L LongevityGraph
Features Tools Community Blog Pricing Support Patient login Provider login Start free
01 / Security

How your
health data is protected.

Encryption, infrastructure, sessions, telemetry, deletion. Treated with the seriousness the data deserves.

02 / Practices

Eight practices, no asterisks.

01 Encryption at rest Data stored in an encrypted database on infrastructure we control. Passwords hashed with bcrypt. API keys stored as SHA-256 hashes. Encrypted nightly backups.
02 Encryption in transit All connections use TLS 1.3. HSTS preload enforced. Cloudflare for DDoS and edge-cached static assets only — health data never touches the CDN.
03 Session security Session tokens SHA-256 hashed before storage. CSRF on all forms. Password change invalidates all other sessions. Rate limiting on auth endpoints.
04 Zero tracking No Google Analytics. No Mixpanel. No tracking pixels. No third-party analytics. No data sales. No ads. No data brokers.
05 Privately hosted infrastructure Runs on dedicated infrastructure (Hetzner), not shared cloud. We control the hardware, the network, the data. No multi-tenant risk.
06 Bring your own key Optional: provide your own AI API key. Requests go directly to the provider. Your key is encrypted at rest, never stored in plaintext.
07 Data export & deletion Export biomarker data as CSV or full dataset as JSON. Account deletion from settings — immediate, irreversible, complete.
08 Input validation All uploads validated by content-type, magic bytes, and size. All SQL parameterised. AI-generated HTML sanitised before render.
03 / Backup & recovery

Four-tier retention, encrypted.

Backup retention policy automated · encrypted · nightly
Daily 7 days retained
Weekly 4 weeks retained
Monthly 12 months retained
Yearly 3 years retained

In the unlikely event of data loss, restore from the most recent backup. Restore process documented; tested quarterly.

04 / Questions

Read the privacy policy.

Or email [email protected] directly.