Privacy Policy

Who we are

Vestia is a hearing-tracking application operated by David McAvinue, an individual based in Cork, Ireland. For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller for the information described below.

If you have any question about your data or this policy, contact us at hello@vestia.health.

What this policy covers

This policy applies to the Vestia iOS application and to the website at vestia.health. It does not cover the App Store or TestFlight themselves, which are operated by Apple under Apple's own privacy terms.

What we collect

Account information

When you create an account, we collect your email address and authentication details so you can sign in and so your data is kept private to you.

Health information you enter

This is the core of what Vestia does, and it is treated as special-category health data under GDPR. It includes:

The results of hearing checks you take in the app, recorded over time
Symptom logs, notes, and any triggers or observations you choose to record

You enter this information yourself. Vestia does not read data from other health apps or device sensors beyond what is needed to play the sounds used in a hearing check.

Technical and usage information

To keep the service working and secure, we process basic technical information such as app version, device type, and timestamps of activity.

Website analytics

The vestia.health website uses Statcounter to understand aggregate visitor numbers and which pages are viewed. This is separate from the app and is not linked to your hearing data or your account.

Why we use your data, and our legal basis

To provide the app — storing your hearing checks and showing you how they change over time. Legal basis: performance of our agreement with you.
To process your health information — recording and summarising the sensitive data above. Legal basis: your explicit consent, which you give when you start using Vestia and can withdraw at any time.
To keep the service secure and reliable — diagnosing problems and preventing misuse. Legal basis: our legitimate interest in running a safe service.

We do not use your data for advertising, and we do not sell it. We never use your health information for advertising or marketing purposes.

How we use AI

AI processing of your data

Some features in Vestia use artificial intelligence to summarise your own data in plain language — for example, describing a recent trend in your hearing checks.

This processing is carried out using Amazon Bedrock, an AI service run within our own cloud environment in the European Union (Ireland). Your data is not used to train AI models, and it is not shared with the underlying model provider for their own purposes. The AI receives only the data needed to generate a summary for you, and the result is returned only to you.

AI summaries are for your convenience and reflection only. They are not medical advice and should not be used to make decisions about your health.

Who we share data with

We share data only with the service providers needed to run Vestia. These act on our instructions and are bound to protect your data:

Amazon Web Services (AWS) — hosting, database, authentication, and AI processing, in the EU (Ireland) region.
Statcounter — website analytics only (not app or health data).
Apple — distribution of the app through the App Store and TestFlight.

We do not sell your personal data to anyone, and we do not share your health information with third parties for their own purposes.

Where your data is stored

Your account and health data are stored within the European Union (Ireland). Where a provider such as Apple necessarily processes limited information outside the EU, that transfer is governed by the safeguards those providers put in place, such as Standard Contractual Clauses.

How long we keep it

We keep your data for as long as you have an account. If you delete your account, we permanently delete your hearing checks, logs, notes, and account record. Deletion is irreversible and cannot be undone.

Your rights

Under GDPR you have the right to:

Access the data we hold about you
Correct data that is inaccurate
Delete your data — you can do this yourself at any time from the app's profile screen, which removes your account and all associated data
Restrict or object to certain processing
Receive your data in a portable format
Withdraw your consent at any time, without affecting processing that already took place

To exercise any of these rights, contact hello@vestia.health. You also have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

How we protect your data

Data is encrypted in transit and at rest, access is restricted to your authenticated account, and infrastructure is hosted on secure cloud services. No system is perfectly secure, but we take reasonable steps to protect your information.

Children

Vestia is intended for adults and is not directed at anyone under 18. We do not knowingly collect data from children.

A note on what Vestia is

Vestia is a personal tracking tool. It is not a medical device, is not a substitute for professional audiometry, and has not been clinically validated. It does not diagnose or treat any condition. Always consult a qualified clinician before making decisions about your health, and seek care promptly for any sudden change in your hearing.

Changes to this policy

We may update this policy as Vestia develops. If we make a significant change, we will update the date at the top of this page and, where appropriate, let you know in the app.

Contact

Questions about your privacy or this policy: hello@vestia.health.