Privacy Policy

Last Updated: February 7, 2026
1. INTRODUCTION AND SCOPE
Nostavia Health (“Nostavia,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of your information. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your Personal Information and Sensitive Personal Data or Information (“SPDI”) when you access or use our mobile application, website, platform, and related services (collectively, the “Platform”).
Our services—including Nostavia PRO and Nostavia ULTIMATE—involve the collection and processing of deeply personal biological, physiological, and lifestyle data to support our mission to add life to years and reinvent the human lifespan.
By accessing the Platform or using our services, you expressly consent to the collection, processing, and use of your data as described in this Privacy Policy.
2. INFORMATION WE COLLECT
To deliver our Whole-Body Intelligence System, we collect the following categories of information:
2.1 Personal Information

Identity Data: Name, age, gender, date of birth
Contact Data: Email address, phone number, shipping address (for supplement delivery and home sample collection)
Account & Profile Data: Profile details you voluntarily provide

2.2 Sensitive Personal Data or Information (SPDI)
This forms the core of our Discovery Phase and personalized health analysis:

Biological Samples & Lab Results:
Data derived from blood, urine, or other samples, including metabolic markers, hormonal panels, toxin exposure levels (e.g., heavy metals, microplastics)
Genetic & Epigenetic Data:
Information related to inherited or acquired predispositions used for disease risk and longevity modeling
Health & Lifestyle Data:
Questionnaire responses related to sleep architecture, stress resilience, diet history, medications, family medical history, and health goals
Physiological Metrics:
Data synced from wearable devices (if connected), such as heart rate variability (HRV), resting heart rate, activity levels, and related metrics

2.3 Automatically Collected Information
When you use the App or Platform, we may automatically collect:

Device information (device type, operating system, unique device identifiers)
Usage data (features used, time spent, interaction patterns)
Log data (IP address, access times, error logs, app crashes)

2.4 Camera and Photo Library Access
We request access only with your explicit action to:

Capture or upload lab reports for analysis
Capture meal photos for nutritional tracking

We do not access your camera or photo library without your direct initiation.
3. HOW WE USE YOUR INFORMATION (PURPOSE OF PROCESSING)
We do not sell your data. Your information is processed strictly to deliver, improve, and safeguard our services.
3.1 Service Delivery & Protocol Generation

Generate your Longevity Report and Functional Grading across health domains
Formulate your Dynamic Custom Protocol (Phase 1 & Phase 2), including diet, fitness, supplementation, and lifestyle guidance
Enable home sample collection and supplement delivery

3.2 Human Medical Review (“Genius Doctor” Review)

Your anonymized or pseudo-anonymized data may be reviewed by qualified doctors and nutritionists (“Genius Doctors”)
This human review enables identification of latent biological patterns that automated systems may miss

By using the Platform, you explicitly consent to this professional review as an essential part of the service.
3.3 Artificial Intelligence & Predictive Modeling

Power proprietary AI models that calculate disease probability percentages and future health risks
Analyze collective biomarker interactions (e.g., thyroid–cardiac relationships)
Continuously improve accuracy and system intelligence using anonymized data

3.4 Communication, Support & Operations

Provide access to your assigned nutritionist and care team
Respond to support requests and account inquiries
Communicate service updates and operational notices
Ensure security, prevent fraud, and maintain platform integrity

4. DATA SHARING AND DISCLOSURE
We operate on radical transparency with users and strict confidentiality with third parties.
4.1 Authorized Sharing

Laboratory Partners:
NABL-accredited labs receive limited demographic data solely to process biological samples
Medical & Care Professionals:
Doctors, nutritionists, and specialists assigned to your care team
Technology & Infrastructure Providers:
Third-party vendors used for authentication, storage, analytics, and AI processing

4.2 Legal & Regulatory Disclosure
We may disclose information if required by applicable law, court order, or government authority.
4.3 No Commercial Sale of Health Data

We do not sell, rent, or trade personal or health data
We do not share biological data, risk scores, or reports with insurers, advertisers, or data brokers
Your data is firewall-protected from insurance underwriting and commercial profiling

5. THIRD-PARTY SERVICES
We use trusted third-party services strictly for operational purposes:
ServicePurpose
SupabaseAuthentication and secure data storage
Azure OpenAIAI-powered health analysis
Google Sign-InOptional account authentication
These providers process data under their own privacy policies and security standards.
6. DATA STORAGE, SECURITY & SAFEGUARDS
6.1 Storage

Data is stored using industry-standard cloud infrastructure
Encrypted at rest and in transit (TLS/HTTPS)

6.2 Security Measures

Role-based access on a strict need-to-know basis
Secure authentication mechanisms
Regular security audits and monitoring
Anonymization of data used for system improvement wherever feasible

7. DATA RETENTION

Health data is retained to enable continuous longitudinal tracking, protocol evolution, and biological age visualization
If you cancel your membership, records are retained for periods required under applicable Indian medical and legal regulations
After the retention period, data is securely deleted or anonymized

8. YOUR RIGHTS (INDIAN LAW COMPLIANCE)
As a Data Principal, you have the right to:

Access your personal data, lab reports, and Longevity Report
Correct inaccurate or outdated information
Export your data in a portable format
Request deletion of your account and associated data
Withdraw consent for data processing (subject to legal and contractual obligations)

Note: Data deletion will terminate your membership and disable longitudinal health tracking.
9. CHILDREN’S PRIVACY
Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If such data is identified, it will be promptly deleted.
10. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically. Updates will be communicated by:

Posting the revised policy on the Platform
Updating the “Last Updated” date

Continued use of the Platform constitutes acceptance of the revised policy.
11. GRIEVANCE OFFICER & CONTACT DETAILS
In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, India:
Grievance Officer:
Email: aditya@nostaviahealth.com
Support Email: contact@nostaviahealth.com
Office Address:
PN-889, Ali Nagar, Kanpur Road,
Lucknow – 226008, India

Privacy Policy

Identity Data: Name, age, gender, date of birth

Contact Data: Email address, phone number, shipping address (for supplement delivery and home sample collection)

Account & Profile Data: Profile details you voluntarily provide

2.2 Sensitive Personal Data or Information (SPDI) This forms the core of our Discovery Phase and personalized health analysis:

Biological Samples & Lab Results: Data derived from blood, urine, or other samples, including metabolic markers, hormonal panels, toxin exposure levels (e.g., heavy metals, microplastics)

Genetic & Epigenetic Data: Information related to inherited or acquired predispositions used for disease risk and longevity modeling

Health & Lifestyle Data: Questionnaire responses related to sleep architecture, stress resilience, diet history, medications, family medical history, and health goals

Physiological Metrics: Data synced from wearable devices (if connected), such as heart rate variability (HRV), resting heart rate, activity levels, and related metrics

2.3 Automatically Collected Information When you use the App or Platform, we may automatically collect:

Device information (device type, operating system, unique device identifiers)

Usage data (features used, time spent, interaction patterns)

Log data (IP address, access times, error logs, app crashes)

2.4 Camera and Photo Library Access We request access only with your explicit action to:

Capture or upload lab reports for analysis

Capture meal photos for nutritional tracking

We do not access your camera or photo library without your direct initiation. 3. HOW WE USE YOUR INFORMATION (PURPOSE OF PROCESSING) We do not sell your data. Your information is processed strictly to deliver, improve, and safeguard our services. 3.1 Service Delivery & Protocol Generation

Generate your Longevity Report and Functional Grading across health domains

Formulate your Dynamic Custom Protocol (Phase 1 & Phase 2), including diet, fitness, supplementation, and lifestyle guidance

Enable home sample collection and supplement delivery

3.2 Human Medical Review (“Genius Doctor” Review)

Your anonymized or pseudo-anonymized data may be reviewed by qualified doctors and nutritionists (“Genius Doctors”)

This human review enables identification of latent biological patterns that automated systems may miss

By using the Platform, you explicitly consent to this professional review as an essential part of the service. 3.3 Artificial Intelligence & Predictive Modeling

Power proprietary AI models that calculate disease probability percentages and future health risks

Analyze collective biomarker interactions (e.g., thyroid–cardiac relationships)

Continuously improve accuracy and system intelligence using anonymized data

3.4 Communication, Support & Operations

Provide access to your assigned nutritionist and care team

Respond to support requests and account inquiries

Communicate service updates and operational notices

Ensure security, prevent fraud, and maintain platform integrity

4. DATA SHARING AND DISCLOSURE We operate on radical transparency with users and strict confidentiality with third parties. 4.1 Authorized Sharing

Laboratory Partners: NABL-accredited labs receive limited demographic data solely to process biological samples

Medical & Care Professionals: Doctors, nutritionists, and specialists assigned to your care team

Technology & Infrastructure Providers: Third-party vendors used for authentication, storage, analytics, and AI processing

4.2 Legal & Regulatory Disclosure We may disclose information if required by applicable law, court order, or government authority. 4.3 No Commercial Sale of Health Data

We do not sell, rent, or trade personal or health data

We do not share biological data, risk scores, or reports with insurers, advertisers, or data brokers

Your data is firewall-protected from insurance underwriting and commercial profiling

Data is stored using industry-standard cloud infrastructure

Encrypted at rest and in transit (TLS/HTTPS)

6.2 Security Measures

Role-based access on a strict need-to-know basis

Secure authentication mechanisms

Regular security audits and monitoring

Anonymization of data used for system improvement wherever feasible

7. DATA RETENTION

Health data is retained to enable continuous longitudinal tracking, protocol evolution, and biological age visualization

If you cancel your membership, records are retained for periods required under applicable Indian medical and legal regulations

After the retention period, data is securely deleted or anonymized

8. YOUR RIGHTS (INDIAN LAW COMPLIANCE) As a Data Principal, you have the right to:

Access your personal data, lab reports, and Longevity Report

Correct inaccurate or outdated information

Export your data in a portable format

Request deletion of your account and associated data

Withdraw consent for data processing (subject to legal and contractual obligations)

Posting the revised policy on the Platform

Updating the “Last Updated” date

2.2 Sensitive Personal Data or Information (SPDI)
This forms the core of our Discovery Phase and personalized health analysis:

Biological Samples & Lab Results:
Data derived from blood, urine, or other samples, including metabolic markers, hormonal panels, toxin exposure levels (e.g., heavy metals, microplastics)

Genetic & Epigenetic Data:
Information related to inherited or acquired predispositions used for disease risk and longevity modeling

Health & Lifestyle Data:
Questionnaire responses related to sleep architecture, stress resilience, diet history, medications, family medical history, and health goals

Physiological Metrics:
Data synced from wearable devices (if connected), such as heart rate variability (HRV), resting heart rate, activity levels, and related metrics

2.3 Automatically Collected Information
When you use the App or Platform, we may automatically collect:

2.4 Camera and Photo Library Access
We request access only with your explicit action to:

We do not access your camera or photo library without your direct initiation.
3. HOW WE USE YOUR INFORMATION (PURPOSE OF PROCESSING)
We do not sell your data. Your information is processed strictly to deliver, improve, and safeguard our services.
3.1 Service Delivery & Protocol Generation

By using the Platform, you explicitly consent to this professional review as an essential part of the service.
3.3 Artificial Intelligence & Predictive Modeling

4. DATA SHARING AND DISCLOSURE
We operate on radical transparency with users and strict confidentiality with third parties.
4.1 Authorized Sharing

Laboratory Partners:
NABL-accredited labs receive limited demographic data solely to process biological samples

Medical & Care Professionals:
Doctors, nutritionists, and specialists assigned to your care team

Technology & Infrastructure Providers:
Third-party vendors used for authentication, storage, analytics, and AI processing

4.2 Legal & Regulatory Disclosure
We may disclose information if required by applicable law, court order, or government authority.
4.3 No Commercial Sale of Health Data

8. YOUR RIGHTS (INDIAN LAW COMPLIANCE)
As a Data Principal, you have the right to: