⚠ Draft — Pending Legal Review

This privacy policy is a working draft. It has not yet been reviewed by a licensed attorney. Do not rely on it as legal compliance until reviewed and approved, particularly for users in the EU (GDPR) or Washington State (My Health My Data Act).

Privacy Policy

Last updated: April 2026

1. Who We Are

Eumaia (“we,” “our,” or “us”) operates the website eumaia.com and the Eumaia longevity dashboard application. We are based in the United States.

If you have questions about this policy, contact us at: privacy@eumaia.com

2. What Data We Collect

2a. Account Information

When you create an account, we collect your email address. Authentication is handled by Supabase, which uses industry-standard encryption.

2b. Health & Biomarker Data

Eumaia collects health-related data that you voluntarily enter, including: blood biomarkers (albumin, creatinine, glucose, CRP, CBC values, ALP), biological age scores, lifestyle inputs (sleep, exercise, diet habits), and simulation parameters. This data is classified as sensitive personal health information under applicable privacy laws including:

→ Washington State My Health My Data Act (MHMDA)
→ California Consumer Privacy Act (CCPA) as amended by CPRA
→ GDPR Article 9 (EU/UK users) — health data is a special category requiring explicit consent

2c. Usage Analytics

We use Plausible Analytics for traffic measurement. Plausible collects no personal data, sets no cookies, and is GDPR-compliant by design. Data is aggregated and anonymized.

We use PostHog for product analytics (understanding how features are used). PostHog may link usage events to your user ID (not your name or email) to help us improve the product. PostHog data is stored on US-based servers.

2d. Peer Benchmarking

The peer benchmarking feature compares your biological age and biomarker values against aggregated, anonymized data from other users in your age cohort. Your individual data is never shared with other users. Only aggregated statistical summaries are used for comparison.

3. How We Use Your Data

We use your data to:

✓ Calculate your biological age using the PhenoAge research framework
✓ Run intervention simulations in the Digital Twin feature
✓ Generate AI-powered longevity recommendations via OpenAI
✓ Provide anonymized peer benchmarking
✓ Improve the product through aggregated, anonymized usage analytics

We do not sell your health data. We do not share your health data with advertisers, data brokers, insurance companies, or employers. We do not use your health data to train AI models sold to third parties.

4. Third-Party Subprocessors

We share data with the following trusted service providers, solely to operate the platform:

Provider	Purpose	Data Shared
Supabase	Authentication & database	Email, biomarker data (encrypted)
OpenAI	AI recommendations	Biomarker summary (no PII)
PostHog	Product analytics	User ID, feature usage events
Plausible	Traffic analytics	Aggregated page views (no personal data)
Vercel	Web hosting	IP address (standard web logs)

5. Cookies & Tracking

Eumaia uses minimal cookies. Supabase sets a session cookie for authentication. Plausible sets no cookies. PostHog may set an analytics cookie if you consent.

You can decline analytics cookies using the consent banner displayed on your first visit. Declining does not affect your ability to use any feature of the platform.

6. Your Rights

Depending on your location, you may have the following rights regarding your data:

→ Access: Request a copy of the data we hold about you
→ Correction: Correct inaccurate data
→ Deletion: Request deletion of your account and all associated data
→ Portability: Receive your data in a machine-readable format
→ Withdrawal of consent: Opt out of analytics at any time via the consent banner
→ Washington MHMDA: Washington State residents have additional rights regarding consumer health data, including the right to confirm processing, access, and deletion. Contact us to exercise these rights.
→ GDPR (EU/UK): EU and UK users may also lodge a complaint with their national data protection authority.

To exercise any of these rights, email privacy@eumaia.com. We will respond within 30 days.

7. Data Retention

We retain your account and health data for as long as your account is active. If you delete your account, we will delete all associated health data within 30 days, except where retention is required by law.

8. Data Security

Health data is stored in Supabase using row-level security (RLS), meaning each user can only access their own records. Data is encrypted at rest and in transit using TLS. We do not store payment information.

9. Children's Privacy

Eumaia is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

10. Changes to This Policy

We will update this policy as our practices evolve. We will notify registered users of material changes via email at least 30 days before they take effect.

11. Contact

For privacy questions, data requests, or to report a concern:
privacy@eumaia.com

Eumaia · eumaia.com · Privacy Policy · Last updated April 2026

Home Pricing Bio Age Calculator