>_LEGAL

Privacy Policy

Last updated: February 16, 2026

SpanOS LLC ("SpanOS," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information — including sensitive health-related data — when you use the SpanOS mobile application and related services (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, date of birth, and any profile information you choose to provide.

1.2 Health & Wellness Data

The Service is designed to process sensitive health-related information to provide personalized recommendations. This may include:

  • Biomarker data — blood panel results, lab reports, and other clinical measurements you upload or connect
  • Wearable device data — heart rate, sleep patterns, activity levels, HRV, and other metrics synced from devices such as Apple Watch, Oura Ring, Whoop, and Garmin
  • Genetic data — genetic testing results you choose to import from third-party providers
  • Self-reported data — supplement intake, dietary information, exercise logs, biohacking practices, subjective health ratings, and lifestyle information
  • Supplement and product data — photographs of supplement labels, product information, and nutrient compositions

1.3 Usage Data

We automatically collect information about how you interact with the Service, including device type, operating system, app version, session duration, feature usage patterns, crash reports, and anonymized analytics events.

1.4 Device Information

We collect device identifiers, push notification tokens, and camera access permissions (used solely for supplement label scanning).

2. How We Use Your Information

We use the information we collect to:

  • Generate personalized longevity protocols, including supplement recommendations, sleep and exercise programming, biohacking guidance, and biomarker analysis
  • Process and analyze your health data using artificial intelligence and machine learning models
  • Operate, maintain, and improve the Service
  • Communicate with you about your account, updates, and support requests
  • Send push notifications (with your consent)
  • Process subscription payments and manage your account
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations and enforce our Terms of Service

3. AI & Automated Processing

SpanOS uses artificial intelligence and machine learning to analyze your health data and generate personalized recommendations. This automated processing is core to the Service. Important disclosures:

  • AI-generated recommendations are not medical advice and should not replace professional healthcare guidance
  • Your data may be processed by third-party AI services (such as Google Gemini) under strict data processing agreements
  • We do not use your personal health data to train general-purpose AI models
  • You have the right to request human review of any automated decision that significantly affects you
  • You have the right to receive information about the logic involved in our automated decision-making and the right to appeal or contest any AI-generated recommendation that significantly impacts your health or wellness protocol.

4. How We Share Your Information

We do not sell your personal information or health data. We may share information with:

  • Service providers — third-party companies that help us operate the Service (cloud hosting, analytics, payment processing, AI services, push notifications), each bound by data processing agreements
  • Connected integrations — wearable device platforms and lab services you explicitly authorize to sync data with SpanOS
  • Legal compliance — when required by law, legal process, or to protect the rights, safety, or property of SpanOS or others
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to you

4.1 Third-Party Services

The Service integrates with the following categories of providers:

  • Infrastructure & backend: Supabase (database and authentication)
  • AI processing: Google Firebase AI / Gemini
  • Analytics: Amplitude (anonymized usage events only)
  • Payments: RevenueCat (subscription management)
  • Notifications: OneSignal (push notifications)

Each provider operates under its own privacy policy. We encourage you to review their practices.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security assessments. However, no system is completely secure, and we cannot guarantee absolute security of your information.

6. Data Retention

We retain your personal and health data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time. Upon deletion, we will remove or anonymize your data within 30 days, except where retention is required by law.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data and account
  • Export your data in a portable format
  • Restrict or object to certain processing of your data
  • Withdraw consent at any time, where processing is based on consent
  • Opt out of push notifications via device settings

To exercise any of these rights, contact us at the address below.

Our Service is configured to recognize and honor Global Privacy Control (GPC) signals. If your browser or device transmits a GPC signal, we will treat it as a valid request to opt-out of the sharing of your personal information.

7.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to deletion, and the right to opt out of the sale of personal information. We do not sell personal information. If we deny a request to correct health-related information, you have the right to provide a 250-word statement contesting the accuracy, which will be maintained as part of your permanent record.

7.2 European Residents (GDPR)

If you are in the European Economic Area, our legal bases for processing include your consent (for health data), contractual necessity, and legitimate interests. You have additional rights under the GDPR, including the right to lodge a complaint with a supervisory authority.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

9. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers in compliance with applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or email. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

SpanOS Technologies LLC
Email: joe@spanos.xyz