HAS
EN
Sign in
← Back to home

Privacy Policy

Your data, your control

HAS only collects the data you choose to upload to your vault. Donors see aggregated statistics with k-anonymity ≥ 10. You never lose control.

Draft version (0.1) pending legal review per jurisdiction. For the lawyer-audited version, see the public repository.

Executive summary

  • We only collect the data you upload to your vault (clinical, biometric, psychological, lifestyle) plus minimal account data (email, name, language).
  • We use it to give you personal analysis tools and for open longevity research in aggregated, anonymized form.
  • Only you access your individual data. The operator (super_admin) accesses only with justification and it is logged in audit.
  • Donors see only aggregated statistics with k-anonymity ≥ 10. They NEVER access individual data.
  • Collaborators (researchers) see only aggregates, or pseudonymized data if you gave specific consent per study.
  • AES-256 encryption at rest (AWS KMS), TLS 1.3 in transit.
  • Minimum age 18. We do not collect data from minors in V1.

Your rights

Under GDPR, HIPAA, LGPD and LFPDPPP you have the right to:

  • Access: obtain a full copy of your data in FHIR format.
  • Rectification: correct inaccurate data.
  • Erasure (right to be forgotten): permanent deletion of your data.
  • Portability: export your data in structured format.
  • Objection: withdraw consent at any time.
  • Accounting of disclosures: know who accessed and when. SLA: 15 days.

You can exercise all these rights directly from the admin console under My vault → DSR.

How to contact us

For any privacy question or DSR request outside the app, email us at privacy@haslife.org or use the contact form.

Full legal version

The version audited per jurisdiction (LFPDPPP/HIPAA/GDPR/LGPD) lives in the public repository: privacy-policy.es.md. This summary is optimized for reading; the complete document is the binding legal reference.

Version 0.1-draft — last updated 2026-05-19