Longevity.haus
v2026-05-09b · Updated May 2026 · 8 min read

Privacy Policy

Contents · 14 sections

This Privacy Policy explains how CarbonOS Inc, a Wyoming corporation ("CarbonOS," "Longevity.haus," "we," "us," or "our"), collects, uses, shares, and protects personal information when you use the Longevity.haus website, accounts, and related services (the "Platform").

It applies to visitors, registered users, and people who book healthcare services through the Platform. It does not apply to information you give directly to a clinic, laboratory, or other healthcare provider once you are in their care — that information is governed by their own privacy notices.

§1.Information we collect#

§1.1Information you provide#

  • Account information: name, email address, password (hashed), and profile preferences.
  • Booking information: the treatment, clinic, location, date/time you select; any notes you add; the contact details (name, email, phone) the clinic needs to confirm your appointment; and, where required for the service, basic information such as date of birth or gender.
  • Payment information: when you check out, your card and billing details are collected and processed by our payment provider (Stripe). We do not store full card numbers on our servers — we receive only safe identifiers (e.g. last-4, card brand, expiry, country, payment-method ID, charge ID).
  • Communications: messages you send to support or to clinics through the Platform.
  • Content you submit: reviews, ratings, photos, questions, or feedback.

§1.2Information collected automatically#

  • Usage data: pages viewed, features used, search and filter terms, referring URL, and event timestamps.
  • Device and connection data: browser type and version, operating system, language, time zone, and approximate location (country/region) derived from your IP by Cloudflare.
  • Outbound clicks: when you click a link out to a clinic's website, booking system, or contact details, we record the click (treatment, clinic, link type, timestamp) so we can track conversions, attribute affiliate referrals, and improve the product. This may be associated with your account if you are signed in.
  • Cookies and similar technologies: see §5.

§1.3Information from third parties#

  • Authentication providers: if you sign in via a magic link or social sign-in, we receive your email address and basic profile information from that provider.
  • Payment provider: Stripe sends us payment status, refund records, and limited card metadata (see §1.1 above).
  • Clinic partners: may share appointment status, no-show information, or cancellation requests with us so we can keep your booking record up to date.
  • Affiliates and referrers: if you arrive via an affiliate or referral link, we record the source so the referrer can be credited.

§1.4Health-related information#

Some of the information you submit when booking a treatment can imply or describe your health (for example, the test you're booking, biomarkers you ask about, or notes you write to a clinic). We collect only what is needed to facilitate the booking and pass it to the relevant clinic. We are not a healthcare provider, are not subject to HIPAA as a covered entity, and do not maintain medical records. Any clinical records, diagnoses, results, or images stay with the clinic that performs the service.

§2.How we use information#

  • To create and manage your account and to authenticate you.
  • To facilitate bookings, including sharing the necessary details with the clinic.
  • To process payments, calculate platform fees, settle funds to clinics, issue refunds, and respond to chargebacks.
  • To send transactional messages (booking confirmations, reminders, receipts, password resets, important account or service notices).
  • To send marketing communications where you have consented or where permitted by law, and to let you opt out at any time.
  • To operate, maintain, secure, debug, monitor, and improve the Platform, including preventing fraud and abuse.
  • To measure performance, attribute conversions, and improve our advertising — both first-party and through advertising partners where you have consented.
  • To comply with legal obligations and enforce our Terms of Service.

§4.How we share information#

§4.1With clinics and providers#

When you make a booking, we share the information the clinic needs to confirm and deliver the service — typically your name, email, phone, the treatment, and your selected date/time, plus any notes you add. Once received, the clinic acts as an independent controller of that information under their own privacy notice and applicable medical-records law. The contractual relationship between CarbonOS and the clinic is governed by our Provider Terms of Service, which sets out (among other things) the clinic's obligation to handle patient information in accordance with the laws of the jurisdiction in which the service is delivered.

§4.2With service providers (processors)#

  • Stripe — payment processing, fraud screening, refunds, payouts.
  • Cloudflare — hosting, CDN, edge security, KV storage.
  • Convex — database and backend services.
  • Email delivery providers — transactional and (where consented) marketing email.
  • Analytics tools — Umami (cookieless, no PII), and tag-managed tools such as Google Analytics, Google Ads, Meta Pixel, and similar (loaded only with your consent in regions where consent is required).
  • Error and performance monitoring — Sentry and PostHog.
  • Customer support tools — used by our team to respond to your messages.

Each of these processors operates under contractual data-protection terms and may only use your information on our documented instructions.

§4.3With affiliates and referrers#

If you arrive on the Platform via an affiliate or referral link, we share aggregated and booking-level confirmation data (e.g. anonymised booking ID, value, and status) with that partner so we can credit the referral. We do not share your name or contact details with affiliates without your consent.

We may share information when we believe it is necessary to comply with law, court order, or government request; to enforce our Terms; to investigate fraud, abuse, or security issues; or to protect the rights, property, or safety of users, the public, or our business.

§4.5Business transfers#

If CarbonOS is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or material change in how your information is used.

§5.Cookies and similar technologies#

We use a small number of cookies and similar technologies to keep you signed in, remember your preferences (such as currency), measure usage, attribute referrals, and — with your consent in regions where required — power advertising. Cookies fall into these categories:

  • Strictly necessary — authentication, security, load-balancing. Always on.
  • Functional — remembering your currency and other preferences.
  • Analytics — Umami runs cookieless. Other analytics tools (e.g. Google Analytics) load only with consent in EU / UK / EEA.
  • Advertising — Google Ads, Meta Pixel, and similar load only with consent in EU / UK / EEA.

You can manage non-essential cookies through our cookie banner (where shown) and through your browser settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

§6.International data transfers#

CarbonOS is incorporated in the United States, our service providers are located in the United States and other jurisdictions, and the clinics you book with are located around the world. Your information will therefore be transferred to and processed in countries with data-protection laws different from those in your country, including outside the EEA, UK, Switzerland, and Australia.

Where required, we rely on lawful transfer mechanisms such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or your explicit consent (for example, when you choose to book at a clinic in a particular country and we transfer the booking details to that clinic to fulfil your request).

§7.Security#

We use industry-standard technical and organisational measures to protect personal information, including encryption in transit (HTTPS/TLS) and at rest, scoped access controls, audit logging, and least-privilege production access. No system is perfectly secure; we cannot guarantee absolute security and you share information with us at your own risk. If we become aware of a security breach affecting your information, we will notify you and the relevant authorities as required by law.

§8.How long we keep information#

We keep personal information only as long as needed for the purposes described in this policy or as required by law:

  • Account data — for as long as your account is active, plus a reasonable period after closure for fraud prevention and dispute resolution.
  • Booking records — typically up to seven (7) years after the booking date, to meet tax, accounting, and chargeback-defence requirements.
  • Payment records — retained by us and by Stripe for the period required by financial-services regulation (typically 6–10 years depending on jurisdiction).
  • Marketing data — until you unsubscribe or withdraw consent, plus a short suppression-list retention to honour your opt-out.
  • Aggregated and anonymised data — may be kept indefinitely.

§9.Your rights#

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated data, subject to retention periods above.
  • Export your data in a portable format.
  • Object to or restrict certain processing, including direct marketing.
  • Withdraw consent for analytics, advertising, or marketing at any time.
  • Lodge a complaint with your local data-protection authority (in the EEA, UK, or other jurisdictions that have one).

To exercise these rights, email privacy@longevity.haus. We may need to verify your identity before responding. We will respond within the timeframe required by applicable law (typically 30 days).

Export before deletion. Where you ask us to delete your account, you can request a portable export of your data first. We will keep the underlying account data available for export for at least thirty (30) days after confirming receipt of your deletion request before we proceed with deletion (subject to the retention periods in §8 for booking, payment, and other records we are required or permitted to keep). If you do not respond within that window, we will proceed with the deletion you requested.

§10.Children#

The Platform is not intended for, and we do not knowingly collect personal information from, children under the age of 18. If you believe a child has provided us with personal information, please contact us so we can delete it. Adults may book on behalf of a minor in their care; in that case the booking record is held against the adult's account.

§11.Region-specific notices#

California (CCPA / CPRA). California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of "selling" or "sharing" of personal information. We do not sell personal information. To exercise your rights, email privacy@longevity.haus.

Australia. We handle personal information in accordance with the Australian Privacy Principles. If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner.

§12.Changes to this policy#

We may update this Privacy Policy from time to time. The version date at the top of this page indicates when the policy was last revised. Material changes will be communicated by updating the version date and, where appropriate, by notice through the Platform or by email. Continued use of the Platform after a change becomes effective constitutes acceptance of the updated policy.

§13.Contact us#

Questions about this policy or how we handle your information? Email privacy@longevity.haus.

CarbonOS Inc

Wyoming, USA