannot be recovered.

To delete your account and all data: email hello@vilo.life with the subject "Delete my account". We will delete all your personal data within 30 days and confirm via email.

To export your data: use the "Export data" option in your VILO profile settings, or email hello@vilo.life to request a data export in JSON format.

8. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights:

  • Access — request a copy of all personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your personal data ("right to be forgotten").
  • Portability — request your data in a structured, machine-readable format.
  • Restriction — request that we limit how we use your data.
  • Objection — object to processing of your data for certain purposes.

California residents (CCPA): You have the right to know what personal information we collect, the right to delete it, the right to opt out of sale (we do not sell data), and the right to non-discrimination for exercising your rights.

EU/UK residents (GDPR): Our legal basis for processing your data is your consent (for HealthKit, Calendar, Music) and the performance of a contract (for account and usage data). You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at hello@vilo.life. We will respond within 30 days.

9. Security

All data in transit is encrypted via TLS. Data at rest is stored in Google Firestore, which encrypts data at rest by default. Access to production data is restricted to authorized personnel only.

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach, where required by law.

10. Children's Privacy

VILO does not permit users under the age of 13. We collect date of birth during onboarding and actively block account creation for users under 13 to comply with the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has circumvented this requirement and provided us with personal information, please contact us at hello@vilo.life and we will promptly delete the account and all associated data. Users aged 13–17 may access VILO with limited functionality. Certain goal types and content categories are restricted for users in this age group.

11. Content Safety System

VILO operates an automated content safety system that evaluates user inputs and goal requests to prevent the generation of harmful, dangerous, or inappropriate plans and responses. This system may decline to process certain requests and redirect users to appropriate professional resources. The safety system does not store your message content. When triggered, it logs only a hashed identifier of the input and a safety category label — no personally identifiable information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the effective date above. We encourage you to review this policy periodically. Your continued use of VILO after changes are posted constitutes your acceptance of the updated policy.

13. Contact

White Tiger Consulting LLC
hello@vilo.life
vilo.life