VVialry
01

Local-first journal

Vialry is designed to keep its core vial and injection journal on your device. Journal fields can include the label you enter, lot, dates, amounts and units, recorded site, schedule, reminder settings, and optional notes.

The core journal requires no hosted photo upload. Optional protected continuity accepts no photo bytes, Apple Health data, or dormant Vialry 1.3 body, sleep, blood-marker, or side-effect snapshots. Those older records stay only in a full manual JSON archive or protected local recovery backup and are removed before any hosted continuity upload.

02

Optional account features

If a released version offers account backup or sync, it is opt-in. The app explains which journal fields will leave the device before you enable it. Account operation may process a pseudonymous Sign in with Apple subject, an encrypted Apple authorization credential used only for account operation and revocation, session records, subscription status, a random continuity device identifier, record version metadata, and the journal data you choose to sync. Vialry does not request or store your Apple name or email address.

When you enable protected continuity, Vialry encrypts the journal archive on your device before upload. The recovery key stays on your devices or in the recovery copy you choose to save; it is never sent to KeenShift, so support cannot decrypt the archive or recover that key for you. Account, session, entitlement, and encrypted-archive metadata also travel over an encrypted connection.

03

Purchases and notifications

Apple processes purchases. Vialry receives only the transaction and entitlement information needed to unlock features, restore access, prevent fraud, and provide support.

If you enable reminders, the app uses notification permission and stores the schedule needed to deliver them. You can disable reminders in Vialry or system settings.

04

App-scoped product analytics

Vialry may send a small fixed set of product-use events, such as onboarding completion, a successful record save, an opened paid-value screen, purchase outcome category, backup outcome, export success, and an app-scoped active day. Events include only the event name, time, app version, build number, and a random identifier used only within Vialry.

The analytics format has no field for a compound or medication name, amount, unit, site, note, schedule, report contents, Apple account, advertising identifier, or identifier from another app. Vialry uses no third-party analytics SDK, does not track you across apps or websites, and stores these events separately from Vialry account identity.

App-scoped product analytics starts off and is stored separately from your Vialry account identity. You can choose to enable it, or turn it off again, in Settings. Raw events expire after 30 days. Turning analytics off, deleting local data, or deleting a Vialry account deletes the raw events and converts the random installation record into a suppression marker; a failed network deletion remains disabled and retries when the app can reconnect.

When you enable analytics, the service creates the random installation identifier and secret. To prevent automated abuse, it converts the network source address immediately into a Vialry-specific one-way quota key. The raw address is not stored in the Vialry application table, source quota counters expire within two hours, and the counters contain no journal or account content.

The suppression marker contains only the random Vialry installation identifier, a one-way credential hash, and deletion time. It has no event, journal, Apple-account, or advertising data and exists only so a delayed request cannot recreate deleted analytics.

05

Website and support

These public pages use no advertising cookies and include no third-party analytics. Hosting systems may temporarily process standard technical request data, such as an IP address, user agent, time, and requested path, to deliver the page, diagnose failures, and prevent abuse.

Vialry application logs are retained for 30 days and are designed to record bounded operational details such as request method, path, status, and error code, not request bodies, authentication tokens, journal fields, encrypted journal envelopes, or analytics payloads.

When you email support, we receive the address, message, and attachments you choose to send. Do not send sensitive journal details unless they are necessary for your request.

06

Use and sharing

Vialry uses data only to provide features you request, maintain security, verify purchases, respond to support, and meet legal obligations. We do not sell personal or health data, serve ads, or use your journal to train models.

We disclose data only to service providers acting for us, when you direct an export, or when legally required. We do not allow service providers to use it for their own advertising.

07

Retention, deletion, and choices

Local records remain until you edit or delete them, delete the app, or erase the device. Exports remain wherever you choose to save or share them.

When hosted account features are enabled, Delete Account & Synced Data first revokes Apple authorization, freezes hosted writes, and removes active account, session, entitlement, revision, and encrypted hosted journal objects. It intentionally keeps the local-first journal; Delete all local health data is the separate device control.

If Apple notifies Vialry that Sign in with Apple consent was revoked, hosted sessions and Apple credentials are invalidated. If Apple sends an account-deleted event, Vialry also purges the hosted account and encrypted journal objects. Email-forwarding event fields are not retained.

A minimal deletion receipt has live authority for exactly 24 hours so a retried request receives the same result. The live API treats it as expired at that boundary even if the database's asynchronous physical cleanup runs later. Database point-in-time recovery may retain deleted table data in encrypted disaster-recovery backups for up to 35 days. Those backups are not available through the live app or API and age out automatically.

App-scoped product-use events expire after 30 days and can be disabled or deleted in the app. You can use the core local journal without enabling optional hosted continuity. Support can explain the in-app controls but cannot identify a pseudonymous account from your email or remotely erase an on-device journal.

08

Adults and changes

Vialry is intended for adults aged 18 and older and is not directed to children.

Material policy changes will be dated here and, when appropriate, explained in the app before they take effect.

09

Contact

Privacy questions: mitsi@keenshift.ai.