Privacy Policy – Longevity Community® Biohacking Platform

Introduction

Welcome to Longevity Community® (the “Platform”). We are committed to protecting your privacy and complying with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive. This Privacy Policy explains what personal data we collect, how we use and share it, and your rights. It applies to our website and services, including personal user accounts, public profiles, newsletters, and personalized content features.

Data Controller: Longevity Community® (operated by Longevity Community, a company based in the European Union) is the controller of your personal data. If you have any questions or requests regarding your personal data, you can contact us at support@longevitycommunity.org.

Last updated: April 18th, 2025.

Information We Collect

We collect personal data about you when you use our Platform. This includes data you provide directly, data collected automatically (e.g. via cookies), and data from third-party tools. We only collect data necessary for the purposes described in this Policy. Key categories of data include:

Account Information: When you create an account, we collect your name, email address, username, password (stored securely in hashed form), and any other signup details. This is used to identify you and provide you with an account.

Profile Data: You may choose to add information to your public profile (such as a bio, profile photo, location, interests, or health goals). Providing this information is optional. Keep in mind that any information you mark as part of your public profile will be visible to other users and the public – please only share what you are comfortable with. You can edit or remove your public profile information at any time.

Health and Preference Data: If you subscribe to certain health topics or provide information about your wellness interests (for example, selecting areas of biohacking or longevity you’re interested in), we collect these preferences to personalize content and recommendations. We do not collect sensitive health data (e.g. medical conditions) unless you voluntarily provide it and consent to its use.

Content and Activity: We collect data on your interactions with the Platform, such as the articles or posts you view, the content you like or bookmark, and your activities on your personalized dashboard. If you post content, comments, or feedback on the Platform, we will process those postings (which may include personal data you choose to share). Public posts or comments you make will be visible to others along with your username (and any public profile info you have shared).

Newsletter and Communication Data: If you subscribe to our email newsletter or health updates, we collect your email address and record your subscription preferences. We may also note how you interact with our emails (for example, whether you open them or click on links) to understand engagement. (See Cookies & Tracking below for how email tracking works and your choices.)

Technical & Device Data: When you use the Platform, we automatically collect certain technical information:

Log and Device Information: IP address, browser type and version, device identifiers, operating system, and device type (e.g. mobile or desktop).

Usage Data: Dates and times of access, pages or features used, time spent on pages, error logs, and referral URLs (e.g. what site or ad led you to us).

Cookies and Tracking Identifiers: Unique IDs stored in cookies or similar technologies (see Cookies & Tracking section) that help us recognize your browser or device across sessions.

Third-Party Analytics and Advertising Data: We use third-party tools like Google Analytics and Meta Pixel (Facebook) which collect data via cookies/trackers on our site. This may include information about your visit such as the pages you view and actions you take. These third parties may receive certain data about your device and browsing behavior on our site (for example, Google Analytics may receive your truncated IP address and activity on our site, and Meta Pixel may note that you visited or took certain actions for ad measurement purposes). We ensure these third-party tools are only activated with your consent (except for strictly necessary data collection). More details are provided in Cookies & Tracking Technologies below.

We do not collect any more personal data than needed for the purposes described, and we do not knowingly collect data from children under 16 without appropriate consent.

How We Use Your Information and Legal Bases

We process your personal data for the following purposes, and in each case we rely on a legal basis under GDPR for the processing. This section explains what we do with your data and the legal justification (our “legal basis”) for each type of processing:

Provide and Personalize the Service: We use your account and profile data to create and maintain your personal account, allow you to log in, and use our Platform’s features. We also use your profile preferences, activity, and interactions to personalize your experience – for example, to curate your dashboard content, recommend relevant articles or biohacking tips, and tailor the Platform’s interface to your interests. Legal basis: Performance of a contract (GDPR Art. 6(1)(b)) – this processing is necessary to deliver the services you signed up for, including personalized content which is a core feature of the Platform. (In cases where personalization is not strictly necessary, we rely on our legitimate interest to improve user experience, as permitted by Art. 6(1)(f), but only after ensuring this does not override your rights). You have the right to object to profiling used for personalization – see Your Rights below.

Account Management and Support: We use your data to provide customer service and support, to send you important account or service communications (e.g. password reset emails, changes to terms or this policy, security alerts), and to respond to inquiries you send us. Legal basis: Performance of a contract (Art. 6(1)(b)) for routine service communications and support (as these are necessary to provide the service), and legitimate interests (Art. 6(1)(f)) for any additional support or feedback processing (we have a legitimate interest in helping our users and maintaining our services, in a way that you would reasonably expect).

Newsletter and Health Updates: If you subscribe to our newsletter or health update emails, we will use your email address to send you those periodic communications. We may tailor the content of emails based on your profile or past interactions (for example, focusing on topics you’ve shown interest in). Legal basis: Consent (Art. 6(1)(a)) – you will only receive marketing or newsletter emails if you have opted in. You can withdraw your consent at any time by unsubscribing (every marketing email provides an unsubscribe link, and you can also manage your email preferences in your account settings).

Behavioral Tracking for Newsletter Personalization: Our emails may include a small tracking pixel or unique link identifiers that tell us if you open an email or click on certain content. We use this information to understand what topics are most useful to you, to avoid sending irrelevant content, and to improve our newsletter strategy. Legal basis: We consider this part of our legitimate interests (Art. 6(1)(f)) in improving our communications, as it has minimal impact on privacy and you have control via unsubscribe. However, we will only deploy email tracking to the extent allowed by applicable law (e.g., some jurisdictions treat email open tracking similar to cookies requiring consent – by subscribing you acknowledge this tracking, and you can disable images in your email client to avoid pixel tracking if desired). You can also opt out of further tracking by unsubscribing from the emails at any time.

Analytics and Platform Improvement: We analyze usage data (including through cookies and similar technologies) to understand how our Platform is used and to improve the user experience. This includes using Google Analytics to collect information about site traffic and user interactions (for example, which pages are most visited, how users navigate the site, what content is popular)​. We have configured Google Analytics in a privacy-compliant manner – for instance, on Google Analytics 4 we do not log or store your full IP address, and Google Analytics does not identify you personally in our reports. We use the insights from analytics to fix technical issues, optimize content placement, and make informed decisions about new features. Legal basis: Consent (Art. 6(1)(a)) via our cookie banner for any analytics cookies or tracking – we will only activate Google Analytics (or similar analytics tools) if you have given consent to analytics cookies, in accordance with the ePrivacy Directive. (If analytics data is truly anonymized or aggregated, it may not be considered personal data; however, we treat analytics as personal data to be safe and thus require consent as required by EU regulators.) You can withdraw consent at any time (see Cookies & Tracking below for how). In limited cases, we may rely on legitimate interests (Art. 6(1)(f)) for internal analytics using non-cookie methods (for example, counting page visits in server logs for security and anti-fraud purposes), but this would be done in a privacy-preserving manner and only as necessary to operate the service.

Personalized Advertising and Marketing: With your permission, we use third-party advertising cookies/pixels (like the Meta Pixel from Facebook/Instagram) to help deliver targeted ads about our Platform or to measure the effectiveness of our marketing campaigns. For example, the Meta Pixel allows us to show you tailored ads on Facebook or Instagram if you’ve visited our site, and to understand conversions (like if you signed up after seeing one of our ads). Legal basis: Consent (Art. 6(1)(a)) – these marketing and advertising trackers are only used if you explicitly opt in via our cookie consent banner. We do not share your data with advertisers unless you have consented. You can refuse or withdraw consent and still access our services (opting out will simply result in less relevant ads or no ads from us on other platforms). See Cookies & Tracking for more details. (Note: We rely on consent for personalized advertising in line with EU regulatory requirements – we do not use “legitimate interests” for third-party targeted ads, to ensure full compliance with GDPR and recent enforcement trends​)

Social and Community Features: If our Platform offers community interactions (such as forums, commenting, or connecting with other biohackers), we will process the personal data you provide for these features. For example, if you participate in a community forum, your profile name and posts will be displayed to other participants. Legal basis: Performance of contract – these features are part of the service you choose to use. By posting or engaging in community areas, you are explicitly choosing to make that information available to others (which we view as consent to share that information publicly). You can delete any posts or content you have shared, and they will no longer be visible (though backups or caches might persist for a short time).

Security and Fraud Prevention: We process certain data (like IP addresses, device information, and usage patterns) to monitor for suspicious activities, protect against fraudulent, harmful or unauthorized behavior, debug and fix errors, and ensure the security of user accounts and our network. Legal basis: Legitimate interests (Art. 6(1)(f)) – we have a legitimate interest in keeping our Platform safe and preventing misuse. This may include, for example, automated tools that detect multiple failed login attempts or that flag accounts engaging in spam. Such processing is necessary to protect the integrity of our services and all our users’ data. In some cases, processing security data is also necessary for compliance with legal obligations (e.g., logging access to personal data to comply with GDPR security requirements).

Legal Compliance and Obligations: We may need to process and retain personal information to comply with our legal obligations – for instance, to fulfill financial reporting rules, tax and accounting requirements for any purchases, or to comply with a court order or binding request from law enforcement. We also process data to exercise or defend legal claims if needed. Legal basis: Compliance with a legal obligation (Art. 6(1)(c)) where applicable, or otherwise legitimate interests (to lawfully protect our rights, Art. 6(1)(f)). For example, if you make a purchase or donation through the Platform, we might retain transaction records as required by financial regulations, and if authorities lawfully require user data, we may process data under legal obligation.

Other Purposes with Consent: If we ever need to process your personal data for a purpose that is not covered above, we will explain it to you and, if required by law, obtain your consent. You have the right to refuse or withdraw consent for such new purposes at any time.

No Automated Decisions Producing Legal Effects: We do not use your data for any fully automated decision-making that has legal or similarly significant effects on you (as defined in GDPR Art. 22). While we do profile your data to personalize content (see above), this does not have a legal or adverse effect on you – it only influences the content and recommendations you see. You will not be denied services or subjected to decisions with legal impact based solely on automated processing of your data. If this changes in the future, we will inform you and ensure we have a lawful basis (and your rights to human review and contesting decisions will be respected).

Cookies and Tracking Technologies

Like most online platforms, we use cookies and similar tracking technologies to provide and improve our services, in compliance with the ePrivacy Directive and GDPR. This section explains what cookies/trackers we use, why we use them, and how you can manage your preferences.

What Are Cookies? Cookies are small text files stored on your browser or device. They may be set by us (first-party cookies) or by third-party services we use (third-party cookies). We also use analogous technologies such as web beacons or pixels (tiny images embedded in webpages or emails) and local storage objects. For simplicity, we refer to all these as “cookies” or “tracking technologies.”

Types of Cookies We Use: We categorize our cookies based on their purpose. You have control over non-essential cookies through our cookie consent banner and settings:

Strictly Necessary Cookies: These cookies are essential for our site to function properly and cannot be disabled. For example, they include session cookies that keep you logged in as you navigate, security cookies that help us protect your account, or preferences required to remember your privacy choices. These cookies do not require consent under ePrivacy, but we still want you to know about them. We only use them for their intended necessary purpose and not for tracking. (For instance, if you add items to a cart or select preferences, a cookie may remember those; or a cookie might save your language selection or cookie consent state.)

Functionality/Preference Cookies: These cookies remember choices you make to enhance your experience. For example, if you select a preferred language, region, or interface theme, or if the site has a feature to remember your biohacking interests, we may use a cookie to keep those preferences on your next visits. These may be first-party cookies. We ask for your consent for these if they are not strictly necessary, but note that refusing them might affect some personalized features (e.g., you may have to re-enter certain preferences each time).

Analytics/Performance Cookies: These cookies collect information about how visitors use our site, so we can understand traffic patterns and improve performance​. We use Google Analytics (GA4) for this purpose. Analytics cookies allow us to see aggregate data such as which pages are popular, how long users stay, and how they move through the site. The information collected via our analytics cookies is aggregated and anonymized; it does not directly identify you. For example, Google Analytics uses a cookie (_ga) to assign a random ID to your browser; this helps count unique visitors. We have configured Google Analytics with privacy safeguards:

IP Anonymization/Masking: Your IP address is truncated or anonymized before being used for analytics, meaning Google does not store your full IP​. (In Google Analytics 4, IP addresses are not logged at all by design.)

No sharing of data for Google’s own purposes: We have disabled Google’s data sharing and advertising features within Analytics, so data is only used by us for our analysis.

Data Processing Agreement: We have a GDPR-compliant data processing agreement in place with Google, which binds Google to process analytics data only on our behalf and not for other purposes.

Retention Limit: Analytics data is retained for a limited period (see Data Retention below) and automatically deleted thereafter​.

Consent for Analytics: We will not set analytics cookies unless and until you provide consent via the cookie banner. When you first visit, you’ll see a cookie consent banner asking you to accept or reject non-essential cookies. If you opt out (reject), Google Analytics will be disabled and no analytics cookies will be placed. You can also withdraw consent later (see Managing Cookies below). Refusing or removing analytics cookies will not affect the basic functioning of the site (you can still use our services normally).

Advertising/Marketing Cookies: Our site uses third-party advertising cookies/pixels only if you opt-in. The main marketing technology we use is the Meta Pixel (from Facebook/Meta Platforms) to help us with advertising and audience insights. If you consent to marketing cookies, the Meta Pixel will be enabled on our site. This means:

Meta (Facebook/Instagram) will place cookies or use existing identifiers on your device to track your activity on our site. For example, it may note that you visited certain pages or clicked certain buttons.

This information allows us to potentially show you tailored ads on Meta’s platforms (Facebook/Instagram) about our content or services (sometimes called “retargeting”). It also helps us measure ad campaign effectiveness (e.g., seeing if people who saw an ad ended up registering on our Platform).

The data collected by Meta Pixel on our site (sometimes called “Event Data”) may include your IP address, device info, and details of your actions (like page URL, button clicked, timestamp). This data is transmitted to Meta Platforms, Inc. We do not see personal identifiers in this process – we only see aggregate reports (e.g., “X number of people clicked our Facebook ad and then visited our site”).

Meta may also use the data it collects to improve its own ad targeting systems and share insights with us. Important: When the Meta Pixel is active, we and Meta are considered joint controllers for that data under GDPR, since we decide to collect it and Meta decides how to further use it to deliver ad services. We have entered into Meta’s Joint Controller Addendum to ensure compliance, which outlines our respective responsibilities. In essence, we ensure we only collect Pixel data with your consent, and Meta ensures it has a valid basis to process that data on its side (Meta’s use of the data is covered by your agreements with Meta and Meta’s Privacy Policy). You have rights with respect to this data – you can contact either us or Meta to exercise them (see Your Rights below).

Consent for Advertising Cookies: By default, these cookies/pixels are disabled. If you choose “Accept all cookies” or specifically enable “Marketing” in our cookie settings, then the Meta Pixel (and any similar marketing trackers) will run. If you choose “Reject” or do not enable marketing cookies, no advertising cookies will run and we will not send Pixel data to Meta. You will still see generic ads on other platforms (unrelated to our site visit), but not our targeted ads. Opting out will not affect your use of our Platform.

Email Tracking Pixels: As mentioned, our marketing emails may contain a tiny image file (tracking pixel) that informs us whether you’ve opened the email and may record device/email client info. This helps us gauge interest and refine content. If you do not want to be tracked in this way, you can disable image loading in your email client (many email providers let you block external images by default) – this will prevent the tracking pixel from loading. You can also unsubscribe from the newsletter if you prefer not to receive any tracked communications.

Cookie Consent Banner: In compliance with the ePrivacy rules, when you first visit our site we display a clear cookie consent banner. This banner explains the categories of cookies and gives you a real choice to Accept or Reject non-essential cookies. We do not load analytics or marketing cookies until you have given consent (prior affirmative consent). You can also click “Preferences” or “Learn More” on the banner to see detailed information about each cookie category and select which types of cookies you consent to. We make it as easy to withdraw consent as to give it – you will always have a way to change your preferences (for example, via a “Cookie Settings” link on our site).​ 

Access Without Cookies: If you refuse all non-essential cookies, you will still be able to use the core features of our Platform, including browsing content, creating an account, and viewing your dashboard. Some personalization or tracking-based features may be limited (for instance, we won’t remember your preferences or recommend content as accurately without certain data), but access is not blocked. We do not use “cookie walls” that force you to accept cookies to use the service; consent is freely given.

Managing and Withdrawing Consent: You have full control over cookies:

Cookie Settings on Our Site: You can update your consent choices at any time by [clicking the “Cookie Settings” link] (for example, found in the footer of our website). There, you can toggle analytics or marketing cookies on or off and save your preferences. We will honor your updated choices immediately.

Browser Settings: Most web browsers allow you to refuse or delete cookies. You can use your browser’s settings to delete existing cookies or block future cookies from our site or all sites. (Keep in mind, blocking all cookies might impact functionality of many websites.)

Opt-Out Tools: For Google Analytics specifically, Google provides an opt-out browser add-on you can install to prevent Analytics on any site from using your data. For Meta, you can adjust your ad preferences on your Facebook/Instagram account to control how your off-Facebook activity is used for ads. Additionally, you can use industry opt-out sites like YourOnlineChoices to opt out of many advertising trackers.

Note on Do Not Track: If your browser is set to “Do Not Track” (DNT), our system will honor it by not setting analytics/marketing cookies by default. However, due to limitations, we still recommend using our consent tool to explicitly opt out.

For more details, please see our separate Cookies Policy [if you have a more detailed one]. We aim to be fully transparent about our use of cookies and to comply with all recent guidelines from Data Protection Authorities regarding cookie consent (for example, providing a clear “Reject” option and avoiding deceptive designs).

Personalized Content, Profiling and Automated Decision-Making

One of the key features of Longevity Community® is providing personalized content and recommendations to enhance your biohacking journey. This means we profile certain data about you to tailor what you see on the Platform. Here we explain what profiling occurs, why we do it, and what it means for you.

What is Profiling? Under the GDPR, “profiling” means any form of automated processing of personal data to evaluate personal aspects of a person, in particular to analyze or predict aspects like personal preferences, interests, behavior, etc. On our Platform, profiling occurs when we analyze your data (such as the articles you read, topics you follow, and interactions you make) to infer your interests and preferences. This helps us categorize you (for example, as a user interested in nutrition or in fitness or longevity science) and predict what content might be most relevant to you.

How We Profile You: We collect data about your on-site activities (e.g., reading an article about intermittent fasting, or viewing a supplement guide) and engagement (e.g., you spend a lot of time on fitness-related posts, or you mark certain articles as “helpful”). Our system may in real-time update your profile with tags or scores (for example, a higher “interest level” in fitness). We also use any explicit preferences you provided (like topics you said you’re interested in during sign-up or in your profile settings). Using this profile data, our content recommendation engine automatically selects which posts or tips to show prominently on your dashboard or suggests new content you haven’t seen but might like. This process is dynamic – as you interact more, the recommendations may change to better reflect your current interests.

For example, if you read several articles about sleep optimization, our system may infer that “sleep” is a topic of interest and start showing you more content related to sleep health. Similarly, if you consistently skip or ignore articles on a certain topic, the system may show you less of that. This automated profiling helps personalize the Platform for you.

Impact on You: The result of this profiling is personalized content delivery. The impact on your experience is that you see content tailored to your likely interests, which can make the platform more relevant and useful. Importantly:

This does not affect your ability to access any content. No content is locked away from you due to profiling; you can always search or browse the full range of content. Profiling just affects what is highlighted or suggested for you.

The profiling does not produce any legal or significant effect on you beyond the on-site experience. It doesn’t involve decisions like credit checks, insurance pricing, or hiring – it’s only about customizing content and possibly what marketing messages you see from us.

We do not use profiling to make any prohibited decisions (such as based on special category data without consent). We also do not profile in a way that would be discriminatory or unfair (for instance, we do not show different prices or deny features based on profiling).

Transparency and Control: We want to be transparent that this profiling is occurring. By using the Platform with an account, you are aware that personalization will happen. The legal basis for this profiling is as described in How We Use Your Information – it is largely part of our service (contractual necessity) or our legitimate interest to provide a relevant user experience. However, you do have some control:

You can influence the profile by the preferences you set (e.g., explicitly telling us topics you like or don’t like in your account settings, if that feature is available).

If you prefer a less personalized experience, you may adjust settings (for example, we may provide a toggle to “show trending content” instead of personalized content, or you can unfollow certain topics). You may also clear or reset your profile interests by contacting support if you wish.

You have the right to object to processing of your personal data for personalization (profiling) at any time on grounds relating to your particular situation. If you do so, we will evaluate your request and, unless we have compelling legitimate grounds to continue, we will stop or limit profiling for you. This could mean your experience becomes more general and less tailored. (Note: For direct marketing profiling, your objection is absolute – if you object, we will stop using your data for marketing profiles immediately.)

Our recommendation algorithms do not override any choices you actively make. For instance, if you bookmark content to read later or explicitly follow a creator or topic, those actions directly control what you see, aside from the automated recommendations.

We do not currently offer a complete opt-out of in-platform content personalization (as it is integral to how the Platform works), aside from not logging in (browsing publicly without logging in will give you generic content). However, we ensure that even with personalization, the content you see remains diverse and you can find all information on the Platform. If you have concerns about profiling, please contact us – we take such inquiries seriously and will work to accommodate reasonable requests (for example, we could turn off certain data collection for your account if technically feasible).

No Sale or Undisclosed Sharing of Profile Data: We treat the data used for profiling as part of your personal data. We do not sell or rent your profile information to third parties. We may use segments for our own advertising (e.g., using your interest profile to decide which newsletter to send you, or using a hashed identifier to reach you on a platform like Meta if you consented to marketing), but these uses are always under the conditions described in this Policy. We do not make your individual profile visible to other users – other users can only see information you’ve chosen to make public (like your public profile info or posts).

Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not sell your personal information to third parties. We only share your data in the following circumstances:

With Service Providers (“Processors”): We use trusted third-party companies to help us operate the Platform and provide our services to you. These third parties process data on our behalf under strict instructions and obligations under GDPR (Data Processing Agreements). Key processors we use include:

Hosting and Infrastructure: e.g., cloud service providers or data center hosts that store our databases and run our application. (Your data is stored on secure servers operated by these providers, but they cannot use your data for their own purposes.)

Email Delivery Services: e.g., a mailing service provider to send out our newsletters and transactional emails. They handle your email address and the content of the emails under our instructions.

Analytics Services: Google Analytics, as described, processes usage data on our behalf to provide aggregated analytics reports​.  Google acts as our processor in this context, and is bound by EU Standard Contractual Clauses and their GDPR terms to protect your data.

Advertising Partners: When you consent to advertising cookies, data is shared with Meta Platforms, as explained under Cookies. Meta may act as a joint controller for that data; however, our integration with Meta is governed by agreements to ensure compliance and limit how Meta can use the data (they primarily use it to provide us the advertising services).

Payment Processors: If we offer paid services or transactions, your payment details (credit card, etc.) may be handled directly by a third-party payment gateway (for example, Stripe or PayPal). Such processors get the necessary information to process the payment securely. We do not receive or store full payment card numbers; we only get confirmation of payment or limited info needed for records (like last 4 digits of a card, card type, and transaction ID).

Other Tool Providers: We might use other tools for things like surveys, customer support ticketing, or scheduling calls. If we do, those providers might process data you provide (like a support query or survey response) solely for our specified purposes.

Processor Obligations: All our processors are contractually bound to handle personal data in compliance with GDPR. They must only process data for the purposes we specify, must apply appropriate security measures, and must keep the data confidential. If a processor is outside the EU, we ensure lawful transfer mechanisms (see International Data Transfers below). We regularly review our processors to ensure they remain compliant. They cannot use your data for their own marketing or other independent purposes.

With Other Users or the Public: Some sharing of data is inherent in the Platform’s functionality:

If you create a public profile, the information you include (e.g., your username, bio, profile picture, and any other fields you mark as public) will be visible to other users and potentially to the general public on the internet. Likewise, any content you publish in public areas (posts, comments, forum discussions) will be visible along with your public profile info. This is your choice and part of using those features – you can control what you share. If you later remove or hide that information, it will no longer be shown publicly, though search engines or archives might have cached it for some time (outside of our control). We also remind users to avoid sharing sensitive personal data about themselves in public areas.

If the Platform has social features like following or messaging: if you follow another user or they follow you, those users might see certain information about you (like your display name or the fact that you follow them). If you send private messages, those are of course seen by the recipients. We will only access such communications if needed for moderation or legal reasons, in line with your expectations.

With Law Enforcement or Regulators: We may disclose personal data to government authorities, law enforcement, or regulators if required to do so by law or pursuant to a valid legal process (such as a subpoena, court order, or similar). We will always ensure the request is legitimate and will only provide the minimum data necessary. Where appropriate, we may notify you of such requests (unless legally prohibited). Additionally, if we need to enforce our Terms of Service or protect the rights, property, or safety of our users, the public, or Longevity Community, we might disclose information as necessary (for example, sharing relevant information with law enforcement to report a fraudulent or criminal activity).

Business Transfers: If Longevity Community® (or the company operating it) undergoes a business transaction, such as a merger, acquisition, corporate reorganization, or sale of assets, your personal data may be transferred to the new owner or partner as part of that deal. In such cases, we will ensure the new owner is contractually obliged to respect the terms of this Privacy Policy (your personal data would remain subject to the promises made here). We will notify you (e.g., via email or notice on our site) of any such change in ownership or control of your personal information, along with any choices you may have.

With Your Consent: Apart from the above, if we ever need to share your information with a third party for a purpose not covered by this Policy, we will obtain your consent. For example, if we partner with another company for a special event or research project and want to invite you, we might ask if you’d like to share your contact info with that partner. We will not do so unless you say yes. You are also always free to independently share your own information with others (for instance, sharing a particular article with a friend via social media); such actions are under your control, not ours.

We strive to keep any sharing to a minimum and always done in a transparent and secure way. Whenever personal data is shared with any third party, we ensure it’s protected and only used for the intended purpose. We also maintain an up-to-date list of our key processors which you can request from us if you’d like more specifics on who processes your data.

International Data Transfers

Longevity Community® is based in the European Union, and we primarily store and process your personal data within the European Economic Area (EEA). However, some of our third-party service providers are located outside of the EEA (for example, in the United States). This means your personal data may be transferred to and processed in countries outside your country of residence, including countries that may have different data protection standards than the EU.

Transfers outside the EEA: Whenever we transfer personal data out of the EEA, we take steps to ensure that an adequate level of protection is applied to your data, as required by GDPR (Chapter V). The safeguards we use include:

Adequacy Decisions: Where applicable, we may rely on an EU “adequacy decision,” which is a determination by the European Commission that a non-EU country offers a sufficient level of data protection. (For example, transfers to countries like the UK, Switzerland, or others deemed adequate are permitted. Notably, as of 2023, the EU has adopted an adequacy decision for the EU–US Data Privacy Framework. If our US partners are certified under this framework, your data may be transferred to them on that basis of adequacy.)

Standard Contractual Clauses (SCCs): In most cases, we use the European Commission’s approved Standard Contractual Clauses with the recipient of the data. These are contractual commitments that bind the recipient to protect your data according to EU standards. For instance, when we use US-based services like Google or Meta, we have SCCs in place as part of our data processing agreements with them. These clauses obligate the provider to safeguard the data and give you enforceable rights. We also assess on a case-by-case basis if any additional technical or organizational measures are needed to ensure data is protected (for example, encryption in transit and at rest, or minimizing data that leaves the EEA).

Additional Safeguards: We ensure any US-based providers handling EU personal data have supplementary measures to address US government access concerns post-Schrems II. For example, Google has stated compliance measures and Meta has committed to additional encryption and access controls. Some providers might also be certified under the new EU-US Privacy Framework which commits them to specific protection duties. Where applicable, we also enable features like data residency or EU data centers for certain services (if offered by the provider) to limit overseas transfers.

Examples of international transfers in our context:

Google Analytics: Data (truncated IP, device info, site usage) may be transmitted to Google’s servers in the United States for processing. This is covered by SCCs between us and Google. Google has also adopted the EU-US Data Privacy Framework certification, which further underscores their obligation to protect EU data.

Meta Pixel: Data collected via the Pixel on our site is sent to Meta in the US. We rely on the Joint Controller Addendum which incorporates SCCs between us and Meta for this data transfer. Meta has also self-certified under the EU-US Data Privacy Framework.

Email/Cloud providers: If we use an email service (e.g., Mailchimp, which is US-based) or a cloud host (e.g., AWS or Azure, which may host data in or outside the EU depending on configuration), similar safeguards apply (e.g., SCCs and possibly adequacy if the provider is in a country like the US with a framework or Canada which has adequacy for commercial organizations, etc.).

Regardless of where your data is processed, we will always protect it under the terms of this Privacy Policy and in accordance with GDPR. We monitor developments and guidance from regulators on international data transfers and will adjust our practices if needed to remain compliant.

If you would like more information about the international transfers of your personal data, or to obtain a copy of the relevant contractual or other safeguards in place, you can contact us at any time (see Contact Us section below). We will be happy to provide further details, while also protecting any confidential terms of our contractual arrangements.

Data Retention

We will not keep your personal data for longer than necessary for the purposes for which it is processed. This section explains how long we retain different categories of data. Retention periods are determined based on legal requirements and our business needs, and we strive to either securely delete or anonymize data once retention is no longer necessary. Key retention practices include:

Account Information: For as long as you have an active account with us, we retain the personal information you provided (such as your name, email, profile info, and account settings) so that we can operate your account. If you choose to delete your account or if your account becomes inactive for an extended period, we will initiate deletion of your personal data. By default, when you delete your account, we will remove or anonymize personal data associated with your account within 30 days of the deletion request (in most cases much sooner). In some cases, certain data (like posts or comments you made) might be retained in an anonymized form (with your identity removed) if it’s necessary to preserve the integrity of a discussion thread, or we might retain data as needed to comply with legal obligations (see below). If your account is simply inactive (no login) for a long period (e.g., 2 years), we may contact you to confirm if you want to keep it; absent a response, we may delete or anonymize your data to reduce storage.

Public Profile Data: Any information you posted to your public profile or public content you contributed will generally be removed from public view when you delete it or delete your account. However, we may retain backups or logs of that information for a short period (typically up to 30-60 days) in our secure backup systems. If another user has interacted with your content (e.g., quoted a post of yours), some minimal reference to your removed content might persist in their content (but it would no longer be attributed to you).

Newsletter/Email Subscription Data: We retain your email address and subscription preferences for as long as you remain subscribed to our communications. If you unsubscribe from our newsletter, we will stop sending you emails immediately. We may retain your email on a suppression list indefinitely thereafter to ensure we respect your wish not to be contacted (this is a standard practice to avoid accidentally re-adding you). If you completely delete your account or specifically request we remove your email, we will delete it from our active mailing lists and, if not needed for suppression, from all systems. Records of your consent (opt-in timestamp, etc.) are kept as long as you are on the list and for a period of up to 24 months after to demonstrate compliance with direct marketing laws (or until you request erasure sooner, in which case we will remove it unless required to keep it).

Email Interaction (Tracking) Data: We keep logs of whether you opened emails or clicked links for a limited period to analyze engagement. Typically, identifiable email interaction data is retained for 12 months. After that, we may aggregate the data (e.g., “user X opened 5 of 10 emails last year”) or delete the individual-level logs. Aggregated statistics (which no longer identify you) may be kept longer for business analysis.

Analytics Data: Data collected through Google Analytics is retained in accordance with Google’s settings and our needs. Currently, we have set Google Analytics to retain user-level and event-level data for 14 months. This means that information linked to identifiers (like your device’s unique analytics cookie ID) older than 14 months is automatically deleted from Google’s servers. Each time you revisit and trigger new analytics events, the retention period for the associated identifier may be reset (but we cap it at 14 months from last interaction). In addition, we routinely delete or anonymize older raw log data that we might store ourselves. Aggregate analytics reports (which contain no personal data, only statistics) may be kept indefinitely for historical analysis.

Advertising/Pixel Data: For data we collect via advertising pixels (e.g., Meta Pixel), we do not store this data in a way that is directly identifiable to you on our own systems (Meta handles it). Meta retains the event data on their systems for a limited time. According to Meta’s terms, Event Data from our site is generally aggregated or deleted by Meta after a maximum of 2 years, and any custom audience lists we create based on that data (for retargeting ads) have a maximum lifespan of 180 days before users who have not revisited are removed​. We ourselves do not keep personal data from the Pixel beyond using Meta’s tools; we rely on Meta’s retention and deletion schedule for that data. Any reports we download from these tools (which are typically aggregate) are treated like analytics data.

Content and Activity Logs: Our system logs of your activities (such as login logs, content viewed, search queries) are generally kept only as long as necessary for the purposes collected:

Application Logs (usage logs): We keep detailed application logs (which may include IP addresses and user IDs tied to events like login, page requests, API calls) for around 90 days for debugging and support purposes. After that, logs are either deleted or truncated/anonymized unless needed for security auditing. Summary information (e.g., total logins per month) may be kept longer in aggregate form.

Security Logs: Logs that are relevant to security (e.g., records of consent actions, changes to account settings, multi-factor authentication events, etc.) may be retained for up to 1 year or longer if we need them to investigate incidents. In cases of serious security incidents, relevant data may be kept until the issue is fully resolved and any legal requirements are met.

Transactional Data: If the Platform involves any transactions (such as purchases, paid memberships, or event tickets):

Payment Details: We do not store full payment details ourselves, but the fact of a transaction (amount, date, product, last4 of card, etc.) and billing information (name, address, if collected for invoices) will be kept in our records. We retain transactional records for as long as necessary for accounting and tax purposes. This is typically 7 years (for example, many countries require financial records to be kept for 5-7 years). Even if you delete your account, we may retain invoice records associated with your account in our financial records until the retention period lapses, but we will disconnect it from your active profile and use it only for legal compliance.

Order History: For your convenience, we may keep a history of your orders or subscriptions for as long as your account exists (so you can access receipts, etc.). If you delete your account, we retain the underlying transaction record as noted above, but not in a way visible on a deleted account.

Communications and Support: If you contacted us for support or we have correspondence with you (email inquiries, support tickets, feedback forms), we may retain those communications:

Support emails/tickets are generally retained for 2 years after resolution, in case you have follow-up issues and to help us improve our services. After 2 years, we delete or anonymize them, unless they contain information we must keep for longer (e.g., a record of a serious complaint or legal notice).

Call recordings (if any customer support calls are recorded with your consent) are kept for a shorter period (often 30 or 60 days) unless needed for training or dispute resolution, in which case no more than 1 year.

Legal and Compliance Records: If any data is needed to comply with our legal obligations or for legal proceedings, we will keep that data for as long as required by law or as needed to resolve the matters. For example, if we receive a data erasure request, we will keep a record that the request was fulfilled (which includes identifying details of the requester) as proof of compliance, typically for at least 5 years as recommended by regulators. If we ban an account due to egregious violations, we may retain identifying info (like email, IP, reason for ban) to enforce the ban, for a period we deem appropriate (e.g., a few years or indefinitely for severe cases) – this is a legitimate interest to protect our community.

After the end of the applicable retention period, or once the purpose for collecting your data has been achieved, we either securely delete or irreversibly anonymize your personal data. Anonymized data is no longer associated with you and may be retained for statistical purposes without further notice to you.

If you ever have questions about our data retention practices or wish for us to delete certain data, please contact us. In some cases, you may also directly delete information through your account (for example, you can delete or edit profile fields, remove posts, etc., and these changes will reflect in our active databases, though as noted backups might hold the old data for a short time).

Your Rights as a Data Subject

As a user of our Platform and as a data subject under EU law, you have a number of important rights regarding your personal data. We are committed to honoring your rights and have processes in place to enable you to exercise them. Below is a summary of your data protection rights:

Right of Access: You have the right to request confirmation whether we are processing your personal data, and if so, to obtain a copy of the personal data we hold about you, as well as information about how we use. This is commonly known as a “Subject Access Request.” Upon verification of your identity, we will provide you with a copy of your data in a structured, commonly used format (often electronic). This will include details such as the categories of data, the purposes of processing, any third-parties to whom data has been disclosed, and the envisioned retention period. The first copy is provided free of charge, but we may charge a reasonable fee for additional copies if requested.

Right to Rectification: If any of your personal data that we hold is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay. You can correct much of your basic account information by logging into your account (for example, you can update your profile info or email address in your settings). For any data you cannot update yourself, you can contact us and we will make the correction. We encourage you to keep your information current and will strive to keep it accurate.

Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data in certain circumstances. This includes situations such as: the data is no longer needed for the purposes it was collected; you withdraw consent (and we have no other legal basis to continue processing); you object to processing based on legitimate interests and we have no overriding grounds to continue; we processed your data unlawfully; or erasure is required to comply with a legal obligation. When you delete your account through our settings, we will process that as a request for erasure of the associated personal data. We will erase the data as described in Data Retention above. If you request erasure via support, we will confirm and act on it. Note: There are some exceptions to the right of erasure – for example, we might retain certain data if needed to comply with a legal obligation or to establish or defend legal claims. If an exception applies, we will inform you of the specifics in our response.

Right to Restriction of Processing: You have the right to ask us to limit the processing of your personal data in certain cases. This is an alternative to full deletion and might apply if: you contest the accuracy of the data (we then restrict processing while verifying accuracy); the processing is unlawful and you oppose erasure and prefer restriction; we no longer need the data but you need us to keep it for the establishment, exercise, or defense of legal claims; or you have objected to processing (see below) and await verification of any overriding grounds. While processing is restricted, we will store your data securely and not use it (except to the extent allowed, such as to protect rights). If the restriction is lifted, we will inform you.

Right to Object: You have the absolute right to object to your personal data being used for direct marketing purposes at any time. This includes profiling related to direct marketing. If you object, we will stop using your data for that purpose immediately. (For example, if you object to receiving marketing emails or targeted ads, we will cease those activities for your data.) Additionally, you have the right to object, on grounds relating to your particular situation, to processing based on our legitimate interests (Art. 6(1)(f)). In such cases, we will stop processing the data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless we need to continue processing for the establishment or defense of legal claims. For instance, you may object to our profiling of your on-site activity for personalization – if you do, we will consider if our interest in personalization is overridden by your rights, and if appropriate, we may either stop the profiling or ensure you have an option to use a non-personalized experience. We will always honor objections to any processing that is not fundamental to providing the service.

Right to Data Portability: You have the right, in certain circumstances, to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible. This right applies when the processing is based on your consent or on a contract (i.e., Art. 6(1)(a) or (b)) and the processing is carried out by automated means. For example, you can request an export of the personal data you provided in your profile, your activity history, etc., if you want to port it to another service. We will provide this either directly to you (so you can give it to the other provider) or, if you request and if possible, we may transfer it directly to the other provider. Note that this right only covers data you provided or that was generated by your activities (not data we created through analysis).

Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing we conducted prior to your withdrawal, but it means we will stop the processing going forward. For example, you can withdraw your consent for marketing emails by unsubscribing, for analytics/advertising cookies by changing your cookie settings, or for any other consent-based processing by contacting us. Once consent is withdrawn, we will cease the related processing and, if there is no other legal basis, we will delete the data (or anonymize it) related to that processing. There is no penalty or detriment to withdrawing consent – we make it as easy to withdraw as it was to give.

Right not to be Subject to Automated Decision-Making: As noted, we do not subject you to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. If you believe that you have been subjected to an automated decision of this nature, you have the right to request human intervention, to express your point of view, and to contest the decision. We will then provide an explanation or review the decision through a human. (This is more of a protective right; in practice our personalization features do not have significant adverse effects, but we include this for completeness.)

Right to Lodge a Complaint: If you have concerns or complaints about how we are handling your personal data, we would like the chance to address them directly. However, you also have the right to lodge a complaint with a Data Protection Supervisory Authority. You may do so in the EU Member State where you reside, where you work, or where the alleged infringement took place. For example, if Longevity Community’s lead authority is in the country where we are established (let’s say, for instance, Slovenia’s Information Commissioner if we are based in Slovenia), you can contact that authority. Or you can contact your local authority. We will provide the contact details for our lead supervisory authority here: [e.g., Information Commissioner of Republic of Slovenia (IPRS) or relevant authority]. Lodging a complaint does not affect any other administrative or judicial remedy you might have.

To exercise any of your rights, please contact us at support@longevitycommunity.org with your request. We may need to verify your identity to ensure we don’t disclose or modify data for the wrong person (for example, by asking you to send the request from your registered email or by other verification). We will respond to your request as soon as possible and no later than one month from receipt of a valid request. For complex requests or a high volume of requests, we may extend this period by an additional two months, but we will inform you of the extension and the reason for it within the initial one-month period.

We will honor your rights to the fullest extent required by law. In some cases, if your request is clearly unfounded or excessive (for example, repetitive requests), we may either charge a reasonable fee or refuse the request, but we will explain our reasoning in such a situation. Rest assured, we aim to facilitate your rights and maintain transparency at all times.

Data Security

We take data security very seriously. We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

Encryption: All communications with our website are protected by HTTPS/TLS encryption in transit. Sensitive data (such as passwords) is hashed or encrypted at rest in our database. We also encrypt personal data at rest where applicable, especially for backups or in cloud storage.

Access Controls: Personal data is accessible only by authorized personnel who require access to perform their job duties (principle of least privilege). We employ authentication, access logs, and, where possible, multi-factor authentication for administrative access. Our staff and contractors are bound by confidentiality obligations.

Security Testing and Maintenance: We regularly update our systems and software to address security vulnerabilities. We conduct periodic security assessments and penetration testing. We also monitor our systems for possible intrusions or anomalies.

Pseudonymization: In some cases, we pseudonymize data (replace identifying fields with artificial identifiers) so that individuals are not immediately identifiable without additional information kept separately.

Backups and Resilience: We maintain regular backups of data to prevent data loss, and these backups are secured. In case of a physical or technical incident, we have the ability to restore the availability of personal data in a timely manner.

Training and Policies: Our team members are trained on data protection and security best practices. We have internal policies and incident response plans to handle any suspected data breaches.

Despite our efforts, no system can be 100% secure. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law (GDPR Article 33/34). We also continuously evaluate new security tools and threats to update our measures.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will notify you in accordance with the law. For minor or non-material changes (that do not reduce your rights), we may just update the “Last updated” date at the top and post the revised Policy on our site. For substantial changes (for example, if we start processing data for a new purpose that requires your consent), we will provide a prominent notice on the Platform or notify you via email, and if required, seek your consent.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of the Platform after the effective date of an updated Policy will signify your acceptance of the revised terms (to the extent permitted by law). If you do not agree to any changes, you should stop using the services and you may delete your account at any time.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:

Longevity Community – Privacy Team
Email: support@longevitycommunity.org

We will gladly assist you with any inquiries. If you contact us to exercise a data subject right, please clearly state your request and provide sufficient information for us to verify your identity. We will respond within the timeframe stated above in Your Rights.

Thank you for trusting Longevity Community® with your personal data. We are dedicated to safeguarding your privacy and enabling you to biohack and improve your longevity with confidence in the privacy and security of our platform.