Aegis Health — Privacy Policy

Last updated: May 21, 2026

1. Who We Are

Aegis Health ("Aegis", "the App") is a personal health and lifestyle assistant operated by App Solutions LLC ("we", "us"). This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information.

2. Information We Collect

We collect only the information needed to operate the App on your behalf:

  • Account data — email address, password (stored as a bcrypt hash), and basic profile fields (age, sex, height, weight, goals).

  • Health data you authorize — lab results, biomarkers, wearable metrics, and clinical records from Epic MyChart, Gmail (lab PDFs), Health Connect, or files you upload directly.

  • Financial transactions (grocery only) — when you choose to connect a bank or card via Plaid, we receive transaction metadata (merchant, date, amount, category) so we can categorize your grocery and food purchases. We do not receive your bank login credentials and we never initiate payments, transfers, or any write activity on your accounts.

  • Device and usage data — basic technical information (device model, OS version, crash logs) needed for reliability and support.

3. How We Use Your Information

Your data is used exclusively to deliver insights and recommendations inside your personal Aegis account, including:

  • Computing your biological age, optimization score, and lifestyle recommendations.

  • Categorizing grocery and food spending to surface nutrition and budget insights.

  • Sending you in-app or push notifications about your own data.

We do not sell your personal information, do not share it with advertisers, and do not use it to train third-party models.


4. Plaid

When you link a financial account, Aegis uses Plaid Inc. as the data aggregator. Plaid's handling of your bank credentials is governed by Plaid's own End User Privacy Policy (https://plaid.com/legal/#end-user-privacy-policy). Aegis stores the resulting Plaid access token encrypted at rest using AES-256-GCM and uses it only to retrieve the transaction categories described above. You may disconnect Plaid at any time inside the App; this immediately revokes the token at Plaid and deletes it from our systems

5. Data Security

    • All data in transit is protected with TLS 1.3.

    • Sensitive fields (Plaid tokens, Epic/MyChart OAuth tokens, Gmail tokens, wearable tokens) are encrypted at rest with AES-256-GCM.

    • Databases and backups are hosted on managed infrastructure with AES-256 at-rest encryption and access restricted to the founding team via SSO and phishing-resistant MFA (passkeys / hardware keys).

We follow the principle of least privilege and maintain automated dependency vulnerability scanning.’

6. Data Retention & Deletion

We retain data only as long as needed:

  • Account data, health data, biomarkers: retained while your account is active; deleted within 30 days of account deletion.

    • Plaid transactions: rolling 24 months; older entries are automatically purged.

    • Plaid access tokens: deleted immediately when you disconnect a bank or delete your account.

    • Logs and telemetry: 90 days.

    • Encrypted backups: maximum 30 days.

    You may delete your account at any time from inside the App or by emailing support@appsolutionsllc.com. You may also request a copy of your data at the same address.


7. Sharing

We share data only with the service providers that operate the App on our behalf (e.g., our hosting provider, Plaid for financial connectivity, Epic for health record connectivity). These providers are bound by contract to use the data only to provide their service to us. We may also disclose information when required by law.

8. Children

Aegis is not directed to children under 16, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

9. HIPAA

Aegis operates as a personal health record application under the HIPAA Personal Health Record exception. You direct all data flows to and from your own account.

10. Your Rights

Depending on where you live (including under the GDPR and CCPA), you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Email support@appsolutionsllc.com to exercise any of these rights.

11. International Transfers

Aegis is operated from the United States. If you access the App from outside the U.S., your data will be processed in the U.S. under the safeguards described above.

12. Changes

We may update this Privacy Policy. Material changes will be announced in the App or by email before they take effect.

13. Contact

App Solutions LLC · support@appsolutionsllc.com ·

appsolutionsllc.com