Trust center
Security for scanning & patient-related data
Vitacore FormFit and our Forge web experience collect and process facial scan media, calibration imagery, and limited identifiers needed to fulfill custom mask manufacturing. This hub summarizes how we protect that data, where it is processed, and the documents your IT and legal teams typically request.
Where data is processed and stored
We process and retain customer data—including scan media, derived models, and related records—primarily in Oregon, United States. You may use our services from anywhere; data moves between your device and our systems only over secure, encrypted connections (for example HTTPS/TLS, including for direct uploads to storage). Photogrammetry reconstruction runs in the eastern United States; connections between our environments use the same encrypted transport. Cross-border considerations are summarized in our Privacy Policy.
Encrypted uploads
Face-scan video and calibration photos are transferred from the customer's device to our environment only over HTTPS (TLS)—including when the browser uploads directly to object storage using a short-lived URL we provide.
Identity kept apart from scan media
We store your name and other personal data separately from scan video, photos, and mesh outputs. They are not held together in a single identifiable record, so scan assets are not associated with your name or contact details inside our data layouts.
What is biometric data?
A short explainer: the general idea of biometrics, then what face scan data means specifically for FormFit and custom CPAP masks.
Read explainer →Security overview
Controls across transport, authentication, infrastructure, and operations—written for IT and compliance reviewers.
Read security overview →High-level architecture
How the browser, web tier, API, storage, queues, and compute workers fit together—without vendor-specific implementation detail in diagrams.
View diagram →Privacy policy
Categories of data, purposes, retention, your rights, and how to contact us.
Read privacy policy →Data processing agreement (DPA)
Processor terms for business customers who need a written agreement under privacy laws.
Read DPA →Questions for procurement or IT? Contact your Vitacore representative or privacy@vitacore.com. To ask what personal data we hold, obtain a copy, or request deletion (where the law allows), email customer.service@vitacore.com.