‍

INTRODUCTION
This Privacy Policy outlines how Epix AI Ltd. ("Epix AI,""we," "us," or "our") collects, uses, stores, and protects your personal information through our website, mobile application, and related services (collectively, "Services"). We are committed to safeguarding your privacy and ensuring compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

DATA CONTROLLER
Epix AI Ltd. is the data controller responsible for determining the purposes and means of processing your personal data. For inquiries or to exercise your data protection rights, contact us at: contact@epix.ai.

DEFINITIONS

• Personal Information: Information that can identify you, alone or in     combination with other data, including:
   
  • Registration Information: Name, email, address, user ID, password, payment information provided during registration or purchase.
   
  • Epigenetic Information: Methylation biomarkers from blood samples processed by Epix AI or its contractors.
   
  • Self-Reported Information: Data you provide via questionnaires, Services, or third parties (e.g., health conditions, traits, ethnicity, family history).
   
  • Sensitive Information: Health, Epigenetic Information, and certain Self-Reported Information (e.g., racial/ethnic origins) requiring heightened protection.
   
  • User Content: Content you create, post, or upload (e.g., data, text,      photos, videos).
   
  • Inferences and Derived Data: Assumptions, conclusions, or proprietary algorithms derived from Personal Information.
   
  • Web-Behavior Information: Data on Service usage collected via cookies, web beacons, or similar technologies (e.g., IP address, browser type, page views).
 
• De-identified  Information: Data stripped of identifiers, making individual     identification impossible (pseudonymized).
• Aggregate Information: Data combined from multiple users, analyzed as a whole, preventing individual identification.
• Individual-level Information: Data about a single individual’s epigenetics, genotypes, or traits, not necessarily linked to Registration Information.

DATA COLLECTION
We collect information in two ways:

1. Directly Provided Data: Information you voluntarily provide when registering,     purchasing Services, completing forms, or communicating with us (e.g.,     Registration Information, Self-Reported Information, Epigenetic Information from blood samples).
2. User Authorized Data: Information we obtain from third-party services (e.g., social media platforms like Facebook, LinkedIn) based on your privacy settings, such as profile pictures, usernames, or networks.

USE OF COOKIES AND SIMILAR TECHNOLOGIES
We and our third-party service providers use cookies, web beacons, and similar technologies to:

• Recognize you when using our Services.
• Customize and enhance your experience.
• Provide security and prevent fraud.
• Analyze Service usage and performance.
• Gather demographic information.
• Deliver targeted advertising on our Services and third-party sites.
  ‍

Cookies include:

• Technical Cookies: Facilitate navigation and Service functionality.

• Session Cookies: Temporary cookies deleted when you close your browser, used     for authentication and secure navigation.
• Third-Party Cookies: Sent from external domains (e.g., Google Analytics) for     analytics or profiling, governed by third-party privacy policies.
• Profiling Cookies: Create user profiles for targeted advertising, requiring     explicit consent.

You may reject cookies via browser settings, but this may limit Service functionality. We may receive reports based on these technologies as De-identified, Individual-level, or Aggregate Information. For more information, visit:

• Google Analytics: https://policies.google.com/technologies/cookies
• Facebook: https://www.facebook.com/help/cookies
• LinkedIn: https://www.linkedin.com/legal/cookie-policy

HOW WE USE YOUR INFORMATION
We use your Personal Information, adhering to data minimization and purpose limitation principles, to:

1. Provide and Improve Services: Manage accounts, process payments, communicate, personalize content, enforce Terms of Service, and conduct     research/development (e.g., algorithm improvement).
2. Deliver Epigenetic Age Testing Results: Analyze blood samples to generate     biological age reports, accessible via your secure account. These reports are not for medical diagnosis or treatment.
3. Facilitate Research Participation: With explicit consent, we notify you of     third-party research opportunities using De-identified or Aggregate Information.
4. Conduct Partnered Research: Collaborate with third parties (e.g., academic     institutions) using De-identified or Aggregate Information, ensuring robust anonymization to prevent re-identification.
5. Develop Proprietary Algorithms: Use De-identified or Aggregate Information to     create algorithms for Service improvement or research, which remain Epix AI’s intellectual property.
6. Provide Customer Support: Resolve issues, answer questions, and investigate     problems, sometimes requiring processing one user’s data to address another’s issue.
7. Conduct  Surveys and Testimonials: Send optional surveys or testimonial     requests to improve Services, manageable via Account Settings.
8. Provide Marketing Communications: With explicit consent, send promotional     emails or notifications. Unsubscribe via email links or Account Settings.     Non-promotional account-related messages are mandatory.

THIRD-PARTY INFORMATION SHARING
We share Personal Information with third-party service providers for:

• Order Fulfillment: Payment processors handle billing.
• Shipping: Distribution centers manage kit shipping/returns.
• Clinical Examinations: Partners connect you with specialists, with your consent.
• Data Processing: Secure cloud providers and analytics firms process data     under strict data protection agreements.

We do not sell your Personal Information. Third parties are bound by applicable data protection laws and use your data only for specified purposes.

DATA PROCESSING LOCATION AND CROSS-BORDER TRANSFERS
Your data may be stored and processed in the EU or other jurisdictions. We implement safeguards, such as Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs), to ensure compliance with GDPR and other regulations for cross-border transfers.

DATA RETENTION
We retain Personal Information only as long as necessary for the purposes outlined in this Policy or as required by law:

• Registration Information is retained while your account is active.
• Epigenetic Information is retained for service delivery or consented research,     deleted upon account deletion (except anonymized data in completed     studies).
• Legal retention periods (e.g., tax, health regulations) may apply.

DATA BREACH NOTIFICATION
In case of a data breach compromising your Personal Information, we will notify you and relevant authorities within 72 hours, as required by GDPR, providing details of the breach, potential impacts, and mitigation steps.

SECURITY MEASURES
We implement robust measures to protect your Personal Information, including:

• Encryption of data in transit and at rest.
• Regular security audits and vulnerability assessments.
• Access controls for authorized personnel only.
• Anonymization techniques for research data.

No system is completely secure, but we strive to maintain industry-standard protections.

USER RIGHTS
Under GDPR and CCPA, you have the right to:

• Access, rectify, or update your Personal Information.
• Request deletion, restriction, or portability of your data.
• Object to processing for legitimate reasons.
• Withdraw consent for marketing or sensitive data processing without affecting prior lawful processing.

To exercise these rights, contact us at contact@epix.ai or use Account Settings. For deletion, submit a request via Account Settings; deletion occurs within 30 days, except for data retained for legal or research purposes.We will confirm deletion completion.

CHILDREN’S PRIVACY
Our Services are not intended for individuals under 18. Parents/guardians may create accounts and submit samples for their children with verifiable parental consent. Contact contact@epix.aifor consent procedures.

SOCIAL MEDIA PLUGINS
Our Services include social media plugins (e.g., Facebook’s “Like” button) that may collect your IP address or page visits if you interact with them. These plugins are governed by the respective social network’s privacy policies (see links above). Cookies are set only when you voluntarily use the plugin while logged into the social network.

LINKED WEBSITES
Links to third-party websites are not governed by this Policy. Review their privacy statements before sharing Personal Information.

YOUR RESPONSIBILITIES
You are responsible for safeguarding your authentication details (e.g.,username, password). Epix AI is not liable for data you release or request us to release to third parties.

CHANGES TO THIS POLICY
We may update this Policy to reflect changes in Services, data practices, or legal requirements. Significant changes will be communicated via email or account notifications. Continued use of Services constitutes acceptance. For material changes affecting Sensitive Information, we will seek explicit consent.

Last Updated: August 7th 2025

‍