PRIVACY POLICY

Privacy Policy

We are committed to protecting your personal and health information. This policy explains how we collect, use, share, and safeguard your data, and the choices and rights you have.

Last Updated: May 29, 2026 · Effective Date: April 29, 2026

Longevity Score
Discover your free Longevity Score

See how your biomarkers, risk factors, and goals translate into next steps.

1. Scope and Roles

This Privacy Policy applies to information collected by Reach Peak Life Inc. ("Reach Peak Life," "we," "our," or "us") through reachpeaklife.com and related platforms.

Reach Peak Life operates as a Management Services Organization providing technology and administrative support. Clinical services are provided by independent licensed healthcare providers affiliated with StratusMD ("Clinical Partner"), who are a separate covered entity under HIPAA. Information collected for clinical purposes is governed by our HIPAA Notice of Privacy Practices, which controls in case of conflict with this Privacy Policy.

2. Information We Collect

Information you provide directly:

  • Identifiers (name, email address, phone number, mailing address, date of birth)
  • Account credentials (username, password)
  • Health-related information (symptoms, medical history, lab results, medications, lifestyle data, biometric measurements)
  • Payment information (credit/debit card details, billing address — processed by our PCI-compliant payment processor; we do not store full card numbers)
  • Communications (messages to support, feedback, survey responses)

Information collected automatically:

  • Device and usage data (IP address, browser type, operating system, device identifiers, pages visited, referring URLs, click patterns)
  • Cookies, pixels, and similar technologies (see Section 6)
  • Approximate location derived from IP address

Information from third parties:

  • Lab results from partner laboratories (Quest Diagnostics)
  • Prescription fulfillment confirmations from partner pharmacies
  • Identity verification data from third-party verification services

3. How We Use Information

We use information to:

  • Provide and operate the platform and its features (including the longevity calculator)
  • Facilitate consultations and ongoing care with our Clinical Partners
  • Process payments and manage billing
  • Coordinate lab testing and prescription fulfillment
  • Communicate with you about services, account activity, appointments, and required notices
  • Personalize content and recommendations within the platform
  • Detect, investigate, and prevent fraud, abuse, or unauthorized activity
  • Improve and develop the platform, including conducting analytics and research using de-identified or aggregated data
  • Comply with legal, regulatory, and contractual obligations

We do not use your information for unrelated marketing without your consent, and we do not use protected health information for marketing purposes except as permitted by HIPAA.

4. How We Share Information

We do not sell your personal information for money. However, our use of the Meta Pixel for advertising audience building may constitute "sharing" for cross-context behavioral advertising under the CPRA and "targeted advertising" under other state laws. You can opt out of this at any time through the Global Privacy Control signal, our cookie banner, or the "Do Not Sell or Share My Personal Information" link in our footer (see Sections 6 and 11). We share information only as follows:

  • Clinical Partners: StratusMD providers, who use the information to provide clinical services to you
  • Service providers (data processors): Third parties that perform services on our behalf under contractual confidentiality and security obligations, including:
    • Payment processing — Stripe, Inc.
    • Laboratory services — Quest Diagnostics
    • Prescription fulfillment — licensed 503A compounding pharmacies under contract
    • Practitioner-grade supplement dispensary — Fullscript
    • Cloud hosting and storage — third-party cloud infrastructure providers
    • Email and SMS delivery — transactional message providers
    • Identity verification and fraud prevention
  • Legal and safety: Government authorities, courts, regulators, or other third parties when required by law, subpoena, court order, or to protect rights, property, or safety
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality protections; you will be notified of any change of data controller
  • With your consent: Any other sharing for which you have provided explicit consent

Third-party analytics and marketing tools. On our general, non-health webpages only, we use the following tools. None of these tools is loaded on the longevity assessment tool (app.html) or on our clinical service pages, and none receives health information (see Section 7):

  • Google Analytics 4, provided by Google LLC. Collects: page views, session duration, device and browser type, approximate city-level location, referral source, and UTM campaign parameters. We have enabled IP anonymization and disabled Google Signals and ad-personalization signals. Does not collect health information, calculator inputs, or any protected health information.
  • Meta Pixel, provided by Meta Platforms, Inc. Collects: page views, button clicks, and standard custom events from non-health pages only, used for conversion measurement and advertising audience building.
  • Mailchimp (Intuit Mailchimp), our email service provider. When you submit our forms, we transmit only your first name, your email address, and a single product-category interest indicator. We do not transmit calculator inputs, longevity scores, summary reports, or any health responses to Mailchimp.
  • Cookiebot (Usercentrics A/S), our consent management platform. Stores and documents your cookie-consent choices to help us comply with the CPRA, GDPR, and the Colorado Privacy Act. The Cookiebot consent banner loads before, and gates, the Google Analytics and Meta Pixel tags described above.

Each of these providers processes data under its own privacy policy and, where applicable, under a data-processing agreement with us. The statistics and marketing tags above are loaded only after you provide consent through our cookie banner, except where a tool qualifies as strictly necessary. When we detect a Global Privacy Control signal, we treat it as an opt-out and the Google Analytics and Meta Pixel tags do not fire.

5. Data Protection and Security

We implement administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS 1.2+) and at rest, role-based access controls, multi-factor authentication for staff accessing systems containing personal data, regular security assessments, and contractual data-protection obligations on service providers.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

6. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to operate the platform, remember your preferences, analyze usage, and detect security issues. We use Cookiebot (Usercentrics) as our consent management platform. On your first visit, the Cookiebot banner lets you accept or decline each non-essential category, and our analytics and marketing tags do not load until you consent. You can change or withdraw your consent at any time through the cookie-preference link available on our pages, and you may also control cookies through your browser settings. Disabling certain cookies may affect functionality.

We classify cookies into the following categories:

  • Strictly necessary — required for the site to function (for example, security, load balancing, and recording your consent choices). These cannot be switched off and do not require consent. Typical duration: session to 12 months.
  • Preferences — remember choices such as language or region to personalize your experience. Set only with consent. Typical duration: up to 12 months.
  • Statistics — help us understand how visitors use the site. This category includes Google Analytics 4 (Google LLC). Set only with consent. Typical duration: up to 24 months.
  • Marketing — used to measure and build advertising audiences. This category includes the Meta Pixel (Meta Platforms, Inc.). Set only with consent. Typical duration: up to 90 days for the pixel; associated Meta cookies may persist longer per Meta's policy.

A detailed, automatically maintained list of the specific cookies in each category — including name, provider, purpose, and duration — is available through the cookie-preference link on our pages.

We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), as a valid request to opt out of the sale or sharing of personal information and of targeted advertising where required by applicable law. Because browsers do not send a uniform "Do Not Track" signal, we are not able to respond to DNT specifically, but the consent controls and GPC handling described above apply.

7. AI-Assisted Tools and the Longevity Assessment

The platform uses AI-assisted tools, including the longevity calculator scoring engine, to generate insights and recommendations. AI outputs are educational, do not constitute medical advice, and do not replace evaluation by a licensed provider.

Privacy-enhanced processing of the Peak Life longevity assessment. The Peak Life longevity assessment tool operates in a privacy-enhanced mode. Health responses — including lab values, symptoms, BMI inputs, and score outputs — are processed in your browser only, are never transmitted to Google, Meta, Mailchimp, or any other analytics or marketing partner, and are not associated with any identifiable user without your explicit action at the point of email submission. If you choose to receive your results by email, only your first name, your email address, and a single product-category indicator are transmitted to our email service provider. Your longevity score, your individual responses, and any summary of your assessment are not transmitted or stored by us as identifiable records and are not sent to any third party.

8. No Guarantee of Outcomes

Information and tools on the platform are intended to support — not guarantee — health outcomes. Individual results vary, and clinical decisions are made by your treating provider based on your individual evaluation.

9. Your Privacy Rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your personal information (subject to retention requirements)
  • Object to or restrict certain processing
  • Receive a portable copy of your data in a structured, commonly-used format
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@reachpeaklife.com. We will verify your identity before responding and will respond within the period required by applicable law (typically 30–45 days).

10. European Economic Area, UK, and Switzerland (GDPR Article 13)

Our platform is operated from and intended for users in the United States. However, because the longevity assessment is accessible from an open URL, residents of the European Economic Area, the United Kingdom, and Switzerland may encounter it. Where the EU or UK General Data Protection Regulation applies, the following disclosures are provided under Article 13:

  • Controller: Reach Peak Life Inc., contactable at privacy@reachpeaklife.com. We have determined that we are not required to appoint a Data Protection Officer; privacy inquiries are handled by our Privacy Officer at the same address.
  • Purposes and legal bases: We process website-usage and analytics data on the basis of your consent (Article 6(1)(a)), obtained through our cookie banner; we process marketing communications on the basis of your consent; we operate and secure the site on the basis of our legitimate interests (Article 6(1)(f)) in providing and protecting our services; and we process information to meet legal obligations (Article 6(1)(c)) where applicable. Where we process any special-category (health) data, we do so only with your explicit consent (Article 9(2)(a)).
  • Recipients: The service providers described in Sections 4 and 6, including Google, Meta, Mailchimp, and Cookiebot, acting as processors or independent controllers as applicable.
  • International transfers: Your information will be transferred to and processed in the United States. Where required, such transfers rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses or a provider's certification under an approved transfer framework.
  • Retention: Marketing data is retained for up to 3 years from your last interaction; product-order and financial records are retained for at least 7 years to meet tax and recordkeeping obligations; other periods are described in Section 15.
  • Your rights: You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time without affecting prior lawful processing. To exercise them, contact privacy@reachpeaklife.com.
  • Right to complain: You may lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office).
  • Provision of data: Providing analytics and marketing data is not a statutory or contractual requirement; you are free to decline without affecting your ability to read our general content.

11. California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act and California Privacy Rights Act, including the rights to know, delete, correct, opt-out of "sale" or "sharing" of personal information, and limit the use of sensitive personal information.

We do not sell personal information for money. We do share personal information for cross-context behavioral advertising through the Meta Pixel, and you have the right to opt out. We provide a "Do Not Sell or Share My Personal Information" / "Limit the Use of My Sensitive Personal Information" control, and we honor the Global Privacy Control signal as described in Section 6.

Categories of personal information we collect (as defined by the CPRA), drawn from the detail in Section 2:

  • Identifiers — name, email address, phone number, postal address, IP address, account identifiers
  • Customer records — billing information and payment-card data processed by our payment processor (we do not store full card numbers)
  • Protected classification characteristics — date of birth/age, where you provide it
  • Commercial information — products and services considered or purchased
  • Internet/network activity — pages visited, referring URLs, click patterns, and device/usage data
  • Geolocation — approximate, city-level location derived from IP address
  • Sensitive personal information — health-related information and inferences you provide to obtain services; account credentials. We use this sensitive personal information only to provide the services you request, which is a purpose for which the right to limit does not apply, and we do not sell or share it. Where you exercise the right to limit, we will restrict any use of sensitive personal information beyond those permitted purposes.
  • Inferences — preferences and characteristics derived to personalize the platform

The purposes for collection are described in Section 3, the categories of recipients in Section 4, and retention in Section 15. To exercise California privacy rights, email privacy@reachpeaklife.com with the subject line "California Privacy Request," or use the "Do Not Sell or Share My Personal Information" link in our footer. You may designate an authorized agent to make a request on your behalf, and you have the right to be free from discrimination for exercising your rights.

12. Colorado Residents (CPA)

Colorado residents have rights under the Colorado Privacy Act (CPA), including the rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, the sale of personal data, and certain profiling. To exercise these rights, contact privacy@reachpeaklife.com. You have the right to appeal a denial of your request; if we deny an appeal, you may contact the Colorado Attorney General.

Universal opt-out mechanism. We honor universal opt-out mechanisms recognized under the CPA, including the Global Privacy Control (GPC), as a valid request to opt out of targeted advertising and the sale of personal data, consistent with Section 6.

Profiling disclosure. The Peak Life longevity assessment generates a score and related insights based on the information you enter. Under the CPA's broad definition, this constitutes profiling. We want to be clear about how it works: the assessment is processed in your browser, the score and your underlying responses are not transmitted to us as identifiable records or to any third party, and the profiling is not used for decisions that produce legal or similarly significant effects about you. It is educational and does not determine eligibility for any service or price. You may decline to use the assessment without affecting your access to our general content.

Sensitive data consent. Where you provide health-related or other sensitive data — for example, by completing the assessment or beginning a clinical intake — we process it only with your consent and only to provide the services you request.

13. Other State Privacy Rights

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), and others — have rights similar to those described above. Contact privacy@reachpeaklife.com to exercise applicable state-law rights.

14. Children's Privacy

The platform is not intended for individuals under 18 years of age, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If we become aware that we have inadvertently collected information from a child under 13, we will delete it. Parents or guardians who believe their child has provided information should contact privacy@reachpeaklife.com.

15. Data Retention

We retain personal information for only as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations:

  • Medical records: Retained by Clinical Partners in accordance with state medical-record retention laws (typically 7–10 years after the last patient encounter; longer for minors)
  • Financial and billing records: 7 years (federal tax recordkeeping)
  • Account information: Duration of account plus 2 years after closure, unless longer retention is required
  • Marketing data and email-list information: Up to 3 years from your last interaction; opt-out records are kept indefinitely to honor your choices
  • Server logs and security data: Up to 12 months
  • Calculator inputs and scores: Processed in your browser and not retained by us as identifiable records. If you submit the assessment form, we retain only your first name, email address, and product-category interest indicator as described in Sections 4 and 7

16. De-Identified and Aggregated Data

We may use de-identified or aggregated data — which does not identify any individual — for analytics, research, service improvement, and other lawful purposes. We do not attempt to re-identify de-identified data and contractually prohibit recipients from doing so.

17. International Users

The platform is operated from and intended for users in the United States. If you access the platform from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data-protection laws than your country of residence. By using the platform, you acknowledge this transfer. If you are located in the European Economic Area, the United Kingdom, or Switzerland, the additional disclosures and safeguards in Section 10 also apply.

18. Data Breach Notification

In the event of a security incident affecting your personal information, we will notify you and applicable regulators as required by HIPAA, state breach-notification laws, and other applicable law. Notice will be provided without unreasonable delay and will describe the nature of the incident, the information involved, steps we are taking, and steps you can take to protect yourself.

19. Updates to This Policy

This policy may be updated periodically. Material changes will be communicated by posting the updated policy with an updated "Last Updated" date and, where required, by direct notice. Continued use of the platform after material changes are posted constitutes acceptance of the updated policy.

20. Contact

For questions about this Privacy Policy or to exercise your rights, contact:

Reach Peak Life Inc.
Attn: Privacy Officer
Email: privacy@reachpeaklife.com