Longevity Protocols App

Last updated: 17.02.2026

This Privacy Policy explains how personal data and device data are collected, used, shared, and protected when you use the Longevity Protocols mobile application (“the App”). It comprehensively discloses our practices for both the iOS (Apple App Store) and Android (Google Play) versions of the App.

The App is designed as a wellness and lifestyle planning tool. We follow a strict data-minimization approach and collect only what is necessary to operate the App and improve its functionality.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), Apple App Store requirements, and Google Play’s data disclosure requirements.

By creating an account, you consent to this Privacy Policy.

The data controller responsible for processing personal data is:

We collect only the minimum data required to provide core functionality.

3.1 Account Data

• Email address
• Password (stored in hashed form by our authentication provider)

This data is required to create and secure a user account.

3.2 User-Provided App Data

The App allows users to manually enter and manage information related to:

• habits
• workouts and physical activity
• supplements
• schedules and reminders
• protocol settings

This data is:

• fully self-reported
• optional
• editable and deletable at any time by the user

The App does not automatically infer or calculate medical or health metrics.

We use PostHog, a privacy-focused analytics provider, to understand how the App is used and to improve its functionality.

Analytics data:

• is collected in an anonymized and aggregated form
• is pseudonymized and not used to directly identify users
• does not include any health-related data (e.g. habits, supplements, workouts, emotions)
• is used only for product improvement (e.g. which screens are used, completion of onboarding)
• is not used for advertising, marketing, or tracking across apps or websites

Examples of analytics data may include:

• app launches
• screen or feature usage (screen names only)
• completion of onboarding or protocol generation
• retention metrics (e.g. day-based activity)

Session recording and automatic event capture are disabled. We do not sell or share analytics data with third parties.

We do not collect or process:

• names or profile identifiers
• precise location data (GPS)
• contacts or address books
• photos, audio, or video
• health records or medical diagnoses
• biometric or genetic data
• data from Apple Health, HealthKit, or wearable devices
• device identifiers or advertising IDs (including Apple IDFA and Google Advertising ID / GAID), except the push notification token used only for delivering your reminders
• data for marketing, advertising, or tracking purposes
• analytics data linked to your identity, health data, or habits (we use only anonymized, aggregate analytics)

If you choose to enable notifications, we store a device notification token solely to deliver reminders you configure in the App.

• Notifications are optional
• You can disable them at any time in device or app settings
• Notification tokens are not used for tracking or marketing

Your data is processed exclusively to:

• provide and maintain core App functionality
• allow synchronization across devices
• support protocol generation and habit tracking
• improve the App using anonymized usage patterns

We do not sell, rent, or share personal data for commercial purposes.

We process your personal data under the following legal bases (Article 6 GDPR):

• Contract – account creation, authentication, and provision of core App functionality
• Legitimate interest – anonymized analytics to improve the App
• Consent – push notifications (you can withdraw at any time in device or app settings)

All data is encrypted in transit using HTTPS and stored using secure infrastructure practices. Data at rest is protected by our infrastructure providers’ security measures.

• Data is stored securely using Supabase infrastructure
• All communication is encrypted using HTTPS
• Access to data is restricted and protected by authentication
• Each user can access only their own data

Standard technical data such as IP address may be temporarily processed by our infrastructure providers for security and server operation purposes. We do not use IP addresses for identification or tracking.

We do not sell user data. We share user and device data only with the following types of parties, and only as necessary for the stated purposes:

We use only these essential service providers:

• Supabase – authentication, database, and infrastructure
• PostHog – anonymized product analytics (no personal or health data is sent to PostHog)
• Apple / Google – delivery of push notifications

These providers process data solely to provide their services and are contractually required to protect it. PostHog receives only anonymized, non-personal usage data (e.g. screen names, generic event types) and is not used for advertising or cross-app tracking.

Data may be processed within the European Economic Area (EEA) or in jurisdictions that provide adequate data protection safeguards (e.g. under adequacy decisions or standard contractual clauses). Our service providers may process data in the EEA, UK, or other locations in accordance with applicable data protection law.

• Data is stored as long as the user account is active
• Users can delete their account at any time from within the App
• Data is deleted from active systems immediately and may remain in encrypted backups for a limited period (e.g. up to 30 days) before permanent deletion

You have the right to:

• access your personal data
• correct or update your data
• delete your data
• export your data
• withdraw consent where applicable

Requests can be made by contacting: support@longevity-protocols.com

The App is not intended for children under 16 (or under 13 where applicable local laws apply).

We do not knowingly collect personal data from children. If you believe that a child has provided personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time.

Any changes will be reflected by updating the “Last updated” date at the top of this document. By creating an account you consent to this Privacy Policy; continued use of the App after changes indicates acceptance of the updated policy.