Effective Date: May 9, 2026·Last Updated: May 9, 2026
This Privacy Policy describes how 5M Ventures LLC (“we,” “us,” “our”) collects, uses, and protects your information when you use Aeon (“Service”). Aeon is designed with privacy as a core architectural principle. We process your health data only during your active session and delete it when your session ends.
Aeon is not a covered entity or business associate as defined under the Health Insurance Portability and Accountability Act (HIPAA). Aeon does not provide healthcare services, process insurance claims, or maintain medical records. The information you provide is processed solely for the purpose of generating a personalized longevity assessment and is not subject to HIPAA protections. If you have questions about how your health information is protected, review Sections 4 and 6 of this policy.
Aeon is currently in private beta. Features, data handling practices, and this Privacy Policy may be updated as the Service develops. Material changes will be indicated by an updated effective date and, where feasible, a notice on the landing page.
We do not collect: names, physical addresses, phone numbers, payment information, social security numbers, insurance information, or any government-issued identification. We do not create user accounts or maintain user profiles.
We use your information for the following purposes:
Your lab values and health analysis are cleared when your session ends. We cannot recover them. Certain non-health data (email, reminder preferences) may persist as described below.
All uploaded files, parsed biomarker values, generated recommendations, biological age calculations, and dashboard content are cleared from our servers when your session ends. Session end is triggered when you confirm session completion or after 2 hours of inactivity. We do not retain your lab values or health analysis results after session termination.
We retain your email address and the date of your session for the following purposes: delivery confirmation, operational recordkeeping, and abuse prevention. Your email address is not linked to any health data after your session ends.
You may request deletion of your email address from our records at any time by contacting us at privacy@getaeon.ai. We will process deletion requests within 30 days.
If you opt in to a retest reminder, we store your email address and your chosen reminder date. No health data (biological age, biomarker values, or recommendations) is stored with the reminder. Reminder records auto-expire after the reminder date plus a 7-day grace period. You may request early deletion by emailing privacy@getaeon.ai.
Your assessment report and share card are delivered to your email address via our email provider (Resend). These attachments contain health-related information including biomarker values, biological age estimates, and personalized recommendations.
Email is delivered via standard internet email protocols (SMTP), which are not end-to-end encrypted. Your results may pass through third-party mail servers in transit. By providing your email address, you acknowledge and consent to receiving health-related assessment results through this unencrypted channel.
Once delivered, your results exist in your inbox and are subject to your email provider’s security and retention policies. You are responsible for the security of your email account. We do not retain a server-side copy of the report or share card after delivery. Our email provider may retain delivery metadata (recipient address, send timestamp, delivery status) per their standard retention schedule. If you lose your results, we cannot regenerate them because the underlying health data no longer exists.
Your biomarker values and demographic context are sent to our AI provider (Anthropic) for analysis during your session. Anthropic does not use API inputs for model training. Anthropic’s data retention policies govern any temporary processing logs on their infrastructure. No health data is retained on our servers after the API response is received and your session ends.
If you join the beta waitlist, we store your email address and signup date. Waitlist records auto-expire after 180 days. If you submit feedback through the session-end screen, we store your feedback text and a timestamp. Feedback records auto-expire after 90 days. Neither waitlist nor feedback records are linked to your health data.
Standard server logs (IP addresses, request timestamps, error logs) are retained per our hosting provider’s default retention period, typically 30–90 days. These logs do not contain your health data.
We use the following categories of third-party service providers to operate Aeon. These providers process data on our behalf and are contractually obligated to use it only for the purposes we specify.
| Category | Purpose | Data Shared |
|---|---|---|
| AI/LLM Provider | Document parsing and recommendation generation | Uploaded file contents and intake data (during session only) |
| Email Service Provider | Delivering your results PDF | Email address and PDF attachment |
| Hosting/Infrastructure | Running the Service | All data transiting through the platform |
| Session State Provider | Temporary session storage and rate limiting | Session tokens, email address, waitlist and feedback data |
| Authentication Provider | Optional email verification via Google Sign-In | Email address and verification status |
We do not sell, rent, or trade your personal information or health data to any third party. We do not share your data with advertisers, data brokers, or marketing platforms.
Your uploaded health data is sent to our AI provider’s API for document parsing and recommendation generation. This data is transmitted via encrypted connection (TLS 1.2+). We use API configurations that do not retain input data for model training. Your data is processed and discarded by the AI provider in accordance with their API data processing terms.
We implement the following security measures:
Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data during transmission or processing.
Depending on your jurisdiction, you may have the following rights:
If you are a California resident, you have the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@getaeon.ai.
Our legal basis for processing your health data during your session is your explicit consent, which you provide when you accept these terms and initiate your session. Health data constitutes “special category data” under GDPR Article 9. Our processing is lawful under Article 9(2)(a) (explicit consent).
Our legal basis for retaining your email address is our legitimate interest in operational recordkeeping and abuse prevention (Article 6(1)(f)).
You have the right to lodge a complaint with your local data protection authority.
For privacy inquiries, contact: privacy@getaeon.ai
Aeon is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly.
Aeon uses only essential cookies required for session management (maintaining your active session state). We do not use:
We do not use Google Analytics, Facebook Pixel, or similar tracking tools.
Your data is processed on servers located in the United States. If you are accessing Aeon from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
For EEA/UK users: transfers are conducted pursuant to Standard Contractual Clauses or other appropriate safeguards as required by applicable law.
We may update this Privacy Policy from time to time. We will post the revised policy on our website with an updated effective date. Because we do not maintain user accounts, we cannot provide individual notice of changes. Material changes will be indicated by a prominent notice on our landing page for a reasonable period following the update.
For questions, concerns, or requests related to this Privacy Policy, contact us at:
privacy@getaeon.ai
5M Ventures LLC
Wake County, North Carolina
© 2026 5M Ventures LLC. All rights reserved.