Longevity Protocols App

Last updated: 15.06.2026

This Privacy Policy explains how personal data and device data are collected, used, shared, and protected when you use the Longevity Protocols mobile application (“the App”). It comprehensively discloses our practices for both the iOS (Apple App Store) and Android (Google Play) versions of the App.

The App is designed as a wellness and lifestyle planning tool. We follow a strict data-minimization approach and collect only what is necessary to operate the App and improve its functionality.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), Apple App Store requirements, and Google Play’s data disclosure requirements.

By creating an account, you consent to this Privacy Policy.

The App is not a medical device and does not provide medical advice, diagnosis, treatment, or health recommendations. Health-related content in the App is provided for educational and informational purposes only.

The data controller responsible for processing personal data is:

We collect only the minimum data required to provide core functionality.

3.1 Account Data

• Name (optional; used for in-app personalization and, if you participate in Challenges, your first name may be visible to other participants in that challenge)
• Body weight (optional; used to estimate training volume for bodyweight exercises)
• Sex (optional; used to choose muscle illustrations in your training progress views)
• Email address
• Password (stored in hashed form by our authentication provider)

Email address and password are required to create and secure a user account. Providing your name, body weight, or sex is completely optional and not required to use the App. Unless you choose to share resistance training data with a linked trainer as described in Section 3.5, these optional profile fields remain visible only to you within the App (except where disclosed for Challenges in Section 3.4).

3.2 User-Provided App Data

The App allows users to manually enter and manage information related to:

• habits
• workouts and physical activity
• supplements
• schedules and reminders
• protocol settings

You have full control over this data and can modify or delete it at any time within the App.

If you provide your body weight, the App may use it to calculate estimated training volume for bodyweight exercises. These calculations are fitness-related estimates only and are not medical assessments.

3.3 Diagnostics (Test Schedule) Data

The App includes a Diagnostics module for planning test schedules and reminders. If you use this feature, we store only:

• identifiers of tests you add to your schedule
• scheduled dates and recurrence settings
• completion status (e.g. done, missed) and history

We do not collect, store, or process: lab results, laboratory test values, medical diagnoses, or treatment data.

In the Diagnostics module, filtering the test catalog by age or sex during schedule creation is used only locally in your session and is not stored on our servers. This is separate from the optional sex you may provide in your profile (Section 3.1), which is stored only if you choose to provide it and is used solely to display muscle illustrations in training progress views.

This data is:

• fully self-reported
• optional
• editable and deletable at any time by the user

The App does not automatically infer or calculate medical or health metrics.

This data is used solely to provide scheduling and reminder functionality and is not used to make health-related decisions or recommendations.

3.4 Challenges and Social Features

The Challenges feature is optional.

Users may create challenges by providing a challenge name, description, and optional reward text. Users may join public challenges or private challenges via invitation code.

If you participate in a challenge, limited data may be visible to other participants in that challenge:

• first name (if provided)
• participation status
• challenge progress, consistency, or completion-related status

You may also see limited information about other participants in the same challenge. This information is visible only within the relevant challenge context (or visible to a broader set of users only if the challenge itself is configured as public). Joining Challenges is optional, and you can leave a challenge at any time.

Within Challenges, no full contact details, body weight, sex, or other sensitive personal data are shown to other participants. Challenge-related data is used only to enable this feature and is not used for advertising, profiling, or cross-app tracking.

By joining a challenge, you acknowledge and agree that the limited information described above may be visible to other participants of that challenge.

3.5 Trainer and Trainee Data Sharing

The App includes an optional Trainer feature that allows you to share resistance training data with another user account acting as a trainer. A trainer is a separate App user, not an employee or agent of the operator.

A trainee may connect to at most one active trainer at a time. A trainer may invite a trainee using a one-time invitation code. When the trainee accepts, an active relationship is created, but the trainer cannot see any training data until the trainee explicitly shares data in the App. Connecting to a trainer does not share training data.

The trainee must confirm sharing in the App before a trainer can view any training data. Sharing is point-in-time: the trainer can see only completed resistance training sessions with a completion date on or before the current sharing boundary. Workouts logged after the last share remain private until the trainee shares again. Access expires 30 days after the last share or extension and does not renew automatically. The trainee can pause sharing, extend access without sharing newer workouts, share newer data, or end the relationship at any time.

If sharing is active and not expired or paused, the trainer has read-only access to:

• completed resistance training session logs (e.g., completion date, duration, notes)
• exercise logs within those sessions (e.g., sets, reps, weight, time)
• user-defined exercises (name, notes)
• limited trainee profile fields for progress views: first name (if provided), body weight (if provided), and sex (if provided)

The trainer does not receive access to habits, supplements, emotions, Diagnostics data, email address, full account profile, workout templates, or training data outside the sharing boundary. Trainers have read-only access and cannot edit or delete trainee data.

We store relationship and operational data such as relationship status, invitation codes, sharing timestamps, expiry, and an audit log of sharing-related actions. We may send transactional emails and in-app notifications related to this feature (e.g., connection notices and reminders before sharing access expires). This data is used only to enable this feature and is not used for advertising, profiling, or cross-app tracking.

By sharing training data with a linked trainer, you acknowledge and agree that the data described above may be visible to that trainer within the App for as long as sharing is enabled and access has not expired or been paused. We are not responsible for how a trainer uses information visible to them outside the App.

We use PostHog, a privacy-focused analytics provider, to understand how the App is used and to improve its functionality.

Analytics data:

• is collected in an anonymized and aggregated form
• is pseudonymized and not used to directly identify users
• does not include any health-related data stored within the App (e.g. habits, supplements, workouts, body weight, sex, emotions, diagnostic schedules or test results)
• is used only for product improvement (e.g. which screens are used, completion of onboarding)
• is not used for advertising, marketing, or tracking across apps or websites

Examples of analytics data may include:

• app launches
• screen or feature usage (screen names only)
• completion of onboarding or protocol generation
• retention metrics (e.g. day-based activity)

Session recording and automatic event capture are disabled. We do not sell or share analytics data with third parties.

We do not use hidden tracking technologies or collect data beyond what is described in this Privacy Policy.

We do not collect or process:

• profile identifiers (other than optional profile fields such as first name, body weight, or sex, used only as described in Section 3)
• precise location data (GPS)
• contacts or address books
• photos, audio, or video
• health records, medical diagnoses, lab results, laboratory test values, or treatment data
• biometric or genetic data
• data from Apple Health, HealthKit, or wearable devices
• device identifiers or advertising IDs (including Apple IDFA and Google Advertising ID / GAID), except the push notification token used only for delivering your reminders
• data for marketing, advertising, or tracking purposes
• analytics data linked to your identity, health data, or habits (we use only anonymized, aggregate analytics)

Optional body weight is fitness and training data that you provide voluntarily. We do not collect clinical health records or measurements from medical devices.

If you choose to enable notifications, we store a device notification token solely to deliver reminders you configure in the App.

• Notifications are optional
• You can disable them at any time in device or app settings
• Notification tokens are not used for tracking or marketing

Notification tokens are used only for delivering user-configured reminders and are not linked with analytics or profiling.

The App may also send in-app notifications related to optional features you use, such as upcoming expiry of trainer data sharing.

Your data is processed exclusively to:

• provide and maintain core App functionality
• allow synchronization across devices
• support protocol generation, habit tracking, and Diagnostics schedule and reminders
• improve the App using anonymized usage patterns
• personalize your in-app experience if you choose to provide your name
• estimate training volume for bodyweight exercises if you choose to provide your body weight
• display muscle illustrations in training progress views if you choose to provide your sex
• enable participation in Challenges and display limited participant information within that feature
• enable optional Trainer and trainee data sharing when a trainee explicitly chooses to share resistance training data with a linked trainer

If provided, your name is used for in-app personalization and, if you participate in Challenges, to display your first name to other participants in the relevant challenge. If you share training data with a linked trainer, your first name may also be visible to that trainer as described in Section 3.5. It is not used for advertising, tracking, or profiling.

If provided, your body weight is used to estimate training volume for bodyweight exercises, and your sex is used to select muscle illustrations in training progress views. If you share training data with a linked trainer, these fields may also be visible to that trainer for progress views as described in Section 3.5. Sex is used for visual presentation only and is not used for health assessments, medical categorization, advertising, tracking, or profiling.

We do not sell, rent, or share personal data for commercial purposes. When you choose to share resistance training data with a linked trainer, that sharing is user-initiated and limited as described in Section 3.5.

We do not perform automated decision-making or profiling that produces legal or similarly significant effects. In-app calculations such as training volume estimates are functional features, not profiling in the GDPR sense.

We process your personal data under the following legal bases (Article 6 GDPR):

• Contract – account creation, authentication, provision of core App functionality, and optional profile fields (body weight, sex) when you choose to provide them to enable training-related features
• Legitimate interest – anonymized analytics to improve the App
• Consent – push notifications (you can withdraw at any time in device or app settings); voluntary sharing of resistance training data with a linked trainer (you can pause sharing, end the relationship, or withdraw consent at any time in the App)

All data is encrypted in transit using HTTPS and stored using secure infrastructure practices. Data at rest is protected by our infrastructure providers’ security measures.

• Data is stored securely using Supabase infrastructure
• All communication is encrypted using HTTPS
• Access to data is restricted and protected by authentication
• By default, each user can access only their own data; a linked trainer may have read-only access to a trainee’s shared resistance training data only when the trainee has explicitly enabled sharing and access has not expired or been paused

Access to trainer–trainee data is enforced through authentication, database access controls, and audited server-side functions.

Standard technical data such as IP address may be temporarily processed by our infrastructure providers for security and server operation purposes. We do not use IP addresses for identification or tracking.

We do not sell user data. We use third-party services for authentication, analytics, and cloud/database infrastructure. We may send transactional emails to your registered email address when you use optional features such as the Trainer feature (e.g., connection notices and sharing expiry reminders). We share user and device data only with the following parties, and only as necessary for the stated purposes:

We use only these essential service providers:

• Supabase – authentication, database, and infrastructure
• PostHog – anonymized product analytics (no personal or health data is sent to PostHog)
• Apple / Google – delivery of push notifications

These providers process data solely to provide their services and are contractually required to protect it. PostHog receives only anonymized, non-personal usage data (e.g. screen names, generic event types) and is not used for advertising or cross-app tracking.

We do not allow these providers to use your data for their own purposes such as advertising or profiling.

Data may be processed within the European Economic Area (EEA) or in jurisdictions that provide adequate data protection safeguards (e.g. under adequacy decisions or standard contractual clauses). Our service providers may process data in the EEA, UK, or other locations in accordance with applicable data protection law.

• Data is stored as long as your account is active
• You can delete your account at any time from within the App
• After account deletion, your data is removed from active systems without undue delay and is fully removed from backups within a defined retention period (e.g. up to 30 days)
• Trainer–trainee relationship records, invitation codes, and access audit logs are stored while your account is active or while needed to operate the Trainer feature; they are deleted when you delete your account, subject to the backup retention period described above

You have the right to:

• Access – request a copy of your personal data
• Correction – request correction or update of inaccurate data
• Deletion – request deletion of your data (including via account deletion)
• Export – request an export of your data
• Withdraw consent – where processing is based on consent (e.g. push notifications or sharing resistance training data with a linked trainer)

Requests can be made by contacting: support@longevity-protocols.com

The App is not intended for children under 16 (or under 13 where applicable local laws apply).

We do not knowingly collect personal data from children. If you believe that a child has provided personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time.

Any changes will be reflected by updating the “Last updated” date at the top of this document. By creating an account you consent to this Privacy Policy; continued use of the App after changes indicates acceptance of the updated policy.