Legal
Privacy Policy
Last updated: April 2026 · Applies to app.vasus.ai
Short version: vasus.ai does not collect personal data, require registration, or track individuals. The platform is designed to be fully anonymous by default. No health data you enter is stored against any identity.
1. Who we are
vasus.ai is an environmental health intelligence platform operated by Exposomic AI Ltd. The platform provides evidence-based analysis of environmental conditions for educational purposes only. It is not a medical service and does not provide medical advice, diagnosis, or treatment.
Contact: [email protected]
2. What data we collect
We collect the minimum data required to operate the service:
- Location data (temporary): The city or location you enter is geocoded to latitude/longitude coordinates to retrieve environmental data. This is not stored against any identifier after the request completes.
- Anonymous session token: A randomly generated UUID stored in your browser's localStorage. This is used only to enforce the daily rate limit (5 free queries per day) and to correlate feedback you submit within a single session. It is not linked to your identity in any way.
- Health sensitivity selection: The sensitivity category you select (e.g. Migraines, Respiratory) is sent to our API to retrieve relevant environmental and research data. It is not stored against your session token or any identifier beyond the duration of the request.
- Optional enrichment data: If you choose to personalise your query (condition subtype, known triggers, medication), this information is used only to improve the relevance of the response for that single query. It is not stored, profiled, or used for any other purpose.
- Voluntary feedback: If you submit a thumbs up/down or feedback form, we store the response (helpful/not helpful, risk accuracy, optional free text) linked only to your anonymous session token. No personal identifier is attached.
3. What we do not collect
- We do not collect your name, email address, or any contact information
- We do not require account registration
- We do not build health profiles or track individuals across sessions
- We do not sell data to third parties
- We do not use data for advertising or marketing profiling
- We do not use cookies for tracking or advertising (only a session localStorage token)
4. Push notifications (optional)
If you choose to enable environmental risk alerts, your browser's push subscription token is stored linked only to your anonymous session token and the sensitivity/location/threshold you specify. You can unsubscribe at any time from within the app or via your browser notification settings. We do not use push notification data for any purpose other than delivering the alert you requested.
5. Third-party services
vasus.ai uses the following third-party APIs to deliver its service:
- Google Maps Platform (geocoding, air quality, weather, pollen) — subject to Google's Privacy Policy. Location data is transmitted to Google APIs to retrieve environmental readings.
- OpenAI (synthesis model) — response generation. Query context including your location, sensitivity, and environmental readings is sent to OpenAI for synthesis. No persistent storage by OpenAI under our API agreement.
- Anthropic (chat assistant, EHSPI narrative) — conversational responses. Same conditions as OpenAI above.
- PubMed / NCBI — public research database. No personal data transmitted.
6. Data retention
- Anonymous session tokens: purged nightly (rows older than 24 hours deleted by automated cleanup)
- Feedback records: retained indefinitely in aggregate for product improvement, linked only to anonymous session token
- Environmental data cache: retained for up to 90 days for EHSPI scoring purposes, containing no personal data
- Server access logs: standard Cloud Run logs retained for 30 days by Google Cloud infrastructure
7. Your rights (UK GDPR)
Because we do not collect personal data linked to your identity, most data subject rights (access, erasure, portability) are not applicable in practice — we have no way to identify which records, if any, are associated with you.
If you believe we hold personal data about you or have a privacy concern, contact us at [email protected] and we will respond within 30 days.
8. Children
vasus.ai is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used the service in a way that has created a privacy concern, please contact us.
9. Changes to this policy
We may update this policy as the platform evolves. Material changes will be noted at the top of this page with an updated date. Continued use of the service after a policy update constitutes acceptance of the revised policy.
10. Contact
Privacy questions: [email protected]
General: vasus.ai/contact