L LongevityGraph
Features Tools Community Blog Pricing Support Patient login Provider login Start free
Legal · Policy

Privacy Policy

How LongevityGraph handles your data.

Last updated: July 12, 2026

Overview

LongevityGraph (“we”, “us”, “our”) operates the longevitygraph.ai website and service. This policy explains what data we collect, how we use it, and your rights regarding that data.

The short version: We collect the health data you give us to provide the service. We don’t sell it. We don’t show you ads. We don’t share it with data brokers. Your health data is yours.

What We Collect

Account Information

  • Email address (for login and communications)
  • Name (optional, for personalization)
  • Password hash (if using email/password login)
  • Google account ID (if using Google Sign-In)

Health Data You Provide

  • Biomarker lab results (entered manually, imported from CSV/PDF, or synced from Function Health)
  • Supplement stack (names, dosages, timing)
  • Medical conditions and medications
  • Treatment and intervention history
  • Genetic data (23andMe or AncestryDNA uploads)
  • Health goals and targets
  • Medical documents (lab reports, DEXA scans, clinical notes)
  • Health profile (age, sex, weight, height, lifestyle factors)

Data From Connected Services

  • Wearable data from Oura Ring, WHOOP, or Apple Health (sleep, HRV, heart rate, activity)
  • Biomarker data from Function Health API sync

Technical Data

  • IP address and browser user agent (for security and rate limiting)
  • Login timestamps (for account security)
  • Usage patterns (which features you use — no third-party analytics)

How We Use Your Data

  • To provide the service: Your health data powers the AI analysis, trend tracking, supplement grading, disease risk scoring, and all other features.
  • AI processing: Your data is sent to AI models (Anthropic Claude) to generate health insights, supplement recommendations, and analysis. AI providers process data per their API terms and do not use API inputs for training.
  • Communications: We send you emails you’ve opted into — daily supplement reminders, weekly health digests, and service updates.
  • Security: We use technical data to detect abuse, enforce rate limits, and protect your account.

What We Don’t Do

  • We do not sell your data to anyone.
  • We do not serve ads or share data with advertising networks.
  • We do not use third-party analytics (no Google Analytics, no Mixpanel, no tracking pixels).
  • We do not share your health data with insurers, employers, or data brokers.

Text Messaging (SMS)

If you opt in, your healthcare practice can text you through LongevityGraph. Opting in is entirely optional and is never a condition of purchasing, using, or receiving any LongevityGraph product, service, or care — you can decline or revoke consent at any time with no effect on your care, and everything we would text you is also available in the app. You opt in by checking an explicit, un-pre-selected consent box (“I agree to receive text messages from my practice”) and verifying your mobile number with a one-time code; we send texts only after you have completed both steps. These are conversational, care-related messages: appointment and visit updates, medication and prescription-refill coordination, lab and result notifications, care check-ins, and replies to questions you send. We do not send marketing or promotional texts.

We do not share or sell your mobile phone number, SMS opt-in, or text-messaging consent with any third party, and we do not share that information with third parties or affiliates for their own marketing or promotional purposes. Mobile information is used only to operate the messaging service you opted into (including our messaging provider, Twilio, which transmits the messages on our behalf).

Message frequency varies based on your care. Message and data rates may apply. Reply STOP at any time to opt out, or HELP for help. You can also manage or revoke consent anytime in Settings → Messaging.

Data Storage and Security

  • All data is stored in an encrypted database on infrastructure we control.
  • Passwords are hashed using bcrypt.
  • Session tokens are SHA-256 hashed before storage.
  • API keys are stored as SHA-256 hashes (plaintext shown once, never stored).
  • Automated encrypted backups run nightly with 7-day/4-week/12-month/3-year retention.
  • All connections use TLS encryption in transit.
  • File uploads are validated (content-type, magic bytes, size limits).

Bring Your Own AI Keys

You can optionally provide your own AI API keys. When configured, your AI requests go directly to the provider using your key. We never store your AI keys in plaintext — they’re encrypted at rest.

Data Retention and Deletion

  • Your data is retained as long as your account is active.
  • You can delete your entire account and all associated data from Settings at any time.
  • Account deletion is immediate and irreversible — all health data, documents, genetic data, chat history, and account information are permanently removed.
  • Waitlist email addresses are retained until you unsubscribe or your account is created.

Third-Party Services

We use the following services to operate LongevityGraph:

ServicePurposeData Shared
Anthropic (Claude)AI analysis and insightsHealth data context for queries
ResendTransactional email deliveryEmail address, email content
Google OAuthAuthenticationGoogle account ID, email
StripePayment processing (future)Email, payment info (handled by Stripe)
Amazon Web Services (AWS)Cloud hosting (EC2 compute, RDS database)All data (stored in our managed cloud database)
CloudflareCDN and DDoS protectionIP addresses, request metadata

Healthcare Provider Data

If you use LongevityGraph as a healthcare provider, we also process clinical encounter data, patient records, and practice management data within our EMR system. This data is subject to the same security and privacy protections described above.

HIPAA Disclaimer

LongevityGraph is a personal health tracking tool, not a healthcare provider. We are not a HIPAA covered entity. While we implement strong security practices, we do not claim HIPAA compliance. Do not use LongevityGraph as a substitute for professional medical care.

Your Rights

  • Access: You can view all your data within the application at any time.
  • Export: You can export your biomarker data as CSV and your full dataset as JSON.
  • Deletion: You can delete your account and all data from Settings.
  • Communications: You can opt out of all non-essential emails from Settings.

Contact

For privacy questions or data requests, email [email protected].

Changes

We may update this policy as the product evolves. Material changes will be communicated via email to active users. The “last updated” date at the top reflects the most recent revision.