Privacy Policy

1. Introduction

Extend.Health ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our longevity optimization platform.

By using Extend.Health, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Email address (for account creation and communication)
• Assessment responses (health behaviors and lifestyle data)
• Payment information (processed securely through Stripe)
• Optional: Feedback, support requests, and communications

2.2 Automatically Collected Information

• Usage data (pages visited, time spent, features used)
• Device information (browser type, operating system)
• IP address and general location data
• Cookies and similar tracking technologies (with your consent)

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Generate personalized longevity protocols and gap analysis
• Account Management: Create and maintain your user account
• Communication: Send assessment results, protocol updates, and educational content
• Payment Processing: Complete transactions securely via Stripe
• Service Improvement: Analyze usage patterns to enhance features (anonymized)
• Legal Compliance: Meet legal obligations and enforce our Terms of Service

4. Data Storage and Security

Storage: Your data is securely stored using Supabase (PostgreSQL) with industry-standard encryption. Assessment data is retained for the duration specified in your account settings (default: 1 year).

Security Measures:

• End-to-end encryption for data transmission (HTTPS/TLS)
• Secure authentication via Supabase Auth
• Payment processing handled by PCI-compliant Stripe (we never store card details)
• Regular security audits and updates
• Access controls and activity logging

While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We may share your data only in these limited circumstances:

• Service Providers: Trusted third parties who assist in operating our platform (Supabase, Stripe, Vercel). These providers are contractually obligated to protect your data.
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)
• Aggregated Data: Anonymized, aggregated statistics for research or marketing (no individual identification possible)

6. Your Rights (GDPR & Data Protection)

You have the following rights regarding your personal data:

• Access: Request a copy of your data (available via Settings → Export Data)
• Rectification: Correct inaccurate or incomplete information
• Erasure: Delete your account and associated data (Settings → Delete Account)
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format (JSON export)
• Objection: Opt-out of marketing communications and analytics
• Withdraw Consent: Revoke consent for data processing at any time

To exercise these rights, visit your Account Settings or contact us at privacy@extend.health.

7. Cookies and Tracking

We use cookies to enhance your experience:

• Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
• Analytics Cookies: Help us understand usage patterns (optional, requires consent)
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences via the cookie banner or in your browser settings.

8. Data Retention

We retain your data as follows:

• Assessment Data: Retained for the period specified in your settings (default: 1 year, max: indefinitely with consent)
• Account Information: Until you delete your account
• Payment Records: 7 years (legal requirement for tax/accounting)
• Marketing Communications: Until you unsubscribe

9. Children's Privacy

Extend.Health is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately.

10. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place to protect your data in accordance with GDPR and applicable data protection laws.

11. Third-Party Links

Our platform may contain links to external websites or resources. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will notify you via email or prominent notice on our platform.

13. Contact Us

For questions about this Privacy Policy or to exercise your data rights: