Privacy policy

This privacy policy describes how Digital Ingres Solutions S.R.L. ("we", "us", "our") collects, uses, and protects information you provide when you use the Longevity Pulse marketing site at longevitypulse.digitalingres.ro or the Longevity Pulse mobile application.

In this policy, "Personal Information" means any information related to an identified or identifiable individual and does not include data from which personally identifiable information has been removed (such as anonymous or aggregated data). We collect Personal Information about you from the different sources listed below.

1. Who we are

Digital Ingres Solutions S.R.L., a company registered in Romania, is the data controller for personal data processed through Longevity Pulse. Contact: [email protected].

2. What we collect

2.1 Information you provide

You may provide us with Personal Information when you register for an account, use Longevity Pulse, submit the longevity audit, join the waitlist, or communicate with us (in-app, by email, or through support). The categories of information you provide may include:

• Contact details — your name and email address.
• Basic profile information — demographic information including date of birth, gender, height, weight, and waist measurement.
• Account details — username, password, and identifiers returned by Sign in with Apple or Google Sign-In when you use social login.
• Health and lifestyle data — information relating to your exercise, movement, sleep, recovery, mindfulness practice, mood, stress, diet and nutrition habits, fasting intervals, body composition, journal entries, progress photos, and any other health, lifestyle, or fitness information you choose to log in Longevity Pulse.
• Biomarker inputs — blood analysis values you enter manually, and images of lab reports you upload for on-device or server-side OCR extraction. We do not collect biological samples (blood, saliva, or otherwise).
• Correspondence and communications — any Personal Information contained in your correspondence with us, including support messages, survey responses, and audit answers.
• Marketing preferences — your opt-in choices for marketing emails and product updates.

Where provision of certain Personal Information is required for us to deliver a feature (for example, your date of birth to compute your biological-age estimate), we will indicate this at the point of collection. If you choose not to provide such information, we may not be able to provide the corresponding feature.

2.2 Information collected automatically

We also collect the following information automatically when you use Longevity Pulse:

• Identifiers and usage data — IP address, device model and manufacturer, operating-system version, app version, crash and performance telemetry, engagement metrics, and pages or screens viewed. Collected through Firebase Analytics, Sentry error reporting, and server logs.
• Push-notification token — a Firebase Cloud Messaging token issued to your device so that we can deliver product notifications you have opted in to.
• Transaction information — details of any subscription purchase made through the Apple App Store or Google Play Billing, surfaced to us through RevenueCat.
• Cookies and similar technologies — on the marketing site only. See our cookie policy.

Longevity Pulse does not access your phone address book. Our friends and fasting-circles features rely on username search and explicit invites — we never upload or store your contacts.

2.3 Information from other sources

We may obtain Personal Information about you from the following third parties:

• Third-party health apps and wearables — if you choose to connect Longevity Pulse to Apple HealthKit (iOS) or Android Health Connect, we receive steps, heart rate, heart-rate variability, sleep, workouts, VO2max, and similar health and lifestyle data from those platforms. You can revoke this permission at any time in your device settings.
• Payment processors — for subscription purchases we receive purchase details, store-level identifiers, and transaction amounts from RevenueCat, the Apple App Store, and Google Play Billing. We do not receive or store your payment card details.
• Identity providers — if you sign in with Apple or Google, we receive a provider user identifier, your name (if you share it), and your email address (unless you choose to hide it via Apple's private relay).

Longevity Pulse does not pull medical records from healthcare providers and does not send biological samples to lab partners. All biomarker values originate from you, either typed directly or extracted by OCR from a lab report image that you upload.

2.4 Aggregated data

We also collect, use, and share aggregated data — such as statistical or demographic data — for our business purposes. Aggregated data may be derived from your Personal Information but is not Personal Information, because it cannot directly or indirectly reveal your identity. For example, we may aggregate data about how users interact with Longevity Pulse to calculate the percentage of users who reach a given streak or pillar score. If we combine aggregated data with your Personal Information so that it can identify you, we will treat the combined data as Personal Information under this policy.

Health data is processed on your device and synced to our servers in encrypted form. We never sell health data.

3. How we use it

• To compute your LP Score and biological age estimate.
• To send you product updates if you joined the waitlist.
• To improve the audit, the app, and our content.
• To meet legal and regulatory obligations.

4. Legal basis (GDPR)

We process personal data on the basis of (a) your consent (waitlist, marketing), (b) performance of a contract (computing your audit results, providing the app), and (c) our legitimate interest in improving the product and securing the service.

5. Sharing

We share data with processors that help us run the service: cloud hosting, analytics providers, email delivery, and payment processing. Each processor is bound by a data-processing agreement and may only use your data on our instructions. We do not sell personal data to third parties.

6. Children's privacy

Longevity Pulse is not directed to children under the age of 18, and we do not knowingly collect Personal Information from anyone under this age. If you believe a child has provided us with Personal Information in violation of this policy, please contact us at [email protected] and we will take steps to delete the information.

7. Retention

We store all Personal Information for as long as necessary to fulfil the purposes set out in this policy, or for as long as we are required to retain it by law or to comply with a regulatory obligation.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

In practice, this means: waitlist emails are kept until you unsubscribe or request deletion; audit responses are kept until you request deletion; and app user data (including health and lifestyle data) is kept while your account is active and for up to twelve months after deletion, to satisfy legal, audit, and fraud-prevention obligations. After that period the data is either permanently deleted or irreversibly anonymised.

8. Your rights

If you are located in the United Kingdom or the European Economic Area, you have the following rights in respect of the Personal Information we hold about you, under the UK GDPR and the EU GDPR:

• Right of access. You have the right to obtain confirmation of whether we process your Personal Information and, where we do, to receive a copy of it.
• Right to portability. In certain circumstances, you have the right to receive a copy of the Personal Information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request that we transmit it directly to another controller.
• Right to rectification. You have the right to obtain, without undue delay, the correction of any inaccurate or incomplete Personal Information we hold about you. Most profile fields can be updated directly in the Longevity Pulse app; for anything you cannot edit yourself, contact us at the address below.
• Right to erasure. In some circumstances, you have the right to require us to erase your Personal Information without undue delay where our continued processing of it is not justified. You can initiate deletion directly from the app (Profile → Delete account) or through our data-removal page.
• Right to restriction. In some circumstances, you have the right to require us to limit the purposes for which we process your Personal Information — for example where you contest the accuracy of the data or where our processing is not justified.
• Right to object. You have the right to object to processing we carry out on the basis of our legitimate interests where your particular situation outweighs those interests. You can object to direct-marketing emails for any reason at any time, either by clicking the "unsubscribe" link in any marketing message or by contacting us using the details below.
• Right to withdraw consent. Where we process your Personal Information on the basis of your consent — including your consent to the processing of health data, to marketing communications, or to analytics and crash reporting — you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal. Consent toggles for notifications, marketing, usage statistics, and error reporting are available in the app's settings.
• Right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) — our lead supervisory authority — or with the supervisory authority of your country of residence.

These rights are not absolute. We may be entitled to refuse a request, wholly or in part, where an exception under applicable law applies — for example where retention is required to comply with a legal obligation, to establish, exercise, or defend legal claims, or to protect the rights of another person. Where we refuse, we will tell you why and inform you of your right to complain to a supervisory authority.

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request, with a possible two-month extension where the request is complex or numerous.

9. Security

We use physical, managerial, and technical safeguards designed to improve the integrity and security of the Personal Information we collect and maintain. In practice this includes HTTPS for all traffic between your device and our servers, encryption at rest for sensitive data, encrypted local storage for the Longevity Pulse app's on-device state, role-based access controls on production systems, and logging and monitoring of administrative access.

However, the transmission of Personal Information over the internet carries inherent risks and no method of transmission or storage is perfectly secure. We cannot guarantee the security of data transmitted over the internet, and any such transfer is made at your own risk.

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, where required by applicable law.

10. International transfers

We may transfer your Personal Information outside of the country where you are located, including to the United States and other jurisdictions where certain of our service providers are based — for example Google (Firebase Cloud Messaging, Firebase Analytics), Sentry, RevenueCat, Apple, and our cloud-hosting provider.

Regardless of where your Personal Information is transferred, we will ensure that appropriate safeguards are in place to provide an adequate level of protection — for example, by entering into Standard Contractual Clauses approved by the European Commission (and, where relevant, the UK Addendum) with the recipients of your Personal Information, or by relying on an adequacy decision or other valid transfer mechanism under applicable data-protection law.

Further details of the specific safeguards we apply to a given transfer can be obtained from us on request at [email protected].

11. Changes to this policy

We may update this policy from time to time, and we encourage you to review this page periodically. When we make a material change, we will update the "Last updated" date at the top of this policy and, for waitlist subscribers and registered app users, we will also notify you by email.

Changes to this policy become effective when they are posted on this page. Your continued use of Longevity Pulse after a change takes effect constitutes your acknowledgement of the updated policy.

12. Complaints

If you wish to lodge a complaint about how we process your Personal Information, please contact us first at [email protected]. We will endeavour to respond as soon as possible and to resolve your concern directly.

If you are in the United Kingdom or the European Economic Area, you also have the right to lodge a complaint with your national data-protection authority, in addition to or instead of contacting us:

• Romania — our lead supervisory authority is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP). Details are available at www.dataprotection.ro.
• United Kingdom — the relevant authority is the Information Commissioner's Office (ICO). Information on how to make a complaint is available at www.ico.org.uk.
• Other EEA countries — you can find details of your local data-protection regulator through the European Data Protection Board's member directory at edpb.europa.eu/about-edpb/about-edpb/members_en.

13. Our contact information

Digital Ingres Solutions S.R.L. is the entity responsible for the processing of your Personal Information and, for the purposes of the UK GDPR and the EU GDPR, is the data controller in respect of that processing.

If you have any questions or comments about this policy or our privacy practices, or if you would like to exercise your rights in relation to your Personal Information, please contact our data-protection team by email at [email protected].