Features Free Tools Community Data Blog Pricing Log In Get Started Free

Privacy Policy

Last updated: March 15, 2026

Overview

LongevityGraph (“we”, “us”, “our”) operates the longevitygraph.ai website and service. This policy explains what data we collect, how we use it, and your rights regarding that data.

The short version: We collect the health data you give us to provide the service. We don’t sell it. We don’t show you ads. We don’t share it with data brokers. Your health data is yours.

What We Collect

Account Information

  • Email address (for login and communications)
  • Name (optional, for personalization)
  • Password hash (if using email/password login)
  • Google account ID (if using Google Sign-In)

Health Data You Provide

  • Biomarker lab results (entered manually, imported from CSV/PDF, or synced from Function Health)
  • Supplement stack (names, dosages, timing)
  • Medical conditions and medications
  • Treatment and intervention history
  • Genetic data (23andMe or AncestryDNA uploads)
  • Health goals and targets
  • Medical documents (lab reports, DEXA scans, clinical notes)
  • Health profile (age, sex, weight, height, lifestyle factors)

Data From Connected Services

  • Wearable data from Oura Ring, WHOOP, or Apple Health (sleep, HRV, heart rate, activity)
  • Biomarker data from Function Health API sync

Technical Data

  • IP address and browser user agent (for security and rate limiting)
  • Login timestamps (for account security)
  • Usage patterns (which features you use — no third-party analytics)

How We Use Your Data

  • To provide the service: Your health data powers the AI analysis, trend tracking, supplement grading, disease risk scoring, and all other features.
  • AI processing: Your data is sent to AI models (Anthropic Claude) to generate health insights, supplement recommendations, and analysis. AI providers process data per their API terms and do not use API inputs for training.
  • Communications: We send you emails you’ve opted into — daily supplement reminders, weekly health digests, and service updates.
  • Security: We use technical data to detect abuse, enforce rate limits, and protect your account.

What We Don’t Do

  • We do not sell your data to anyone.
  • We do not serve ads or share data with advertising networks.
  • We do not use third-party analytics (no Google Analytics, no Mixpanel, no tracking pixels).
  • We do not share your health data with insurers, employers, or data brokers.

Data Storage and Security

  • All data is stored in an encrypted database on infrastructure we control.
  • Passwords are hashed using bcrypt.
  • Session tokens are SHA-256 hashed before storage.
  • API keys are stored as SHA-256 hashes (plaintext shown once, never stored).
  • Automated encrypted backups run nightly with 7-day/4-week/12-month/3-year retention.
  • All connections use TLS encryption in transit.
  • File uploads are validated (content-type, magic bytes, size limits).

Bring Your Own AI Keys

You can optionally provide your own AI API keys. When configured, your AI requests go directly to the provider using your key. We never store your AI keys in plaintext — they’re encrypted at rest.

Data Retention and Deletion

  • Your data is retained as long as your account is active.
  • You can delete your entire account and all associated data from Settings at any time.
  • Account deletion is immediate and irreversible — all health data, documents, genetic data, chat history, and account information are permanently removed.
  • Waitlist email addresses are retained until you unsubscribe or your account is created.

Third-Party Services

We use the following services to operate LongevityGraph:

ServicePurposeData Shared
Anthropic (Claude)AI analysis and insightsHealth data context for queries
ResendTransactional email deliveryEmail address, email content
Google OAuthAuthenticationGoogle account ID, email
StripePayment processing (future)Email, payment info (handled by Stripe)
HetznerServer hostingAll data (stored on our managed server)
CloudflareCDN and DDoS protectionIP addresses, request metadata

Healthcare Provider Data

If you use LongevityGraph as a healthcare provider, we also process clinical encounter data, patient records, and practice management data within our EMR system. This data is subject to the same security and privacy protections described above.

HIPAA Disclaimer

LongevityGraph is a personal health tracking tool, not a healthcare provider. We are not a HIPAA covered entity. While we implement strong security practices, we do not claim HIPAA compliance. Do not use LongevityGraph as a substitute for professional medical care.

Your Rights

  • Access: You can view all your data within the application at any time.
  • Export: You can export your biomarker data as CSV and your full dataset as JSON.
  • Deletion: You can delete your account and all data from Settings.
  • Communications: You can opt out of all non-essential emails from Settings.

Contact

For privacy questions or data requests, email [email protected].

Changes

We may update this policy as the product evolves. Material changes will be communicated via email to active users. The “last updated” date at the top reflects the most recent revision.