Vitality Score

Privacy Policy & Consumer Health Data Privacy Notice

Last updated: May 14, 2026

Consumer Health Data Privacy Notice

This Notice is published under Washington’s My Health My Data Act (RCW 19.373) and similar laws in Nevada and Connecticut. It describes how T-Shots (“T-Shots,” “we,” “us”) handles “consumer health data” collected through the Vitality Score quiz at this website (the “Site”).

1. Categories of consumer health data we collect

Self-rated vitality metrics — your numeric (0–10) responses to ten quiz sliders covering sexual function (erection strength, morning erections, libido, sexual thoughts), mood stability, energy and motivation, strength and endurance, concentration, body composition, and sleep quality.
Email address you provide on the final step so we can email you your score.
Consent record — timestamp, IP address, browser user-agent string, and the version of the consent text you accepted. Kept so we can demonstrate informed consent.
Computed Vitality Score derived from your answers.

2. Sources of the data

We collect this data directly from you when you complete the quiz and submit it. We do not buy, license, or receive consumer health data about you from any other source. We do not use third-party advertising trackers (no Meta Pixel, Google Analytics, or similar) on this Site.

3. Purposes for which the data is collected and used

To compute your Vitality Score and email you the result.
To save the result so that, if you later create a T-Shots account using the same email address, your pre-signup score can be linked to that account during onboarding.
To maintain audit and consent records as required by applicable law.
To detect, prevent, and respond to abuse or security events.

We do not use your consumer health data for third-party advertising, profile-building, or to train any machine learning model. We do not use it to make automated decisions about you.

4. Categories of consumer health data shared, and with whom

We do not sell your consumer health data. We do not share it with advertisers, data brokers, or marketing partners. The only third parties that process consumer health data on our behalf are infrastructure sub-processors operating under contract:

Supabase, Inc. — managed PostgreSQL hosting for our database.
Railway Corp. — runtime hosting for our backend API.
Vercel Inc. — hosting for this Site.
Resend, Inc. and/or Google LLC (Gmail SMTP) — transactional email delivery, used only to email you your score.

We may disclose data when required by law, valid legal process, or to protect rights, safety, or property. We will tell you about a legal demand for your data unless prohibited from doing so.

5. How long we keep the data

If you do not create or link a T-Shots account, we will automatically delete your Vitality Score lead record (including email, scores, and consent metadata) within 30 days of submission. If you do link the record to a T-Shots account, it is retained under the T-Shots app’s privacy terms and you may delete it at any time from inside the T-Shots app.

6. Your rights under Washington, Nevada, and Connecticut law

You have the right to:

Confirm whether we are processing your consumer health data and access a copy of it.
Withdraw consent to our collection and processing of your consumer health data at any time.
Request deletion of your consumer health data. We will delete it and direct our sub-processors to do the same.
Appeal our denial of any rights request. If we deny a request, you may appeal in writing; we will respond within forty-five (45) days. If we deny the appeal, Washington and Connecticut residents may contact their state Attorney General.

To exercise these rights, email team@drvigor.com from the email address you used in the quiz, or write to us at the address in the Contact section below. We may ask you to confirm a code we send to your email to authenticate the request.

7. Geofencing

We do not use geofencing of any kind, and specifically do not geofence within 2,000 feet of any healthcare facility, as required by RCW 19.373.030.

8. Changes to this Notice

We will update this Notice when our practices change. We will note the “Last updated” date at the top. If changes are material, we will obtain renewed consent before applying them to previously collected data.

General Privacy Policy

This Privacy Policy applies to the Vitality Score website at vitality-score.t-shots.com and any associated subdomains operated by T-Shots. It complements, and where required by Washington, Nevada, or Connecticut law is supplemented by, the Consumer Health Data Privacy Notice above.

What we collect

Quiz responses and email — described in the Notice above.
Server log data — standard web request metadata (IP, user-agent, request path, timestamp) generated by our hosting and observability providers. We do not associate these logs with named individuals beyond what is necessary for security and abuse prevention.
Cookies — the Site does not use marketing or analytics cookies. We use only strictly-necessary cookies required for the Site to function.

How we use it

The purposes set out in the Notice above are the complete list. We do not use any data submitted through the quiz for advertising, and we do not share it with third-party advertising or analytics providers.

Children

The Site is intended for adults aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted information, contact us and we will delete it.

Security

We protect data in transit with TLS and at rest using industry-standard managed database encryption. No transmission or storage system is perfectly secure; we cannot guarantee absolute security. In the event of a breach affecting your information, we will notify you as required by applicable law, including the FTC Health Breach Notification Rule (16 CFR Part 318) and applicable state laws.

International users

The Site is operated from the United States. If you submit information from outside the U.S., your data will be transferred to and stored in the United States. We do not target the Site at users in the European Economic Area or the United Kingdom.

California users

California residents have the rights to know, delete, correct, and limit use of sensitive personal information under the CCPA/CPRA. The information we collect from the quiz, including the inference that you are seeking health-related services, is treated as “sensitive personal information.” We do not sell or share this data for cross-context behavioral advertising. To exercise California rights, use the contact methods in the Notice above.

Summary of Your Rights

Right to know what we have collected about you.
Right to a copy of your data.
Right to delete your data.
Right to withdraw consent.
Right to appeal a denied request.
Right to non-discrimination for exercising these rights.

Contact

T-Shots — Privacy Team
16460 Bake Pkwy.
Irvine, CA 92618
Email: team@drvigor.com