This policy explains what data Vaccio collects, how we use it, where it's stored, and the rights you have over it. Vaccination records are personal health information, and we treat them that way. If anything here isn't clear, email us at hello@vaccio.io.
1 · Who we are
Vaccio is operated by Vaccio, based in Dubai, United Arab Emirates. We build a mobile and web application that helps families digitise, organise, and share their vaccination records with schools, clinics, insurers, and other institutions ("partners").
This privacy policy covers both:
- The Vaccio mobile app — what we collect when families use the app to manage their vaccination records.
- The Vaccio partner portal at
portal.vaccio.io— what we collect when partners use the web portal to verify family records they've been given access to.
2 · What we collect
From families using the app
- Account details — your email address (used to sign in), your name (if you choose to provide it), and optional phone number.
- Profile details for each family member — name, date of birth, sex, country, nationality, blood type (optional), allergies (optional), chronic conditions (optional), avatar colour or photo, ID documents you choose to attach (e.g. passport, Emirates ID).
- Vaccination records — vaccine name, dose number, date administered, manufacturer, batch number, facility, country, and any source documents (photos / PDFs) you upload.
- Travel preferences — countries you save to the travel-readiness screen.
- App usage that you take action on — partners you've granted access to, requests you've approved or declined, reminders you've set.
From partners using the portal
- Institution account details — your work email, your institution's name, type (school / clinic / insurer / government), country, and contact info you choose to add.
- Roster organisation — tags you apply to patients (e.g. "Grade 5", "Football team"), inspections you run, requests you file, reminders you send.
Technical data we collect automatically
- Authentication tokens — short-lived session tokens stored on your device.
- Anonymous error reports — if Vaccio crashes, we may receive a crash report. These do not include your vaccination records.
- IP address and device user-agent — recorded by our backend on each request, kept in standard server logs for up to 30 days for security and abuse detection.
3 · How we use it
We use your data only to provide the service you signed up for:
- Show your vaccination records inside the app.
- Sync your records across your devices.
- Generate PDFs and travel-readiness reports you request.
- Deliver records to a partner when you explicitly approve their access request.
- Send you notifications you've opted into (vaccine due-date reminders, incoming partner requests, deadline reminders).
- Run partner-side compliance checks against the requirements they've set up — only on records the family has shared with that partner.
- Detect and prevent fraud or abuse of the service.
We do not use your data for advertising, profiling, automated decision-making with legal effect on you, or training AI models. The AI-powered vaccine scanner ("scan a record from a photo") runs your image through our backend to a third-party AI provider (Anthropic) to extract structured data; the image and extracted fields are not retained by that provider beyond the API call.
4 · Who we share it with
Your vaccination records leave Vaccio's servers in only three circumstances:
- When YOU explicitly approve a partner's access request. A school, clinic, or insurer requests access to a specific family member's records. You see the request inside the app and either approve or decline. Approved partners can read the records you shared, for as long as that share is active (default 30 days, revocable any time).
- When YOU export a PDF. You generate a PDF of the records and choose what to do with it (email, save, share). At that point, the recipient and onward handling are your responsibility.
- When required by law. If a court order or regulatory request compels disclosure, we comply only to the minimum necessary and notify you unless legally prohibited.
We use the following sub-processors, each contractually bound to handle data in line with this policy:
- Cloudflare, Inc. — hosts our backend (Workers, D1 database) and our static sites. Cloudflare privacy policy.
- Vercel, Inc. — hosts the partner portal at portal.vaccio.io. Vercel privacy policy.
- Resend — delivers our one-time sign-in codes by email. Resend privacy policy.
- Anthropic — processes the AI-vaccine-scan images via the Claude API. Anthropic privacy policy.
- Apple / Google — when you install the app from their stores, they collect download metrics under their own privacy policies.
5 · Where it's stored
Vaccio's backend runs on Cloudflare's edge network. Your records are stored in Cloudflare D1, a SQLite-compatible database that runs across Cloudflare's data centres. The primary region for our database is currently Asia-Pacific (Singapore), with secondary read replication across other Cloudflare regions for performance.
Records are encrypted in transit (TLS) between your device and our servers, and encrypted at rest on Cloudflare's infrastructure. Session tokens on your device are stored in the iOS Keychain or Android Keystore depending on platform.
If you have a specific data-residency requirement (for example, you need records to stay within the UAE), contact us — for institutional partners we can arrange a regional deployment.
6 · How long we keep it
- Account + profile + vaccination data: as long as your account is active.
- Access logs (who viewed what, when): kept for 12 months for security and audit purposes, then deleted.
- Partner-side records (tags, requests, reminders authored by an institution): kept for the lifetime of the partner's account.
- One-time login codes: expire after 10 minutes; the code itself is hashed before storage and deleted within 24 hours.
- Server logs (IP, user-agent): 30 days.
- Deleted accounts: cleared from the database immediately when you delete your account (see section 9). Backups are purged within 30 days.
7 · Children's data
Vaccio is explicitly designed to hold children's vaccination records — but the account is always held by a parent or legal guardian, and children do not interact with the app directly. We do not collect data from children except through their parent/guardian's deliberate input.
If you are under 18 and have created a Vaccio account on your own, please email us so we can transfer the account to a guardian or delete it.
We comply with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection regarding minors, the EU GDPR Article 8 where applicable to European users, and the United States COPPA where applicable to American users.
8 · Your rights
You have the following rights over your data:
- Access — view all records held about you (the app already shows you everything; for back-end logs, contact us).
- Correction — fix any inaccuracies. Records you create in the app are directly editable.
- Deletion — delete your account and all associated data at any time (see next section).
- Portability — export your records as a PDF inside the app. For machine-readable export (JSON / FHIR), email us.
- Withdraw consent — revoke a partner's access at any time from the app. Past records they accessed before revocation may already be in their system; we cannot recall those.
- Object — to any specific processing, by emailing us.
For UAE residents: you have the right to lodge a complaint with the UAE Data Office. For EEA / UK residents: with your national data protection authority.
9 · How to delete your account
You can delete your account and all associated data at any time, directly from inside the app:
- Open Vaccio.
- Go to the Profile tab.
- Scroll to the bottom and tap Delete account & all data.
- Confirm twice. Deletion is immediate and irreversible.
What gets deleted:
- Your account row and authentication credentials.
- Every family profile you own, plus all vaccination records, identity documents, and source files attached to them.
- Every access grant, request, share, and audit log tied to your account.
- The local copy of all of the above on your device.
Partners with whom you previously shared records will lose access immediately. Backups of the deleted data are purged from our backup system within 30 days. If you can't access the app (lost phone, etc.) and need to request deletion another way, email us at hello@vaccio.io from the email address linked to your account.
10 · Security
We follow industry-standard practices for handling personal health information:
- All data in transit is encrypted with TLS 1.3.
- All data at rest is encrypted on Cloudflare's infrastructure.
- Authentication uses one-time codes delivered to your email; we never store passwords.
- Session tokens are JWT-signed with a private key only the backend holds; tokens are revocable per-device.
- Partner access requires explicit, per-family approval — there's no global "partner can read anyone" mode.
- The app supports device-level biometric lock (Face ID, fingerprint) as an additional layer.
No system is perfectly secure. If you believe you've found a vulnerability, please email us at hello@vaccio.io — we'll respond within 48 hours.
11 · Changes to this policy
If we materially change this policy, we'll notify you inside the app and by email at least 30 days before the change takes effect. Minor wording changes (typos, clarifications) may be made without notice; the "Last updated" date at the top of this page always reflects the latest revision.
12 · Contact us
For any privacy question, data request, or complaint:
- Email: hello@vaccio.io
- Postal: Vaccio, Dubai, United Arab Emirates (full address available on request)
We aim to respond within 14 days, sooner where possible.