Privacy Policy

Effective date: 7 November 2025

Longevity Signals (“we,” “us,” “our”) is the consumer brand of Biomedical Intelligence Institute. We provide an educational evidence-intelligence app and email that help people understand longevity news and research. We are committed to protecting your privacy and handling personal data transparently and responsibly.

Education only. Nothing in our Services should be used to diagnose, treat, cure, or prevent any disease.

Who is the data controller?

Biomedical Intelligence Institute (operating as Longevity Signals)
Contact: office@longevitysignals.com
If you are in the EEA/UK, this entity is your data controller.

If we appoint an EU/UK representative or a Data Protection Officer (DPO), their details will be added here.

What data we collect

We collect the minimum data needed to run a trustworthy, subscription-based, educational service.

Account & subscription

  • Name, email address, password (hashed), country/region, preferred language.
  • Plan, billing status, renewal dates.
  • Referral codes, creator/partner attribution.

Payment

We use third-party payment processors (e.g., Stripe, Apple, Google). We receive transaction metadata (success/failure, last 4 digits, expiry month/year, country) but do not store full card numbers.

Usage & device

  • App and site activity (pages viewed, clicks, items saved, searches, “Ask” questions, audio plays).
  • Device and technical data (IP address, approximate location, device type, OS, app version, cookies, SDK and API identifiers, crash logs).
  • Email engagement (opens, clicks, unsubscribes).

Content interactions

  • Items you follow, save, share, or rate.
  • “Ask” Q&A prompts and our cited answers.
  • Feedback you submit (ratings, bug reports, feature requests).
  • If you upload or annotate documents (e.g., to “Explain PDFs”), the files and annotations you provide.

Communications

  • Messages you send us (support, legal requests).
  • Newsletter preferences.

Public/source data we process

Publicly available research items (papers, trials, policies, media) and their metadata that our systems ingest and label to power Signal Ranking and Evidence Badges.

Special categories. We do not ask for health data. If you voluntarily type health details into free-text fields (e.g., an “Ask” prompt), we process them only to answer the question and improve safety and quality. You can avoid sharing such details; if you do share them, you are providing explicit consent to this processing (you can withdraw consent at any time—see “Your choices”).

Why we use your data (purposes & legal bases)

We process personal data only when we have a lawful basis under GDPR/UK GDPR and similar laws.

PurposeExamplesLegal basis
Provide the ServicesAccount creation, feed delivery, “Ask” answers, Audio Brief, Explain PDFsContract (to provide what you asked for)
Personalize & improveRank items, tailor interests, quality control, A/B tests, de-buggingLegitimate interests (to run and improve an educational product)
Safety & integrityDetect abuse, enforce Terms, prevent fraud and misuse; show safety contextLegitimate interests; Legal obligation in some cases
Payments & billingProcess subscriptions, receipts, VAT handlingContract; Legal obligation (tax)
CommunicationsService emails, important updates, supportContract; Legitimate interests
Marketing (optional)Newsletters, product updatesConsent (you can opt out anytime)
ComplianceRespond to lawful requests, keep recordsLegal obligation
Research & statisticsAggregate/anonymous analytics on usage and learning impactLegitimate interests (with de-identification)

How we use AI and automation

  • Retrieval-augmented Q&A (“Ask”). Your prompt is answered only from sources we cite. Prompts and outputs may be temporarily processed by vetted AI processors under our instructions to generate educational answers and improve quality and safety.
  • No automated decisions with legal or similarly significant effects.
  • Red-team & quality logs. We may sample anonymized prompts/answers to improve factuality, safety flags, and refusal behavior.

Cookies, SDKs, and similar tech

  • Essential for login, security, fraud prevention, and core features.
  • Analytics (privacy-preserving where possible) to understand engagement and improve ranking and labeling quality.
  • Marketing (only with your consent) for measuring campaigns and creator partnerships.

You can manage cookies in your browser and app settings. Rejecting non-essential cookies may affect personalization but not core access.

How we share data

We do not sell your personal data. We share it only with:

  • Service providers (processors): hosting and cloud infrastructure, analytics, crash reporting, email delivery, customer support, AI model providers, and payment processors. They act under contract, use data only to provide services to us, and implement security controls.
  • Partners you choose: if you use a referral/creator code or opt into a partner benefit, we may confirm that you subscribed and basic attribution (no payment details).
  • Legal & safety: if required by law, to protect our rights or users, or to investigate fraud, abuse, or security incidents.
  • Corporate changes: in a merger, acquisition, or asset transfer, your information may be transferred under this same policy.

We may publish aggregated or de-identified statistics (e.g., percentage of items saved, top categories) that do not identify individuals.

International transfers

We may transfer data to countries outside your home jurisdiction (e.g., to the US). When we do, we use lawful safeguards such as EU Standard Contractual Clauses (SCCs), the UK Addendum, and additional technical/organizational measures.

Data retention

  • Account data: for the life of your account.
  • Payment and invoices: 10 years (or longer if required by tax law).
  • Logs/analytics: typically 6–24 months, then aggregated or deleted.
  • “Ask” prompts & outputs: typically 12 months for quality and abuse prevention, then anonymized or deleted.
  • Support emails: up to 24 months.
  • Backups: time-limited, then purged on a rolling schedule.

We will delete or anonymize earlier upon valid request unless we must keep data for legal obligations or disputes.

Your rights

Depending on your location (e.g., EEA/UK), you have rights to:

  • Access your data and get a copy.
  • Rectify inaccurate data.
  • Erase data (“right to be forgotten”).
  • Restrict or object to processing (including profiling for personalization).
  • Data portability.
  • Withdraw consent where processing is based on consent (e.g., marketing, optional features).
  • Lodge a complaint with your supervisory authority. In Lithuania: State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija).

To exercise rights, email office@longevitysignals.com. We may need to verify your identity and will respond within statutory timelines.

Your choices

  • Email preferences: use the unsubscribe link or settings.
  • Cookies/SDKs: manage via browser/app settings and our cookie banner.
  • Personalization: adjust interests; you may request we limit profiling used to rank or tailor content.
  • Sensitive data: please avoid entering personal health information. If you do, you can withdraw consent at any time and ask us to delete those entries.

Security

We use administrative, technical, and physical safeguards appropriate to the risks, including encryption in transit, access controls, least-privilege, audit logging, and vulnerability management. No system is perfectly secure—please use a strong, unique password and keep it confidential.

Children

Our Services are not for children under 16 (or the age required by your country). We do not knowingly collect data from children. If you believe a child has provided data, contact us and we will delete it.

Third-party links & sources

Our items link to external research and media. We are not responsible for those sites’ privacy practices. Review their policies before providing data.

Changes to this policy

We may update this policy to reflect improvements or legal requirements. We will post the new version with an updated “Effective date” and, for material changes, notify you by email or in-app.

Contact us

Questions or requests about privacy?
Email: privacy@longevitysignals.com
If you are in the EEA/UK, you may also contact your local data protection authority.

Short summary (not a substitute for the policy)

  • We collect only what is needed to provide an educational, subscription service.
  • We do not sell your data. Limited sharing with trusted processors under contract.
  • You control marketing cookies and emails; you can access, correct, delete, or export your data.
  • We avoid health data; if you share it, it is processed with your explicit consent.
  • Security, transparency, and user safety guide our choices.