Skip to content

Privacy & Governance

Health data, stewarded as infrastructure.

HIPAA-aligned. Externally audited. Governed by a published charter, revised annually.

Laboratory setting where clinical samples are processed
Stewardship · Audited · Published in full

01

Scope

This Privacy & Governance charter applies to all personal information, health information, biometric data, and uploaded clinical results processed by AEVUM (operated by Now2Eternity) through this site, the affiliated mobile and web applications, and the institutional licensing platform.

02

Information we collect

Account data (name, email, jurisdiction); clinical inputs you provide (lab panels, imaging summaries, wearable exports, questionnaire responses); service metadata required to operate the platform (timestamps, device class, IP at submission). We do not buy data from third-party brokers.

03

Lawful basis & consent

We process health information under HIPAA where applicable, and under GDPR Article 9(2)(a) explicit consent and 9(2)(h) provision of healthcare in the EEA/UK. You can withdraw consent at any time; withdrawal does not affect processing already performed lawfully.

04

How we use your data

To operate the Standard against your individual profile, generate clinical readouts for your physician, deliver the membership service, and produce de-identified aggregate analytics for the annual external audit. We do not use your identifiable health data to train external AI models.

05

Sharing & disclosure

Identifiable data is shared only with: (i) your designated physician; (ii) infrastructure subprocessors under HIPAA Business Associate Agreements; (iii) the independent third-party auditor under a confidentiality agreement; (iv) where required by law. Never with employers, insurers, or institutional licensees in identifiable form.

06

Storage, retention, deletion

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Retained for the active membership plus seven years to satisfy clinical record-keeping standards, then deleted. You may request deletion at any time via the contact channels below; legally required retention may persist in sealed archive.

07

Your rights

Access, rectification, portability, restriction, objection, and deletion — subject to applicable law. EEA/UK residents may lodge a complaint with their supervisory authority. California residents may exercise CCPA/CPRA rights without discrimination.

08

Governance

The Standard is published in full — no proprietary protocol layer. An independent Scientific Board reviews and ratifies revisions annually. An independent third-party auditor verifies clinical thresholds and outcome data. Conflicts of interest are disclosed in the annual report.

09

Changes to this charter

Material changes are versioned and published with a 30-day notice period. Substantive revisions are also presented to the Scientific Board and the external auditor before taking effect.

Self-Serve · Data Rights

Submit a privacy request.

Exercise your right to access, export, correct, restrict, or delete the personal data we hold about you. Each request is logged, identity-verified by the Privacy Office, and answered within the statutory window.

Request type

Statutory response window · 30 days · extendable to 90 days for complex requests

Contact the Privacy Office

Privacy Officer · privacy@now2eternity.life
Data Protection Officer (EU) · dpo@now2eternity.life

Contact us →

Version 1.0 — 2026 · Externally audited