Privacy policy

Privacy Policy

Effective Date: May 23, 2026 | Last Updated: May 23, 2026

DeNovo Longevity Inc. (“DeNovo,” “we,” “us,” or “our”) is a nonprofit organization committed to closing the gap between elite longevity medicine and everyday people. We take your privacy seriously, particularly because the work we do touches on sensitive health information.

This Privacy Policy explains how we collect, use, share, and protect information when you visit www.DeNovoLongevity.org (the “Site”), enroll in our courses, purchase or access our biomarker panels and Functional Health Reports, donate to our mission, communicate with us, or otherwise interact with our programs and services (collectively, the “Services”).

By using our Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services. Where required by law, we will obtain your specific consent before engaging in certain activities described below.

DeNovo Longevity Inc. is a nonprofit organization. We are not a medical practice, we do not directly provide medical care, and we do not bill health insurance. We provide education, content, biomarker testing programs, and Functional Health Reports, and we refer interested individuals to independent partner medical providers who deliver clinical services under their own professional licenses and privacy practices.

Because our work touches on sensitive health information, certain information you share with us may constitute Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). In those cases, we treat your information in accordance with HIPAA’s Privacy and Security Rules and any applicable Business Associate Agreements (“BAAs”) we have entered into with our partner providers or laboratories. See Section 5 below for details.

We collect information in three ways: (a) directly from you, (b) automatically when you use our Site and Services, and (c) from our service providers and partners.

Identity and contact information: name, email address, mailing address, phone number, date of birth.

Account credentials: username and password for any course platform or member portal.

Payment and transaction information: when you purchase a product, register for a course, or donate, our payment processors collect billing details and the last four digits of your payment card. We do not store full payment card numbers on our own systems.

Donor information: amounts, dates, designations, and any communications related to your support of our mission.

Health and wellness information you share with us, including biomarker test results, health history, medications, lifestyle information, body composition, fitness data, and information shared in course discussions, coaching interactions, or intake forms.

Communications: messages you send us via email, contact forms, webinar registrations, or social media, and any information you share in surveys or feedback.

Device and technical information: IP address, browser type and version, operating system, device identifiers, and language preferences.

Usage information: pages viewed, time spent, links clicked, referring URLs, exit pages, and other interactions with the Site and our courses.

Cookies and similar technologies: see Section 9 for details.

Lab results and reports: when you take a biomarker panel through us, our partner laboratories may transmit your results to us so we can prepare your Functional Health Report or share them with your partner medical provider, subject to your consent and any applicable BAA.

Course progress data: our course platform provider supplies information about your enrollment, completion, and engagement.

Marketing and analytics data: our CRM and analytics providers may supplement information you give us with information about engagement with our emails, ads, or webinars.

Donor management: our donations platform provides records of contributions and donor communications.

We use your information for the following purposes:

To deliver the Services you request, including providing course access, fulfilling biomarker panels, generating Functional Health Reports, and facilitating referrals to partner medical providers.

To process payments and donations and to maintain financial records.

To communicate with you about your account, your participation in our programs, upcoming events, and changes to our Services or policies.

To send you educational content, newsletters, and information about DeNovo programs you may find valuable. You can unsubscribe from marketing emails at any time.

To improve our Services, develop new offerings, and conduct research, analytics, and quality improvement — using de-identified or aggregated data wherever practical.

To advance our nonprofit mission, including grant reporting and impact measurement, using aggregated and de-identified data.

To comply with legal obligations, respond to lawful requests, enforce our terms, and protect the rights, safety, and property of DeNovo, our users, and others.

We do not sell your personal information. We do not share your health information for third-party marketing purposes.

We share information only as described below.

When you choose to be referred to a partner medical provider, we share the information necessary for that referral and for your care, with your consent. Once shared, your information is handled under that provider’s own Notice of Privacy Practices and applicable law.

We use vetted third-party service providers to operate our Services. They access your information only as needed to perform their work for us, and they are contractually required to protect your information and not use it for their own purposes. Categories include:

Course and learning platform providers (to host our online courses and member content).

Customer relationship management (CRM) and marketing automation providers.

E-commerce and payment processors.

Email service providers.

Donation platform providers.

Laboratory and biomarker testing partners.

Analytics, hosting, and security providers.

Professional advisors (attorneys, accountants, auditors).

Where any of these providers receive PHI on our behalf, they do so under a Business Associate Agreement that imposes HIPAA-compliant safeguards.

We may disclose information when we believe in good faith that disclosure is required to comply with a law, regulation, court order, or other legal process; to protect the rights, property, or safety of DeNovo, our users, or others; to investigate or prevent fraud or security issues; or to enforce our terms.

If DeNovo is involved in a merger, acquisition, dissolution, asset transfer, or similar transaction — or if certain programs are transferred to a successor nonprofit — your information may be transferred as part of that transaction. We will notify you in advance where required by law, and any successor will be bound by commitments at least as protective as this Policy.

We share information when you ask us to or otherwise direct us to.

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, mission impact reporting, fundraising, and educational purposes.

DeNovo Longevity Inc. is not a HIPAA Covered Entity. We are not a healthcare provider that bills insurance or conducts HIPAA-standard electronic transactions. However, certain information that comes to us from our laboratory partners or partner medical providers may constitute Protected Health Information (“PHI”) under HIPAA, and in those cases we operate as a Business Associate of those Covered Entities.

When we receive or hold PHI:

We use and disclose PHI only as permitted by HIPAA and by the Business Associate Agreement that governs the relationship.

We apply administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI, consistent with the HIPAA Security Rule.

We do not use or disclose PHI for marketing or sell PHI.

We will report any breach of unsecured PHI to the applicable Covered Entity as required by law, and we cooperate with their breach-notification obligations.

Our subcontractors who handle PHI on our behalf are also bound by Business Associate Agreements.

Health information you share with us directly — for example, information you input into a course intake form, share in a coaching session, or upload to your account — may not constitute PHI under HIPAA, but we treat it as Sensitive Personal Information and protect it under this Policy and applicable state laws (including Washington’s My Health My Data Act, California’s Confidentiality of Medical Information Act, and other state health-data laws).

In addition, where the federal Health Breach Notification Rule applies to any personal health records we maintain outside of HIPAA, we will provide notice as that rule requires.

Depending on where you live, you may have some or all of the following rights regarding your personal information. We honor these rights for all users to the extent we reasonably can, regardless of where you live.

Right to know / access: request a copy of the personal information we hold about you.

Right to correct: request that we correct inaccurate information.

Right to delete: request that we delete information we hold about you, subject to legal exceptions (for example, donation records we must retain for tax or audit purposes).

Right to portability: request a copy of your information in a portable format.

Right to opt out of sale or sharing for cross-context behavioral advertising: we do not sell or “share” personal information as those terms are defined under the California Consumer Privacy Act.

Right to limit use of Sensitive Personal Information: you may direct us to limit our use of sensitive information (including health information) to what is necessary to perform the Services you have requested.

Right to non-discrimination: we will not deny services, charge different prices, or provide a different level of service because you exercised a privacy right.

Right to withdraw consent: where we process information based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Right to lodge a complaint: with the U.S. Department of Health and Human Services Office for Civil Rights regarding HIPAA matters, your state attorney general, or your state’s privacy regulator.

To exercise any of these rights, contact us using the information in Section 15. We will verify your identity before fulfilling sensitive requests. If you have an authorized agent acting on your behalf, we may require proof of authorization.

California residents have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”). In the past twelve months we have collected the categories of personal information described in Section 2, including Sensitive Personal Information (health information, account credentials, and precise location where provided). We have disclosed personal information for business purposes to the categories of recipients described in Section 4. We have not sold or shared personal information for cross-context behavioral advertising in the past twelve months.

If you are a Washington resident, or your consumer health data is collected in Washington, you have specific rights under the My Health My Data Act, including the right to confirm whether we collect, share, or sell your consumer health data; to withdraw consent; to delete consumer health data; and to receive a list of all third parties and affiliates with which we have shared or sold consumer health data. We do not sell consumer health data. To exercise these rights, contact us as described in Section 15.

If you are a resident of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, or another state with a comprehensive privacy law, you have rights similar to those described above. The specific rights and exceptions vary by state. Contact us to exercise any applicable right.

We use administrative, physical, and technical safeguards designed to protect your information. These include encryption of data in transit, access controls, vendor due diligence, workforce training, and routine review of our security practices. For PHI, we apply safeguards consistent with the HIPAA Security Rule.

No method of transmission or storage is perfectly secure. While we work hard to protect your information, we cannot guarantee absolute security. If we learn of a breach of your unencrypted personal information that creates a risk of harm to you, we will notify you in accordance with applicable law.

We retain information only as long as needed for the purposes described in this Policy, or as required by law. General guidelines:

Account information: for as long as your account is active, plus a reasonable period to handle requests, disputes, and legal obligations.

Donation and financial records: at least seven (7) years for tax, audit, and nonprofit reporting requirements.

Health information and biomarker results: retained according to applicable federal and state law and any Business Associate Agreements, and in coordination with our partner medical providers and laboratories.

Marketing data: until you unsubscribe or request deletion, plus a short retention period to honor your opt-out.

Website analytics: typically up to 24 months in aggregated form.

When information is no longer needed, we delete, destroy, or de-identify it.

We use cookies and similar technologies (such as pixels, tags, and local storage) to operate the Site, remember your preferences, measure performance, and improve our content. You can control cookies through your browser settings. Disabling some cookies may affect Site functionality.

We honor Global Privacy Control (“GPC”) signals where required by law as a request to opt out of sale or sharing for cross-context behavioral advertising. As stated above, we do not sell or share personal information in those senses.

DeNovo Longevity Inc. sends text message updates and responses to our nonprofit customers about pricing and products offered at www.denovolongevity.org. The terms in this section apply specifically to our Text Message Service. They supplement, and do not modify, the rest of this Privacy Policy, which may govern our relationship with you in other contexts.

10.1 How We Use Mobile Information

We respect your privacy. We use the information you provide to send and respond to your mobile messages. This includes sharing it with platform providers, phone companies, and other vendors who help us deliver messages.

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. We will not share mobile information with third parties for marketing. Text messaging originator opt-in data and consent are not shared with any third parties, except as required to provide the Text Message Service itself.

We may disclose information to satisfy legal, regulatory, or governmental requests, to avoid liability, or to protect our rights or property.

You consent to receive text messages from us only after you opt in (for example, by submitting your mobile number through a form and confirming your consent, or by texting a keyword to our short code or number). Message and data rates may apply. Message frequency varies. You can opt out at any time by replying STOP to any message from us. For help, reply HELP or contact us using the information in Section 15.

This section applies to your use of the Text Message Service. It does not modify our general Privacy Policy, which continues to govern our relationship with you in other contexts.

Our Services are intended for adults eighteen (18) and older. We do not knowingly collect personal information from children under thirteen (13) in violation of the Children’s Online Privacy Protection Act (“COPPA”). If you believe a child has provided us with personal information, please contact us so we can delete it.

DeNovo is based in the United States, and our Services are intended for users in the United States. If you access our Services from outside the United States, you understand that your information will be processed in the United States, which may have different data protection laws than your country. By using our Services, you consent to this transfer.

Our Site may contain links to third-party websites, partner provider portals, or social media platforms. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before sharing information with them.

We may update this Policy from time to time to reflect changes in our practices, our Services, or applicable law. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where required, notify you by email or by a prominent notice on the Site. Your continued use of the Services after the changes take effect constitutes acceptance of the updated Policy.

For questions about this Policy, to exercise your privacy rights, or to report a concern, please contact us:

DeNovo Longevity Inc.

Attn: Privacy Officer

901 H St Ste 120 Sacramento ,CA 95814

Email: privacy@denovolongevity.org

Website: www.DeNovoLongevity.org

If you have a HIPAA-related complaint that you believe we have not adequately addressed, you also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

This Privacy Policy is provided as a substantive starting draft. DeNovo Longevity Inc. should have this document reviewed by qualified legal counsel before publishing, particularly regarding HIPAA Business Associate status, state health-data law compliance (including Washington’s My Health My Data Act), and donor data obligations.