1. Who We Are
DexaVault ("we", "us", "our") is operated by the owner of dexavault.io. We provide a consumer web application that processes DEXA body composition scan PDF reports using artificial intelligence and presents the results in a personal health dashboard.
For privacy-related enquiries, contact us at: support@dexavault.io
2. What Data We Collect
Account & Contact Data
Your email address — collected when you upload a scan, subscribe to our free guide, or request access to your dashboard. We do not collect passwords; access is via passwordless Magic Links.
Health & Body Composition Data
When you upload a DEXA scan PDF, we extract and store the following metrics: total body weight, body fat percentage, lean mass, fat mass, visceral fat, bone mineral density T-score, patient name, scan date, and clinic/facility name. We also store an AI-generated summary, metabolic health score, insights, risk flags, and personalised action plan derived from these metrics.
Payment Data
Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details. We store a record of your purchase (package type, amount, date) for account management purposes. Stripe's privacy policy applies to payment processing: stripe.com/privacy.
Usage Data
We use Vercel Analytics (privacy-friendly, no cookies) and Google Ads tags to understand how visitors use DexaVault and measure the effectiveness of advertising. This data is aggregated and does not personally identify you.
3. How We Use Your Data
- To process your DEXA scan PDF and generate your personalised health dashboard
- To send you a Magic Link to access your dashboard
- To send you a 6-month reminder email when it may be time for your next scan
- To send you the free DEXA guide if you requested it
- To manage your account, credits, and purchase history
- To provide customer support
- To measure and improve our service
We do not sell, rent, or share your personal or health data with any third party for marketing purposes.
4. How We Store and Protect Your Data
Your data is stored in Supabase (a managed PostgreSQL database) hosted on AWS infrastructure. All data is encrypted at rest and in transit using TLS. Row-level security is enabled on all database tables, meaning your data is only accessible to you and to DexaVault's server-side application using a privileged service key.
Your DEXA scan PDF is sent directly to OpenAI's API (GPT-4o) for processing and is not stored by us after processing. OpenAI's data handling policy applies: openai.com/policies/privacy-policy.
Access to your dashboard is protected by Magic Link authentication — a single-use, time-limited secure link sent to your email. No passwords are stored.
5. Data Retention
We retain your scan data and account information for as long as your account is active. If you wish to delete your data, email support@dexavault.io and we will permanently delete your account and all associated data within 30 days.
6. Cookies and Tracking
DexaVault uses minimal tracking:
- Supabase session cookies — necessary for authentication. These are first-party cookies that keep you logged in.
- Vercel Analytics — privacy-friendly, no personal identifiers, no cookies.
- Google Ads tag — used to measure advertising effectiveness. You can opt out via Google's ad settings.
7. Your Rights
Depending on your location, you may have rights including: access to your data, correction of inaccurate data, deletion of your data, and objection to processing. To exercise any of these rights, email support@dexavault.io.
8. Children's Privacy
DexaVault is not directed at children under 18. We do not knowingly collect data from anyone under 18 years of age.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of DexaVault after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or requests: support@dexavault.io