Privacy Policy
Effective Date: May 2026
1. Data Collection
BioAge collects only the personal health data you explicitly enter or import from Apple HealthKit. This includes sleep duration, heart rate variability (HRV), blood markers, stress levels, cardiovascular metrics, physical fitness test results (reaction time, grip strength, gait cadence), and profile information (name, date of birth, biological sex, height, weight).
BioAge does not collect advertising identifiers, precise location, contacts, camera images, microphone audio, or browsing history. No analytics SDKs or advertising frameworks are included in the app.
2. On-Device Storage & Encryption
All health data is stored exclusively on your device using Core Data with NSFileProtectionComplete — the data store is encrypted when the device is locked. Your personal profile (name, date of birth, biological sex, height, weight) is stored in the iOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly — it cannot be extracted in iCloud backups or transferred to another device.
No health data is synced to iCloud, sent to our servers, or shared with any third party except as described in Section 4.
3. Automatic Daily Health Import
If you enable Daily Auto-Import in Settings → Data, BioAge will access Apple HealthKit in the background approximately once per day to import your latest sleep and HRV data. This access is read-only and uses only the same data types already covered under Section 1.
This feature is opt-in and disabled by default. You can turn it off at any time in Settings → Data → Daily Auto-Import. Disabling it immediately cancels all pending background fetches.
Background access requires "Background App Refresh" to be enabled for BioAge in iOS Settings → General → Background App Refresh. iOS may limit or delay background refreshes based on battery state, network conditions, and usage patterns.
4. Anthropic AI — Third-Party Data Sharing
BioAge can generate personalised coaching insights using Anthropic's Claude AI. This feature is:
- Entirely opt-in — disabled by default
- Gated behind two explicit consent steps
- Revocable at any time in Settings → Privacy → AI Insights
When AI Insights is enabled, BioAge sends only the following anonymous numeric data to Anthropic. No names, dates of birth, email addresses, raw lab values, or device identifiers are ever included.
- Estimated biological age and chronological age (years, numeric)
- Delta (biological age minus chronological age)
- Sleep: pillar age-delta, duration (hours), quality score (1–10), deep/REM percentages, bedtime and wake time (HH:MM only — no date)
- HRV: pillar age-delta, RMSSD value (milliseconds)
- Blood markers: pillar age-delta only — no individual lab values or marker names
- Stress: pillar age-delta, level score (1–10)
- Cardiovascular: pillar age-delta, resting heart rate (BPM)
- Reaction time: pillar age-delta, median response time (milliseconds)
- Gait: pillar age-delta, cadence (steps per minute)
- Your selected health goals (chosen from a fixed list of 5 options)
You can view the exact data schema in Settings → Privacy → "What we send to AI".
Anthropic's privacy policy is available at anthropic.com/privacy. Anthropic does not use API data to train models without explicit consent.
5. Technical Security Measures
BioAge implements multiple layers of security for all outbound communications:
- Certificate pinning — all connections to the Anthropic API are pinned to the leaf certificate SHA-256 fingerprint. A man-in-the-middle proxy cannot intercept requests even if a rogue root CA is installed on the device.
- Data residency guard — a runtime check blocks any payload containing an ISO 8601 timestamp before it leaves the device. Raw timestamps (which could be used to reconstruct your activity patterns) are stripped at the API boundary.
- Prompt sanitisation layer — user-generated strings are sanitised before being included in any outbound prompt.
- Hardened transport — all API traffic uses TLS 1.2+ with certificate pinning. No plain HTTP connections are permitted.
6. Data Exports
BioAge allows you to export your health history as JSON or CSV via Settings → Privacy → Export My Data. Exported files contain your full health history including profile information.
Exports are created in your device's app sandbox temporary directory and are only accessible through the iOS share sheet. No export is uploaded to any server. You are responsible for protecting exported files once they leave the app via the share sheet.
7. Widget & Apple Watch Sharing
If you use the BioAge widget or Apple Watch app, your most recent biological age score and delta are written to an App Group shared container to make them available to those extensions. Only the latest numeric score is written — no full health history, blood values, or profile information is stored in the App Group container.
8. Third-Party Services
BioAge uses:
- Apple HealthKit — read-only access only; no data is written back to HealthKit
- Apple Core Motion — on-device step counting and cadence measurement for the gait test; data is not stored beyond the test session
- Apple VisionKit / PDFKit — on-device OCR and PDF text extraction for lab report scanning; files are processed locally and never uploaded
- Anthropic Claude API — for AI insights only; see Section 4 for exact data shared
No advertising networks, analytics SDKs, crash-reporting services, or other third parties have access to your health data.
9. Data Deletion
You can permanently delete all your data at any time via Settings → Privacy → "Delete All My Data". This removes your profile from the Keychain, all health snapshots from Core Data, and all cached scores from App Group storage. This action is irreversible.
Uninstalling the app removes Core Data storage. Your Keychain data may persist after uninstall depending on iOS version; use "Delete All My Data" before uninstalling for a complete wipe.
10. Data Retention
Your health data is retained on your device for as long as you use the app. BioAge does not retain any copies of your data on external servers.
Data sent to Anthropic for AI insight generation is subject to Anthropic's data retention policy (anthropic.com/privacy). BioAge does not control Anthropic's retention of prompt data submitted via the API.
11. Not a Medical Device
BioAge is a personal wellness tracking app. It is not a medical device, is not FDA-cleared or CE-marked, and does not provide medical diagnoses, clinical assessments, or treatment recommendations. Biological age estimates are informational only and do not substitute for advice from a qualified healthcare provider.
12. Children's Privacy
BioAge is rated 9+ on the App Store. Because the app collects personal health data, users under the age of 13 (or the applicable age of digital consent in their country) must have a parent or guardian review this Privacy Policy and provide consent before using the app.
If you are a parent or guardian and believe your child under 13 has provided health data without your consent, please use Settings → Privacy → "Delete All My Data" to remove all stored information, then delete the app.
BioAge does not knowingly collect health data from children under 13 without parental consent.
13. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be notified in-app. The effective date at the top of this policy reflects when the current version took effect. Continued use of BioAge after a policy update constitutes acceptance of the revised policy.
14. Contact
If you have questions about this privacy policy or your data, contact us at: support.bioage@gmail.com