vexoring

Privacy Policy

Effective July 3, 2026 · Last updated July 3, 2026

This Privacy Policy explains how Vexo Ring ("Vexo," "we," "us," or "our") collects, uses, discloses, and protects your information when you use the Vexo Ring smart ring (the "Ring"), the Vexo iOS application (the "App"), our websites and developer documentation (the "Site"), and related services (collectively, the "Services").

Vexo is built on a single principle, which shapes everything in this policy: your data belongs to you, and it does not leave your devices without your explicit consent. Please read this policy carefully. If you do not agree with it, do not use the Services.

A note on how Vexo is designed. Unlike most wearables, Vexo is engineered so that the sensitive processing happens on your hardware. Your voice is transcribed to text on your iPhone, using Apple's on-device speech engine — the audio itself is never sent to our servers or any cloud transcription service. Our AI chat features run on Apple's on-device foundation models on your phone. We built the system this way on purpose.

SECTION 01

Who This Policy Applies To

This policy applies to individuals who purchase or use a Vexo Ring and the Vexo App, visitors to our Site, and developers who build on the Vexo platform. If you are under the age of 16 (or the minimum age of digital consent in your jurisdiction), you may not use the Services, and we do not knowingly collect data from you (see Section 12).

SECTION 02

The Short Version

The essentials at a glance. The rest of this document is the long version.

Health data we collect
Heart rate, blood oxygen (SpO₂), skin temperature, heart-rate variability, sleep score, steps, and active calories — measured by the Ring.
Voice
Captured by the Ring's microphone, streamed to your phone, and transcribed to text on your phone. We never receive or store your audio. Only the resulting text is synced, and only if you keep your account synced.
Your phone's mic
Nothing. The Vexo App never records from your iPhone's microphone and never asks for microphone permission. The Ring is the only microphone.
Where synced data lives
On our infrastructure provider, Supabase (managed Postgres, authentication, and storage), protected by per-user access controls.
Who we sell it to
No one. We do not sell your personal information or use it for advertising.
Third-party sharing
Only when you initiate it — connecting an external AI assistant, granting a marketplace app scoped access, or routing a note to Apple Reminders.
Analytics / trackers
None. No third-party analytics, advertising, or crash-reporting SDKs in the App, and no cookies or trackers on our Site.

SECTION 03

The Information We Collect

Health & Biometric Information (Sensitive Data)

The Ring contains an optical PPG sensor, a skin-temperature sensor, and a motion sensor (accelerometer + gyroscope). From these, Vexo collects and processes:

This is sensitive personal information / special category data under laws such as the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar state laws. We process it only to provide the Services to you and only on the legal bases described in Section 6.

Vexo is a general wellness product, not a medical device. The Ring and App are not intended to diagnose, treat, cure, or prevent any disease or medical condition, and are not a substitute for professional medical advice. Do not rely on Vexo for medical decisions.

Voice & Speech Information

The Ring includes a microphone that captures audio in two modes you control: voice notes (audio you intentionally capture, e.g. by double-tapping the Ring) and speech capture (voice-activity-gated capture of your own speech while you wear the Ring).

How your voice is handled — please read this carefully:

Recording others. Because the Ring can capture voice, you are responsible for complying with applicable laws when recording. Some jurisdictions require the consent of all parties to a conversation before recording ("two-party" or "all-party" consent). The Ring includes a visible indicator light during capture. You must obtain any consent required by law before recording other people, and you must not use Vexo to record anyone unlawfully.

Profile Information You Provide

When you set up the App, you may provide your name / display name, age, weight (and unit preference), fitness goals (e.g. move more, sleep better, heart health), and speech goals (e.g. fewer fillers, steady pacing, confidence).

Account & Identity Information

To create and secure your account (via our authentication provider, Supabase), we collect your email address (and one-time verification codes), your phone number if you use SMS sign-in, your Apple account identifier if you use Sign in with Apple, your Google account identifier if you use Google sign-in, and authentication tokens stored securely in your device's Keychain.

We do not receive your Apple or Google password. If you use Sign in with Apple, Apple may provide us a private relay email address rather than your real one, at your choice.

Ring Device Information

To operate and maintain your Ring, we collect its serial number and hardware identifiers, firmware version, battery level, and connection timestamps. The Ring itself stores only its own settings; it does not retain a history of your biometric or voice data. Your phone is the primary store.

Reminders

If — and only if — you tap to route a note into Apple Reminders, the App requests access to your Reminders and writes the item you selected. We do not read your existing reminders and do not access this data on our servers.

Information We Do Not Collect

For clarity, the current Services do not collect:

The Site

Our marketing and developer-documentation website collects no personal information. It has no sign-up forms, no newsletter, no cookies, no advertising, and no third-party analytics or trackers. Standard, transient server logs may be generated by our hosting provider for security and reliability.

SECTION 04

How Your Data Flows (Ring → Phone → Cloud)

Understanding the architecture is the best way to understand your privacy:

SECTION 05

How We Use Your Information

We use your information to:

We do not use your health, voice, or biometric data to build advertising profiles, and we do not sell it.

SECTION 06

Legal Bases for Processing (EEA/UK Users)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

SECTION 07

How We Share Information — and When

We share your personal information only in these limited circumstances:

Service Providers (Processors)

We use Supabase for database, authentication, and file storage, processing your synced data on our behalf under contract. Our backend is hosted on Render. Authentication one-time codes may be delivered by email or SMS providers integrated through our auth provider. We do not use third-party analytics, advertising, or data-broker services.

Sharing You Initiate — External AI Assistants (MCP)

Vexo lets you connect your data to an external AI assistant (such as Claude or ChatGPT) through a personal connection link you generate. When enabled, the assistant can read the categories you've turned on — profile, latest vitals, activity summaries, metric history, and transcripts.

Sharing You Initiate — Marketplace Apps

Third-party "mini-apps" may request scoped, revocable access to specific data categories (e.g. "latest vitals" or "read captures"). Access is deny-by-default: an app receives only the scopes you approve, and you can revoke them. These features operate only on your explicit, per-grant consent.

Apple Reminders

We write to Apple Reminders only when you explicitly route a note there.

Legal & Safety

We may disclose information if required by law, subpoena, or legal process, or where we believe in good faith it is necessary to protect the rights, safety, or property of you, us, or others.

Business Transfers

If Vexo is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you and honor the commitments in this policy.

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising, as those terms are defined under California and other U.S. state privacy laws.

SECTION 08

Data Retention

SECTION 09

Your Rights & Choices

Depending on where you live, you may have rights to access, correct, delete, export/port, restrict, or object to processing, and to withdraw consent. Vexo honors these rights for all users regardless of location, to the extent practicable.

You can exercise many of these directly:

To make a rights request, email privacy@vexoring.com. We will verify your identity (typically by confirming control of your account email) before acting, and respond within the timeframe required by applicable law (generally 30–45 days). You will not be discriminated against for exercising your rights.

California residents (CCPA/CPRA): You have the rights to know, delete, correct, and to limit the use of sensitive personal information. We use sensitive information only to provide the Services and do not use it to infer characteristics for advertising. We do not sell or share your personal information.

EEA/UK residents: You may also lodge a complaint with your local data protection authority. Authorized agents may submit requests on your behalf with proof of authorization.

SECTION 10

Security

We protect your information with technical and organizational measures, including:

No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and regulators as required by law.

SECTION 11

International Data Transfers

We and Supabase may process and store your data in the United States and other countries where our providers operate, which may have data-protection laws different from your own. Where required (for example, for transfers out of the EEA/UK), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. By using the Services, you understand your information may be transferred to these locations.

SECTION 12

Children's Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, email privacy@vexoring.com and we will delete it.

SECTION 13

Third-Party Services

The Services integrate with third parties you choose to use — Apple (Sign in with Apple, on-device speech and AI, Reminders), Google (sign-in), and any external AI assistant or marketplace app you connect. Your use of those services is governed by their privacy policies. We encourage you to review them.

SECTION 14

Changes to This Policy

We may update this policy from time to time. If we make material changes — for example, to the categories of data we collect or how we share it — we will notify you through the App or by email before the change takes effect, and we will update the "Last updated" date. Your continued use of the Services after an update means you accept the revised policy.

SECTION 15

Contact Us

If you have questions, requests, or complaints about this policy or your data, contact us:

Vexo Ring — email privacy@vexoring.com