Privacy Policy

Our Commitment

VGM, LLC (operating as QVegas) is committed to protecting the privacy and safety of our community. We understand that for many LGBTQ+ individuals, privacy is not just a preference — it is a matter of personal safety. We have protected the identities, orientation, and gender expression of our readers since 1978, and we take this responsibility seriously.

We will never sell your personal data. We will never share your identity information with third parties without your explicit consent. We comply with CCPA and all applicable privacy regulations.

What We Collect

We collect only the information necessary to provide our services:

• Account Information: Email address, name, and profile details you provide when creating an account via Amazon Cognito (our authentication provider).
• Newsletter Subscriptions: Email addresses for subscribers who opt in.
• Analytics: Anonymous, aggregated usage data to improve the platform. No individual tracking or behavioral profiling.
• Directory Submissions: Business information voluntarily submitted by organizations for inclusion in our community directory.
• Form Submissions: Information you provide through contact forms (name, email, subject, message). Stored securely and forwarded to our team via email.
• Directory Discovery: When you click an Apple Maps result in our directory, we create a basic business record (name, address, coordinates) to track community interest. No personal data is collected.
• Authentication: Sign-in credentials are processed directly by Amazon Cognito. Passwords are never transmitted to or stored on QVegas servers.

QVegas Wellness & Health Data

QVegas Wellness provides health and wellness features on our website and in the QVegas iOS app. We treat health data with the highest level of care and protection.

What Wellness Data We May Collect

If you choose to use QVegas Wellness features in our iOS app, we may access the following data — only with your explicit, per-data-type consent:

• Apple HealthKit Data: Activity (steps, exercise, distance), vitals (heart rate, blood pressure, SpO2), sleep analysis, workouts, nutrition, and body measurements. This data is read from Apple Health only after you grant permission for each specific data type.
• Apple Health Records (Clinical Data): Lab results imported from your healthcare providers via Apple Health Records. Imported only at your explicit request, used to chart your lab trends over time, and stored locally on your device.
• Medication Records: Medication names, dosages, schedules, and adherence history that you voluntarily enter.
• Lab Results: Test names, values, dates, and reference ranges — either entered manually or imported from Apple Health Records — used to chart lab trends over time.
• STI Screening Dates: Test dates and results for sexually-transmitted infection panels (HIV, syphilis, gonorrhea, chlamydia, hepatitis B/C, mpox), entered manually or inferred from imported lab data. Used to track screening cadence and surface due-date reminders.
• Mood & Journal Entries: Mood ratings, journal entries, and optional behavioral health screening responses (PHQ-9, GAD-7, AUDIT) that you voluntarily provide.
• Weight History: Manual entries and HealthKit-sourced body-mass readings, used for trend charts and goal tracking.

How We Protect Health Data

• Encryption in Transit: All data transmitted between your device and our servers is protected by TLS 1.3 (Transport Layer Security), the same standard used by banks and healthcare systems.
• Encryption at Rest: Sensitive health data stored in our database uses AES-256-GCM field-level encryption. Individual data fields are encrypted independently — even in the unlikely event of a database breach, raw health data would be unreadable.
• Key Management: Encryption keys are managed through a dedicated Key Management Service (KMS) with automatic key rotation. Keys are never stored alongside the data they protect.
• On-Device Protection: Apple HealthKit data is stored in a separate, encrypted database on your iOS device. It is accessible only when the device is unlocked and only to apps you have authorized.

What We Will Never Do With Health Data

• Sell, rent, or trade your health data to any third party.
• Use health data for advertising, ad targeting, or marketing.
• Share health data with data brokers or use it for data mining.
• Provide health data to employers, insurers, or any entity without your explicit consent.
• Store HealthKit data in iCloud (prohibited by Apple's App Store Review Guidelines, Section 27.1).
• Use algorithmic health scoring or behavioral profiling based on health data.

Apple HealthKit

The QVegas iOS app integrates with Apple HealthKit to read health and fitness data from the Health app on your device. In compliance with Apple's App Store Review Guidelines (Section 27):

• We request access only to data types that are core to the wellness features you choose to use.
• You must explicitly grant permission for each data type. Read and write permissions are separate.
• You can revoke QVegas's access to any HealthKit data type at any time through Settings > Health > Data Access & Devices on your iPhone.
• HealthKit data is never disclosed to third parties without your consent.
• HealthKit data is not used for advertising or data mining purposes.
• We do not write false or misleading data to HealthKit. Only user-initiated entries (such as medication dose events) are written.

If you have connected clinical health records to Apple Health (from providers such as Quest Diagnostics, hospital systems, or state immunization registries), QVegas can import your lab results only into the in-app Lab Results timeline. The import flow requires a separate consent step that we surface before any clinical data is read. We do not request access to other Apple Health Records data types (medications, conditions, allergies, immunizations, procedures, or vital signs from Clinical Records). Imported lab results are stored locally on your device. QVegas does not access, store, or transmit clinical records without your explicit authorization.

AI Features & On-Device Processing

QVegas uses AI to summarize your wellness data in plain language for features like lab-result insights, weekly sleep summaries, the weekly digest, mood reflections, and weather quotes. Wherever possible, this processing happens entirely on your device using Apple Intelligence (Apple's Foundation Models framework), which is available on iPhone 15 Pro and newer running iOS 26 or later. On older devices, devices with Apple Intelligence disabled, or when on-device generation fails, the same task is performed server-side by Anthropic's Claude model via QVegas servers.

AI features do not use personally identifying information. By policy, no AI prompt — on-device or server-side — contains your name, email address, account identifier, device identifier, journal text, or other free-form personal content. Where AI features need context, they receive only numeric values, test names, weather conditions, or short non-identifying labels.

What runs on your device when Apple Intelligence is available

The following AI tasks run entirely on your iPhone, iPad, or Mac. No prompt content is sent to QVegas servers, Apple servers, or Anthropic for these tasks:

• Lab result trend summaries — test name, recent values with dates, reference range
• Weather quotes for the weather view
• Weekly sleep insights — nightly sleep totals as numbers
• Mood reflections — weekly mood scores (numbers) plus the count of journal entries logged this week
• The weekly wellness digest — numeric aggregates of mood, sleep, adherence, and lab metrics

What is sent to QVegas servers (fallback only)

On devices without Apple Intelligence, or when on-device generation fails, the same data described above — and no more — is sent over an encrypted HTTPS connection to QVegas servers, which forward it to Anthropic's Claude API. The prompts are numeric or otherwise non-identifying. We never send the text of your journal entries to QVegas servers or any third party.

What always goes server-side

Two AI features always use QVegas servers and Anthropic Claude, regardless of your device, because they require an external medical or pharmacology knowledge base that on-device models do not have:

• Medication contraindication and interaction checks. The medication names and categories you have logged are sent to QVegas servers. No patient identifiers, no journal content, no other wellness data.
• The Family Summary PDF. Triggered only by an explicit action in the app, this sends aggregated wellness data (without specific medication names or journal text) for narrative composition.

What we will never do with AI

• Include the text of your journal entries in any AI prompt, on-device or remote.
• Include your name, email, account identifier, or device identifier in any AI prompt.
• Train any model on your data. Anthropic's API for QVegas operates under their commercial terms, which prohibit training on submitted prompts by default.
• Use AI output for advertising, profiling, or any purpose other than displaying it back to you.

AI-generated text is not medical advice. AI output is for reflection and conversation with your provider, not for diagnosis or treatment decisions. Generated summaries are cached locally on your device until your underlying data changes.

Your Rights & Controls

• Opt-In Only: Every data type, every sync, and every share requires your explicit consent. We collect nothing by default.
• Right to Access: You can request a copy of all data we hold about you.
• Right to Erasure: You can delete all of your wellness data with a single action at any time. You can delete your entire account — including your profile, favorites, and all wellness data — directly from the app under My Account. Deletion is immediate and irreversible.
• Right to Revoke: You can revoke HealthKit access, disable data sync, or turn off individual data types at any time.
• Data Export: You can export your wellness data as an encrypted PDF report.

Qmunities Privacy

Qmunities is built for safety. Direct messages are private. Profile visibility is user-controlled. We do not use algorithmic manipulation or sell behavioral data. Your community network belongs to you.

Data Retention

We retain your data only as long as your account is active or as needed to provide our services. Wellness data is deleted upon your request. If you delete your account, all associated data — including wellness records — is permanently removed from our systems within 30 days.

Third-Party Services

QVegas uses the following third-party services to operate the platform:

• Amazon Web Services (AWS): Cloud infrastructure, authentication (Cognito), content delivery (CloudFront), and encrypted database hosting.
• Apple HealthKit & Apple Health Records: On-device health data framework (iOS only). Data remains on your device unless you authorize sync.
• Apple Intelligence (Foundation Models): On-device language model used to generate wellness summaries, lab insights, sleep insights, mood reflections, the weekly digest, and weather quotes on supported devices (iPhone 15 Pro and newer running iOS 26 or later). Runs entirely on your device — no prompt content leaves the device for these features. See Apple's Privacy Policy for system-level details.
• Anthropic (Claude AI): Used for the optional "Share with Family" wellness report, for medication contraindication and interaction checks, and as a fallback for the AI wellness features described above when Apple Intelligence is unavailable. In every case, prompts contain numeric aggregates, test names, medication names, or weather conditions only — never your name, account identifier, journal text, or other personally identifying information. Anthropic's commercial-API terms apply; see anthropic.com/privacy. Anthropic does not train models on submitted prompts under these terms.
• Stripe: Payment processing for advertising. We do not store credit card numbers.
• Apple MapKit JS: Map rendering and local search for the business directory. Apple may collect anonymous usage data per their privacy policy.
• Amazon SES: Transactional email delivery for form submissions and account notifications.

None of these services have access to your health data unless you explicitly authorize it.

Disclaimer

QVegas Wellness is a personal wellness tracker. It is not a medical device and does not provide medical advice, diagnoses, or treatment recommendations. Behavioral health screenings (PHQ-9, GAD-7, AUDIT) are informational only and are not a substitute for professional evaluation. Always consult a qualified healthcare provider for medical decisions.

Contact

For privacy questions, data access requests, or data deletion requests:

• Email: privacy@qvegas.com
• Wellness-specific inquiries: wellness@qvegas.com