SentiumContact

Vello — Privacy policy

Last updated: 25 May 2026

1. Who we are

Vello is operated by Sentium Ltd, a company registered in England and Wales (company number 16512683), with registered address in London E17 3NU, United Kingdom.

For all data protection questions write to support@sentium.app. We are the data controller for the personal data Vello processes.

2. What Vello is

Vello is a wellness and education tool that synthesises self-reported health data, wearable telemetry, and lab results into discussion prompts for your clinician. Vello is not a medical device. We do not diagnose, treat, cure, or prevent any disease. Outputs from Vello are educational and never replace professional medical advice.

3. What we collect and why

  • Account identity — email address, via Microsoft Entra External ID. Used to sign you in.
  • Bio — age, biological sex, blood type, height, weight, allergies. Used to personalise the AI's analysis. You decide what to share.
  • Baselines, meds, lab results — long-term conditions, prescriptions, supplements, and self-entered blood marker values. Used as context for the AI.
  • Daily logs — meals, hydration, mood, sleep, gut markers, cycle data, blood-pressure / glucose readings. Used to surface patterns.
  • Wearable data (when enabled) — steps, heart rate, HRV, sleep, active calories from Apple Health / Google Health Connect. Used to enrich the picture.
  • Care AI conversations — prompts you submit and the AI's responses. Used to give continuity across visits.
  • Push token (if enabled) — to send reminders you've opted into. No marketing pushes.

Health data is treated as special category data under UK GDPR Article 9. Our lawful basis for processing it is your explicit consent (Article 9(2)(a)), given at sign-up. Identity data uses the contract basis (Article 6(1)(b)).

4. What we do NOT collect

  • We never sell your data.
  • We do not use your data to train third-party AI models. The Azure OpenAI service Vello uses is contractually prohibited from training on your inputs.
  • We do not show ads inside Vello.
  • We do not track you across third-party apps or websites.
  • We do not collect device identifiers beyond what Apple/Google require for the platform itself.

5. Where your data lives

All Vello data is stored in Microsoft Azure, in the UK South region (London datacentres). Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Identity is managed by a separate Microsoft Entra External ID tenant, isolated from Sentium's internal systems.

The only category that leaves Azure is your typed prompt + a redacted summary of your profile when you use the Care AI — these are sent to the Azure OpenAI service (also UK-based) for synthesis.

6. How long we keep it

Your data is kept as long as your account exists. You can delete your account from the app at any time (Settings → Delete account & all data). Deletion is immediate and irreversible — we do not keep shadow copies. Backups in Azure are kept for 30 days for disaster recovery only and are not human-readable.

7. Who we share with

We share data only with the processors strictly required to run Vello:

  • Microsoft Azure — hosting, storage, AI inference. UK datacentres. Data Processing Agreement in place.
  • Microsoft Entra External ID — identity provider. Email + display name only.
  • Expo (Expo Inc.) — push-notification delivery via Apple/Google push services. Only an opaque device token, no health data.

We do not share with advertising networks, brokers, insurers, employers, or anyone else.

8. Your rights under UK GDPR

You have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate data (edit it directly in the app, or email us).
  • Erase all your data (the in-app delete button does this; or email us).
  • Restrict processing in specific circumstances.
  • Object to specific processing on legitimate-interest grounds.
  • Data portability — receive your data in a machine-readable format. Email us and we'll send you a JSON export within 30 days.
  • Withdraw consent at any time — sign out and delete your account.

To exercise any of these rights, contact support@sentium.app. You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

9. Children

Vello is intended for adults. We do not knowingly collect data from anyone under 18. If you believe a child has created an account, email us and we will delete it.

10. Changes to this policy

We will update this policy as Vello evolves. Material changes will be announced inside the app and via email if you've given us one. The "last updated" date at the top of this page always reflects the current revision.

11. Contact

Data protection queries: support@sentium.app
Sentium Ltd · London E17 3NU · United Kingdom · Company no. 16512683