Privacy Policy · vitalme.ai

How we handle the data you share with us.

This policy covers vitalme.ai — our marketing website, waitlist forms, and NCI training enrollment pages. The consumer/clinical product (the vitalme app) will have its own privacy and security terms when it launches, including HIPAA-aware protections for clinician-prescribed use.

EffectiveJune 7, 2026
Last updatedJune 7, 2026
OperatorVitalMe (a Brainworks initiative)

§ 01 Who we are

VitalMe is a clinically-grounded wellness initiative operated by Brainworks, owned by Phillip Alvelda. We're building a daily neuroscience-informed practice for individuals, and a training framework (NCI — Neural Circuit Integration) for licensed mental-health clinicians. The marketing site at vitalme.ai exists primarily to introduce that work and let interested people and clinicians join waitlists for the app and the training program.

When this policy refers to "we", "us", or "VitalMe", we mean the team operating vitalme.ai. When it refers to "you", we mean the person visiting the site or submitting a form. Phillip Alvelda is the responsible data controller for site-collected data; contact details are in § 11.

§ 02 What we collect

We try to collect as little as possible, and only what's useful for the thing you're signing up for.

Waitlist submissions (consumer app)

  • Email address (required)
  • First name or display name (optional, if you provide it)

NCI training waitlist (clinicians, researchers, educators)

  • Email address (required)
  • Name (optional)
  • Credentials, license type, jurisdiction (optional — helpful for grouping cohort communications)
  • Primary modality, professional interests, free-text comments (optional)

Automatic technical data

Like nearly every website, our hosting infrastructure produces server logs that include IP address, browser user-agent string, the page you requested, and the timestamp. We use these only for security monitoring (e.g., spotting abuse) and aggregate usage debugging. We do not currently run third-party analytics, ad pixels, or session recording on the marketing site. If that changes, this policy will be updated and the relevant section flagged.

What we do not collect on this site

  • No health, medical, or clinical information (the marketing site is not a clinical product)
  • No biometric or device sensor data
  • No payment information (we are not currently transacting on this site)
  • No third-party advertising identifiers

§ 03 Why we collect it

The data above is used for a small number of clearly-scoped purposes:

  1. Confirmation: sending you a single confirmation email that you joined the waitlist.
  2. Updates: occasional emails about the program, launch timing, and content that's directly relevant to what you signed up for.
  3. Cohort coordination (NCI training): contacting waitlisted clinicians when working-session dates, materials, and enrollment terms are finalized.
  4. Security and abuse prevention: filtering automated submissions and protecting the site.

We do not sell, rent, or share your data with third-party marketers. We do not run retargeting, behavioral advertising, or data brokerage. If we ever change any of this, we will tell you before it takes effect.

§ 04 Cookies & tracking

The marketing site currently uses only minimal first-party storage required for the site to function (for example, remembering whether you've dismissed the NCI training modal so we don't show it again). We do not use third-party analytics cookies, ad-network pixels, or cross-site tracking on this site at this time.

If we add anonymized first-party analytics in the future (e.g., a privacy-respecting tool to understand which pages people read), this section will be updated, and we will provide an opt-out mechanism where required by law.

§ 05 Data retention

Waitlist data is retained until you ask us to remove it, or until the program you signed up for has clearly concluded (whichever is sooner). For example, if you joined the consumer app waitlist and you've been an active user of the app for a year, we'll periodically archive the original waitlist record. If you joined the NCI training waitlist and the Q3 2026 cohort concludes, we keep your information only for the duration of follow-up communications you opted into, plus a reasonable archival window for our records (typically up to 3 years).

Server logs are retained for up to 90 days for security purposes, then deleted or aggregated.

You can ask us to delete your data at any time — see § 6.

§ 06 Your rights

Wherever you live, you have these rights when it comes to the data you've shared with us:

  • Access: ask us what we have on file for you.
  • Correction: ask us to fix anything that's wrong.
  • Deletion: ask us to remove your data. We will, except where we're legally required to retain something (we'll tell you if that's the case).
  • Withdrawal of consent: unsubscribe from any list at any time. Every email we send includes an unsubscribe link.
  • Portability: request a copy of your data in a common format.

To exercise any of these rights, email us at the address in § 11. We aim to respond within 7 business days.

§ 07 GDPR & CCPA

If you're in the European Economic Area, the UK, Switzerland, or another jurisdiction with comparable rules, you have additional rights under GDPR and analogous laws — including the right to object to processing, the right to lodge a complaint with a supervisory authority, and the right not to be subject to solely-automated decisions that produce legal effects.

If you're a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what we've collected, the right to delete, and the right to opt out of "sale" or "sharing" of personal information. As described in § 3, we do not sell or share your personal information for advertising purposes.

To exercise any of these rights, contact us — § 11. We will not discriminate against you for exercising them.

§ 08 Children

The marketing site and waitlists are not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

§ 09 The future product

When the consumer vitalme app launches, it will collect different categories of data than the marketing site — for example, personal preferences for daily practice content, optional reflection journaling, and (where a licensed clinician is involved through a Therapist Practice plan) potentially clinical context. That product will have its own privacy and security terms, including HIPAA-aware controls where applicable.

Nothing in this current marketing-site policy should be read as describing the eventual clinical product's data handling. When the app launches, we'll publish a separate, product-specific policy and link to it clearly.

§ 10 Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect the most recent change. If we make material changes — for example, adding analytics, changing what categories of data we collect, or expanding how we use it — we'll notify you by email (if we have your address from a waitlist) and post a prominent notice on the site before the change takes effect.

§ 11 Contact

For any privacy question, request, or complaint, write to us:

Privacy contact Email: privacy@vitalme.ai
Mailing address:
VitalMe / Brainworks
c/o Phillip Alvelda
350 Stoneyridge Ln, Unit 2
Walnut Creek, CA 94596
United States

If you're not satisfied with our response, you may also contact your local data protection authority (in the EU/UK) or the California Attorney General's office.