← Back to 100 Great Years

Privacy Policy

Last updated: 1 June 2026

100 Great Years Ltd ("we," "our," or "us") operates the 100 Great Years health and wealth platform, including the app at app.100greatyears.com and the marketing site at www.100greatyears.com. This Privacy Policy explains how we collect, use, and protect your personal information across both.

We take your privacy seriously and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

1. Information We Collect

  • Assessment responses: Your answers to the health and wealth questionnaire are stored temporarily in your browser's local storage (never sent to our servers) until you create an account, at which point they are migrated to Supabase.
  • Account information (once you have an account): Email address, name
  • Assessment history: Your scores and results over time (saved to your account)
  • Health and wealth tracker data: Entries you log in widgets (nutrition, sleep, exercise, investments, etc.)
  • AI coach conversations: Your interactions with the AI coach (requires an account)
  • Preferences: Settings and customisations you choose
  • Billing status: Subscription tier and billing contact (card details handled directly by Stripe — we never see card numbers)
  • Technical data: Browser type, device information, IP address (for security)
  • Usage data: Pages visited, time spent, interactions with the service

Teams enquiries (www.100greatyears.com):

If you submit a Teams enquiry via the "Talk to us" form on the marketing site, we collect:

  • Name, job role, organisation name, workforce size
  • Email address and/or phone number
  • Preferred contact method and any message you include

This information is sent to us by email via Resend and used solely to respond to your enquiry. It is not added to any marketing list without your explicit consent.

What we don't collect:

  • Payment card information (handled securely by Stripe)
  • Government ID numbers or sensitive identifiers
  • Precise location data
  • Health records or medical documents

2. How We Use Your Information

We use your information to:

  • Provide the service: Calculate your health and wealth scores using an assessment algorithm (not AI), and — for account holders — provide personalised AI coach recommendations based on your results
  • Improve our product: Analyse aggregated, de-identified data to enhance the assessment and recommendations. This is separate from AI model training — your individual data is never used to train AI models.
  • Communicate with you: Send account and operational emails (sign-in, payment receipts, service notices)
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal compliance: Comply with applicable laws and regulations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

3. How We Store Your Data

Without an account:

Assessment responses are stored in your browser's local storage only — they are not sent to our servers. They remain there until you create an account (at which point they are migrated to Supabase) or until you clear your browser's local storage.

With an account:

When you create an account, your data is stored securely using:

  • Database: Supabase (PostgreSQL hosted in EU data centres)
  • Encryption: Data encrypted in transit (HTTPS/TLS) and at rest (AES-256)
  • Access controls: Strict authentication and authorisation rules
  • Backups: Regular automated backups for disaster recovery

Mood notes — extra protection

When you log a mood check-in, your rating (1–5) is seen by the AI coach as a weekly average to inform its suggestions. Any personal notes you add ("What's on your mind?") are held with additional restrictions and are not shared with the AI coach unless you choose to share them yourself in your coach conversation.

4. Third-Party Services

We use the following third-party services to operate 100 Great Years:

Vercel (Hosting)

Location: United States

Purpose: Host and serve both the app and marketing website

Data: IP addresses and request logs for security and performance

Marketing site analytics: Vercel Analytics on www.100greatyears.com captures cookieless, anonymous pageview statistics (page path, referrer, country). No personal identification, no cookies set.

Privacy Policy →

Anthropic (AI Coach)

Location: United States

Purpose: Power the AI coach for account holders. Assessment scores are calculated by a scoring algorithm in your browser — Anthropic is only called when you actively use the AI coach after creating an account.

Data: Your assessment responses and tracker data (processed to generate coach replies)

Important: Anthropic processes inputs only to generate coach replies. Under Anthropic's commercial API terms your data is not used to train AI models, and inputs/outputs are retained only briefly for operational and abuse-screening purposes.

Privacy Policy →

Supabase (Database)

Location: European Union

Purpose: Store user accounts, assessment history, and tracker data

Stripe (Payments)

Location: United States (PCI DSS compliant)

Purpose: Process subscription payments and manage billing

Data: Billing contact and payment status. Card details are handled directly by Stripe; we never see or store full card numbers.

Resend (Email)

Location: United States

Purpose: Send operational and account emails (sign-in, payment receipts, service notices) and route Teams enquiry form submissions. Data: email address and message content.

5. International Data Transfers

Your data may be transferred to and processed in the United States (Anthropic for AI processing, Vercel for hosting, Stripe for payments, Resend for email). We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Data Processing Agreements with all third-party processors
  • Technical and organisational measures to protect your data

6. Data Retention

Without an account:

Assessment data is stored only in your browser's local storage and is not held on our servers. It is cleared when you create an account (at which point it is migrated to Supabase) or when you clear your browser's local storage. Anonymous analytics data (if collected) is retained for up to 24 months.

With an account:

Your data is stored as long as your account remains active. If you delete your account, your data will be permanently deleted within 30 days, except where we are required to retain it for legal or regulatory purposes.

Teams enquiry data:

Enquiry submissions are delivered by email and retained in our email inbox for as long as necessary to respond and for our legitimate business records. Contact us to request deletion.

7. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data for certain purposes.

Right to Restrict Processing

Request limitation on how we use your data.

Right to Withdraw Consent

Withdraw consent for processing where we rely on consent as our legal basis.

To exercise any of these rights, contact us at: hello@100greatyears.com

8. Cookies and Local Storage

We set no cookies — not for authentication, analytics, or advertising. All device storage we use is browser local storage, which stays on your device and is under your control.

Local storage we use:

  • Authentication session (when you have an account) — stored in your browser's local storage, not as a cookie
  • Assessment responses — stored in your browser's local storage before account creation; migrated to Supabase once you register
  • Security and fraud prevention

Vercel Analytics on the marketing site is cookieless and anonymous. The app does not use analytics cookies or third-party tracking storage of any kind.

No consent banner is required — we set no cookies at all.

9. Children's Privacy

Our service is intended for adults aged 18 and over. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@100greatyears.com.

10. Security

We implement appropriate technical and organisational measures to protect your personal data:

  • HTTPS/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure authentication and access controls
  • Regular security updates and patches
  • Limited access to personal data (need-to-know basis)

No system is completely secure. We cannot guarantee absolute security of your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification (if you have an account)
  • Displaying a prominent notice on our website

12. Complaints

If you have concerns about how we handle your personal data, please contact us first at hello@100greatyears.com. We will investigate and respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO Website: ico.org.uk

Helpline: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Contact Us

Email: hello@100greatyears.com

Data Controller: 100 Great Years Ltd

Registered in: England and Wales

This Privacy Policy was last updated on 1 June 2026. By using 100 Great Years, you acknowledge that you have read and understood this Privacy Policy.

© 2026 100 Great Years Ltd. All rights reserved.
Home Terms of Service Contact