← Back to app

Privacy Policy

Effective Date: May 14, 2026 Last Updated: May 14, 2026

This Privacy Policy describes how OpenAir LLC, doing business as Go Vitamins ("Go Vitamins," "we," "us," or "our"), collects, uses, shares, and protects information in connection with the Go Vitamins website (govitamins.app), web application, and any related services (collectively, the "Service").

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Important Notice About Children

Go Vitamins is designed for parents and legal guardians - not for children.

The Service is intended to be used by adults who are responsible for the care of children aged 2 to 15. Only a parent or legal guardian who is at least 18 years of age may create an account.

We do not knowingly allow children under 13 to create accounts, log in, or use the Service directly. Children do not interact with our Service, do not have logins, and cannot communicate with us through the Service.

When a parent or guardian creates a child profile in the Service, they may provide information about their child (such as first name or nickname, age or date of birth, weight, height, food preferences, allergies, sensory profile, and meal history). This information is collected from the parent - not from the child - and is used solely to provide personalized nutrition guidance to the parent.

If you believe a child under 13 has somehow provided us information directly, please contact us immediately at info@govitamins.app and we will delete it.

For more on parental rights under the U.S. Children's Online Privacy Protection Act ("COPPA"), see Section 9 below.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide About Yourself (the Parent/Guardian)

  • Account information: email address, password (hashed), display name.
  • Billing information: processed by Stripe; we do not store full card numbers. We retain the last four digits, card brand, expiration, billing zip, subscription status, and transaction history.
  • Communications: messages you send to support, feedback, survey responses.

2.2 Information You Provide About Your Child

This information is provided by you, the parent or guardian, and is treated as personal data about a minor. It is stored against your account.

  • First name or nickname
  • Age or date of birth
  • Sex (optional)
  • Height and weight (optional)
  • Known allergies, intolerances, dietary restrictions
  • Food preferences, sensory profile, picky-eating notes
  • Logged meals (text descriptions, photos of food, voice recordings transcribed to text)
  • Reactions to foods (accepted / rejected / neutral)
  • Developmental notes you choose to share with the AI

2.3 Information Collected Automatically

  • Device and usage data: IP address, browser type, operating system, device identifiers, pages viewed, time spent, referring URLs, crash logs, error reports.
  • Cookies and similar technologies: for authentication, preferences, analytics, and fraud prevention. See Section 6.

2.4 Information from Third Parties

  • Payment processors (Stripe): subscription and payment status.
  • Authentication providers (if you sign in via a third party): name and email associated with that provider.

3. How We Use Information

We use the information described above to:

  • Create and manage your account and child profiles.
  • Provide personalized nutrition guidance, meal suggestions, and shopping recommendations.
  • Operate the AI nutritionist chat ("Lookie") and the Child Acceptance Engine.
  • Process payments and manage subscriptions.
  • Send transactional emails (account confirmations, receipts, security alerts, important changes to the Service).
  • Send product updates and educational content (you can opt out at any time).
  • Improve the Service, debug, and develop new features.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell personal information about you or your child. We do not use children's information for behavioral advertising. We do not allow third-party advertising networks to track children's data.

4. How AI Processing Works

Go Vitamins uses third-party large-language-model providers, including Anthropic, PBC ("Anthropic"), to power the AI nutritionist chat, meal parsing, and personalization features.

When you interact with AI features:

  • The text of your question, the relevant portion of your child's profile (for example, age, allergies, and recent meals), and any photo of food you choose to upload may be sent to the AI provider's API for processing.
  • We do not send your email address, payment information, full name, or other identifying details that are not necessary to answer your question.
  • Under our agreement with Anthropic, your inputs and outputs are not used to train Anthropic's models.
  • Anthropic processes the data on our behalf as a sub-processor under a Data Processing Agreement.

You can choose not to use AI features. Logging meals manually and viewing your child's nutrition score do not require AI processing.

5. How We Share Information

We share information only as described below:

RecipientPurposeType of Data
Supabase, Inc.Database hosting, authenticationAccount data, child profile data, meal logs
Anthropic, PBCAI model API for chat, meal parsing, recommendationsLimited prompts; see Section 4
Stripe, Inc.Payment processing, subscription managementBilling data, transaction history
Vercel, Inc.Web hosting and edge deliveryRequest metadata, IP addresses
Email service provider (e.g., Resend)Transactional and product emailsEmail address, message contents
Analytics providers (e.g., PostHog, Amplitude)Product analytics, with PII minimizedPseudonymous usage events
Crash and error monitoring (e.g., Sentry)Bug detectionError logs (PII minimized)

We may also share information:

  • With your consent.
  • To comply with law: in response to subpoenas, court orders, regulatory inquiries, or to protect the rights, property, or safety of Go Vitamins, our users, or others.
  • In a business transfer: in connection with a merger, acquisition, financing, or sale of assets. We will notify you and any new owner will be bound by this Privacy Policy.
  • Aggregated or de-identified data: we may share data that cannot reasonably be linked to you or your child for research, benchmarking, or public communications.

6. Cookies and Tracking

We use cookies and similar technologies for:

  • Strictly necessary: authentication, session management, security.
  • Functional: remembering preferences (language, units).
  • Analytics: understanding how the Service is used (in aggregate). Where required by law, we ask for consent before setting non-essential cookies.

We do not use third-party advertising cookies or behavioral-advertising trackers.

You can control cookies through your browser settings. Disabling some cookies may impair the Service.

7. Data Retention

  • Account and child profile data: retained while your account is active. Deleted within 30 days after you delete your account.
  • Meal logs and AI conversation history: retained while your account is active or until you delete them.
  • Billing records: retained for 7 years for tax, accounting, and audit purposes, as required by law.
  • Backups: may persist for up to 90 days after deletion before being fully purged from backup systems.
  • Anonymized usage data: may be retained indefinitely.

8. Data Security

We use industry-standard safeguards, including:

  • HTTPS/TLS encryption in transit.
  • Encryption at rest for personal data on our database provider.
  • Row-level security so that each parent can only access their own data and their child's data.
  • Hashed passwords; we never store passwords in plaintext.
  • Access controls, logging, and least-privilege principles for our team.
  • Regular review of sub-processors.

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify you as required by applicable law (including the California Consumer Privacy Act and the GDPR).

9. Children's Privacy and COPPA

The U.S. Children's Online Privacy Protection Act ("COPPA") regulates the collection of personal information from children under 13. Go Vitamins is designed so that parents are the sole users, and information about children is provided by the parent.

When you create a child profile, you represent that:

  • You are the parent or legal guardian of the child.
  • You are at least 18 years of age.
  • You consent to our collection and use of information about your child as described in this Privacy Policy.

As a parent or guardian, you have the right to:

  • Review the information we have collected about your child.
  • Request deletion of your child's information at any time.
  • Refuse further collection of information about your child by deleting the child profile or your account.
  • Withdraw consent to our processing of your child's data.

To exercise any of these rights, sign in to your account and use the in-app controls (Settings → Manage Children, or Settings → Delete Account), or email info@govitamins.app.

We will not condition your child's participation in any activity on disclosing more information than is reasonably necessary.

10. Your Rights - California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we have collected about you and your child, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.
  • Access a copy of that personal information.
  • Delete your personal information, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Limit the use of sensitive personal information.
  • Opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
  • Non-discrimination: we will not deny you service, charge you a different price, or provide a different level of quality because you exercised your rights.

To exercise these rights, email info@govitamins.app with the subject line "CCPA Request" or use the in-app Settings menu. We will verify your identity by confirming control of the email address associated with your account.

You may designate an authorized agent to make a request on your behalf. We will require written proof of the agent's authorization.

11. Your Rights - European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict processing.
  • Object to processing.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint with a supervisory authority.

Legal bases for processing:

  • Contract: to provide the Service you signed up for.
  • Consent: for marketing communications, optional features, and sensitive data about your child.
  • Legitimate interests: to improve the Service, secure the platform, and prevent fraud.
  • Legal obligation: for tax, accounting, and compliance.

International transfers: Personal data may be transferred to the United States and other countries where our service providers operate. We rely on Standard Contractual Clauses and equivalent safeguards approved by the European Commission.

To exercise your rights, email info@govitamins.app.

12. Children Aged 13–17

For children aged 13 through 17, U.S. state laws (including in California, Colorado, Connecticut, and others) impose additional protections. Go Vitamins extends the same parental-consent model to all minors aged 2–17: only a parent or legal guardian may create a profile, and we do not market to or profile minors.

13. Account Deletion and Data Export

You may delete your account and all associated child profiles at any time from Settings → Delete Account within the Service. Upon deletion:

  • Your account and all child profile data will be permanently deleted from our active databases within 30 days.
  • Residual copies in encrypted backups will be purged within 90 days.
  • Billing records required by law will be retained as described in Section 7.
  • A confirmation email will be sent when deletion is complete.

You may also export a copy of your data in JSON format from Settings → Export My Data.

If you cannot access the in-app controls, email info@govitamins.app and we will process your request within 30 days.

14. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. There is no industry consensus on how to interpret DNT, so we do not currently respond to DNT signals. We do not engage in cross-site behavioral tracking regardless of DNT.

15. Third-Party Links

The Service may link to third-party websites (for example, retailer product pages at Trader Joe's or Whole Foods). We are not responsible for the privacy practices of those sites. Please review their policies before sharing information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by a prominent notice in the Service at least 14 days before the changes take effect. The "Last Updated" date at the top of this Policy indicates when it was last revised.

Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

17. Contact Us

For questions, requests, or complaints regarding this Privacy Policy, contact us at:

OpenAir LLC (d/b/a Go Vitamins) 241 4th Ave, Apt 4 Venice Beach, CA 90291 United States

Email: info@govitamins.app

If you are in the EEA, UK, or Switzerland, you may also contact your local data protection authority.

© 2026 OpenAir LLC. All rights reserved.