Privacy Notice
This Privacy Notice explains how Longeva LLC ("Longeva", "we", "us") processes personal data when you use the Longeva mobile application and related backend services (together, the "Services"). We are committed to transparency, user control, and data protection by design. This Privacy Notice describes how personal data is collected, used, stored, shared, and protected in connection with the Longeva App and related digital services.
Effective Date: 01 October 2025 | Last Updated: 25 December 2025
Table of Contents
- Introduction & Scope
- Who Is Responsible for Your Data
- What Personal Data We Process
- Why We Process Your Personal Data (Purposes & Legal Bases)
- How Your Personal Data Is Collected
- Automated Processing & Profiling
- Data Sharing & International Transfers
- Data Security & Safeguards
- Data Retention & Deletion
- Your Data Protection Rights
- Minors
- Country-Specific Provisions
- Changes to This Privacy Notice
1. Introduction & Scope
This Privacy Notice describes how personal data is collected, used, stored, shared, and protected in connection with the Longeva App and related digital services.
It applies to:
- Users of the Longeva mobile application
- Backend systems supporting app functionality
- Customer support and communication channels
- Optional integrations and connected services enabled by users
This Privacy Notice is provided to meet our transparency obligations under:
- EU General Data Protection Regulation (GDPR)
- Turkish Personal Data Protection Law (KVKK)
- Other applicable data protection laws depending on your location
Additional in-app notices, consent screens, or contextual explanations may be provided to supplement this Privacy Notice. Such notices do not replace this document but are intended to help you make informed decisions at relevant moments.
2. Who Is Responsible for Your Data
2.1 Data Controller
The data controller responsible for processing your personal data is:
Longeva LLC
16192 Coastal Highway
Lewes, Delaware 19958
United States
Longeva determines the purposes and means of processing personal data in connection with the Services.
2.2 Data Protection Officer (DPO)
Longeva has appointed a Data Protection Officer responsible for overseeing data protection compliance.
Email: dpo@longeva.co
You may contact the DPO at any time regarding questions, concerns, or requests related to personal data processing.
2.3 EU & Turkey Data Protection Representative
To comply with Article 27 GDPR and applicable Turkish data protection requirements, Longeva has appointed an external representative:
Prighter Group
Maetzler Rechtsanwalts GmbH & Co KG
Schellinggasse 3/10
1010 Vienna, Austria
Prighter acts as Longeva's point of contact for supervisory authorities and data subjects in the European Union and Turkey.
2.4 Nature of the Services (Important Clarification)
Important Notice
The Longeva App is designed to support general wellness, lifestyle awareness, and personal insights.
The Services are not intended for medical care, diagnosis, treatment, or disease monitoring.
Any information generated by the App is informational and educational only.
Users should not rely on the App as a substitute for professional medical advice.
This positioning applies across all features, including analytics, personalization, gamification, and optional insights.
3. What Personal Data We Process
This section describes the categories of personal data that may be processed when you use the Longeva App and related Services.
The exact scope of data processed depends on:
- The features you activate
- The data you choose to provide
- Your consent preferences
- Optional integrations you enable
Longeva follows a data minimization principle and processes only data necessary for the stated purposes.
3.1 Account & Identifiers
These data elements are required to create, secure, and manage your user account.
- Email address (personal or work)
- Encrypted password
- Account ID (system-generated)
- Registration date
- Consent status and timestamps
- Account status (active, deleted, restricted)
Purpose: Account creation, authentication, security, consent management, and service access.
App Store category: Identifiers3.2 Device & Technical Information
Collected automatically when you install or use the App.
- Device identifier
- Device manufacturer and model
- Operating system and version
- App version
- Language and regional settings
- Time zone
- IP address
- Browser type and version (if applicable)
Purpose: Security, fraud prevention, localization, troubleshooting, performance optimization, and determining appropriate data storage regions.
App Store category: Device Information3.3 General Profile Information
Provided voluntarily by you to personalise your experience.
- First name
- Year of birth
- Biological sex at birth
- Height and weight
- Profile image (optional)
- Mobile phone number (optional)
Purpose: Personalization, user experience customization, and feature configuration.
Important: You may use the App with limited functionality if optional profile data is not provided.
App Store category: Personal Information3.4 Health-Related User-Provided Data (Consent-Based)
This category includes wellness and lifestyle-related data that you choose to enter or import. Such data is processed only with your explicit consent, which can be withdrawn at any time.
Examples include:
a) Wellness & Lifestyle Inputs
- Physical activity records (type, duration, time)
- Steps and movement data
- Sleep-related information
- Nutrition and food intake logs
- Notes and tags
- Body measurements
b) User-Entered Health Context (Optional)
- Self-reported conditions
- Self-set wellness goals
- Medication logs
- User observations or subjective inputs
c) Measurements & Sensor Data (If Enabled)
- Values imported from connected apps or devices
- Time-stamped readings (e.g., activity, sleep, movement)
- Sensor metadata (start/end time, data type)
Important clarifications:
- Longeva does not interpret this data for medical diagnosis or treatment.
- All insights generated are informational and wellness-oriented only.
- You control what data is entered, imported, or deleted.
3.5 Gamification & Engagement Data
Processed if you participate in optional gamification features.
- Points earned or redeemed
- Rewards, challenges, or achievements
- In-app activity events
- Participation history
- Support interactions
Purpose: Feature functionality, engagement tracking, rewards administration, and user experience improvement.
App Store category: Usage Data3.6 Communications & Support Data
Processed when you contact us or interact with support channels.
- Support messages and inquiries
- Correspondence metadata
- Feedback submissions
Purpose: User support, troubleshooting, service improvement, and responding to requests.
App Store category: Customer Support3.7 Data from Connected Services & Integrations (Optional)
If you choose to enable integrations (e.g. Apple Health, Google Fit), data may be exchanged only according to your configuration.
- Imported or exported wellness metrics
- Sync preferences
- Integration status
Important:
- Integrations are disabled by default
- You can manage or revoke access at any time via settings
- Longeva does not access third-party data beyond what you authorise
3.8 Data We Do NOT Collect
To ensure transparency, Longeva confirms that it does not:
- Purchase or obtain personal data from third-party data brokers
- Collect precise real-time location data for tracking
- Process biometric identifiers for identification
- Collect data from minors knowingly
3.9 User Control Over Data Scope
You may:
- Choose which data to provide
- Enable or disable optional data collection
- Edit or delete data via App settings
- Withdraw consent at any time
Certain core features require minimal data to function. If required data is not provided, corresponding features may be unavailable.
4. Why We Process Your Personal Data (Purposes & Legal Bases)
Longeva processes personal data only for clearly defined purposes and only where a valid legal basis exists.
Depending on the feature used, processing is based on:
- Performance of a contract
- Your explicit consent
- Legitimate interests, where permitted by law
- Compliance with legal obligations
Health-related data is processed exclusively with your explicit consent and never for advertising purposes.
4.1 Necessary Processing (Performance of Contract)
GDPR Art. 6(1)(b) - Performance of a contract GDPR Art. 9(2)(a) - Explicit consent (for health-related data)This processing is required to provide the core functionality of the Longeva App.
Purposes include:
- Creating and managing your user account
- Authenticating access and securing the Services
- Delivering core app features
- Personalising the user interface based on your preferences
- Providing in-app notifications related to service functionality
- Responding to user support requests
- Ensuring technical stability and security
Important notes:
- Without this processing, the Services cannot be provided.
- Any personalization performed is functional and experiential only.
- No automated decisions produce legal or similarly significant effects.
4.2 Processing of Wellness & Lifestyle Data (Consent-Based)
GDPR Art. 6(1)(a) - Consent GDPR Art. 9(2)(a) - Explicit consentWith your explicit consent, Longeva processes certain wellness-related and lifestyle data to provide informational insights and personalized app experiences.
Purposes include:
- Displaying trends and summaries of user-entered data
- Supporting goal tracking and habit awareness
- Enabling optional wellness features and visualizations
- Allowing you to view, edit, or export your data
Regulatory clarification:
- Longeva does not provide medical advice.
- No diagnosis, treatment, monitoring, or clinical recommendations are performed.
- Outputs are non-clinical, informational, and educational in nature.
- You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
4.3 Processing for Product Improvement
GDPR Art. 6(1)(a) - Consent GDPR Art. 9(2)(a) - Explicit consent (if health data is involved)With your optional consent, Longeva may identify usage patterns, improve user experience, and enhance non-clinical, wellness-oriented features of the App.
Purposes include:
- Understanding feature usage patterns
- Identifying technical issues or usability improvements
- Improving app stability and performance
- Enhancing non-medical algorithms related to usability and engagement
Safeguards:
- Health data is never used for advertising
- Data is aggregated or pseudonymized where possible
- Participation is voluntary and can be revoked at any time
- These activities do not involve medical diagnosis, treatment recommendations, or clinical decision-making.
4.4 Processing for Marketing Communications
GDPR Art. 6(1)(a) - ConsentMarketing communications are optional and only sent with your explicit consent.
Examples include:
- Product updates
- Feature announcements
- Invitations to surveys or non-clinical research
- Educational content related to wellness or app usage
You may:
- Subscribe or unsubscribe at any time
- Manage preferences via in-app settings
- Use the App without consenting to marketing communications
Non-personalized in-app content may still be displayed without processing personal data.
4.5 Scientific, Statistical & Anonymized Use
GDPR Art. 6(1)(f) - Legitimate interests GDPR Art. 9(2)(j) - Scientific and statistical purposes (where applicable)Longeva may use fully anonymized data for:
- Statistical analysis
- Research on general wellness trends
- Product effectiveness evaluation
- Internal insights and reporting
Key safeguards:
- Data is anonymized irreversibly
- Individuals cannot be identified
- Anonymized data falls outside GDPR scope
Anonymized datasets may be shared with third parties exclusively for scientific research, statistical analysis, or academic or technical publication purposes, in compliance with applicable laws. Such data is not sold, is not used for advertising or marketing, is not shared with data brokers, and cannot be re-identified.
4.6 Legal Compliance & Enforcement
GDPR Art. 6(1)(c) - Legal obligation GDPR Art. 6(1)(f) - Legitimate interests GDPR Art. 9(2)(f) - Legal claims (where applicable)Personal data may be processed where necessary to:
- Prevent misuse or abuse of the Services
- Enforce terms and conditions
- Comply with legal or regulatory obligations
- Respond to lawful requests from authorities
- Establish, exercise, or defend legal claims
4.7 Summary of Key Safeguards
- Health data is processed only with explicit consent
- No medical or clinical decision-making is performed
- No automated decisions with legal effects
- Users retain control and can revoke consent at any time
5. How Your Personal Data Is Collected
Longeva collects personal data through transparent, user-initiated, and technically necessary means. Data is collected only to the extent required to operate the Services and according to your choices and consent settings.
5.1 Data You Provide Directly
You provide data directly when you:
- Create an account
- Complete your profile
- Enter wellness or lifestyle information
- Participate in optional features
- Contact customer support
- Configure app settings
- Enable optional integrations
All entries are voluntary, except for minimal data required to operate the App (e.g. account credentials).
5.2 Data Generated Through App Usage
Certain data is generated automatically when you use the App, including:
- Feature interactions
- Session activity
- Technical logs
- Error or crash reports
- In-app navigation events
Purpose: Ensuring functionality, security, stability, and continuous improvement of the Services.
This data does not involve monitoring outside the App environment.
5.3 Data from Devices & Sensors (Optional)
If you choose to connect compatible devices or enable data imports, certain data may be transmitted to the App.
Examples include:
- Time-stamped activity data
- Movement or sleep summaries
- Device-generated wellness metrics
Bluetooth & Location Permissions
Some devices require temporary access to your device's location settings to enable Bluetooth pairing.
Important clarifications:
- Location access is used only to establish the technical connection
- Longeva does not track or store real-time location
- Location data is not retained after pairing
5.4 Data from Connected Apps & Platforms (Optional)
You may choose to synchronise data between the Longeva App and third-party platforms such as Apple Health or Google Fit.
- Synchronization is disabled by default
- You explicitly select which data types are shared
- Access can be revoked at any time via settings
Apple Health / HealthKit Integration
If you enable Apple Health / HealthKit integration, Longeva accesses only the specific data types that you explicitly authorize through iOS system permissions. HealthKit data is used solely to provide app functionality requested by you. Longeva does not use HealthKit data for advertising, marketing, or data mining purposes, and does not sell HealthKit data. You can manage or revoke HealthKit access at any time via your device's iOS privacy settings.
5.5 No Third-Party Data Acquisition
Longeva confirms that it:
- Does not purchase personal data
- Does not collect data from data brokers
- Does not infer sensitive attributes beyond what users provide
- Does not combine external datasets to profile users
6. Automated Processing & Profiling
Longeva uses limited forms of automated processing to support app functionality and personalization, always within strict safeguards.
6.1 Nature of Automated Processing
Automated processing may be used to:
- Organise and display user-entered data
- Present summaries, trends, or visualizations
- Adapt the user interface based on preferences
- Support optional gamification features
These processes are rule-based and non-clinical.
6.2 No Automated Decision-Making with Legal or Medical Effect
Longeva does not perform:
- Automated decision-making producing legal effects
- Automated medical assessments
- Clinical risk scoring
- Diagnostic or therapeutic determinations
All outputs are:
- Informational
- Non-binding
- Intended for general wellness awareness only
This complies with GDPR Article 22.
6.3 User Control & Transparency
You remain in control of:
- Which features are enabled
- What data is processed
- Whether optional automation is used
- When consent is withdrawn
Where automation is involved, its purpose is clearly explained in-app.
6.4 Human Oversight
Automated processes are:
- Designed and reviewed by humans
- Monitored for correctness and fairness
- Subject to adjustment or removal if risks are identified
You may contact support or the Data Protection Officer at any time for clarification.
7. Data Sharing & International Transfers
Longeva processes personal data primarily within its own secure systems. Where necessary, data is shared only in accordance with this Privacy Notice and applicable law.
7.1 Data Processors
To operate and support the Services, Longeva engages carefully selected third-party service providers ("Data Processors").
These Data Processors may provide:
- Cloud hosting and infrastructure services
- Technical support and customer service tools
- Analytics and performance monitoring
- Secure communication services
- Email and notification delivery
Safeguards
- Data Processors act only on Longeva's instructions
- They are prohibited from using data for their own purposes
- GDPR-compliant data processing agreements are in place
- Sub-processors require prior approval
7.2 Categories of Data Recipients
Depending on functionality, personal data may be disclosed to:
- Customer support providers (to manage and resolve user inquiries)
- Infrastructure & hosting providers (to store and process data securely)
- Analytics & monitoring providers (to improve app performance and reliability)
- Communication service providers (to deliver emails or notifications you request or consent to)
No recipient is authorized to use personal data beyond the contracted purpose.
7.3 User-Initiated Sharing
Certain features allow you to share data directly with third parties (e.g. exporting data or sharing summaries).
In such cases:
- You decide what data is shared
- You decide with whom and when
- Longeva is not responsible for third-party processing once shared
7.4 International Data Transfers
Longeva operates globally. Personal data may be processed in jurisdictions outside your country of residence.
Primary storage regions
- Singapore
- European Union / EEA (where applicable)
Transfer safeguards
Where data is transferred internationally, Longeva ensures an adequate level of protection through:
- EU adequacy decisions
- Standard Contractual Clauses (SCCs)
- Equivalent lawful transfer mechanisms
You may request further information on safeguards by contacting dpo@longeva.co.
8. Data Security & Safeguards
Longeva applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.
8.1 Security Principles
- Data minimization
- Purpose limitation
- Confidentiality by default
- Security by design and by default
8.2 Technical Measures
- Encrypted data transmission (HTTPS/TLS)
- Encryption at rest where appropriate
- Access controls and authentication policies
- Secure backups and disaster recovery
- Infrastructure monitoring and testing
- Regular security updates and patching
8.3 Organizational Measures
- Appointed Data Protection Officer
- Internal security policies
- Staff training on data protection
- Role-based access management
- Incident response procedures
8.4 Pseudonymization & Anonymization
- Personal data is pseudonymized where feasible
- Data used for analytics or research is anonymized
- Anonymization is irreversible and removes identifiability
- Anonymized data is not subject to data protection law
9. Data Retention & Deletion
Longeva retains personal data only for as long as necessary to fulfil the purposes described in this Privacy Notice.
9.1 Retention Periods
- Account data: retained while your account is active
- Optional data: retained until deleted by you or consent is withdrawn
- Legal or compliance data: retained as required by law
9.2 Account Deletion
You may delete your account at any time via App settings or by contacting support.
Upon deletion:
- Personal data is removed or anonymized
- Residual data may be retained only where legally required
- Archived data is restricted from further use
9.3 Inactive Accounts
If an account remains inactive for five (5) years, Longeva may initiate deletion procedures in accordance with legal obligations.
9.4 Secure Deletion
- Digital records are deleted using secure technical methods
- Physical records (if any) are destroyed securely
- Deleted data cannot be reconstructed
10. Your Data Protection Rights
Longeva is committed to ensuring that you can easily exercise your data protection rights under applicable law, including the GDPR and KVKK.
You may exercise most rights:
- Directly via the App (Settings), or
- By contacting dpo@longeva.co
We will respond without undue delay and no later than one (1) month, unless a shorter period applies under local law.
10.1 Right of Access
You have the right to request confirmation as to whether your personal data is being processed and to receive:
- A copy of your personal data
- Information about purposes, categories, recipients, retention, and safeguards
10.2 Right to Rectification
You may request correction of inaccurate or incomplete personal data.
Most profile and wellness data can be edited directly in the App.
10.3 Right to Erasure ("Right to Be Forgotten")
You may request deletion of your personal data.
Please note:
- Certain data may be retained where legally required
- Residual data may be archived solely for compliance or legal defence purposes
10.4 Right to Restriction of Processing
You may request that processing be restricted where:
- Accuracy is contested
- Processing is unlawful
- Data is no longer required but needed for legal claims
10.5 Right to Object
You may object to processing based on legitimate interests, unless compelling legal grounds exist.
10.6 Right to Withdraw Consent
Where processing is based on consent:
- You may withdraw consent at any time
- Withdrawal does not affect prior lawful processing
- Core services remain available unless consent is required for the feature
10.7 Right to Data Portability
You may request your data in a structured, commonly used, machine-readable format, or request transfer to another provider where technically feasible.
10.8 Right to Lodge a Complaint
If you believe your rights have been infringed, you may:
- Contact Longeva at dpo@longeva.co
- Lodge a complaint with a competent supervisory authority
EU supervisory authorities are listed at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
11. Minors
The Longeva Services are intended for users 18 years or older, or such higher age as required by applicable law.
Longeva does not knowingly collect personal data from minors. If you believe a minor has provided data, please contact dpo@longeva.co for prompt deletion.
12. Country-Specific Provisions
12.1 European Union & Turkey
EU (GDPR - Article 27)
Longeva has appointed the following representative:
Prighter Group
Maetzler Rechtsanwalts GmbH & Co KG
Schellinggasse 3/10
1010 Vienna, Austria
EU users may exercise their rights via:
https://prighter.com/q/18718275968
Turkey (KVKK)
In accordance with Turkish Personal Data Protection Law (KVKK), Prighter Group also acts as Longeva's representative for Turkey.
Turkish users may exercise their KVKK rights through the same channel above.
12.2 Other Jurisdictions
For Singapore, Hong Kong, Vietnam, Brazil, and other regions, Longeva has appointed a central privacy contact:
You may exercise your rights under applicable local law without discrimination.
13. Changes to This Privacy Notice
Longeva may update this Privacy Notice to reflect:
- Changes in legal requirements
- Product or feature updates
- Security or operational improvements
Where required:
- You will be notified in advance
- New consent will be requested if necessary
- The latest version is always available within the App and on our website.
Contact Us
Lewes, Delaware 19958
United States
https://prighter.com/q/18718275968