Legal

Privacy policy.

Last updated 19 May 2026

VITA Longevity SRL (“VITA”, “we”) reads bloodwork and wearable data with consent and writes you a calm reading of your trajectory. This page explains exactly what we collect on the early-access waitlist, what happens after launch, and your rights.

What we collect on the waitlist

Email address — to send your confirmation link, your access notifications, and updates about VITA's launch.
Transactional consent timestamp — set automatically when you submit the form. Covers emails about the service you signed up for: confirmation, access opening, cohort changes, launch notifications. Legal basis: GDPR Art. 6(1)(b) contract performance.
Marketing consent timestamp — only set if you explicitly opt in later (e.g. for external newsletters or cross-promotion). Legal basis: GDPR Art. 6(1)(a) consent. Currently we don't send marketing emails.
Hashed IP and browser fingerprint — SHA-256 with a private salt, never the raw values. Used to prevent fraud and burst signups.
Referral code — generated for you; identifies which introductions came through your link.
Primary goal (optional) — if you selected one, used only to group cohort onboarding.

What we do not collect

No bloodwork, no wearable data, no health information — none of that is collected before you actively connect an account inside the app (post-launch).
No cookies that track you across sites. The only cookie we set is vita_ref (90-day, first-party, used to remember who introduced you).
No analytics on names, addresses, phone numbers, or any other personal identifier beyond your email.

How we use it

Your email is used to send: (1) your confirmation link, (2) the “your application is in” email after you confirm, (3) friend-joined notifications when an introduction confirms, (4) tier-up emails when your access advances, (5) cohort opening notifications when your spot is reached, and (6) occasional founder updates about VITA's launch and feature rollout — typically 1-2 per month. All of these are part of the service you signed up for (contract basis). You can unsubscribe from any of them in one click from the email footer.

Where data lives

Data is stored in Supabase (PostgreSQL) in the EU (Frankfurt region). Emails are sent through Resend, also EU-hosted. We do not export waitlist data to advertising platforms, brokers, or third-party CRMs.

Your rights

Access — see what we have on you.
Rectification — correct anything wrong.
Erasure — be forgotten, completely (we soft-delete and then physically purge within 30 days).
Portability — receive your data in a machine-readable file.
Withdraw consent — at any time, with a single click.

To exercise any of these, email privacy@vitalongevity.app. We respond within 7 days. If you are unhappy with our response, you can complain to the Romanian DPA (ANSPDCP) or your local supervisory authority.

Data retention

Waitlist entries are kept until launch + 6 months, then either migrated to your full account (if you join VITA) or anonymised. Unconfirmed entries that have not clicked the confirmation link within 90 days are automatically deleted.

Security

All data in transit uses TLS 1.3. All data at rest is encrypted with AES-256. Email addresses are unique-indexed at the lowercase level (no duplicates regardless of casing). IP addresses are never stored in raw form — only as one-way SHA-256 hashes with a private salt. Service-role database access is restricted to Supabase edge functions; no client (browser, mobile app) can read the waitlist table directly.

Changes to this policy

We update this page if we change anything. If the change is material (new data collected, new third-party processor), we notify you by email before it takes effect.

Contact

VITA Longevity SRL · București, Romania
privacy@vitalongevity.app

VITA · longevity intelligence · vitalongevity.app