Skip to content
Select a language

AO Health - Privacy Policy

Effective Date: March 20, 2026 Last Updated: March 20, 2026

1. Controller

AO Health, Germany ("AO", "we", "us") is the data controller for personal data processed through the AO Health app, platform, and related services (the "Service"). We process data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law.

2. Our Core Principle: Zero Knowledge

AO is built on a Zero Knowledge architecture. Your sensitive health data is encrypted on your device using your personal encryption key (PEK). Data stored on our servers is fully encrypted. AO cannot and does not access your health data. Only you hold the decryption keys.

3. Data We Collect

3.1 Account Data

  • Email address, name, date of birth (for account creation and age verification)
  • Password (hashed, never stored in plain text)

3.2 Health & Wellness Data (Encrypted)

  • Habit tracking entries, health self-assessments, and check-in responses
  • Wearable and diagnostic data you choose to connect (e.g., heart rate, sleep, activity)
  • AO Ageing Clock / Healthspan Digital Twin data
  • All health data is end-to-end encrypted and inaccessible to AO

3.3 Usage Data

  • App usage patterns, feature interactions, crash reports (anonymized)
  • Device type, operating system, language settings

3.4 Payment Data

  • Processed by third-party payment providers. AO does not store credit card or bank details.

4. How We Use Your Data

Purpose Legal Basis (GDPR)
Provide and improve the Service Art. 6(1)(b) -- Contract performance
Generate personalized recommendations Art. 6(1)(b) -- Contract performance
Send service-related communications Art. 6(1)(b) -- Contract performance
Ensure security and prevent fraud Art. 6(1)(f) -- Legitimate interest
Anonymized analytics to improve the app Art. 6(1)(f) -- Legitimate interest
Marketing communications Art. 6(1)(a) -- Consent (opt-in)
Data donation for aging research Art. 6(1)(a) -- Explicit consent (opt-in)

 

 

 

 

 

5. Data Donation for Research

You may voluntarily opt in to donate anonymized, aggregated health data to support aging and longevity research ("AO for Science"). This data is fully de-identified before leaving your device. You can withdraw consent at any time without affecting your use of the Service.

6. Data Storage & Security

  • All servers are located in Germany (sovereign data storage).
  • Health data is protected by end-to-end encryption (Zero Knowledge).
  • Our technical team follows ISO 13485 quality management principles.
  • We conduct regular security audits and adhere to strict German and EU medical & privacy regulations.

7. Data Sharing

We do not sell your personal data. We share data only in these limited circumstances:

  • Service providers (hosting, payment processing) -- bound by data processing agreements
  • AO Certified Partners (coaches, trainers) -- only data you explicitly choose to share
  • Legal obligations -- when required by law or court order
  • Research -- only anonymized data, only with your explicit opt-in consent

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict processing
  • Data portability -- receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise your rights, contact us at privacy@ao-health.com.

9. Cookies & Tracking

The AO app uses minimal analytics. We do not use advertising trackers. On our website, we use only essential and analytics cookies. You can manage cookie preferences at any time.

10. Data Retention

We retain your data only as long as necessary to provide the Service or as required by law. Upon account deletion, your encrypted data is permanently removed from our servers within 30 days.

11. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this policy. Material changes will be communicated via the app or email. Continued use after notification constitutes acceptance.

13. Contact & Data Protection Officer

AO Health Email: privacy@ao-health.com

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence or place of work.