Privacy POlicy

Last Updated: September 30, 2025

Privacy Policy

Effective Date: 10/1/2025

This Privacy Policy describes how 30-300 LLC (“Longevity Wingman”, “we”, “our”, or “us”) collects, uses, shares, and protects personal data when you use the Longevity Wingman application and related services (the “Services”). Precision Health Technologies Limited (“Shae”) provides the underlying technology platform and acts as our data processor, processing personal data strictly on our documented instructions. We remain the data controller and are responsible for the purposes and means of processing your personal data.

Plain-Language Summary

  • Educational only: The Services provide educational health and wellness guidance, not medical diagnoses, or prescriptions. Consult a qualified healthcare professional before making changes to medication, diet, supplements, or exercise.

  • You choose what to share: If you connect Apple HealthKit or Google Health Connect, we only read the data you authorize and do not write any data back. We use authorized data to deliver features, not for advertising or tracking.

  • No sale / no ads: We do not sell your personal data and do not share it with advertisers. We do not use your personal data for advertising or tracking.

  • Strict vendors: Our vendors act under contract. They may not train AI on your personal data, retain it for their own purposes, or repurpose it. Microsoft Azure is our cloud host and is the only vendor that stores personal data on our behalf.

  • Deletion: If you delete your account, we de-identify your personal data within 30 days.

  • Anonymized improvement & research: We may use anonymized or de-identified data to improve features and contribute to aggregated research and insights. We do not attempt to re-identify anonymized data. We will not use identifiable data for research without your explicit consent.

  • Your rights: Depending on your location, you can access, correct, delete, export, restrict or object to processing, and withdraw consent.

  • Adults only: The Services are for users 18+. Min of 21+, for uploading sensitive biological or psychological samples.

  • Global protections: We align with GDPR/UK GDPR, CPRA (California), applicable U.S. Consumer Health Data laws, Australia’s Privacy Act, and similar regimes. International transfers use recognized safeguards. We also apply protections aligned with the Australian Privacy Principles and, where applicable, HIPAA safeguards for health data.

1. Scope

This Policy applies to Longevity Wingman and associated features. It does not cover third-party services you access via external links.

Portions of the Services may link to or display third‑party content (such as embedded videos or externally provided questionnaires). When you choose to interact with third‑party content, your data may also be subject to the privacy policies of the third‑party provider, which are beyond our control. We encourage you to review those policies before providing any information.

Portions of the Services may link to or display third‑party content (such as embedded videos, third‑party questionnaires, or external tools). When you choose to interact with such content, your data may also be subject to the privacy policies of the third‑party provider, which are beyond our control. We encourage you to review those policies before providing any information.

2. Roles

  • Longevity Wingman (Controller): Determines the purposes and means of processing; configures content, questionnaires, and outputs; responds to privacy requests; ensures legal compliance for the app.

  • Shae (Processor): Operates the platform; processes personal data only on Longevity Wingman’s documented instructions, this includes providing technical support to the Longevity Wingman or its users, where Shae personnel may need temporary, need-to-know access to account data as described in Section 10; does not use personal data for its own independent purposes, except as permitted in Section 6.4 for anonymized/de-identified data.

  • Employer/Program Sponsor (if applicable): Receives only aggregated/de-identified program reporting unless you provide explicit, separate consent to share identifiable data.

3. Information We Process

3.1 Account & Contact Information

Name, email address, login credentials, locale, in-app preferences, and support communications.

Use: account creation, authentication, support, and service communications.

3.2 Wellness, Lifestyle, and Health Information (Sensitive Data)

Self-reported health history, gender at birth, date of birth, health conditions, symptoms, habits, goals; optional laboratory or genetic results you enter; questionnaire responses configured by the Longevity Wingman.

Legal basis: explicit consent (or equivalent where required).

Use: to personalize and improve the quality and relevance of educational insights and wellness features.

3.3 Wearables & Sensors (Read-Only)

If you authorize Apple HealthKit or Google Health Connect, we may read authorized data such as: steps, distance, flights climbed; heart rate, resting heart rate, heart rate variability; VO₂ max; respiratory rate; oxygen saturation (SpO₂); blood pressure; ECG; body temperature; weight/BMI/body composition; sleep metrics; menstrual cycle/ovulation/fertility; nutrition (macros/micros); hydration; calories/energy; active/exercise minutes; exercise sessions/types; GPS/route data (if authorized); posture/balance; stress/readiness/recovery; glucose; HbA1c; ketones; lactate.

We do not write any data to HealthKit or Health Connect.

Use: personalized features, trends, and educational insights.

3.4 Device, Usage, and Diagnostic Data

Device and app identifiers, operating system and app version, crash logs, performance telemetry, and security logs.

Use: reliability, debugging, fraud prevention, and security.

3.5 Purchases and Affiliate Links

If you purchase tests, supplements, or services via links in the app, the transaction is between you and the merchant. We do not process payment card data.

4. Sources of Data

  • Information you provide directly in the app.

  • Data from wearable/health platforms you authorize (read-only).

  • Application and device telemetry.

  • Device OS permissions: Data that comes via permissions prompts, such as notifications and GPS.

  • Information you provide when contacting our customer support for assistance.

  • Technical data such as app usage, crash logs, and diagnostics.

  • Other sources you authorize: For example, if you grant permissions to use your camera, photos, or files to upload health information.

5. Purposes and Legal Bases

Purpose Examples Legal Basis
Provide and personalize features Routines, insights, progress Contract; explicit consent for sensitive/health data
Educational insights Lifestyle suggestions, nudges Explicit consent
Safety and integrity Security monitoring, fraud prevention Legitimate interests; legal obligation
Research & improvement (anonymized) Aggregated analytics, quality Legitimate interests; consent where required
Compliance Rights requests, legal duties Legal obligation

6. AI, Profiling, and Model Improvement

6.1 Educational, not diagnostic

The Services provide educational health and wellness guidance, insights, and suggestions. These are for general informational purposes only and are not medical advice, diagnoses, or prescriptions.

6.2 No solely automated high-stakes decisions

We do not make decisions with legal or similarly significant effects solely by automated means. What that means is: our insights are for educational purposes only. They do not make binding or life-affecting decisions about you. You remain in control, and our services are not used to make legal, financial, or medical eligibility determinations.

6.3 Your choices

Where provided by law, you may object to profiling or request human review. Some features may not function without data-driven personalization.

6.4 Use of anonymized/de-identified data by Shae

To improve platform quality and safety for all customers, Shae may use anonymized or de-identified data that is not reasonably linkable to a person to enhance algorithms, models, features, and service reliability. Shae does not use identifiable personal data for its own model training, does not sell data, and does not use data for advertising. For this limited purpose involving non-personal (anonymized/de-identified) data, Shae acts as an independent controller of such non-personal data.

7. Health Platforms (App Store Disclosures)

  • Apple HealthKit / Health app: We only read user-authorized data; we do not write to HealthKit; data is used only for in-app features and is not used for advertising or tracking.

  • Google Health Connect: We only read user-authorized data; we do not write to Health Connect; usage follows Google Play disclosures; no advertising use.

This app reads health data you authorize (see Annex B) to deliver educational wellness insights. It does not write data back to Apple Health or Google Health Connect and does not use health data for advertising or tracking.

8. Vendors and Subprocessors

We use vendors in categories such as cloud hosting, analytics, communications/support, and security. Vendors are bound by contract to:

  • process personal data only on our documented instructions;

  • implement appropriate security measures;

  • not train AI on your personal data;

  • not retain or repurpose personal data for their own purposes; and

  • flow down these obligations to their subcontractors.

Storage: Only Microsoft Azure stores personal data on our behalf as our cloud host.

Transparency: We use trusted service providers such as secure cloud hosting, analytics, communications, and security tools to help us operate the Services. These providers process personal data only on our instructions and under contract. Where required by law, we may provide further details about these service providers to regulators or other authorized requestors.

9. Sharing and Disclosure

We do not sell personal data and do not share it with advertisers or for cross-context behavioral advertising. We may disclose personal data:

  • to service providers and subprocessors under the safeguards in Section 8;

  • to program sponsors only in aggregated/de-identified form, unless you explicitly consent to identifiable sharing;

  • to comply with laws, enforce terms, or protect rights, safety, and security;

  • in connection with corporate transactions, under continued protections at least as protective as these.

10. Support and Troubleshooting

If you or your program sponsor contact us for technical support, our technology provider Shae may need to temporarily access certain user account data to diagnose and resolve the issue. Such access is:

  • on a need-to-know basis only,

  • limited to the minimum information necessary to fix the problem, and

  • carried out under strict confidentiality and data protection obligations.

Shae does not use support access for any other purpose, and access ends once the issue is resolved.

11. International Transfers

Where personal data is transferred internationally, we use recognized safeguards such as Standard Contractual Clauses and comparable mechanisms under applicable laws, including for the EU, UK, and other regions. In addition to contractual safeguards, we apply technical measures such as encryption and minimization to protect personal data during international transfers.

12. Retention and De-Identification

We retain personal data while your account is active. If you delete your account, we de-identify personal data within 30 days, copies may persist in secure system backups for 90 days. We may retain anonymized data for research and service improvement and will not attempt to re-identify it.

13. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict or object, and port your personal data, and to withdraw consent at any time (without affecting processing already performed). You may also lodge a complaint with your local data protection authority.

Data Access and Portability: You have the right to request a copy of the personal data you have provided to us (for example, your account details, uploaded health-related files, and self-reported entries). Where legally required, we will provide this information in a structured, commonly used, and machine-readable format where technically feasible. This excludes proprietary algorithms, models, and outputs that form part of our intellectual property.

California (CPRA): You have rights to know, delete, and correct; to opt-out of “sale” or “sharing” (we do neither); and to limit use of sensitive personal information (we use it only to provide requested services). We do not sell your data to advertisers or for cross-context behavioral advertising.

U.S. Consumer Health Data Laws (where applicable): We obtain consent where required, minimize collection and use, and comply with restrictions such as limits on geofencing around sensitive health locations.

We also apply protections aligned with the Australian Privacy Principles and, where applicable, HIPAA safeguards for health data.

Submit requests via [email protected] We may verify your identity and will respond within applicable timelines.

14. Security and Breach Notification

We use layered safeguards including encryption in transit and at rest, least-privilege access, segmentation, monitoring, secure development practices, and an incident response program. We will notify applicable authorities and affected users without undue delay, and within any timeframes required by law (for example, within 72 hours under the EU GDPR).

15. Children

The Services are intended for adults 18+. We do not knowingly collect children’s data. If a parent/guardian believes a child has used the Services, they should contact us at [email protected] to request deletion.

16. Cookies and SDKs

We do not use your data for cross-app tracking, targeted advertising, or behavioral advertising. The Services are designed without advertising SDKs and do not share your data with third-party advertisers.

We use only essential and performance SDKs/cookies to operate and improve the Services. We do not use advertising SDKs and do not allow third-party tracking for ads. If you prefer not to share data with us, you can manage this by deleting your account at any time.

17. Changes to this Policy

We may update this Policy periodically. Material changes will be communicated in-app and/or via email before they take effect. The Effective Date above reflects the latest version.

18. Contact

For questions or privacy requests, contact [email protected].

Annex A — App Store Disclosures (Templates)

Apple Privacy Nutrition Labels

  • Data Linked to You: the health/fitness metrics you authorize (see Annex B), account identifiers, usage/diagnostics.

  • Data Not Linked to You: anonymized analytics.

  • Data Used for Tracking: none.

  • Advertising: none.

Google Play Data Safety / Health Connect

  • Collected: authorized health data, identifiers, diagnostics.

  • Shared: only with processors under contract; de-identify wherever feasible.

  • Security: encryption in transit and at rest; deletion options.

  • Health Connect: we only read authorized data and do not write back.

Annex B — Wearable & Sensor Data Types (Read-Only)

The app may read, some or all of the following, with your authorization and depending on device support, the following data types:

  • Steps / Step count; Distance; Flights climbed

  • Heart rate; Resting heart rate; Heart rate variability (HRV)

  • VO₂ max; Respiratory rate; Blood oxygen saturation (SpO₂); Blood pressure; ECG

  • Body temperature; Weight / Body mass / BMI; Body fat %; Lean/muscle mass

  • Sleep metrics (including quality/score or stages where provided)

  • Menstrual cycle; Ovulation / Fertility / Pregnancy

  • Nutrition (macronutrients and micronutrients); Hydration; Calories / Energy expenditure

  • Active / Exercise minutes; Exercise sessions / Activity types

  • GPS / Route data (if authorized)

  • Posture / Balance

  • Stress / Readiness / Recovery; wellness indicators, not diagnostic mental health information.

  • Glucose; HbA1c; Ketones; Lactate

Annex C — Disclaimers

  1. Educational only: The Services provide general wellness education and lifestyle guidance and are not a substitute for professional medical advice, diagnosis, or treatment, and are not intended for emergency use.

  2. User responsibility: You are responsible for decisions you make based on the information provided and should consult a qualified healthcare professional before making significant health changes.

  3. Controller responsibility: We are solely responsible for the app’s content, questionnaires, and outputs.

  4. Processor shield: Shae processes personal data solely on our instructions as platform provider.

  5. Commerce neutrality: Purchases via links occur directly between you and third-party merchants; we are not a party to those transactions.

  6. De-identification first: Wherever feasible, data disclosed externally is de-identified or aggregated.

  7. Liability limits: Liability limitations are set forth in the applicable Terms of Service.

FDA Disclaimer: The statements and content provided within the Longevity Wingman App have not been evaluated by the Food and Drug Administration. The App is intended for educational and informational purposes only and is not intended to diagnose, treat, cure, or prevent any disease. Always seek the advice of your physician or other qualified healthcare provider with any questions regarding your health or medical conditions.

© 2025 Gladden Longevity. All rights reserved.