Privacy Policy

Last updated: April 30th, 2026

This Privacy Policy describes how Vitalism International Foundation ("we", "us", "our") collects, uses, and protects information about visitors to vitalistbay.com ("Site") and users of the Vitalist Bay 2026 mobile application ("App"). By using the Site or the App you agree to the practices described here.

The Site and App are operated by Vitalism International Foundation, 954 Ponce de Leon Ave., Miramar Plaza Suite 806, San Juan, PR. Vitalist Bay 2026 is a four-day longevity event held at Lighthaven, Berkeley, May 14–17, 2026.

Definitions

Service means the Site, the App, and any related products and services we provide.
Personal Data means any information that relates to an identified or identifiable individual.
Attendee means a person who has registered for and holds an active ticket to Vitalist Bay 2026.
You means the individual using the Service.

Information We Collect on the Site

When you visit vitalistbay.com we collect:

Newsletter signup — email address, when you submit it via the signup form.
Ticket purchase — name, email, billing details, and payment information processed by our payment provider; we do not store full credit-card numbers.
Usage data — IP address, browser type, pages viewed, referring URL, and timestamps. Used in aggregate to monitor performance and security.
Cookies — essential cookies (session, CSRF) and optional analytics cookies (Google Analytics) used to understand traffic patterns.

Information the App Collects

The Vitalist Bay 2026 mobile app is for verified attendees only. While using the App, we collect:

Account & sign-in — email address and a one-time login code, used solely to verify you are a registered attendee. The code is never stored after verification.
Profile data you choose to share — first and last name, badge role, badge company / affiliation, biography, profile photo, LinkedIn URL, X (Twitter) URL, website, phone number, and email. Each field is governed by an explicit per-field "share with attendees" toggle you control on the Profile screen and during onboarding. By default, sharing is off until you consent.
Push notification token — a device token issued by Apple (APNS) or Google (FCM), forwarded by Expo, used to deliver event reminders, mutual-match notifications, announcements, and photo-milestone alerts you opt into. The token does not identify you personally.
Bookmarks — sessions, attendees, and photos you bookmark inside the App.
Direct messages — the content of one-to-one messages you send to other attendees, plus read receipts, blocks, and reports. Messages are visible to the sender, the recipient, and — only when reported or audited for abuse — Vitalism Foundation moderators.
Photo uploads — photos you voluntarily submit to the event Gallery, including any caption. All uploaded photos are reviewed by a moderator before becoming visible to other attendees and may be removed at any time.
Session ratings & feedback — ratings and optional comments you leave on completed sessions.
Check-in events — the date and time when your QR code is scanned at the registration desk and at session entries.

How We Use Information

Authenticate you as a registered Vitalist Bay 2026 attendee and gate access to the App.
Render the attendee directory, with each attendee's profile fields filtered by their individual sharing preferences.
Deliver the push notification categories you have opted into. You can turn each category on or off at any time in the App's Settings screen.
Provide direct messaging between consenting attendees, including the safety features (block, report, rate-limit) needed to keep that channel usable.
Operate the photo Gallery, with admin moderation prior to publication.
Synthesize the program, map, ticket QR code, and attendee experience required to participate in the event.
Send transactional email (login codes, ticket receipts, event reminders) and — only if you opt in — newsletter updates.
Comply with legal obligations and protect the rights, property, and safety of the Service, our users, and the public.

What We Do NOT Do

The App does not track you across other apps or websites.
The App does not access your contacts, calendar, microphone, or background location.
We do not sell your personal data to anyone, ever.
We do not run third-party advertising on the Site or in the App.

Service Providers

We rely on the following third-party processors, each bound by contract to handle data only on our behalf:

Supabase, Inc. — authentication backend, database, and file storage for profile photos and Gallery uploads.
Expo (650 Industries, Inc.) — cross-platform push notification delivery via the Expo Push Service.
Resend — transactional email delivery for one-time login codes, ticket receipts, and event reminders.
Stripe — payment processing for ticket purchases.
Apple — App Store distribution, Apple Wallet pass delivery, and APNS push notification routing on iOS.
Google — Play Store distribution, Google Wallet pass delivery, FCM push notification routing, and (via Google Analytics) Site usage analytics.
Anthropic, Inc. — used solely for an opt-in feature that suggests a public LinkedIn URL when an attendee has not provided one. Suggestions are stored in a separate moderation queue and never auto-applied without your explicit "Yes, that's me" confirmation.

Sharing Preferences & Consent

Before any of your profile fields are visible to other attendees, you complete a one-time onboarding consent screen describing exactly what is and is not shared. After onboarding, you can change any of those toggles, edit your profile fields, or remove yourself from the directory entirely from the Profile screen at any time. Notification categories can be toggled independently in Settings.

Data Retention & Deletion

We retain your data while you remain registered for an active or future Vitalism Foundation event, plus the time needed to satisfy our legal and accounting obligations. To request deletion of your account and all associated data — direct messages, bookmarks, uploaded photos, sharing preferences, and push tokens — email ops@vitalismfoundation.org with the subject "Mobile App data deletion request."

Push Notifications

Push notifications require your operating-system-level permission and are off until you grant it. You can revoke push permission at any time in your device's system Settings, and you can independently disable each App-level notification category (bookmark reminders, mutual matches, announcements, photo milestones) inside the App's Settings screen.

Security

We use industry-standard safeguards to protect your information, including encrypted transport (TLS), encrypted storage, scoped database access, and bearer-token authentication for the App's API. No method of internet transmission or storage is 100% secure; while we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Children

The Site and App are intended for individuals aged sixteen (16) and older. We do not knowingly collect data from anyone under that age. If you become aware that a child under 16 has provided us with Personal Data, please contact us so we can remove it.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete personal data we hold about you, withdraw consent for processing, or lodge a complaint with a supervisory authority. To exercise any of these rights, email ops@vitalismfoundation.org.

Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the "Last updated" date at the top of the page and, for material changes, post a notice on this page or notify you by email. Your continued use of the Site or App after the effective date constitutes acceptance of the revised Policy.

Contact Us

Questions about this Privacy Policy? Email ops@vitalismfoundation.org.