← Back to 100 Great Years

Privacy Policy

Last updated: 21 June 2026 — added diagnostic data collection, disclosed Apple and RevenueCat as payment/subscription processors for iOS purchases, and updated the Apple Health / Google Health Connect data we read to the complete list: body fat percentage, cardio fitness (VO2 max), heart rate, heart rate variability, height, sleep, waist circumference (iOS only), weight, and workouts

100 Great Years Ltd ("we," "our," or "us") operates the 100 Great Years health and wealth platform, including the app at app.100greatyears.com and the marketing site at www.100greatyears.com. This Privacy Policy explains how we collect, use, and protect your personal information across both.

We take your privacy seriously and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

1. Information We Collect

  • Assessment responses: Your answers to the health and wealth questionnaire are stored temporarily in your browser's local storage (never sent to our servers) until you create an account, at which point they are migrated to Supabase.
  • Account information (once you have an account): Email address and name — provided directly by you, or by Google or Apple if you choose to create your account using Sign in with Google or Sign in with Apple
  • Assessment history: Your scores and results over time (saved to your account)
  • Health and wealth tracker data: Entries you log in widgets, including health data (nutrition, sleep, exercise, mood, body composition, biomarkers) and financial data (investments, cash, other assets, debts, spending)
  • Health app data (iOS/Android apps only): If you connect Apple Health or Google Health Connect, we read body fat percentage, cardio fitness (VO2 max), heart rate, heart rate variability, height, sleep, waist circumference (iOS only), weight, and workouts data to populate your trackers and calculate your scores. Connecting is optional and you can disconnect at any time.
  • AI coach conversations: Your interactions with the AI coach (requires an account)
  • Preferences: Settings and customisations you choose
  • Billing status: Subscription tier and billing contact. Card details are handled directly by Stripe (website purchases) or Apple (iOS App Store purchases) — we never see card numbers. iOS subscription and purchase status is synced to our servers via RevenueCat.
  • Technical data: Browser type, device information, IP address (for security)
  • Usage data: Pages visited, time spent, interactions with the service
  • Diagnostic data: Crash logs and performance data (e.g. launch time, errors) collected to diagnose and fix technical problems

General contact form (www.100greatyears.com):

If you submit a message via the "Contact Us" form on the marketing site, we collect:

  • Contact reason and subject (required)
  • Email address (required)
  • Name and phone number (optional)
  • Any message you include (optional)

This information is forwarded to us by email via Resend and used solely to respond to your message. It is not added to any marketing list without your explicit consent.

Teams enquiries (www.100greatyears.com):

If you submit a Teams enquiry via the "Talk to us" form on the marketing site, we collect:

  • Name, job role, organisation name, workforce size
  • Email address and/or phone number
  • Preferred contact method and any message you include

This information is sent to us by email via Resend and used solely to respond to your enquiry. It is not added to any marketing list without your explicit consent.

What we don't collect:

  • Payment card information (handled securely by Stripe)
  • Government ID numbers or sensitive identifiers
  • Precise location data
  • Health records or medical documents

2. How We Use Your Information

We use your information to:

  • Provide the service: Calculate your health and wealth scores using an assessment algorithm (not AI), and — for account holders — provide personalised AI coach recommendations based on your results
  • Sync wearable data: For iOS/Android app users who connect Apple Health or Google Health Connect, import body fat percentage, cardio fitness (VO2 max), heart rate, heart rate variability, height, sleep, waist circumference (iOS only), weight, and workouts readings to populate your trackers — used solely for your own health and wealth tracking, never for advertising or sold to third parties
  • Improve our product: Analyse aggregated, de-identified data to enhance the assessment and recommendations. This is separate from AI model training — your individual data is never used to train AI models.
  • Communicate with you: Send account and operational emails (sign-in, payment receipts, service notices)
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Diagnose issues: Use crash logs and performance data to identify, troubleshoot, and fix technical problems
  • Legal compliance: Comply with applicable laws and regulations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

3. How We Store Your Data

Without an account:

Assessment responses are stored in your browser's local storage only — they are not sent to our servers. They remain there until you create an account (at which point they are migrated to Supabase) or until you clear your browser's local storage.

With an account:

When you create an account, your data is stored securely using:

  • Database: Supabase (PostgreSQL hosted in EU data centres)
  • Encryption: Data encrypted in transit (HTTPS/TLS) and at rest (AES-256)
  • Access controls: Strict authentication and authorisation rules
  • Backups: Regular automated backups for disaster recovery

Mood notes — extra protection

When you log a mood check-in, your rating (1–5) is seen by the AI coach as a weekly average to inform its suggestions. Any personal notes you add are not shared with the AI coach by default. You can choose to share them by enabling the "Share mood notes with my AI Coach" toggle in the Mental Health tracker's Privacy Settings section. You can turn this off again at any time and your notes will immediately be excluded from future coach conversations.

Health app data — Apple Health / Google Health Connect

If you connect Apple Health or Google Health Connect in our iOS or Android app, the body fat percentage, cardio fitness (VO2 max), heart rate, heart rate variability, height, sleep, waist circumference (iOS only), weight, and workouts data we read is stored in the same secure Supabase database as your other tracker data, with the same encryption and access controls described above. We do not write data back to Apple Health or Google Health Connect.

This data is used solely to provide and improve the 100 Great Years service for you. We do not sell it, and we do not use it for advertising, marketing, or any purpose unrelated to your health and wealth tracking. You can disconnect at any time via Profile → Devices & Apps → Health Connections in the app, or by revoking permission in the iOS Health app or Android Health Connect settings.

4. Third-Party Services

We use the following third-party services to operate 100 Great Years:

Vercel (Hosting & Analytics)

Location: United States

Purpose: Host and serve both the app and marketing website

Data: IP addresses and request logs for security and performance

Analytics: Vercel Analytics runs on both the app (app.100greatyears.com) and the marketing site (www.100greatyears.com). It captures cookieless, anonymous pageview statistics (page path, referrer, country). No personal identification, no cookies set, no device storage used on either surface.

Privacy Policy →

Google LLC (Sign in with Google)

Location: United States

Purpose: Account authentication

Data: Name, email address, unique identifier. US-based; Standard Contractual Clauses in place.

Privacy Policy →

Apple Inc. (Sign in with Apple & App Store Payments)

Location: United States

Purpose: Account authentication, and — for iOS app users — processing subscription and report purchases made through the App Store

Data: For Sign in with Apple: name, email address (or relay address), unique identifier. For App Store purchases: your purchase and subscription status; Apple handles your payment card details directly and we never see or store them. US-based; Standard Contractual Clauses in place.

Privacy Policy →

RevenueCat, Inc. (iOS Subscription Management)

Location: United States

Purpose: Manage and sync App Store subscription and purchase entitlements for iOS app users, keeping your subscription status consistent between Apple and our servers

Data: A unique account identifier and your subscription/purchase status. RevenueCat does not process payments or handle card details — that is done directly by Apple.

Privacy Policy →

Anthropic (AI Coach)

Location: United States

Purpose: Power the AI coach for account holders. Assessment scores are calculated by a scoring algorithm in your browser — Anthropic is only called when you actively use the AI coach after creating an account.

Data: Your assessment responses and tracker data (processed to generate coach replies)

Important: Anthropic processes inputs only to generate coach replies. Under Anthropic's commercial API terms your data is not used to train AI models, and inputs/outputs are retained only briefly for operational and abuse-screening purposes.

Privacy Policy →

Supabase (Database)

Location: European Union

Purpose: Store user accounts, assessment history, and tracker data

Privacy Policy →

PostHog (Product Analytics)

Location: European Union (EU Cloud)

Purpose: Product analytics for the app — understanding which features are used, how people navigate the platform, and where drop-off occurs in the sign-up funnel. Used solely to improve the product.

Data: Authenticated users are identified by account ID only (never by email or name). Events capture non-sensitive metadata only — for example, which tracker was opened or whether an assessment question was answered. Health values, financial figures, mood notes, AI coach message content, and exact scores are never sent.

Storage: Cookieless — PostHog stores a session identifier in your browser's local storage only. No cookies are set. No cross-site tracking.

Session recording: Disabled. No screen or session recordings are made. App only — PostHog is not present on the marketing site.

Privacy Policy →

Stripe (Payments)

Location: United States (PCI DSS compliant)

Purpose: Process subscription payments and manage billing

Data: Billing contact and payment status. Card details are handled directly by Stripe; we never see or store full card numbers.

Privacy Policy →

Resend (Email)

Location: United States

Purpose: Send operational and account emails (sign-in, payment receipts, service notices) and route contact form submissions (both general enquiries and Teams enquiries) from www.100greatyears.com to our inbox.

Data: Email address, name, and message content submitted via contact forms. Transactional email data (recipient address, send timestamps) for account emails.

Privacy Policy →

5. International Data Transfers

Your data may be transferred to and processed in the United States (Anthropic for AI processing, Vercel for hosting, Stripe and Apple for payments, RevenueCat for iOS subscription management, Resend for email, and Google and/or Apple if you choose to sign in with one of those providers). We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Data Processing Agreements with all third-party processors
  • Technical and organisational measures to protect your data

6. Data Retention

Without an account:

Assessment data is stored only in your browser's local storage and is not held on our servers. It is cleared when you create an account (at which point it is migrated to Supabase) or when you clear your browser's local storage. Anonymous analytics data (if collected) is retained for up to 24 months.

With an account:

Your data is stored as long as your account remains active. If you delete your account, your data will be permanently deleted within 30 days, except where we are required to retain it for legal or regulatory purposes.

Contact form submissions (general and Teams enquiries):

Submissions from both the general contact form and the Teams enquiry form are forwarded by email and retained in our email inbox for as long as necessary to respond and for our legitimate business records. Contact us at privacy@100greatyears.com to request deletion.

7. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data for certain purposes.

Right to Restrict Processing

Request limitation on how we use your data.

Right to Withdraw Consent

Withdraw consent for processing where we rely on consent as our legal basis.

To exercise any of these rights, contact us at: privacy@100greatyears.com

8. Cookies and Local Storage

We set no cookies — not for authentication, analytics, or advertising. All device storage we use is browser local storage, which stays on your device and is under your control.

Local storage we use:

  • Authentication session — stored in your browser's local storage when you have an account, not as a cookie
  • Assessment responses — stored in your browser's local storage before account creation; migrated to Supabase once you register
  • Product analytics identifier (PostHog) — a random session identifier stored in local storage on the app to count unique sessions. Once you sign in it is linked to your account ID only (not your email or name). No cookies; no cross-site tracking. See PostHog in §4.
  • Security and fraud prevention

Vercel Analytics is cookieless and anonymous on both the app and the marketing site — it sets no cookies and uses no device storage. PostHog, our product analytics tool, uses browser local storage (not cookies) as described above; it is present on the app only and is not used for advertising.

No consent banner is required — we set no cookies at all, and our first-party analytics local storage is disclosed here and used solely for product improvement.

9. Children's Privacy

Our service is intended for adults aged 18 and over. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@100greatyears.com.

10. Security

We implement appropriate technical and organisational measures to protect your personal data:

  • HTTPS/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure authentication and access controls
  • Regular security updates and patches
  • Limited access to personal data (need-to-know basis)

No system is completely secure. We cannot guarantee absolute security of your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification (if you have an account)
  • Displaying a prominent notice on our website

12. Complaints

If you have concerns about how we handle your personal data, please contact us first at privacy@100greatyears.com. We will investigate and respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO Website: ico.org.uk

Helpline: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Contact Us

Email: privacy@100greatyears.com

Data Controller: 100 Great Years Ltd

Registered in: England and Wales

This Privacy Policy was last reviewed on 21 June 2026. By using 100 Great Years, you acknowledge that you have read and understood this Privacy Policy.

© 2026 100 Great Years Ltd. All rights reserved.