Privacy Policy

Last updated: April 2026

Our Commitment

VGM, LLC (operating as QVegas) is committed to protecting the privacy and safety of our community. We understand that for many LGBTQ+ individuals, privacy is not just a preference — it is a matter of personal safety. We have protected the identities, orientation, and gender expression of our readers since 1978, and we take this responsibility seriously.

We will never sell your personal data. We will never share your identity information with third parties without your explicit consent. We comply with CCPA and all applicable privacy regulations.

What We Collect

We collect only the information necessary to provide our services:

Account Information: Email address, name, and profile details you provide when creating an account via Amazon Cognito (our authentication provider).
Newsletter Subscriptions: Email addresses for subscribers who opt in.
Analytics: Anonymous, aggregated usage data to improve the platform. No individual tracking or behavioral profiling.
Directory Submissions: Business information voluntarily submitted by organizations for inclusion in our community directory.
Form Submissions: Information you provide through contact forms (name, email, subject, message). Stored securely and forwarded to our team via email.
Directory Discovery: When you click an Apple Maps result in our directory, we create a basic business record (name, address, coordinates) to track community interest. No personal data is collected.
Authentication: Sign-in credentials are processed directly by Amazon Cognito. Passwords are never transmitted to or stored on QVegas servers.

QVegas Wellness & Health Data

QVegas Wellness provides health and wellness features on our website and in the QVegas iOS app. We treat health data with the highest level of care and protection.

What Wellness Data We May Collect

If you choose to use QVegas Wellness features in our iOS app, we may access the following data — only with your explicit, per-data-type consent:

Apple HealthKit Data: Activity (steps, exercise, distance), vitals (heart rate, blood pressure, SpO2), sleep analysis, workouts, nutrition, and body measurements. This data is read from Apple Health only after you grant permission for each specific data type.
Medication Records: Medication names, dosages, schedules, and adherence history that you voluntarily enter.
Mood & Journal Entries: Mood ratings, journal entries, and optional behavioral health screening responses (PHQ-9, GAD-7, AUDIT) that you voluntarily provide.

How We Protect Health Data

Encryption in Transit: All data transmitted between your device and our servers is protected by TLS 1.3 (Transport Layer Security), the same standard used by banks and healthcare systems.
Encryption at Rest: Sensitive health data stored in our database uses AES-256-GCM field-level encryption. Individual data fields are encrypted independently — even in the unlikely event of a database breach, raw health data would be unreadable.
Key Management: Encryption keys are managed through a dedicated Key Management Service (KMS) with automatic key rotation. Keys are never stored alongside the data they protect.
On-Device Protection: Apple HealthKit data is stored in a separate, encrypted database on your iOS device. It is accessible only when the device is unlocked and only to apps you have authorized.

What We Will Never Do With Health Data

Sell, rent, or trade your health data to any third party.
Use health data for advertising, ad targeting, or marketing.
Share health data with data brokers or use it for data mining.
Provide health data to employers, insurers, or any entity without your explicit consent.
Store HealthKit data in iCloud (prohibited by Apple's App Store Review Guidelines, Section 27.1).
Use algorithmic health scoring or behavioral profiling based on health data.

Apple HealthKit

The QVegas iOS app integrates with Apple HealthKit to read health and fitness data from the Health app on your device. In compliance with Apple's App Store Review Guidelines (Section 27):

We request access only to data types that are core to the wellness features you choose to use.
You must explicitly grant permission for each data type. Read and write permissions are separate.
You can revoke QVegas's access to any HealthKit data type at any time through Settings > Health > Data Access & Devices on your iPhone.
HealthKit data is never disclosed to third parties without your consent.
HealthKit data is not used for advertising or data mining purposes.
We do not write false or misleading data to HealthKit. Only user-initiated entries (such as medication dose events) are written.

If you have connected clinical health records to Apple Health (from providers such as Quest Diagnostics, hospital systems, or state immunization registries), that clinical data may be displayed within the QVegas app only with your express consent. QVegas does not access, store, or transmit clinical records without your explicit authorization.

Your Rights & Controls

Opt-In Only: Every data type, every sync, and every share requires your explicit consent. We collect nothing by default.
Right to Access: You can request a copy of all data we hold about you.
Right to Erasure: You can delete all of your wellness data with a single action at any time. You can delete your entire account — including your profile, favorites, and all wellness data — directly from the app under My Account. Deletion is immediate and irreversible.
Right to Revoke: You can revoke HealthKit access, disable data sync, or turn off individual data types at any time.
Data Export: You can export your wellness data as an encrypted PDF report.

Qmunities Privacy

Qmunities is built for safety. Direct messages are private. Profile visibility is user-controlled. We do not use algorithmic manipulation or sell behavioral data. Your community network belongs to you.

Data Retention

We retain your data only as long as your account is active or as needed to provide our services. Wellness data is deleted upon your request. If you delete your account, all associated data — including wellness records — is permanently removed from our systems within 30 days.

Third-Party Services

QVegas uses the following third-party services to operate the platform:

Amazon Web Services (AWS): Cloud infrastructure, authentication (Cognito), content delivery (CloudFront), and encrypted database hosting.
Apple HealthKit: On-device health data framework (iOS only). Data remains on your device unless you authorize sync.
Stripe: Payment processing for advertising. We do not store credit card numbers.
Apple MapKit JS: Map rendering and local search for the business directory. Apple may collect anonymous usage data per their privacy policy.
Amazon SES: Transactional email delivery for form submissions and account notifications.

Anthropic (Claude AI): Used exclusively for the optional "Share with Family" wellness report. When you choose to generate this report, anonymized aggregate health metrics (mood averages, medication adherence rates, screening severity levels) are sent to Anthropic's API to produce a compassionate summary letter. No medication names, journal content, lab values, or personally identifying information is included. This feature requires your explicit confirmation before any data is transmitted. Anthropic's data retention policy applies to the transmitted prompt; see anthropic.com/privacy.

None of these services have access to your health data unless you explicitly authorize it.

Disclaimer

QVegas Wellness is a personal wellness tracker. It is not a medical device and does not provide medical advice, diagnoses, or treatment recommendations. Behavioral health screenings (PHQ-9, GAD-7, AUDIT) are informational only and are not a substitute for professional evaluation. Always consult a qualified healthcare provider for medical decisions.

Contact

For privacy questions, data access requests, or data deletion requests:

Email: privacy@qvegas.com
Wellness-specific inquiries: wellness@qvegas.com