Privacy Notice

1. Introduction & Scope

This Privacy Notice describes how personal data is collected, used, stored, shared, and protected in connection with the Longeva App and related digital services.

It applies to:

• Users of the Longeva mobile application
• Backend systems supporting app functionality
• Customer support and communication channels
• Optional integrations and connected services enabled by users

This Privacy Notice is provided to meet our transparency obligations under:

• EU General Data Protection Regulation (GDPR)
• Turkish Personal Data Protection Law (KVKK)
• Other applicable data protection laws depending on your location

Additional in-app notices, consent screens, or contextual explanations may be provided to supplement this Privacy Notice. Such notices do not replace this document but are intended to help you make informed decisions at relevant moments.

2. Who Is Responsible for Your Data

2.1 Data Controller

The data controller responsible for processing your personal data is:

Longeva determines the purposes and means of processing personal data in connection with the Services.

2.2 Data Protection Officer (DPO)

Longeva has appointed a Data Protection Officer responsible for overseeing data protection compliance.

Email: dpo@longeva.co

You may contact the DPO at any time regarding questions, concerns, or requests related to personal data processing.

2.3 EU & Turkey Data Protection Representative

To comply with Article 27 GDPR and applicable Turkish data protection requirements, Longeva has appointed an external representative:

Prighter acts as Longeva's point of contact for supervisory authorities and data subjects in the European Union and Turkey.

2.4 Nature of the Services (Important Clarification)

This positioning applies across all features, including analytics, personalization, gamification, and optional insights.

3. What Personal Data We Process

This section describes the categories of personal data that may be processed when you use the Longeva App and related Services.

The exact scope of data processed depends on:

• The features you activate
• The data you choose to provide
• Your consent preferences
• Optional integrations you enable

Longeva follows a data minimization principle and processes only data necessary for the stated purposes.

3.1 Account & Identifiers

These data elements are required to create, secure, and manage your user account.

• Email address (personal or work)
• Encrypted password
• Account ID (system-generated)
• Registration date
• Consent status and timestamps
• Account status (active, deleted, restricted)

Purpose: Account creation, authentication, security, consent management, and service access.

App Store category: Identifiers

3.2 Device & Technical Information

Collected automatically when you install or use the App.

• Device identifier
• Device manufacturer and model
• Operating system and version
• App version
• Language and regional settings
• Time zone
• IP address
• Browser type and version (if applicable)

Purpose: Security, fraud prevention, localization, troubleshooting, performance optimization, and determining appropriate data storage regions.

App Store category: Device Information

3.3 General Profile Information

Provided voluntarily by you to personalise your experience.

• First name
• Year of birth
• Biological sex at birth
• Height and weight
• Profile image (optional)
• Mobile phone number (optional)

Purpose: Personalization, user experience customization, and feature configuration.

Important: You may use the App with limited functionality if optional profile data is not provided.

App Store category: Personal Information

3.4 Health-Related User-Provided Data (Consent-Based)

This category includes wellness and lifestyle-related data that you choose to enter or import. Such data is processed only with your explicit consent, which can be withdrawn at any time.

Examples include:

a) Wellness & Lifestyle Inputs

• Physical activity records (type, duration, time)
• Steps and movement data
• Sleep-related information
• Nutrition and food intake logs
• Notes and tags
• Body measurements

b) User-Entered Health Context (Optional)

• Self-reported conditions
• Self-set wellness goals
• Medication logs
• User observations or subjective inputs

c) Measurements & Sensor Data (If Enabled)

• Values imported from connected apps or devices
• Time-stamped readings (e.g., activity, sleep, movement)
• Sensor metadata (start/end time, data type)

App Store category: Health & Fitness

3.5 Gamification & Engagement Data

Processed if you participate in optional gamification features.

• Points earned or redeemed
• Rewards, challenges, or achievements
• In-app activity events
• Participation history
• Support interactions

Purpose: Feature functionality, engagement tracking, rewards administration, and user experience improvement.

App Store category: Usage Data

3.6 Communications & Support Data

Processed when you contact us or interact with support channels.

• Support messages and inquiries
• Correspondence metadata
• Feedback submissions

Purpose: User support, troubleshooting, service improvement, and responding to requests.

App Store category: Customer Support

3.7 Data from Connected Services & Integrations (Optional)

If you choose to enable integrations (e.g. Apple Health, Google Fit), data may be exchanged only according to your configuration.

• Imported or exported wellness metrics
• Sync preferences
• Integration status

App Store category: Health & Fitness / App Interactions

3.8 Data We Do NOT Collect

To ensure transparency, Longeva confirms that it does not:

• Purchase or obtain personal data from third-party data brokers
• Collect precise real-time location data for tracking
• Process biometric identifiers for identification
• Collect data from minors knowingly

3.9 User Control Over Data Scope

You may:

• Choose which data to provide
• Enable or disable optional data collection
• Edit or delete data via App settings
• Withdraw consent at any time

Certain core features require minimal data to function. If required data is not provided, corresponding features may be unavailable.

4. Why We Process Your Personal Data (Purposes & Legal Bases)

Longeva processes personal data only for clearly defined purposes and only where a valid legal basis exists.

Depending on the feature used, processing is based on:

• Performance of a contract
• Your explicit consent
• Legitimate interests, where permitted by law
• Compliance with legal obligations

Health-related data is processed exclusively with your explicit consent and never for advertising purposes.

4.1 Necessary Processing (Performance of Contract)

GDPR Art. 6(1)(b) - Performance of a contract GDPR Art. 9(2)(a) - Explicit consent (for health-related data)

This processing is required to provide the core functionality of the Longeva App.

Purposes include:

• Creating and managing your user account
• Authenticating access and securing the Services
• Delivering core app features
• Personalising the user interface based on your preferences
• Providing in-app notifications related to service functionality
• Responding to user support requests
• Ensuring technical stability and security

4.2 Processing of Wellness & Lifestyle Data (Consent-Based)

GDPR Art. 6(1)(a) - Consent GDPR Art. 9(2)(a) - Explicit consent

With your explicit consent, Longeva processes certain wellness-related and lifestyle data to provide informational insights and personalized app experiences.

Purposes include:

• Displaying trends and summaries of user-entered data
• Supporting goal tracking and habit awareness
• Enabling optional wellness features and visualizations
• Allowing you to view, edit, or export your data

4.3 Processing for Product Improvement

GDPR Art. 6(1)(a) - Consent GDPR Art. 9(2)(a) - Explicit consent (if health data is involved)

With your optional consent, Longeva may identify usage patterns, improve user experience, and enhance non-clinical, wellness-oriented features of the App.

Purposes include:

• Understanding feature usage patterns
• Identifying technical issues or usability improvements
• Improving app stability and performance
• Enhancing non-medical algorithms related to usability and engagement

4.4 Processing for Marketing Communications

GDPR Art. 6(1)(a) - Consent

Marketing communications are optional and only sent with your explicit consent.

Examples include:

• Product updates
• Feature announcements
• Invitations to surveys or non-clinical research
• Educational content related to wellness or app usage

You may:

• Subscribe or unsubscribe at any time
• Manage preferences via in-app settings
• Use the App without consenting to marketing communications

Non-personalized in-app content may still be displayed without processing personal data.

4.5 Scientific, Statistical & Anonymized Use

GDPR Art. 6(1)(f) - Legitimate interests GDPR Art. 9(2)(j) - Scientific and statistical purposes (where applicable)

Longeva may use fully anonymized data for:

• Statistical analysis
• Research on general wellness trends
• Product effectiveness evaluation
• Internal insights and reporting

Anonymized datasets may be shared with third parties exclusively for scientific research, statistical analysis, or academic or technical publication purposes, in compliance with applicable laws. Such data is not sold, is not used for advertising or marketing, is not shared with data brokers, and cannot be re-identified.

4.6 Legal Compliance & Enforcement

GDPR Art. 6(1)(c) - Legal obligation GDPR Art. 6(1)(f) - Legitimate interests GDPR Art. 9(2)(f) - Legal claims (where applicable)

Personal data may be processed where necessary to:

• Prevent misuse or abuse of the Services
• Enforce terms and conditions
• Comply with legal or regulatory obligations
• Respond to lawful requests from authorities
• Establish, exercise, or defend legal claims

4.7 Summary of Key Safeguards

• Health data is processed only with explicit consent
• No medical or clinical decision-making is performed
• No automated decisions with legal effects
• Users retain control and can revoke consent at any time

5. How Your Personal Data Is Collected

Longeva collects personal data through transparent, user-initiated, and technically necessary means. Data is collected only to the extent required to operate the Services and according to your choices and consent settings.

5.1 Data You Provide Directly

You provide data directly when you:

• Create an account
• Complete your profile
• Enter wellness or lifestyle information
• Participate in optional features
• Contact customer support
• Configure app settings
• Enable optional integrations

All entries are voluntary, except for minimal data required to operate the App (e.g. account credentials).

5.2 Data Generated Through App Usage

Certain data is generated automatically when you use the App, including:

• Feature interactions
• Session activity
• Technical logs
• Error or crash reports
• In-app navigation events

Purpose: Ensuring functionality, security, stability, and continuous improvement of the Services.

This data does not involve monitoring outside the App environment.

5.3 Data from Devices & Sensors (Optional)

If you choose to connect compatible devices or enable data imports, certain data may be transmitted to the App.

Examples include:

• Time-stamped activity data
• Movement or sleep summaries
• Device-generated wellness metrics

Bluetooth & Location Permissions

Some devices require temporary access to your device's location settings to enable Bluetooth pairing.

5.4 Data from Connected Apps & Platforms (Optional)

You may choose to synchronise data between the Longeva App and third-party platforms such as Apple Health or Google Fit.

• Synchronization is disabled by default
• You explicitly select which data types are shared
• Access can be revoked at any time via settings

5.5 No Third-Party Data Acquisition

Longeva confirms that it:

• Does not purchase personal data
• Does not collect data from data brokers
• Does not infer sensitive attributes beyond what users provide
• Does not combine external datasets to profile users

6. Automated Processing & Profiling

Longeva uses limited forms of automated processing to support app functionality and personalization, always within strict safeguards.

6.1 Nature of Automated Processing

Automated processing may be used to:

• Organise and display user-entered data
• Present summaries, trends, or visualizations
• Adapt the user interface based on preferences
• Support optional gamification features

These processes are rule-based and non-clinical.

6.2 No Automated Decision-Making with Legal or Medical Effect

Longeva does not perform:

• Automated decision-making producing legal effects
• Automated medical assessments
• Clinical risk scoring
• Diagnostic or therapeutic determinations

All outputs are:

• Informational
• Non-binding
• Intended for general wellness awareness only

This complies with GDPR Article 22.

6.3 User Control & Transparency

You remain in control of:

• Which features are enabled
• What data is processed
• Whether optional automation is used
• When consent is withdrawn

Where automation is involved, its purpose is clearly explained in-app.

6.4 Human Oversight

Automated processes are:

• Designed and reviewed by humans
• Monitored for correctness and fairness
• Subject to adjustment or removal if risks are identified

You may contact support or the Data Protection Officer at any time for clarification.

7. Data Sharing & International Transfers

Longeva processes personal data primarily within its own secure systems. Where necessary, data is shared only in accordance with this Privacy Notice and applicable law.

7.1 Data Processors

To operate and support the Services, Longeva engages carefully selected third-party service providers ("Data Processors").

These Data Processors may provide:

• Cloud hosting and infrastructure services
• Technical support and customer service tools
• Analytics and performance monitoring
• Secure communication services
• Email and notification delivery

7.2 Categories of Data Recipients

Depending on functionality, personal data may be disclosed to:

• Customer support providers (to manage and resolve user inquiries)
• Infrastructure & hosting providers (to store and process data securely)
• Analytics & monitoring providers (to improve app performance and reliability)
• Communication service providers (to deliver emails or notifications you request or consent to)

No recipient is authorized to use personal data beyond the contracted purpose.

7.3 User-Initiated Sharing

Certain features allow you to share data directly with third parties (e.g. exporting data or sharing summaries).

In such cases:

• You decide what data is shared
• You decide with whom and when
• Longeva is not responsible for third-party processing once shared

7.4 International Data Transfers

Longeva operates globally. Personal data may be processed in jurisdictions outside your country of residence.

Primary storage regions

• Singapore
• European Union / EEA (where applicable)

Transfer safeguards

Where data is transferred internationally, Longeva ensures an adequate level of protection through:

• EU adequacy decisions
• Standard Contractual Clauses (SCCs)
• Equivalent lawful transfer mechanisms

You may request further information on safeguards by contacting dpo@longeva.co.

8. Data Security & Safeguards

Longeva applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.

8.1 Security Principles

• Data minimization
• Purpose limitation
• Confidentiality by default
• Security by design and by default

8.2 Technical Measures

• Encrypted data transmission (HTTPS/TLS)
• Encryption at rest where appropriate
• Access controls and authentication policies
• Secure backups and disaster recovery
• Infrastructure monitoring and testing
• Regular security updates and patching

8.3 Organizational Measures

• Appointed Data Protection Officer
• Internal security policies
• Staff training on data protection
• Role-based access management
• Incident response procedures

8.4 Pseudonymization & Anonymization

• Personal data is pseudonymized where feasible
• Data used for analytics or research is anonymized
• Anonymization is irreversible and removes identifiability
• Anonymized data is not subject to data protection law

9. Data Retention & Deletion

Longeva retains personal data only for as long as necessary to fulfil the purposes described in this Privacy Notice.

9.1 Retention Periods

• Account data: retained while your account is active
• Optional data: retained until deleted by you or consent is withdrawn
• Legal or compliance data: retained as required by law

9.2 Account Deletion

You may delete your account at any time via App settings or by contacting support.

Upon deletion:

• Personal data is removed or anonymized
• Residual data may be retained only where legally required
• Archived data is restricted from further use

9.3 Inactive Accounts

If an account remains inactive for five (5) years, Longeva may initiate deletion procedures in accordance with legal obligations.

9.4 Secure Deletion

• Digital records are deleted using secure technical methods
• Physical records (if any) are destroyed securely
• Deleted data cannot be reconstructed

10. Your Data Protection Rights

Longeva is committed to ensuring that you can easily exercise your data protection rights under applicable law, including the GDPR and KVKK.

You may exercise most rights:

• Directly via the App (Settings), or
• By contacting dpo@longeva.co

We will respond without undue delay and no later than one (1) month, unless a shorter period applies under local law.

10.1 Right of Access

You have the right to request confirmation as to whether your personal data is being processed and to receive:

• A copy of your personal data
• Information about purposes, categories, recipients, retention, and safeguards

10.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data.

Most profile and wellness data can be edited directly in the App.

10.3 Right to Erasure ("Right to Be Forgotten")

You may request deletion of your personal data.

Please note:

• Certain data may be retained where legally required
• Residual data may be archived solely for compliance or legal defence purposes

10.4 Right to Restriction of Processing

You may request that processing be restricted where:

• Accuracy is contested
• Processing is unlawful
• Data is no longer required but needed for legal claims

10.5 Right to Object

You may object to processing based on legitimate interests, unless compelling legal grounds exist.

10.6 Right to Withdraw Consent

Where processing is based on consent:

• You may withdraw consent at any time
• Withdrawal does not affect prior lawful processing
• Core services remain available unless consent is required for the feature

10.7 Right to Data Portability

You may request your data in a structured, commonly used, machine-readable format, or request transfer to another provider where technically feasible.

10.8 Right to Lodge a Complaint

If you believe your rights have been infringed, you may:

• Contact Longeva at dpo@longeva.co
• Lodge a complaint with a competent supervisory authority

EU supervisory authorities are listed at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en

11. Minors

The Longeva Services are intended for users 18 years or older, or such higher age as required by applicable law.

Longeva does not knowingly collect personal data from minors. If you believe a minor has provided data, please contact dpo@longeva.co for prompt deletion.

12. Country-Specific Provisions

12.1 European Union & Turkey

EU (GDPR - Article 27)

Longeva has appointed the following representative:

EU users may exercise their rights via:
https://prighter.com/q/18718275968

Turkey (KVKK)

In accordance with Turkish Personal Data Protection Law (KVKK), Prighter Group also acts as Longeva's representative for Turkey.

Turkish users may exercise their KVKK rights through the same channel above.

12.2 Other Jurisdictions

For Singapore, Hong Kong, Vietnam, Brazil, and other regions, Longeva has appointed a central privacy contact:

dpo@longeva.co

You may exercise your rights under applicable local law without discrimination.

13. Changes to This Privacy Notice

Longeva may update this Privacy Notice to reflect:

• Changes in legal requirements
• Product or feature updates
• Security or operational improvements

Where required:

• You will be notified in advance
• New consent will be requested if necessary
• The latest version is always available within the App and on our website.