Privacy Policy

Last updated: 11 June 2026 · Contact: privacy@jevity.io

1. The short version

Local-first: in the current early-access build, your health data (check-ins, scores, photos, vitals) is stored on your own device — we cannot see it.
No data sales, ever. No third-party ad trackers. No fingerprinting.
Consent-based analytics: we count visits and feature usage only after you click "Accept analytics".
Full control: export or permanently delete everything, anytime, in Settings.

2. Who we are

Jevity ("we", "us") operates jevity.io. For GDPR purposes we are the data controller for the limited data described below. Contact: privacy@jevity.io.

3. What we collect and why

Stored on your device only: your profile, daily check-in history, symptoms, scores, wearable connection choices, progress photos (browser IndexedDB), and experimental vitals. Raw camera video, photos, and microphone audio are processed in your browser and are never uploaded, recorded, or stored by us.
Score computation (transmitted transiently, not stored): when you request a score, the minimal numeric inputs required (e.g., age, lifestyle ratings, check-in ratings, or derived aggregate features such as heart-rate variability, vocal jitter, or image brightness statistics) are sent over TLS to our stateless scoring service, processed in memory to return your result, and never stored, logged, or linked to your identity — legal basis: contract (GDPR Art. 6(1)(b)) and, for health-related inputs, your explicit request-by-action (Art. 9(2)(a)). The results are saved only on your device.
Waitlist (transmitted, with your action): your email address, signup source, and region — legal basis: contract/consent — used to create your account, send a welcome email, and (only with marketing consent) product updates.
Analytics (transmitted, only after consent): anonymous event counts (page views, feature usage), a random device identifier, and no precise location, no cross-site tracking — legal basis: consent (GDPR Art. 6(1)(a)).

4. Special category (health) data

Health-related inputs are processed locally on your device under your sole control. If future cloud-sync features launch, health data will be processed only with your explicit consent (GDPR Art. 9(2)(a)), encrypted in transit and at rest, and covered by an updated policy presented before any sync occurs.

5. Where data lives & transfers

Waitlist and analytics data are hosted on Neon (PostgreSQL) and Vercel infrastructure in the United States, protected by Standard Contractual Clauses for EU/UK transfers. Transactional email is delivered by Resend.

6. Your rights (GDPR · UK GDPR · PIPEDA · CCPA)

Access, rectification, portability (in-app: Settings → Export my data)
Erasure / "right to be forgotten" (in-app: Settings → Delete everything, or email us)
Restriction & objection to processing; withdrawal of consent at any time (decline or clear analytics consent; unsubscribe link in every email)
EU/UK: complain to your supervisory authority · Canada: the OPC · California: CCPA rights incl. "Do Not Sell" (we do not sell data) and non-discrimination

We respond to verified requests within 30 days.

7. Retention

Waitlist data: until you ask us to delete it. Analytics events: 24 months, then aggregated or deleted. Device-local data: under your control; deleting it in Settings or clearing browser storage removes it permanently.

8. Cookies & similar technologies

We use no advertising cookies. We use localStorage for your account, preferences, and (with consent) first-party analytics. The consent banner records your choice; you can change it by clearing site data.

9. Children

Jevity is for adults 18+. We do not knowingly process children's data.

10. Changes

We will post changes here and, for material changes affecting transmitted data, ask for renewed consent.

← Back to jevity.io · Terms of Service