Longevity Protocols App

Last updated: 19.03.2026

This Privacy Policy explains how personal data and device data are collected, used, shared, and protected when you use the Longevity Protocols mobile application (“the App”). It comprehensively discloses our practices for both the iOS (Apple App Store) and Android (Google Play) versions of the App.

The App is designed as a wellness and lifestyle planning tool. We follow a strict data-minimization approach and collect only what is necessary to operate the App and improve its functionality.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), Apple App Store requirements, and Google Play’s data disclosure requirements.

By creating an account, you consent to this Privacy Policy.

The App is not a medical device and does not provide medical advice, diagnosis, treatment, or health recommendations. Health-related content in the App is provided for educational and informational purposes only.

The data controller responsible for processing personal data is:

We collect only the minimum data required to provide core functionality.

3.1 Account Data

• Name (optional; used for in-app personalization and, if you participate in Challenges, your first name may be visible to other participants in that challenge)
• Email address
• Password (stored in hashed form by our authentication provider)

Email address and password are required to create and secure a user account. Providing your name is completely optional and not required to use the App.

3.2 User-Provided App Data

The App allows users to manually enter and manage information related to:

• habits
• workouts and physical activity
• supplements
• schedules and reminders
• protocol settings

You have full control over this data and can modify or delete it at any time within the App.

3.3 Diagnostics (Test Schedule) Data

The App includes a Diagnostics module for planning test schedules and reminders. If you use this feature, we store only:

• identifiers of tests you add to your schedule
• scheduled dates and recurrence settings
• completion status (e.g. done, missed) and history

We do not collect, store, or process: lab results, laboratory test values, medical diagnoses, or treatment data. Filtering the test catalog by age or sex during schedule creation is used only locally in your session and is not stored on our servers.

This data is:

• fully self-reported
• optional
• editable and deletable at any time by the user

The App does not automatically infer or calculate medical or health metrics.

This data is used solely to provide scheduling and reminder functionality and is not used to make health-related decisions or recommendations.

3.4 Challenges and Social Features

The Challenges feature is optional.

Users may create challenges by providing a challenge name, description, and optional reward text. Users may join public challenges or private challenges via invitation code.

If you participate in a challenge, limited data may be visible to other participants in that challenge:

• first name (if provided)
• participation status
• challenge progress, consistency, or completion-related status

You may also see limited information about other participants in the same challenge. This information is visible only within the relevant challenge context (or visible to a broader set of users only if the challenge itself is configured as public). Joining Challenges is optional, and you can leave a challenge at any time.

No full contact details or sensitive personal data are shown to other users. Challenge-related data is used only to enable this feature and is not used for advertising, profiling, or cross-app tracking.

By joining a challenge, you acknowledge and agree that the limited information described above may be visible to other participants of that challenge.

We use PostHog, a privacy-focused analytics provider, to understand how the App is used and to improve its functionality.

Analytics data:

• is collected in an anonymized and aggregated form
• is pseudonymized and not used to directly identify users
• does not include any health-related data stored within the App (e.g. habits, supplements, workouts, emotions, diagnostic schedules or test results)
• is used only for product improvement (e.g. which screens are used, completion of onboarding)
• is not used for advertising, marketing, or tracking across apps or websites

Examples of analytics data may include:

• app launches
• screen or feature usage (screen names only)
• completion of onboarding or protocol generation
• retention metrics (e.g. day-based activity)

Session recording and automatic event capture are disabled. We do not sell or share analytics data with third parties.

We do not use hidden tracking technologies or collect data beyond what is described in this Privacy Policy.

We do not collect or process:

• profile identifiers (other than an optional first name used for in-app personalization and, if you participate in Challenges, limited display within that feature)
• precise location data (GPS)
• contacts or address books
• photos, audio, or video
• health records, medical diagnoses, lab results, laboratory test values, or treatment data
• biometric or genetic data
• data from Apple Health, HealthKit, or wearable devices
• device identifiers or advertising IDs (including Apple IDFA and Google Advertising ID / GAID), except the push notification token used only for delivering your reminders
• data for marketing, advertising, or tracking purposes
• analytics data linked to your identity, health data, or habits (we use only anonymized, aggregate analytics)

If you choose to enable notifications, we store a device notification token solely to deliver reminders you configure in the App.

• Notifications are optional
• You can disable them at any time in device or app settings
• Notification tokens are not used for tracking or marketing

Notification tokens are used only for delivering user-configured reminders and are not linked with analytics or profiling.

Your data is processed exclusively to:

• provide and maintain core App functionality
• allow synchronization across devices
• support protocol generation, habit tracking, and Diagnostics schedule and reminders
• improve the App using anonymized usage patterns
• personalize your in-app experience if you choose to provide your name
• enable participation in Challenges and display limited participant information within that feature

If provided, your name is used for in-app personalization and, if you participate in Challenges, to display your first name to other participants in the relevant challenge. It is not used for advertising, tracking, or profiling.

We do not sell, rent, or share personal data for commercial purposes.

We do not perform automated decision-making or profiling that produces legal or similarly significant effects.

We process your personal data under the following legal bases (Article 6 GDPR):

• Contract – account creation, authentication, and provision of core App functionality
• Legitimate interest – anonymized analytics to improve the App
• Consent – push notifications (you can withdraw at any time in device or app settings)

All data is encrypted in transit using HTTPS and stored using secure infrastructure practices. Data at rest is protected by our infrastructure providers’ security measures.

• Data is stored securely using Supabase infrastructure
• All communication is encrypted using HTTPS
• Access to data is restricted and protected by authentication
• Each user can access only their own data

Standard technical data such as IP address may be temporarily processed by our infrastructure providers for security and server operation purposes. We do not use IP addresses for identification or tracking.

We do not sell user data. We use third-party services for authentication, analytics, and cloud/database infrastructure. We share user and device data only with the following parties, and only as necessary for the stated purposes:

We use only these essential service providers:

• Supabase – authentication, database, and infrastructure
• PostHog – anonymized product analytics (no personal or health data is sent to PostHog)
• Apple / Google – delivery of push notifications

These providers process data solely to provide their services and are contractually required to protect it. PostHog receives only anonymized, non-personal usage data (e.g. screen names, generic event types) and is not used for advertising or cross-app tracking.

We do not allow these providers to use your data for their own purposes such as advertising or profiling.

Data may be processed within the European Economic Area (EEA) or in jurisdictions that provide adequate data protection safeguards (e.g. under adequacy decisions or standard contractual clauses). Our service providers may process data in the EEA, UK, or other locations in accordance with applicable data protection law.

• Data is stored as long as your account is active
• You can delete your account at any time from within the App
• After account deletion, your data is removed from active systems without undue delay and is fully removed from backups within a defined retention period (e.g. up to 30 days)

You have the right to:

• Access – request a copy of your personal data
• Correction – request correction or update of inaccurate data
• Deletion – request deletion of your data (including via account deletion)
• Export – request an export of your data
• Withdraw consent – where processing is based on consent (e.g. push notifications)

Requests can be made by contacting: support@longevity-protocols.com

The App is not intended for children under 16 (or under 13 where applicable local laws apply).

We do not knowingly collect personal data from children. If you believe that a child has provided personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time.

Any changes will be reflected by updating the “Last updated” date at the top of this document. By creating an account you consent to this Privacy Policy; continued use of the App after changes indicates acceptance of the updated policy.