Last Updated: March 16, 2026 


V-Metrics Inc., doing business as Health Creation Lab (“V-Metrics,” “Health Creation Lab,” “we,” “our,” or “us”), respects your privacy and is committed to protecting your Personal Data. In order to provide you with the best possible website platform and mobile applications, we may collect and process your Personal Data. The purpose of this privacy policy is to help you better understand how we collect, store, and process this Personal Data, whether you’re a subscribing Health Creation Lab member, engaging a Free Trial of our apps, a potential subscriber on a free trial, a participant in our partner or affiliate program, or even if you’re just visiting our website.


This website and our related applications may include links to third party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or practices. Our privacy policy does not apply to any information collected by any third party, including through any application or content that may be accessible via our website. When you leave our website and applications, we encourage you to read the privacy policy of every website and application you visit.


Age Restrictions


You must be at least 18 years of age to use our Services. We do not knowingly collect Personal Information from individuals under 18. If you are under 18, do not use our Services or provide us with any Personal Information. If we learn we have collected or received Personal Information from an individual under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about an individual under 18, please contact us at [email protected].


The Type of Personal Data We Collect from You


Personal Data, or Personal Information, means any information about an individual from which that person can be identified.


We may process (e.g., collect, use, store, and/or transfer) different kinds of Personal Data about you which we have grouped together as follows:


  • Identity Data includes first name, last name, username or similar identifier, date of birth, sex at birth, and gender identity.
  • Contact Data includes email address, telephone numbers, and mailing address.
  • Biometric and Wellness Data includes:
    • Camera-based biometric estimates: Heart rate and heart rate variability estimated via photoplethysmography (PPG), a technique that uses your device’s camera and flash to capture optical signals from your fingertip. Raw optical data is captured and processed on your device. An anonymous reading identifier (GUID) — which cannot be linked back to your account or personal identity — is sent to a third-party processing service to compute the estimated biometric values. No raw video, images, or photographs of your fingertip are stored or transmitted. The resulting estimates (heart rate, heart rate variability) are stored in our systems associated with your account.
    • Bluetooth heart rate monitor data: Heart rate data received from Bluetooth Low Energy (BLE) compatible heart rate monitors (e.g., Polar chest straps) that you voluntarily pair with the App. This data is used for heart rate recovery, VO2 Max estimation, and other wellness features.
    • Self-reported wellness and lifestyle data: Health promotion goals, personal biomarkers of function, vitality and wellness (blood pressures, heart rate and variability, muscle strength and cardiorespiratory fitness, weight and body composition, lifestyle habits, and wellness surveys).
    • Assessment results: Functional strength, cardiovascular fitness, flexibility, body composition, and other vitality assessment scores and trends.
  • Financial Data includes payment card and bank account details (processed by our PCI-DSS compliant payment processor; we do not store full payment card numbers).
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device model and manufacturer, and other technology on the devices you use to access our Services.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data includes information about how you use our website, products, and services, including session timestamps, feature usage frequency, and interaction patterns.
  • Device and Sensor Data includes information about the device sensors used to capture biometric data (camera capabilities, Bluetooth pairing identifiers for heart rate monitors). We do not collect or access data from other device sensors (such as GPS location, accelerometer, or gyroscope) except as explicitly required for a specific feature and disclosed to you at the time of use.
  • Push Notification Data includes device push notification tokens, notification delivery and interaction data, and your notification preferences. Push notification tokens are used solely to deliver notifications you have opted into (e.g., wellness reminders, coaching prompts, and session-related alerts). You can manage your notification preferences at any time through the App settings or your device’s system settings.
  • Communication Data includes your preferences in receiving notifications from us and your communication preferences.


How We Collect Your Personal Data


We use different methods to collect Personal Data, broken down into the following sections so you can better understand what areas are applicable to you.


How We Collect Personal Data About Our Subscribers


In order to offer access to our services, we need to collect certain Personal Data from our subscribers. We collect your Contact Data, Identity Data, Profile Data, Biometric and Wellness Data, Transaction Data, Usage Data, Technical Data, Device and Sensor Data, Push Notification Data, and Communication Data from the information you provide us through our applications, to deliver our services to you, as detailed within our Terms of Service Agreement.


This Personal Data is collected when you sign up for our services, when you access our services, or when you otherwise provide us with the Personal Data. When you accept our Terms of Service Agreement and this Privacy Policy, you have given us express permission to use and store your Personal Data.


Biometric data collection specifically:


  • Camera access: Your device camera is used for various features like capturing real-time heart rate via PPG, streamlined data entry (e.g., OCR scanning), and more. When used for heart rate measurement, the camera captures optical signals only — no photographs or video are recorded or stored. Raw optical processing occurs on your device. Only an anonymous reading identifier is transmitted to a third-party processing service to compute heart rate and heart rate variability estimates.
  • Bluetooth access: When you pair a Bluetooth heart rate monitor, the App accesses Bluetooth to receive real-time heart rate data from your paired device. The App only communicates with devices you explicitly pair and does not scan for or connect to other Bluetooth devices.
  • Photo library access: Photo library access is used to select photos for your Evolution Board, profile, and other personalization features. Photos you select are uploaded to our systems and associated with your account. You may also save images generated by the App to your device photo library.
  • Microphone and speech recognition access: Your microphone is used for voice-to-text dictation, voice memos, and other voice-enabled features. Speech recognition is used to convert spoken input to text. Audio recordings are processed and stored according to the specific feature’s disclosure.


How We Collect Personal Data About Partners, Affiliates, Ambassadors, and Experts


We may collect your Identity Data, Transaction Data, Profile Data, Usage Data, and Technical Data whenever you sign up as a Partner, Affiliate, Ambassador, or Group Sales Agent Account or when one of your clients or subscribers signs up for our services, in order to register, provide access to your account, record sales activities, distribute related compensation, and to improve our services.


How We Collect Personal Data About Website and Application Users


  • We collect your Usage Data including your IP addresses and how you interact with our website.
  • We also collect backend Usage Data such as when you visited the website, from where you came prior to visiting us, the website where you go when you leave our website, your computer’s operating system, location data, and the type of web browser that you are using.
  • We also collect Contact Data and Identity Data submitted by you via any messaging or email feature available from any of our websites.
  • We may also receive Contact Data when you submit help tickets or make other requests to V-Metrics via any of our websites.
  • We also collect the Contact Data of our telephone support users.
  • For all those that email us for technical support, we collect Contact Data, Identity Data, and Technical Data.
  • If you use our forum or community, we collect your Contact Data.


We collect this Personal Data when you visit V-Metrics-hosted web pages, use services offered on our websites and related applications, or engage with us either by email, web form, instant message, phone, or post content on or through our websites (including forums, blogs, and via any messaging feature). We also collect any additional information that you might provide us. We use this information to provide and enhance our services (including servicing your account, if applicable), and to answer any questions you may have.


How We Use Your Personal Data


We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:


  • Where we need to perform a service for you. See our Terms of Service Agreement, which is a party to this Privacy Policy.
  • Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.


Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your consent before we send any third-party direct marketing communications to you via email or text message, should we decide to do so. We do not currently send third-party marketing communications and have no plans to do so. You have the right to withdraw consent to marketing at any time by contacting us and you can unsubscribe from any such marketing communications at any time.


Purposes For Which We Will Use Your Personal Data


We have set out below a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.


We may process your Personal Data for more than one lawful basis depending on the specific purpose for which we are using your data.


To register you as a new subscriber

  • Type of Data: Identity, Contact
  • Lawful Basis: To set up your account


To process and deliver your subscription services, including:

  • Access to your assessments and personal vitality and well-being dashboard and reporting
  • Access to your Health Creation Labs, your preferred learning track, and the personalized recommendations of our analytics engine
  • Access to our StateCheck features and the biometric data they capture
  • Access to our billing and financial services partner (Stripe) for payment management
  • Booking services and access to our Health & Vitality Coaching services
  • Access to our community features
  • Type of Data: Identity, Contact, Financial, Transaction, Biometric and Wellness, Communication
  • Lawful Basis: Performance of our services agreement with you; Necessary for our legitimate interests (to receive compensation for our services and to deliver them to you in secure fashion)


To manage our relationship with you, including:

  • Guiding you on the features and resources available within our platform
  • Delivering notifications and reminders via push notifications
  • Guiding your personal wellness journey with us
  • Notifying you about changes to our terms or privacy policy
  • Asking you to leave a review or take a survey
  • Type of Data: Identity, Contact, Biometric and Wellness, Push Notification, Communication
  • Lawful Basis: Necessary for our legitimate interests (to define types of memberships/subscriptions for our products and services; to keep our platform updated and relevant; to develop our business and to inform our product development and marketing strategy)


To provide biometric estimation services, including:

  • Processing camera-based PPG readings to estimate heart rate and heart rate variability
  • Processing Bluetooth heart rate monitor data for heart rate recovery and VO2 Max estimation
  • Generating wellness trends, insights, and coaching recommendations from your biometric data
  • Type of Data: Biometric and Wellness, Device and Sensor, Usage
  • Lawful Basis: Performance of our services agreement with you; Your explicit consent (granted when you activate biometric features and accept the wellness disclaimer)


To administer and protect our business and platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)

  • Type of Data: Identity, Contact, Technical, Usage
  • Lawful Basis: Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganization or group restructuring exercise); Necessary to comply with legal obligations


To monitor your participation, measure, and report to you on your results and to understand the effectiveness of the services we deliver to you

  • Type of Data: Identity, Usage, Biometric and Wellness
  • Lawful Basis: Performance of our services agreement with you; Necessary for our legitimate interests (to receive compensation for our services and to deliver them to you in secure fashion)


For employer-sponsored subscriptions: To monitor your participation, measure, and report on your results (in deidentified form) and to understand the effectiveness of the services we deliver to you for your employer

  • Type of Data: Usage, Biometric and Wellness
  • Lawful Basis: Performance of our services agreement with you and your employer sponsor; Necessary for our legitimate interests (to validate services we have delivered)


To use data analytics to improve our platform, products/services, marketing, customer relationships, and experiences

  • Type of Data: Identity, Contact, Financial, Transaction, Biometric and Wellness, Communication
  • Lawful Basis: Necessary for our legitimate interests (for running our business; provision of administration and IT services; network security; to prevent fraud; in the context of a business reorganization or group restructuring exercise); Necessary to comply with a legal obligation


Cookies and Similar Tracking Technology


We use cookies or similar tracking technologies, including from third-party partners such as Google, on our webpages. This information can be used to track your session on our website. Cookies may also be used to customize our website content for you as an individual. V-Metrics uses cookies to understand how you interact with our websites, apps, and selected third-party websites primarily with the aim of improving your user experience. We do not store sensitive information such as login credentials or bank information within cookies. For more information about how V-Metrics uses cookies, please see our Cookies Policy.


Information That We Share with Third Parties


V-Metrics works with third parties to help provide our services and we may share your Personal Data with them to support these efforts in accordance with the purposes and lawful bases set out above. In certain limited circumstances, we may also be required to share Personal Data with third parties to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.


Third parties we share data with include:


  • Biometric processing partner: An anonymous reading identifier (GUID) from camera-based PPG sessions — which cannot be linked back to your account or personal identity — is sent to a third-party processing service to compute heart rate and heart rate variability estimates. No raw video, images, or personal identifying information is shared with this processing partner.
  • Stripe (payment processing): Payment card and transaction information is shared with Stripe for subscription billing and payment processing. Stripe is PCI-DSS compliant.
  • Push notification services (Apple Push Notification Service, Firebase Cloud Messaging): Device push notification tokens are shared with Apple and/or Google to deliver notifications to your device.
  • Hosting and infrastructure providers: Your data is stored on servers provided by our hosting and infrastructure partners, subject to appropriate security agreements.


Personal Data may be shared with third parties to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the services, or as otherwise required by law.


Personal Data may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our homepage.


We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.


V-Metrics will ask for your consent before sharing your Personal Information with third parties for purposes other than those described in this section.


Data Retention


We retain your Personal Data for as long as your account is active and as necessary to provide you with the Services. If you request account deletion, we will delete or de-identify your Personal Data within a reasonable time period, except where we are required to retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements.


After account deletion or extended account inactivity:


  • Identifiable Personal Data (name, email, contact information, identifiable biometric data) will be deleted or de-identified.
  • De-identified and aggregated data (anonymized assessment trends, aggregated wellness statistics, and other data that cannot be reasonably linked back to you) may be retained indefinitely for research, analytics, product improvement, and the generation of Reports as described in our Terms of Service.


We will continue to store anonymous or anonymized information, such as website visits and aggregated wellness trends, without identifiers, in order to improve our services.


Do Not Sell My Personal Information


We do not sell your Personal Information. V-Metrics does not and will never sell, rent, or otherwise provide your Personal Information to other companies for the marketing of their own products or services, or for any other commercial purpose.


Under the California Consumer Privacy Act (CCPA) and similar state privacy laws, you have the right to opt out of the “sale” or “sharing” of your Personal Information. Because we do not engage in such practices, there is no sale or sharing to opt out of. However, if you wish to exercise this right or have questions about our data practices, you may contact us at:


Email: [email protected]
Mail: V-Metrics Inc., #100 – 540 Groves Ave, Kelowna, BC, Canada V1Y 4Y7


We will not discriminate against you for exercising any of your privacy rights.


Terminating Your Relationship with Us


If you decide to terminate your relationship with us, you may request that we delete your Personal Data. We will comply with such requests in accordance with our Data Retention policy above and applicable law. We will continue to store archived copies of your Personal Information only for legitimate business purposes and to comply with our legal and regulatory obligations, and such retained data will be de-identified where possible.


We will continue to store anonymous or anonymized information, such as website visits, without identifiers, in order to improve our services.


What We Don’t Do with Your Personal Information


We do not and will never share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own products or services.


If you are a customer using V-Metrics services, we do not use the Personal Information we collect from you or your subscribers to independently contact or market to your subscribers. However, V-Metrics may contact or market to your subscribers if we obtain their information from another source, such as from the subscribers themselves.


Keeping Your Personal Information Secure


We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.


We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Biometric data security: Camera-based biometric readings (PPG) are captured and initially processed on your device. Only an anonymous reading identifier — which cannot be linked to your identity — is transmitted over encrypted connections to our third-party processing service. Heart rate data from Bluetooth monitors is transmitted directly from your paired device to the App on your phone via encrypted Bluetooth connections. All biometric data stored in our systems is protected by the same security measures applied to all Personal Data.


International Transfers of Personal Data


V-Metrics Inc. is a Canadian corporation that provides services to subscribers, and our technology processes data from users, around the world.


Accordingly, V-Metrics may transfer your Personal Data outside of the country, state, or province in which you are located. V-Metrics ensures that whenever we transfer your Personal Data out of the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following appropriate safeguards is implemented:


  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for processing of Personal Data pursuant to adequacy regulations made in accordance with applicable data protection laws.
  • Where we use certain service providers, we will enter into an agreement with those providers in the form of the standard contractual clauses approved in accordance with applicable data protection laws and which give Personal Data the same protection it has in the UK and EEA.


Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK.


Your Legal Rights


Depending on your location, you may have certain rights under applicable data protection and privacy laws with respect to your Personal Data. These rights may include:


For California Residents (CCPA/CPRA):

  • The right to know about the Personal Information a business collects about you and how it is used and shared.
  • The right to delete Personal Information collected from you (with certain exceptions).
  • The right to opt-out of the sale or sharing of your Personal Information. (Note: We do not sell or share your Personal Information.)
  • The right to non-discrimination for exercising your privacy rights.
  • The right to correct inaccurate Personal Information.
  • The right to limit use and disclosure of Sensitive Personal Information.


For UK and EEA Residents (GDPR/UK GDPR):

  • The right to request access to your Personal Data.
  • The right to request correction of your Personal Data.
  • The right to request erasure of your Personal Data.
  • The right to object to processing of your Personal Data.
  • The right to request restriction of processing your Personal Data.
  • The right to request transfer (portability) of your Personal Data.
  • The right to withdraw your consent.


For all users:

  • The right to request a copy of the Personal Data we hold about you.
  • The right to request correction of inaccurate data.
  • The right to request deletion of your account and associated Personal Data.


To exercise any of these rights, please reach out to [email protected].


App Privacy Disclosure (Apple App Store and Google Play)


In accordance with Apple’s App Privacy requirements and Google’s Data Safety requirements, the following summarizes the data our mobile applications collect and how it is used. This information is also reflected in our App Store and Play Store listings.


Data Used to Track You: None. We do not use your data to track you across apps or websites owned by other companies.


Data Linked to You:

  • Contact Info (email address)
  • Identifiers (user ID)
  • Health & Fitness (heart rate, heart rate variability, heart rate recovery, VO2 Max estimates, fitness assessment results)
  • Usage Data (product interaction, session data)
  • Purchases (payment history)


Data Not Linked to You:

  • Diagnostics (crash data, performance data)
  • Usage Data (aggregated analytics)


Data Not Collected:

  • Precise Location
  • Browsing History
  • Search History
  • Photos or Videos (camera is used for PPG biometric estimation and OCR scanning — no photographs or video are captured during these features; photo library access is used for Evolution Board and profile personalization only)
  • Contacts
  • Financial Information (payment processing is handled entirely by Stripe)


Usernames and Passwords


The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a username and password for access to certain parts of our website, you are responsible for keeping the username and password confidential. Do not give your password to anyone. If you enter a section of our website that requires a password, you should log out when you leave. As a safety precaution, you should also close out of your web browser completely and re-open it before viewing other parts of the Internet.


Autoresponders


We may use autoresponders to communicate with you by e-mail. To protect your privacy, we use a verified opt-in system for such communications and you can always opt-out of such communications using the links contained in each autoresponder message. If you have difficulties opting out, you may contact us by sending an e-mail to [email protected], or sending us mail to the address listed below.


Disclaimer


Unfortunately, the transmission of information via the internet is not 100% secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our web platform and mobile applications. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the web platform and mobile applications, including the illegal acts of third parties (such as criminal hacking).


Policy Changes


We keep this privacy policy under regular review, so the terms of this policy may change from time to time. If we make material changes to how we treat our users’ Personal Data, we will notify you by posting the revised policy on this website, through in-app notifications, or by other means when appropriate. Your continued use of our Services constitutes your consent to such revised privacy policy.


If you are concerned about the topic covered by this policy, you should read it each time before you use our web platform and mobile applications. Any questions or concerns about this policy should be brought to our attention by sending an e-mail to [email protected], or one of the methods provided under Contact Information, and providing us with information relating to your concern.


Contact Information


To ask questions or comment about this privacy policy and our privacy practices, contact us at:


Email: [email protected]


Mail:
V-Metrics Inc.
#100 – 540 Groves Ave
Kelowna, BC, Canada V1Y 4Y7


Anti-Spam Policy


We dislike unsolicited commercial e-mail as much as you do. Spam or junk e-mail is a disservice to the Internet and our community.


We fully endorse and comply with the requirements of Canada’s anti-spam legislation (CASL) and the CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act), and all other applicable unsolicited commercial e-mail laws.


If you subscribe to digital newsletters or other communications from us, you will always have an option to unsubscribe immediately.


If you have additional questions, comments, or concerns, please contact us by sending an e-mail to [email protected] and providing us with information relating to your concern.


You may also mail your concerns to us at the following address:


V-Metrics Inc.
#100 – 540 Groves Ave
Kelowna, BC, Canada V1Y 4Y7