Privacy Policy

SCHWA Privacy Policy

Effective Date: December 10, 2025 | Last Updated: December 10, 2025

1. Introduction

This Privacy Policy explains how the SCHWA platform, including the schwa.app website, web application, mobile experiences, and related services (collectively, “SCHWA”, “we”, “us”, “our”) collects, uses, discloses, and protects information about individuals who visit or use our services (“you” or “users”).

SCHWA is a longevity and healthspan ecosystem. Because we may process health, biometric and other sensitive information, we apply robust technical, organizational, and contractual safeguards consistent with applicable data protection laws, including the EU/UK GDPR and evolving U.S. state privacy and health-data laws.

By accessing or using SCHWA, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use our services.

2. Who We Are and Scope

This Privacy Policy applies to:

The schwa.app website and any subdomains;
Any web-based or mobile version of the SCHWA app;
Digital tools, dashboards, and portals provided to users, clinicians, coaches, hotels/resorts, wellness operators, or institutional partners;
Related communications (such as email, in-app messages, and support channels).

For purposes of EU/UK data protection law, SCHWA is the “data controller” of personal data processed through SCHWA, unless otherwise stated (for example, where a clinic or health provider uses SCHWA as their own data processor).

Contact details (controller):

SCHWA – Healthspan Ecosystem
Wilmington, Delaware, United States
Email: info@schwa.app

If required by law, we may appoint an EU/UK representative. Where applicable, their contact details will be added to this Policy.

3. Categories of Information We Collect

We may collect the following categories of information, depending on how you use SCHWA:

3.1 Account and Identity Information

Name, title, and contact details (email, phone number, country);
Login credentials (username, hashed passwords, security tokens);
Role or affiliation (e.g., patient, consumer, clinician, coach, hotel/resort, corporate partner).

3.2 Health and Biometric-Related Data

As a healthspan and longevity platform, SCHWA may process special category data such as:

Biometric-related signals you choose to connect or enter (for example: heart rate, heart rate variability, step counts, sleep metrics, physical activity, body composition, or similar measures derived from wearables and sensors).
Health-related information you or your clinician enter (e.g., medical history, symptoms, diagnoses, medications, allergies, blood pressure, lab values, risk scores, and lifestyle factors).
Questionnaire and assessment data (e.g., sleep, cognition, stress, mood, pain, readiness scores, wellness checklists).
Program participation (e.g., which longevity protocols, supplements, peptides or lifestyle interventions you follow through SCHWA-backed programs).

Important: SCHWA is designed for longevity and wellness support. In some cases, SCHWA may be used by or in conjunction with licensed healthcare professionals and clinics. In those cases, some data may also fall under health-care specific laws such as HIPAA in the United States, or additional local regulations, depending on the relationship between you and your provider.

3.3 Usage, Device and Technical Data

When you use SCHWA, we automatically collect:

Device information (browser type, operating system, device identifiers, language, time zone);
Log data (IP address, access dates and times, pages viewed, links clicked, referring/exit pages);
App interaction data (features used, buttons clicked, errors, performance metrics);
Cookies and similar technologies (see Section 8).

3.4 User Content and Communications

We may collect content you provide when you interact with SCHWA, including:

Healthspan journals, notes, reflections, daily check-ins, manual logs, uploads, or annotations;
Messages to our support team, feedback forms, surveys, and reviews;
Files or media you upload (documents, images, or other content) in relation to your use of SCHWA.

User Content is addressed in detail in Section 6.

3.5 Third-Party Sources

Subject to your permissions and applicable law, we may receive data from:

Wearable and sensor providers (e.g., health platforms, fitness trackers, smartwatches) that you choose to connect;
Clinics, healthcare professionals, coaches, or wellness operators that use SCHWA as part of their services to you;
Analytics and security partners that help us detect abuse, improve performance, or understand usage patterns.

In all such cases, we only process data we reasonably need for the purposes described in this Policy or disclosed to you at the time of collection.

3.6 Health & Wearable Integrations

SCHWA may allow you to connect third-party health and fitness platforms so that certain data can be imported into, or synchronized with, your SCHWA account. These integrations may include, for example:

Apple Health / Apple HealthKit;
Google Fit and related Google health services;
Wearables and apps such as Oura, WHOOP, Garmin, Fitbit, Polar, and similar devices;
Other health and fitness platforms we may support over time.

When you connect one of these platforms, we only receive the categories of data that you explicitly authorize on the relevant permission screen (for example, activity, steps, sleep, heart rate or similar metrics). You can granularly control what categories of data are shared with SCHWA through:

The permission prompts shown when you first connect SCHWA to the third-party platform; and
The privacy/permissions settings within that third-party app or your device’s operating system.

You can stop new data from being shared at any time by disconnecting the integration in SCHWA (where available) and/or revoking SCHWA’s access via the settings of the relevant third-party platform. Revoking access stops new data flows but does not automatically delete data previously imported into SCHWA. You may request deletion of such data as described in Section 12, subject to our retention obligations and applicable law.

In the future, SCHWA may offer the ability to register for or sign in to your account using third-party authentication providers (for example, “Sign in with Apple”, “Sign in with Google”, or similar services).

If you choose to use a social login or single sign-on option, we may receive certain information from the provider, such as:

Your name;
Your email address;
Your profile picture or avatar (if available);
A unique identifier or token associated with your account on that provider;
Other information you choose to make available to us via the provider’s permissions settings.

We use this information only to create and manage your SCHWA account, facilitate secure authentication, and help prevent fraud and abuse. We do not receive your password for the third-party provider and do not post content to those platforms on your behalf.

The third-party provider’s use of your information is governed by its own terms and privacy policy (for example, the Google Privacy Policy or Apple Privacy Policy), not this Privacy Policy. You can manage or revoke SCHWA’s access from within your SCHWA account settings (where available) and/or the account or privacy settings of the relevant authentication provider.

4. How We Use Your Information

We use your information for the following purposes:

4.1 To Provide and Operate SCHWA

Create and manage your account;
Deliver dashboards, insights, and recommendations based on your data;
Facilitate telemedicine or clinician-coach interactions when applicable;
Maintain and troubleshoot the platform.

4.2 To Personalize Your Experience

Tailor protocols, suggestions, and content to your biometrics, goals, and preferences;
Adapt your interface and notifications to your location, settings, and usage.

4.3 To Support Clinical and Wellness Relationships

Enable your chosen clinician, coach, or wellness provider to view relevant data;
Support communication, documentation, and follow-up within programs using SCHWA.

4.4 To Conduct Analytics and Improve SCHWA

Monitor service performance and security;
Analyze aggregated and de-identified patterns to improve features, protocols, and outcomes.

4.5 To Communicate With You

Send operational messages (account notices, security alerts, changes to this Policy);
Send program-related updates, reminders, and educational content;
With your consent where required, send marketing communications you can opt out of.

4.6 To Comply With Legal Obligations and Protect Rights

Comply with applicable laws and regulatory requests;
Detect, investigate and prevent fraud, abuse, or security incidents;
Enforce our Terms of Use and protect our rights, property, and safety or that of others.

5. Legal Bases for Processing (EEA/UK Users)

Where the EU GDPR or UK GDPR applies, we process personal data under one or more of the following legal bases:

Consent: For example, when you connect a wearable, provide health or biometric data, or agree to receive marketing messages.
Performance of a contract: To provide SCHWA to you, maintain your account, and fulfill our service commitments.
Legitimate interests: To monitor and improve SCHWA, secure our systems, protect against abuse, and support business operations, provided your rights and interests do not override those interests.
Legal obligations: To comply with laws, regulations, court orders, or requests from competent authorities.
Special categories of data (health/biometric): Where required, we rely on your explicit consent for processing health and biometric-related data and, where applicable, provisions that allow processing for preventive or occupational medicine or management of health or social care systems under professional responsibility.

You may withdraw your consent at any time as described in Section 12, without affecting the lawfulness of processing based on consent before its withdrawal.

6. User Content

6.1 What Counts as “User Content”

For this Policy, “User Content” includes:

Any text, notes, logs, reflections, goals, journal entries, or self-tracking you input;
Uploaded media or files (e.g., lab reports, documents, images) that you choose to store or share within SCHWA;
Feedback, suggestions, survey responses, and reviews you send us.

6.2 Ownership of User Content

You retain ownership of your User Content, subject to any rights you grant us in this Policy and our Terms of Use.

By submitting User Content to SCHWA, you grant us a non-exclusive, worldwide, royalty-free license (with the right to sublicense to our service providers) to host, store, use, reproduce, display, and process your User Content only as necessary to:

Deliver and improve SCHWA;
Provide features you request or enable (e.g., dashboards, clinician access, program analytics);
Support security, backup, disaster recovery, and legal compliance.

We do not sell your User Content, and we do not use your identifiable User Content for third-party advertising.

6.3 Clinical and Partner Access

If you enroll in a program with a clinician, coach, hotel/resort, or other organization using SCHWA:

You may authorize specific partners to access relevant portions of your User Content;
Those partners may download, store, or incorporate User Content into their own records, subject to their own privacy and professional obligations;
SCHWA is not responsible for how those third parties independently handle your data once exported; their own privacy policies and contracts govern that processing.

6.4 De-Identification and Aggregation

We may de-identify User Content (removing direct identifiers) and aggregate it with other users’ data to:

Improve algorithms and recommendations;
Evaluate efficacy of programs;
Generate statistical reports and research insights.

De-identified and aggregated data is no longer considered personal data under many privacy laws; however, we still treat it carefully and do not attempt to re-identify individuals.

6.5 Your Responsibilities

You are responsible for:

Ensuring you have the right to upload or share any User Content;
Not uploading content that violates the rights of others or applicable laws;
Not sharing highly sensitive information in open or unencrypted channels (such as unsecured email or public forums) linked to SCHWA.

You may request deletion or export of your User Content as described in Section 12, subject to our retention obligations.

7. Health, Biometric and Sensitive Data

Because SCHWA may process health, biometric or other sensitive data, we apply additional safeguards, including:

Limiting access to personnel and partners with a need to know;
Strong encryption in transit and at rest where technically feasible;
Access controls, audit logging, and secure authentication;
Data minimization: collecting only what we reasonably need;
Separate treatment of de-identified/aggregated datasets.

We do not use sensitive health or biometric data for unrelated marketing or profiling without your consent, and we do not share such data with data brokers.

8. Cookies and Similar Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. Similar technologies include local storage, SDKs, tracking pixels, and tags (collectively, “cookies”).

Cookies may be set by SCHWA (first-party cookies) or by third parties such as analytics or service providers (third-party cookies).

Under the GDPR and ePrivacy Directive, consent is required before setting non-essential cookies that process personal data.

8.2 Types of Cookies We Use

Strictly Necessary Cookies

Required for the operation of SCHWA (e.g., session management, security, load balancing);
Without these cookies, SCHWA may not function correctly;
These cookies do not require consent in many jurisdictions, but you can still block them in your browser (SCHWA may then not work properly).

Performance and Analytics Cookies

Help us understand how visitors use SCHWA (which pages are most viewed, error rates, navigation flows);
Allow us to measure and improve performance, availability, and usability;
We use these only where permitted by law and, where required (e.g., EU/UK), based on your consent via a cookie banner or preference center.

Functionality Cookies

Remember your choices (e.g., language, time zone, display settings, saved preferences);
Enhance your experience but are not strictly necessary;
Where required by law, these are used only with your consent.

Targeting or Advertising Cookies (if used)

Used to deliver relevant content or measure marketing campaigns;
We do not use health or biometric data to create targeted advertising profiles without your explicit consent;
If we use this category, we will clearly disclose it and seek consent where required.

Depending on your location:

When you first visit SCHWA, you may see a cookie banner or consent manager allowing you to:
- Accept all cookies,
- Reject non-essential cookies, or
- Customize your cookie preferences.
You can withdraw or modify your consent at any time via our cookie settings (where implemented) or by adjusting your browser settings.

You may also:

Configure your browser to block or delete cookies;
Use “Do Not Track” or similar signals where available. While there is not yet a uniform standard, we will consider such signals in line with applicable law and our technical capabilities.

Blocking or deleting cookies may affect some SCHWA features.

8.4 Do-Not-Track and Global Privacy Control

Some browsers and browser extensions offer settings or signals such as “Do Not Track” (“DNT”) or Global Privacy Control (“GPC”) intended to express your privacy preferences.

Where applicable law (for example, certain U.S. state privacy laws) requires us to honor browser-based opt-out signals, we will treat recognized GPC signals as a request to opt out of certain data uses (such as “sale” or “sharing” of personal information for targeted advertising), to the extent we engage in those activities. At present, we do not sell your personal information or use your sensitive health or biometric data for cross-context behavioral advertising.

There is currently no widely accepted standard governing how to respond to DNT signals. For this reason, we do not respond to DNT alone. We will update this Policy if that changes. You can continue to manage your privacy preferences through the controls we provide in SCHWA, our cookie tools, and your browser or device settings.

We do not sell your personal information for monetary consideration. If that changes, we will update this Policy and provide required notices under applicable laws (e.g., certain U.S. state privacy laws).

We may share your information with:

Hosting, cloud, and infrastructure providers;
Analytics, error monitoring, and security partners;
Email, SMS, and in-app communication platforms;
Payment processors, billing providers, and customer support tools.

These parties may only process your data on our behalf and under written contracts requiring appropriate safeguards.

When you explicitly join a program or relationship that uses SCHWA, we may share relevant data with that provider under your direction. Their independent handling of your data is governed by their own privacy policies and professional obligations.

If you use SCHWA through an employer, insurer, hotel/resort, or other organization, we may share de-identified or, where agreed, identifiable data in accordance with specific program terms and your consents.

We may share information:

To comply with applicable law, court orders, subpoenas, or lawful requests from public authorities;
To protect our rights, privacy, safety, or property, and that of our users or others.

In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred as permitted by law. We will take steps to ensure the receiving entity honors this Policy or provides equivalent protection.

10. International Data Transfers

SCHWA is operated from the United States and may process data in other countries. When we transfer personal data from the EEA/UK to countries that do not provide an equivalent level of protection, we implement appropriate safeguards, which may include:

Standard contractual clauses approved by the European Commission or UK authorities;
Additional technical and organizational measures to protect transferred data.

You may contact us for more information about such safeguards where applicable.

11. Data Retention

We retain personal data only:

For as long as reasonably necessary to provide SCHWA to you;
For the period required by applicable legal, regulatory, tax, or accounting obligations;
For the duration of any dispute or claim plus a reasonable limitation period.

When we no longer need personal data, we will delete it, anonymize it, or securely store it and isolate it from further processing.

Retention periods may differ for:

Account/profile information;
Health and biometric data;
User Content;
Technical logs and security records.

12. Your Rights and Choices

Your rights depend on your location and applicable law, but may include:

12.1 Global Rights

Access: Request confirmation whether we process your personal data and receive a copy.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of data, subject to legal and contractual limitations.
Restriction: Request restriction of processing in certain circumstances.
Portability: Request a machine-readable copy of data you provided where processing is based on consent or contract and carried out by automated means.
Objection: Object to certain processing, including direct marketing.
Withdraw Consent: Where processing is based on your consent, withdraw it at any time.

To exercise these rights, please contact info@schwa.app. We may need to verify your identity before responding.

12.2 EEA/UK Users

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

12.3 U.S. State Privacy Laws

Certain U.S. states have enacted privacy and consumer health-data laws that may provide additional rights, such as:

The right to know what categories of personal information are collected, used, disclosed, or sold/shared;
The right to request deletion of your personal information;
The right to correct inaccurate personal information;
The right to opt-out of certain uses, such as targeted advertising or “sale”/“sharing” of personal information;
The right to limit the use and disclosure of sensitive personal information.

Where these laws apply, we will honor such rights and provide mechanisms to submit and verify requests. If we deny a request, you may have the right to appeal our decision; details will be provided in our response.

We do not use precise geolocation around healthcare facilities for advertising purposes and do not engage in geofencing-based health data targeting prohibited under certain state laws.

12.4 Response Times and Appeals

We aim to respond to verifiable requests to exercise your privacy rights (including access, correction, deletion, and portability) within 30 days of receipt. Where applicable law allows an extension and your request is complex or numerous, we may take additional time to respond, but we will inform you of any extension and the reasons for it.

Where U.S. state law or other applicable law provides a right to appeal our decision on your privacy request, you may submit an appeal by replying to our decision email or by contacting info@schwa.app with “Privacy Request Appeal” in the subject line. We will respond to your appeal within the timeframe required by applicable law and will explain any further steps you may take, including the right to contact your state attorney general or relevant data protection authority.

13. Security

We use a combination of technical, organizational, and administrative safeguards to protect personal data, including:

Encryption of data in transit and, where appropriate, at rest;
Access controls, authentication, and role-based permissions;
Logging and monitoring of system access and anomalies;
Secure development and testing practices;
Vendor due diligence and data protection agreements.

However, no system is completely secure. We cannot guarantee absolute security of information transmitted to or stored by SCHWA. If we become aware of a data breach affecting your personal information, we will notify you and/or relevant authorities as required by law.

14. Third-Party Services and Links

SCHWA may contain links to third-party websites, apps, or services, and may integrate with third-party platforms such as wearable providers, labs, telemedicine vendors, or payment processors.

We are not responsible for the privacy practices of those third parties. Their own privacy policies and terms govern their handling of your data. We encourage you to review those policies before sharing information with them.

15. Children’s Privacy

SCHWA is not directed to children under the age of 16 (or higher age where required by local law), and we do not knowingly collect personal data from children in that age group without appropriate parental or guardian consent.

If you believe that a child has provided us with personal data in violation of this Policy, please contact us at info@schwa.app, and we will take appropriate steps to delete such data or obtain necessary consents.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

SCHWA features and services;
Applicable laws and regulatory guidance;
Our practices or corporate structure.

When we make material changes, we will:

Update the “Last Updated” date at the top of this Policy; and
Provide additional notice where required (for example, via email, in-app notification, or banner).

Your continued use of SCHWA after an updated Policy becomes effective indicates that you have read and understood the changes.

17. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

Email: info@schwa.app
Postal location: Wilmington, Delaware, United States

Where required, you may also have the right to lodge a complaint with your local data protection authority.