Aevantide — Privacy Policy
Effective Date: [To be set on launch] Product: Aevantide — consumer wellness and longevity mobile application and web service Operator: [New Idaho single-member LLC, pending formation] Contact: tylervolkmann@gmail.com
Attorney Review Required Before Commercial Launch This document is a first-pass draft prepared for consumer-technology/privacy counsel review. It is not a substitute for legal counsel. A licensed attorney must review and finalize this document before Aevantide is offered to the public or submitted to any app store. Counsel should pay particular attention to: - State-specific consumer-privacy laws (California CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, Montana MCDPA — list continues to grow). - State-specific biometric-information laws (Illinois BIPA, Texas CUBI, Washington My Health My Data Act — the last of which has an especially broad "consumer health data" definition that may apply to this product even though it is not HIPAA-regulated). - Apple App Store privacy-label requirements and Google Play Data Safety disclosures, both of which must match this policy. - The specific data categories and third-party services disclosed here — these will need to be updated to reflect the actual build at launch.
1. Scope and Summary
This Privacy Policy explains what information Aevantide collects when you use the mobile application, the website at aevantide.com, or any related service (collectively, the "Service"); how that information is used, shared, and protected; and what choices and rights you have. This policy applies to all users of the Service.
Plain-language summary (the sections below contain the controlling language):
- We collect information you give us (account, wellness entries, goals), information that is generated automatically (device and usage data), and information you authorize us to receive from third parties you connect (wearables, single sign-on providers, payment processors).
- We use your information to operate the Service, personalize your experience within the Service, communicate with you, and improve the product.
- We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.
- You can view, correct, delete, export, and control your data through your account settings.
- Aevantide is a general-wellness product — it is not a HIPAA-regulated health provider — but we apply health-data-level protections to the wellness information you log.
2. Information We Collect
2a. Information you provide directly.
- Account information. Email address, password (stored as a salted hash — we never store the plaintext), display name, and year of birth (used for age-gating, not as a stored date).
- Profile and goals. Optional profile information you enter, such as height, weight, sex, and goal-related data.
- Wellness entries. Information you log about your lifestyle habits — for example, sleep, exercise, nutrition, mood, and habit tracking. This is data you choose to enter about yourself.
- Support communications. When you contact us for support, we receive the content of your communication and any information you choose to include.
2b. Information from wearable devices and third-party services.
If you choose to connect a wearable device or third-party health service — for example, Apple Health, Google Fit, Oura, Whoop, Garmin, or Fitbit — we receive the data categories you authorize. Categories may include steps, heart rate, heart rate variability, sleep stages, active minutes, VO2 max estimates, and similar metrics. You control this connection through your device settings and account settings, and you can revoke it at any time.
2c. Information collected automatically.
- Device information. Device model, operating system and version, app version, device identifiers, time zone, and language.
- Usage data. Features used, screens viewed, session duration, crashes and errors, and similar product-analytics information.
- Log data. IP address at the time of connection, request timestamps, and basic network metadata. IP address is used for fraud prevention, security, and approximate regional localization, and is not used to build advertising profiles.
2d. Information from payment processors.
If you purchase a subscription or other paid feature, payment is processed by a third-party payment processor (such as Apple In-App Purchase, Google Play Billing, or Stripe). Aevantide does not collect or store your full payment card number. We receive a transaction confirmation, a partial card indicator (such as last four digits), billing ZIP/postal code, and subscription status. The payment processor's privacy policy governs its own handling of your payment information.
2e. Cookies and similar technologies.
The Aevantide website uses a minimal set of cookies and similar technologies for essential site functions (such as keeping you logged in and preserving preferences). [Placeholder — if analytics cookies or marketing pixels are added at launch, this section must be updated and a separate cookie notice or preference center must be provided in accordance with state law. Counsel to advise on whether a cookie banner is required at launch based on analytics choices.]
2f. Categories of information we do not collect.
We do not collect:
- Patient or clinical records.
- Diagnostic medical data from EHR systems.
- Your full payment card number.
- Precise location data, unless you explicitly opt in to a feature that requires it and we have updated this policy accordingly.
- Contents of your contacts, photos, or messages outside of what you explicitly share with us.
2g. Children.
The Service is intended for adults and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us at tylervolkmann@gmail.com and we will delete it. For users aged 13–17, a parent or guardian's consent may be required under applicable law; see Section 10.
3. How We Use Your Information
We use the information we collect to:
- Operate the Service. Create and maintain your account, authenticate you, display your data back to you, sync with the wearable services you connect, process subscriptions, and provide customer support.
- Personalize your experience within the Service. Tailor the content, suggestions, and visualizations you see based on the wellness data you log.
- Improve the product. Diagnose issues, analyze aggregate usage patterns, and develop new features. Aggregate and de-identified statistics may be reviewed internally.
- Communicate with you. Send transactional messages (account confirmations, subscription receipts, important service notices), respond to support requests, and — only with your consent or as otherwise permitted by law — send product updates.
- Protect the Service. Detect and prevent fraud, abuse, and security incidents. Enforce our Terms of Service. Comply with legal obligations.
We do not use your wellness data to train third-party AI models, and we do not use it for targeted advertising.
4. How We Share Your Information
We share your information only as described below.
4a. Service providers.
We share information with third-party service providers that perform functions on our behalf, such as cloud hosting, analytics, error monitoring, customer support tools, email delivery, and payment processing. These providers are bound by contract to use the information only as directed by us and only to provide the services we request.
Representative service providers (to be finalized at launch — counsel to confirm match with actual vendor list):
| Category | Typical provider | Data shared |
|---|---|---|
| Cloud hosting | [TBD — e.g., AWS, Google Cloud, Cloudflare] | All Service data, encrypted at rest and in transit |
| Payments | Apple, Google Play Billing, and/or Stripe | Subscription transactions and status |
| [TBD — e.g., Postmark, SendGrid] | Email address and message contents for transactional mail | |
| Analytics | [TBD or none at launch] | Device and usage data as described in Section 2c |
| Error monitoring | [TBD — e.g., Sentry] | Device and error diagnostics |
4b. Wearable and third-party services you connect.
When you connect a wearable or third-party health service, you are authorizing data flow between that service and Aevantide in accordance with the permissions you grant at connection time.
4c. Legal and safety.
We may disclose information when we have a good-faith belief that disclosure is required or permitted by law, including to:
- Comply with a subpoena, court order, or government request.
- Enforce our Terms of Service.
- Investigate and prevent fraud, security incidents, or abuse.
- Protect the rights, property, or safety of Aevantide, its users, or the public.
4d. Business transfers.
If Aevantide is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction. We will notify you of any change in ownership or material change in how your information is handled.
4e. With your consent.
We may share information in other ways that you specifically consent to.
4f. We do not sell your personal information.
We do not sell personal information as the term "sale" is defined under California, Virginia, Colorado, Connecticut, Utah, or Texas consumer-privacy law, and we do not share it for cross-context behavioral advertising. If this ever changes, we will update this policy, provide clear advance notice, and offer the opt-out rights required by applicable law.
5. Your Choices and Controls
- Access and export. You can view the wellness data you have logged through the Service. You can request a full export of your account data by contacting us.
- Correction. You can edit profile information and individual wellness entries through the app.
- Deletion. You can delete your account through account settings, which initiates deletion of your personal information from active systems within 30 days (subject to Section 7, "Data Retention").
- Wearable data disconnection. You can disconnect any wearable or third-party integration at any time through your device settings or account settings.
- Communications. You can opt out of non-transactional email from the unsubscribe link in any such email. Transactional messages required to operate your account cannot be opted out of while you hold an active account.
- Permissions. You can revoke device-level permissions (health data, notifications, etc.) at any time through your device's system settings.
6. State-Specific Privacy Rights
Depending on your state of residence, you may have additional rights under state consumer-privacy law. [Counsel to tune the list below to match the states in effect on launch date and to confirm the specific rights enumerated.]
6a. California residents (CCPA / CPRA).
You have the right to know what personal information we collect, use, disclose, and retain; the right to correct inaccurate personal information; the right to delete personal information, subject to exceptions; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising these rights. We do not "sell" or "share" personal information as those terms are defined under the CCPA/CPRA. To exercise rights, contact tylervolkmann@gmail.com. You may designate an authorized agent to act on your behalf. We will verify your identity before responding.
6b. Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other state consumer-privacy statutes.
You have rights to access, correct, delete, and obtain a portable copy of your personal data; to opt out of targeted advertising, sale of personal data, and certain profiling; and to appeal a denial of your rights request. Contact tylervolkmann@gmail.com to exercise these rights. We will respond within the timeframes required by applicable law.
6c. Washington My Health My Data Act.
If you are a Washington consumer, the Act may apply to wellness data processed by the Service. We obtain consent for collection of consumer health data as required, do not sell consumer health data without a valid written authorization, and honor access and deletion rights specific to that category. [Counsel to confirm applicability and consent-flow language at launch.]
6d. Illinois, Texas biometric-information laws.
To the extent Aevantide processes any biometric identifier (for example, if a future feature uses fingerprints or facial geometry for device-level authentication), we will obtain written consent before collection, provide the required written disclosures, and honor deletion rights under BIPA (Illinois) and CUBI (Texas). At launch, Aevantide does not collect biometric identifiers. If this changes, we will update this policy and obtain any required consent.
7. Data Retention
- Account and profile data. Retained while your account is active. Deleted within 30 days after account deletion, except where longer retention is required by law (for example, financial records may be retained for up to 7 years).
- Wellness entries and connected-device data. Retained while your account is active. Deleted with the account unless you exported and preserved it elsewhere yourself.
- Support communications. Retained for up to 3 years after the support interaction closes, for quality and training purposes.
- Log data and security telemetry. Retained in encrypted form for up to 12 months for fraud prevention and security investigations.
- Aggregated and de-identified data. May be retained indefinitely because it does not identify you.
8. Data Security
We maintain administrative, technical, and physical safeguards designed to protect the information we collect, including:
- Encryption in transit (TLS 1.2 or higher) for all data flowing between the Service and your device.
- Encryption at rest for stored personal data.
- Access controls with least-privilege provisioning for Aevantide personnel.
- Salted and hashed password storage — we never store or transmit plaintext passwords.
- Logging and monitoring to detect anomalous access patterns.
- Vendor security review before onboarding any third-party service provider.
No system is perfectly secure. We cannot and do not guarantee that your information will never be accessed, disclosed, altered, or destroyed. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.
9. International Data Transfers
Aevantide is operated from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, which may have different data-protection laws than your country of residence. [Placeholder — if the Service is made available in the European Union, United Kingdom, or other GDPR-style jurisdictions, counsel must add the required transfer-mechanism language (Standard Contractual Clauses, data-protection-officer contact, lead supervisory authority, etc.) before those regions are offered.]
10. Children and Minors
As noted in Section 2g, the Service is intended for users 18 and older. We do not knowingly collect personal information from children under 13, and where required by state law, we obtain parental or guardian consent for users aged 13–17. Contact tylervolkmann@gmail.com with any questions or to report inadvertent collection.
11. Do Not Track
Some browsers transmit a "Do Not Track" signal. The Service does not currently respond to Do Not Track signals because there is no common industry standard for how to interpret them. However, as described in Section 4f, we do not sell personal information or share it for cross-context behavioral advertising regardless of any browser signal.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the Effective Date at the top. Material changes will be communicated through the Service or by email at least 30 days in advance of the change taking effect, where practicable. Your continued use of the Service after the Effective Date of a revised policy constitutes acceptance of the revised policy.
13. Contact Us
Questions, concerns, or requests regarding this policy or our data practices:
Volkmann Health Technologies LLC dba Aevantide Attn: Privacy Moscow, Idaho tylervolkmann@gmail.com
For consumer-privacy rights requests, include "Privacy Request" in the subject line and identify your state of residence so we can process your request under the applicable state statute.
This document is a pre-attorney-review draft. It is not legal advice and must be reviewed and finalized by a licensed attorney before Aevantide is offered to the public or submitted to any app store.
Version 0.1 — 2026-04-16