Privacy & Security

SuperAge takes your health data privacy seriously. This document outlines our comprehensive approach to protecting your personal health information while delivering accurate biological age insights.

Core Privacy Principles

Data Minimization

We only access what we need:

• Only health data categories required for biological age calculation
• No access to personal identification beyond Apple Health permissions
• No collection of location data, contacts, or other personal information

Local Processing

Your data stays on your device:

• All biological age calculations performed locally on your iPhone/Apple Watch
• No health data transmitted to SuperAge servers
• No cloud processing of personal health information

User Control

You control your data:

• Granular permissions for each health data category
• Easy permission management through Apple Health settings
• Complete data portability through Apple Health export features

Data Collection and Usage

What Data SuperAge Accesses

Health Metrics (with your permission):

• Heart rate patterns (resting, active, HRV)
• Physical activity data (steps, exercise, calories)
• Sleep analysis information
• Body composition metrics (weight, BMI)
• Environmental data (noise levels, if enabled)

Technical Information (anonymous):

• Device type and iOS version
• App usage patterns (no personal health data)
• Performance metrics for app optimization
• Crash reports (contain no health data)

What SuperAge Never Collects

Personal Information:

• Name, address, or contact information
• Apple ID or other account identifiers
• Location data or GPS coordinates
• Photos, messages, or other personal content

Sensitive Health Data:

• Medical diagnoses or conditions
• Prescription medications
• Healthcare provider information
• Insurance or payment data

Data Processing Location

On-Device Only:

• Biological age calculations: 100% local processing
• Health data analysis: Performed on your iPhone/Apple Watch
• Algorithm execution: No server-side health data processing
• Data storage: Utilizes Apple Health as single source of truth

Technical Security Measures

Data Encryption

In Transit:

• All app communications use TLS 1.3 encryption
• App Store downloads protected by Apple’s security
• Software updates encrypted end-to-end

At Rest:

• Health data protected by Apple’s HealthKit encryption
• App preferences encrypted using iOS keychain services
• No independent health data storage outside Apple Health

Access Controls

Device Security:

• Requires device passcode/biometric authentication
• Leverages iOS security features (Secure Enclave)
• App permissions managed through iOS settings

App Security:

• Code signing and app store validation
• Regular security audits and updates
• No third-party SDKs with health data access

Secure Development Practices

Code Security:

• Regular security code reviews
• Static and dynamic analysis testing
• Dependency vulnerability scanning
• Secure coding standards compliance

Infrastructure Security:

• Minimal server infrastructure (no health data processing)
• Regular security assessments
• Industry-standard access controls
• Incident response procedures

Regulatory Compliance

HIPAA Considerations

HIPAA Applicability:

• SuperAge is a consumer health app, not a covered entity
• Does not handle protected health information (PHI) in clinical context
• Users maintain control over their own health data

Best Practices Followed:

• Administrative, physical, and technical safeguards
• Access controls and audit procedures
• Data minimization and purpose limitation

GDPR Compliance (EU Users)

Legal Basis for Processing:

• Consent for health data access through Apple Health
• Legitimate interest for anonymous usage analytics
• Performance of contract for app functionality

User Rights:

• Right to access: View data through Apple Health
• Right to rectification: Modify data in Apple Health
• Right to erasure: Revoke permissions or delete app
• Right to portability: Export through Apple Health features

California Consumer Privacy Act (CCPA)

Consumer Rights:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don’t sell data)
• Right to non-discrimination

Our Compliance:

• Clear disclosure of data practices
• Easy deletion through app removal
• No sale of personal information
• Equal service regardless of privacy choices

Apple Health Integration Security

HealthKit Security Model

Apple’s Protection:

• Hardware-based encryption using Secure Enclave
• Biometric or passcode protection for health data access
• App-specific permissions with user control
• Automatic data backup encryption

SuperAge’s Implementation:

• Read-only access to health data (never writes)
• Granular permission requests for specific data types
• Graceful handling of permission changes
• No caching of health data outside HealthKit

Permission Management

Initial Setup:

• Clear explanation of each health data category requested
• Option to grant or deny individual categories
• No required permissions (app functions with available data)

Ongoing Control:

• Modify permissions through Apple Health > Privacy > Apps
• Real-time permission updates reflected in app
• Partial permissions supported with reduced accuracy notice

Third-Party Integrations

Data Sharing Policies

We Never Share Health Data:

• No partnerships involving personal health information
• No data sharing with advertisers or marketers
• No sale of health data under any circumstances

Anonymous Analytics Only:

• Aggregate usage patterns (no personal identification)
• Performance metrics for app improvement
• Crash reporting with personal data removed

Service Providers

Limited Third-Party Services:

• App Store distribution (Apple)
• Analytics services (anonymous data only)
• Customer support platform (no health data)

Vendor Requirements:

• Contractual data protection obligations
• Regular security assessments
• Compliance with privacy standards

User Control and Transparency

Privacy Dashboard

In-App Privacy Information:

• Current health data permissions status
• Last data access timestamps
• Privacy settings quick access
• Data quality indicators

Transparency Reports

Regular Disclosure:

• Annual privacy practice updates
• Security incident reporting (if any occur)
• Algorithm change notifications
• Regulatory compliance updates

User Education

Privacy Resources:

• In-app privacy guides and tutorials
• Best practices for health data management
• Apple Health privacy feature explanations
• Regular privacy tip notifications

Data Retention and Deletion

SuperAge Data Handling

No Independent Storage:

• SuperAge doesn’t store health data independently
• All data accessed through Apple Health in real-time
• App preferences and settings stored locally only

Data Deletion:

• Uninstalling SuperAge removes all app data
• Health data remains in Apple Health (user controlled)
• No residual health information on SuperAge systems

Apple Health Data Management

User Control:

• Delete health data directly in Apple Health app
• Export personal health data for portability
• Control sharing with other apps and services

Incident Response and Security

Security Monitoring

Proactive Measures:

• Continuous security monitoring
• Regular vulnerability assessments
• Threat intelligence integration
• Automated security alerts

Incident Response Plan

Response Procedures:

• Immediate containment of any security issues
• User notification within 72 hours of discovery
• Cooperation with regulatory authorities
• Transparent communication about incidents

Historical Record:

• No security incidents involving health data to date
• All software updates include security improvements
• Regular third-party security audits

International Privacy Considerations

Global Privacy Standards

Compliance Framework:

• EU General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Apple’s global privacy requirements
• Industry best practices worldwide

Cross-Border Data

Data Localization:

• Health data never leaves user’s device
• No cross-border transfer of personal health information
• Local processing complies with all jurisdictions
• Regional app store compliance

Contact and Support

Privacy Questions

Contact Information:

• Email: privacy@superage.app
• Response time: Within 48 hours
• Escalation procedures for urgent privacy concerns

Data Protection Officer:

• Available for EU users under GDPR
• Handles privacy compliance questions
• Coordinates with regulatory authorities

Legal Requests

Government Requests:

• No health data available to share (local processing only)
• Transparent reporting of any legal requests
• User notification unless legally prohibited

Law Enforcement:

• Standard legal process required for any information
• Limited to non-health technical information only
• Annual transparency reporting

Updates and Changes

Privacy Policy Changes

Notification Process:

• In-app notifications for material changes
• Email notifications to registered users
• App Store update descriptions include privacy changes
• 30-day notice for significant policy modifications

Continuous Improvement

Ongoing Enhancements:

• Regular privacy practice reviews
• User feedback integration
• Industry standard adoption
• Proactive security improvements

---

Last Updated: Current as of app version 1.5 Next Review: Quarterly privacy practice assessment

For specific privacy questions or concerns, contact our privacy team at privacy@superage.app. We’re committed to transparency and will respond to all inquiries within 48 hours.