Security

AgeVel is designed to protect user data with industry-standard safeguards. This page describes our current security practices and limitations.

HTTPS/TLS Least-privilege access Operational logging

AgeVel provides informational insights and is not a medical device.

Scope

This page applies to AgeVel web applications and related services. Controls may vary by deployment environment and partner configuration.

PrivacySee Privacy Policy for data handling details.

Data handling modes

  • Guest mode: inputs are processed to generate results and are not intended to be stored long-term.
  • Account mode: saved reports and metadata are stored so you can track trends over time.
  • Partner/Clinic mode: may include additional controls under separate agreements.

Retention depends on how you use the service and your account settings.

Core safeguards

Encryption in transit HTTPS/TLS is used for data transmitted between your browser and our services.
Encryption at rest Data stored by our service providers is protected using their standard at-rest encryption controls (where supported).
Access controls Production access is restricted to authorized personnel on a need-to-know basis, using strong authentication where supported.
Logging & monitoring We maintain logs for reliability, debugging, and security monitoring. Logs may include timestamps, error traces, and request metadata.
Retention & deletion You may request deletion of your account and associated data by emailing privacy@agevel.com. We may retain limited data for security, fraud prevention, and legal compliance.

Subprocessors

We use third-party service providers to operate the service (for example: hosting, analytics, and AI processing). These providers may process data on our behalf consistent with our Privacy Policy.

Recommendation: Maintain an up-to-date list of subprocessors and notify users of material changes via the Privacy Policy.

Vulnerability reporting

If you believe you have found a security vulnerability, email security@agevel.com with steps to reproduce, potential impact, and any relevant screenshots/logs.

What to include: affected URL, reproduction steps, expected vs actual behavior, and any proof-of-concept details.

HIPAA note

AgeVel is not a covered entity under HIPAA. If AgeVel is used by clinics or healthcare providers, responsibilities and data handling may be governed by separate agreements and applicable regulations.

If you intend to support HIPAA-regulated workflows (e.g., for clinics), consider offering BAAs for eligible partners and documenting required controls (audit logs, role-based access, retention policies, incident response).