Longevity PathLongevity Path
Get Started

Privacy Policy

Last updated: May 6, 2026

1. Who we are

Longevity Path (the “Service”) is operated by Liquidless Capital SLU, a company incorporated under the laws of the Principality of Andorra, with registration number L716510W and registered office in Andorra.

For the purposes of the Andorran Qualified Law 29/2021 on Personal Data Protection (“LQPD”) and, where applicable, the EU General Data Protection Regulation (“GDPR”), Liquidless Capital SLU acts as the data controller of the personal data processed through the Service.

You can contact us at fprat@liquidless.capital for any matter relating to this Privacy Policy or the processing of your personal data.

2. Scope

This Privacy Policy describes how we collect, use, and protect your personal data when you use the Longevity Path website, mobile applications (iOS and Android), and any related services. It applies to all users worldwide.

Longevity Path is intended for personal use only and is not a medical service. The Service does not provide medical diagnosis, treatment, or advice. See our Terms of Service for more information.

3. Personal data we collect

We collect the following categories of personal data:

3.1 Account data

  • Email address and password (managed by our authentication provider)
  • Display name
  • Language and locale preferences
  • Authentication tokens and session identifiers

3.2 Health data (special category)

When you connect Apple Health, Google Health Connect, or complete the questionnaire, we process special category data concerning your health, including:

  • Heart rate, resting heart rate, heart rate variability
  • Sleep duration and stages
  • Steps, active energy, exercise minutes, VO2 Max
  • Weight, height, body fat percentage, BMI
  • Blood pressure, blood glucose, oxygen saturation
  • Self-reported lifestyle, medical history, and biomarker information from the questionnaire
  • Information extracted by AI from medical documents you upload (e.g. lab reports, imaging results)

We only ever transmit aggregated 90-day summaries (averages, minimums, maximums, latest value) of HealthKit and Health Connect data to our servers — never individual raw samples. Original medical documents you upload are not stored; only the AI analysis output is retained.

3.3 Usage and technical data

  • Device type, operating system, and application version
  • IP address (used for routing and security)
  • Web analytics data (only if you accept analytics cookies — see Section 9)
  • Notification preferences and notification interaction logs

4. How we use your data

We process your personal data for the following purposes:

  • Providing the Service — calculating your biological age, longevity score, dimension scores, and personalised recommendations.
  • AI-powered analysis — using third-party large language models to analyse medical documents you upload and to generate improvement plans, recommended tests, and supplement suggestions.
  • Account management — authentication, password recovery, multi-factor authentication, and account security.
  • Notifications — sending you push notifications and daily summaries according to your preferences.
  • Legal and security obligations — preventing fraud, abuse, and unauthorised access; complying with applicable laws.
  • Service improvement — aggregated, non-identifiable analytics (only with your consent).

5. Legal basis for processing

We rely on the following legal bases:

  • Explicit consent (LQPD Art. 6 and 9; GDPR Art. 6(1)(a) and Art. 9(2)(a)) — for the processing of your health data and special category data. You can withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Performance of a contract (GDPR Art. 6(1)(b)) — to provide the Service you have signed up for.
  • Legitimate interests (GDPR Art. 6(1)(f)) — for security, fraud prevention, and service integrity.
  • Legal obligation (GDPR Art. 6(1)(c)) — when required by law to retain or disclose data.

6. Who we share your data with

We do not sell your personal data. We share data only with the following categories of trusted service providers (sub-processors), strictly to the extent necessary to operate the Service:

  • Supabase Inc. (United States) — hosted database, authentication, and storage. Your account and health summaries are stored here with row-level security and AES-256 encryption at rest.
  • Anthropic, PBC (United States) — AI analysis of medical documents and generation of recommendations using Claude large language models. Anthropic does not train its models on your data.
  • Vercel Inc. (United States) — hosting of the web application and serving of API requests.
  • Expo (650 Industries, Inc.) (United States) — mobile application build, distribution, and push notification infrastructure.
  • Google LLC (United States) — Google Analytics for the website (only if you accept analytics cookies) and Google Sign-In.
  • Apple Inc. (United States) — Sign in with Apple and App Store distribution.

We may also disclose your data to competent authorities when required by law, court order, or to protect our legal rights.

7. International data transfers

Personal data may be transferred to, processed, and stored outside Andorra and the European Economic Area, principally in the United States. When we transfer data outside Andorra or the EEA, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) and any applicable adequacy decisions. We assess each transfer to ensure that your data receives an essentially equivalent level of protection.

8. Data retention

We retain your personal data for as long as your account is active. Specifically:

  • Account data — retained until you delete your account.
  • Health summaries — retained on a 90-day rolling window; older data is replaced by newer aggregations.
  • Questionnaire answers and computed scores — retained until account deletion.
  • Medical document analyses — retained until you delete them or your account.
  • Shared reports — automatically expire 24 hours after creation.
  • Logs — retained for up to 90 days for security and debugging purposes.

When you delete your account, all personal data is removed from our active systems within 30 days, except where we are required to retain it by law.

9. Cookies and similar technologies

Our website uses the following cookies and similar technologies:

  • Strictly necessary cookies — required for authentication and session management. These cannot be disabled.
  • Analytics cookies — Google Analytics, used only if you accept them through our cookie banner. They help us understand how visitors use the website in aggregate.

You can change your cookie preferences at any time via the cookie banner or browser settings. The mobile applications do not use web cookies but rely on local device storage strictly for non-personal preferences (language, biometrics).

10. Your rights

Under the LQPD and, where applicable, the GDPR, you have the following rights:

  • Right of access — obtain a copy of your personal data.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — request deletion of your account and associated data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to restrict processing — limit how we use your data in certain circumstances.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — at any time, without affecting prior lawful processing.

To exercise any of these rights, contact us at fprat@liquidless.capital. We will respond within 30 days.

If you believe your data protection rights have been violated, you may lodge a complaint with the Andorran Data Protection Agency (Agència Andorrana de Protecció de Dades, APDA — apda.ad). EU residents may also lodge a complaint with the supervisory authority of their country of residence.

11. Children's privacy

Longevity Path is not directed at children. The Service is intended for users aged 16 or older. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Security

We implement technical and organisational measures designed to protect your personal data, including:

  • HTTPS/TLS encryption for all data in transit
  • AES-256 encryption at rest
  • Row-level security on all database tables
  • Bearer-token authentication and optional multi-factor authentication
  • Strict access controls and audit logging
  • No personally identifiable information in application logs

No system is perfectly secure. If you become aware of a security incident affecting your account, please contact us immediately.

13. Use of artificial intelligence

Longevity Path uses artificial intelligence (large language models from Anthropic) to analyse medical documents you upload and to generate personalised recommendations. AI outputs are informational only and are not medical advice. Decisions affecting your health should always be made in consultation with a qualified healthcare professional.

Your data is not used to train Anthropic’s models.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when the policy was last revised. For material changes, we will provide notice through the Service or by email.

15. Contact

For questions about this Privacy Policy or to exercise your rights, contact us at:

Liquidless Capital SLU
Registration number: L716510W
Principality of Andorra
Email: fprat@liquidless.capital

Privacy Policy — Longevity Path