01
Scope
This Privacy & Governance charter applies to all personal information,
health information, biometric data, and uploaded clinical results processed by
AEVUM (operated by Now2Eternity) through this site, the affiliated mobile and
web applications, and the institutional licensing platform.
02
Information we collect
Account data (name, email, jurisdiction); clinical inputs you provide
(lab panels, imaging summaries, wearable exports, questionnaire responses);
service metadata required to operate the platform (timestamps, device class,
IP at submission). We do not buy data from third-party brokers.
03
Lawful basis & consent
We process health information under HIPAA where applicable, and under
GDPR Article 9(2)(a) explicit consent and 9(2)(h) provision of healthcare in
the EEA/UK. You can withdraw consent at any time; withdrawal does not affect
processing already performed lawfully.
04
How we use your data
To operate the Standard against your individual profile, generate
clinical readouts for your physician, deliver the membership service, and
produce de-identified aggregate analytics for the annual external audit.
We do not use your identifiable health data to train external AI models.
05
Sharing & disclosure
Identifiable data is shared only with: (i) your designated physician;
(ii) infrastructure subprocessors under HIPAA Business Associate Agreements;
(iii) the independent third-party auditor under a confidentiality agreement;
(iv) where required by law. Never with employers, insurers, or institutional
licensees in identifiable form.
06
Storage, retention, deletion
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Retained for the active membership plus seven years to satisfy clinical
record-keeping standards, then deleted. You may request deletion at any time
via the contact channels below; legally required retention may persist in
sealed archive.
07
Your rights
Access, rectification, portability, restriction, objection, and
deletion — subject to applicable law. EEA/UK residents may lodge a complaint
with their supervisory authority. California residents may exercise CCPA/CPRA
rights without discrimination.
08
Governance
The Standard is published in full — no proprietary protocol layer.
An independent Scientific Board reviews and ratifies revisions annually. An
independent third-party auditor verifies clinical thresholds and outcome data.
Conflicts of interest are disclosed in the annual report.
09
Changes to this charter
Material changes are versioned and published with a 30-day notice
period. Substantive revisions are also presented to the Scientific Board and
the external auditor before taking effect.