Research & Compliance
What the science actually says, what we choose to measure because of it, and the standards we follow to keep your data safe.
We don't invent biomarkers. We don't pretend any single metric is destiny. Every signal we surface in the Life Statement maps to a body of peer-reviewed research — typically a meta-analysis or large prospective cohort — and we tell you which body when you ask.
The Coach is similarly constrained. It does not make medical recommendations, does not diagnose, does not prescribe. It explains what the data is showing, points to relevant evidence, and suggests behavioral experiments small enough to run in two weeks and measure honestly.
We anchor on metrics with strong all-cause mortality signal: VO2 max, resting heart rate, HRV, blood pressure, and lipid panel.
Source bodies: ACC/AHA · CDC · NIH NHLBI
Duration is necessary but not sufficient. Architecture matters — slow-wave for memory consolidation, REM for emotional regulation, consistency for circadian health.
Source bodies: NIH NHLBI · Walker (2017) · Sleep Foundation
Daily activity matters, but resistance training emerges as a uniquely protective intervention against sarcopenia, frailty, and metabolic decline.
Source bodies: ACSM · WHO Physical Activity · NSCA
Processing speed declines first in normal aging. Targeted training (UFOV, Double Decision) has the strongest evidence among consumer cognitive interventions.
Source bodies: ACTIVE trial · IMPACT study · UCSF
Cognitive reserve — built through education, lifelong learning, novel skills — predicts resilience against cognitive decline independently of biology.
Source bodies: Stern (2002, 2009) · NIA
Social connection and time outdoors are among the strongest, most replicable predictors of longevity and quality-adjusted years.
Source bodies: Harvard Study of Adult Development · Holt-Lunstad meta-analyses
Compliance
We're a young company. We're not pretending to have certifications we haven't earned yet. Here's exactly where we stand.
All data flowing between your device, our servers, and connected sources is encrypted with modern TLS.
Stored data is encrypted at the storage layer with industry-standard symmetric encryption.
All third-party connections (Google Health, Labcorp) use OAuth 2.0 with refresh tokens — no password sharing, ever.
Initial audit in progress; targeted completion Q3 2026. SOC 2 Type II to follow in 2027.
We are not a HIPAA Covered Entity, but we implement administrative, physical, and technical safeguards comparable to those required of one.
Lawful basis tracking, data subject request workflow, Standard Contractual Clauses for transfers, 30-day response window.
California residents have access, deletion, correction, and opt-out rights honored. We do not sell personal information.
Engineer access to production data is gated by hardware-backed multi-factor authentication and role-based controls.
Our full list of data subprocessors — Cloudflare, Anthropic, Google, Stripe, our email provider — is published and updated.
These third parties process limited categories of data on our behalf, under contractual obligations no looser than these terms:
Primary data storage is in the United States (Cloudflare US regions). For EU and UK users, we honor data residency obligations and rely on Standard Contractual Clauses for cross-border transfers.
Security researchers: please email security@superaging.ai with details. We respond within 72 hours and don't pursue good-faith research.
For privacy questions, contact privacy@superaging.ai. For partnership or audit-related questions about our compliance posture, get in touch.