— Legal —

AXIONOVA Privacy Policy

Effective date
June 6, 2026
Controller / Responsible party
AXIONOVA INC.
Privacy contact
privacy@axionova.com
Applicable sites and services
https://axionova.com, the governed access gate at https://axionova.com/gate, AXIONOVA bio, AXIS, SENSE, ALETHA, ALETHRA governance records, practitioner portals, reservation workflows, partner onboarding, Attio CRM workflows, Datasite data room workflows, DocuSign electronic-signature workflows, and related professional communications.

1. Purpose and Scope

AXIONOVA operates a precision bio-science and longevity platform designed for research-use biological systems, verified compound documentation, governed delivery infrastructure, practitioner review, and controlled access workflows. AXIONOVA’s public materials describe a catalog of research-use compound systems, AXIS governed delivery infrastructure, SENSE physiology streams, AXIONOVA bio record management, ALETHRA governance, and ALETHA AI-assisted support. This Privacy Policy explains how AXIONOVA collects, uses, discloses, protects, and retains personal information in connection with those services.

This Policy applies to visitors, access-gate applicants, practitioners, clinics, longevity centers, authorized resellers, research entities, reservation holders, business contacts, and individuals whose information is submitted through AXIONOVA systems. It also applies to personal information processed through integrated service providers, including Attio for relationship management, Datasite for secure document handling, and DocuSign for electronic signatures.

AXIONOVA’s privacy model is built around one principle: measured source data, derived wellness features, research protocol context, AI-generated observations, practitioner annotations, and compliance records must remain distinguishable, traceable, and governed.

2. Research Use Only and Health-Data Boundary

AXIONOVA compounds and compound-related documentation are intended for Research Use Only (RUO) and are not offered as FDA-approved drugs, medical treatments, consumer therapeutic products, or substitutes for licensed clinical judgment. Where applicable to RUO labeling frameworks, U.S. FDA regulations for in vitro diagnostic products recognize the statement “For Research Use Only. Not for use in diagnostic procedures.” under 21 CFR 809.10(c)(2)(i).

AXIONOVA may process wellness, physiology, laboratory, protocol, and practitioner-review information. Some of this information may be considered sensitive personal information, health-related information, or, in limited workflows, protected health information (PHI). HIPAA applies to health plans, health care clearinghouses, and certain health care providers that electronically transmit health information in covered transactions, and may also apply to business associates acting on behalf of covered entities. AXIONOVA will treat HIPAA-regulated information under applicable Business Associate Agreements and HIPAA policies where AXIONOVA is acting as a business associate or otherwise subject to HIPAA.

3. Categories of Personal Information Collected

AXIONOVA collects information needed to operate a controlled, practitioner-oriented, research-use platform. The categories below are illustrative and should be finalized against AXIONOVA’s actual data inventory before publication.

Category
Examples
Primary AXIONOVA Context
Identifiers and contact data
Name, title, organization, email, phone number, mailing address, country, state, professional role.
Website inquiries, access-gate applications, Attio CRM, partner onboarding, reservation updates.
Professional and eligibility data
Licensure status, clinic affiliation, credential documentation, research-entity role, reseller authorization, operational readiness information.
Governed access gate, practitioner verification, reseller review, clinic/longevity-center onboarding.
Account and security data
Login credentials, authentication records, access permissions, device identifiers, IP address, session logs, audit trails.
Partner portal, AXIONOVA bio, ALETHRA authorization, security monitoring.
Research-use intent and compliance attestations
RUO acknowledgements, intended use statements, chain-of-custody acknowledgements, regulatory acknowledgements, age or authorization attestations.
Access gate, DocuSign forms, audit trail, restricted catalog access.
Compound, lot, device, and cartridge records
Compound identity, lot or batch references, certificate references, AXIS events, CDM cartridge identity, NFC verification, chain-of-custody events.
ALETHRA governance, AXIS integration, research documentation, practitioner review.
Physiology and wellness data
Heart rate trends, HRV trends, sleep context, SpO₂ research-trend support, temperature deviation, activity context, EDA, BioZ, recovery readiness, hydration trends.
SENSE, AXIONOVA bio, ALETHA interpretation, practitioner shared view.
Manual logs and user-provided health-adjacent data
Weight, body fat, mood, symptoms, injections, adherence, nutrition, hydration, notes, media uploads, lab results, CGM imports if provided.
AXIONOVA bio tracking, protocol context, clinician review, research record support.
AI-interaction data
ALETHA prompts, questions, coaching session metadata, summaries, recommendations, review flags, confidence labels, transcripts where enabled.
ALETHA AI support, education, progress review, practitioner routing.
Document-room and e-signature data
Documents uploaded to Datasite, DocuSign envelopes, signatures, consent records, timestamps, IP addresses, certificate-of-completion data.
Confidential diligence, partner agreements, access authorizations, compliance evidence.
Communications and marketing data
Email preferences, event attendance, support messages, unsubscribe status, campaign engagement.
CAN-SPAM compliance, relationship management, service notices, updates.
Transactional and reservation data
No-cost reservation selections, product-interest preferences, availability communications, onboarding status.
AXIS, SENSE Ring, SENSE Bracelet reservation lists and release communications.

Under California privacy law, personal information may include information that identifies, relates to, or could reasonably be linked with a person or household, and sensitive personal information may include health, genetic, biometric, precise geolocation, account credentials, and certain other protected categories. Under Mexico’s LFPDPPP, personal data is information concerning an identified or identifiable individual, and sensitive personal data may include information affecting the most intimate sphere of the individual or whose misuse may give rise to discrimination or serious risk.

HALO-related data may include paired SENSE device status, signal quality, baseline-aware monitoring context, consent status, contact permissions, practitioner-review status, and approved response workflow records where available. HALO data should not be described as emergency-service data unless a specific Emergency Response workflow is approved, configured, jurisdictionally available, and legally supported.

4. Sources of Personal Information

AXIONOVA may collect personal information directly from you, from your clinic, organization, practitioner, authorized reseller, research entity, or employer, from AXIONOVA devices or applications, from laboratories or connected data sources you authorize, from electronic-signature and secure-document workflows, from public professional-license or credential sources, and from service providers that support AXIONOVA operations.

Where AXIONOVA receives data from a practitioner, clinic, reseller, or research entity, that party is responsible for ensuring it has the legal authority, consent, authorization, or other lawful basis necessary to submit the information to AXIONOVA.

5. Purposes of Processing

AXIONOVA may process applicant, user, practitioner, device, biometric, protocol, and support information to operate governed Research Use Only workflows; route applicants through Path 1 credential review or Path 2 telehealth oversight; support ALETHA first-contact assistance; maintain ALETHRA governance records; manage SENSE, AXIS, CDM, AXIONOVA bio, and HALO workflows; preserve auditability; comply with applicable privacy, security, professional, and jurisdictional requirements; and support human review where clinical, safety-sensitive, specialist, or regulated questions arise.

Purpose
Description
Access control and eligibility
To evaluate two-path governed access, including Path 1 credential review for licensed practitioners, clinics, qualified research entities, authorized resellers, and approved partners, and Path 2 telehealth oversight by AXIONOVA on-staff doctors for trainers, spas, coaches, and individual applicants, by assessing professional status, age or authority, institutional context, intended research use, reseller eligibility, and operational readiness before granting restricted access.
ALETHRA governance
To create and preserve identity, authorization, compliance, chain-of-custody, cartridge, device-event, and audit-trail records.
AXIONOVA bio recordkeeping
To organize source data, derived wellness features, protocol context, practitioner annotations, and review flags in a traceable record system.
ALETHA AI support
To provide guided education, coaching, protocol-context explanations, diet programming, adherence support, progress summaries, practitioner-review preparation, and support routing.
Practitioner shared view
To support clinician-facing access, annotations, protocol comments, and review workflows where authorized.
Document handling and signatures
To operate Datasite document-room workflows, DocuSign signatures, certificates of completion, consent records, and contract administration.
Relationship management
To manage practitioner, reseller, clinic, research-entity, investor, supplier, and business-development relationships through Attio or similar CRM systems.
Safety, security, and fraud prevention
To detect unauthorized access, credential misuse, diversion risks, improper RUO access, cyber incidents, and policy violations.
Regulatory and legal compliance
To comply with applicable FDA, FTC, HIPAA, state privacy, ESIGN, CAN-SPAM, Mexico LFPDPPP, COFEPRIS, consumer-protection, tax, corporate, export/import, and recordkeeping requirements.
Communications
To send transactional, service, compliance, security, product-availability, reservation, onboarding, support, and marketing communications subject to applicable opt-out rights.
Platform improvement
To improve controlled-access workflows, user experience, support documentation, research-use education, device reliability, data-quality controls, and security architecture.

AXIONOVA does not use ALETHA AI outputs as a substitute for licensed professional judgment, medical diagnosis, treatment, or emergency care. Protocol-dependent decisions must route through the appropriate authorized practitioner, clinic, research entity, or access pathway.

AXIONOVA uses Halo-related information to configure approved safety workflows, verify consent, manage emergency-contact routing, support practitioner review, preserve incident records, maintain provenance, audit configuration changes, evaluate device readiness, and administer approved access pathways. Halo-related information is not used to create an unmanaged consumer emergency-service guarantee.

6. AI, Automated Processing, and Human Review

ALETHA may process user inputs, device data, laboratory data, protocol context, and adherence records to generate explanations, summaries, coaching suggestions, nutrition guidance, progress views, or practitioner-review flags. ALETHRA preserves source identity, timestamp, device provenance, signal quality, user consent, access authorization, and boundary labels before ALETHA interprets the record.

AXIONOVA does not intend ALETHA to make legally or clinically determinative decisions without appropriate human oversight. Where an output could affect restricted access, practitioner review, compliance status, or protocol-dependent decisions, AXIONOVA may require human review by AXIONOVA personnel, an authorized partner, or a licensed practitioner. Users should not rely on AI outputs as medical advice, diagnosis, treatment, or evidence of compound effect.

7. Disclosures of Personal Information

AXIONOVA may disclose personal information to the following categories of recipients when reasonably necessary for the purposes described in this Policy.

Recipient Category
Examples and Safeguards
Service providers and processors
Cloud hosting, cybersecurity, CRM, analytics, email, support, document room, DocuSign, data storage, and business-operations vendors under contractual confidentiality and security obligations.
Practitioners, clinics, and research entities
Assigned clinicians, authorized clinics, research administrators, and professional users who need access to support review, annotation, protocol context, and operational accountability.
Authorized resellers and distribution partners
Partners approved through AXIONOVA governance workflows where disclosure is needed for authorized access, chain-of-custody, support, and compliance monitoring.
Laboratories and connected data providers
Labs, CGM or wearable integrations, and other sources authorized by the user or practitioner to transmit data into AXIONOVA bio.
Regulatory, legal, and safety recipients
Regulators, courts, law enforcement, auditors, counsel, insurers, and compliance advisors when legally required or reasonably necessary to protect rights, safety, security, or compliance.
Corporate transaction recipients
Parties involved in a merger, financing, restructuring, acquisition, asset sale, or diligence process, subject to confidentiality and data-protection safeguards.

AXIONOVA does not intend to sell sensitive health-related information. If AXIONOVA engages in activities that constitute a “sale” or “sharing” of personal information under applicable U.S. state privacy law, AXIONOVA will provide required notices and opt-out mechanisms.

Where a Halo workflow includes approved response vendors, notification services, practitioner-review teams, clinics, research programs, or emergency-contact routing, AXIONOVA may share the minimum information necessary to support the configured workflow, subject to consent, access controls, contractual restrictions, jurisdictional availability, and applicable legal requirements. AXIONOVA does not authorize unrestricted disclosure of Halo incident records or emergency-contact information.

8. Cookies, Analytics, and Digital Tracking

AXIONOVA may use cookies, pixels, tags, device identifiers, log files, and similar technologies to operate the website, authenticate users, protect restricted access, remember preferences, measure engagement, detect abuse, and improve communications. AXIONOVA should maintain a cookie inventory and, where required, provide cookie notices, preference tools, and opt-out mechanisms for analytics, advertising, or cross-context behavioral advertising.

9. Marketing Communications and CAN-SPAM

AXIONOVA may send professional, educational, product-update, reservation, and availability communications. Commercial email communications will be structured to comply with the U.S. CAN-SPAM Act, including accurate header information, non-deceptive subject lines, clear advertising identification where required, a valid physical postal address, an unsubscribe mechanism, honoring opt-out requests within 10 business days, and oversight of vendors sending messages on AXIONOVA’s behalf.

Transactional and relationship communications, including security notices, access-gate updates, DocuSign notices, compliance alerts, service notices, and practitioner-review communications, may continue even if you opt out of marketing communications.

10. Electronic Records, E-Signatures, and DocuSign

AXIONOVA may use DocuSign or similar services for consents, acknowledgements, access authorizations, partner agreements, reseller documents, data-room acknowledgements, and compliance attestations. Under the U.S. ESIGN Act, electronic signatures, contracts, and records may not be denied legal effect solely because they are electronic, subject to applicable consent and consumer-disclosure requirements.

Where consumer electronic-record consent is legally required, AXIONOVA will provide clear disclosures regarding electronic delivery, paper-copy rights, withdrawal procedures, categories of electronic records, and hardware/software requirements, and will obtain affirmative electronic consent in a manner that reasonably demonstrates access to the electronic record format.

11. International Transfers Between the United States and Mexico

AXIONOVA may process and transfer personal information between the United States, Mexico, and other jurisdictions where AXIONOVA personnel, affiliates, service providers, practitioners, or partners operate. Mexico’s LFPDPPP requires privacy-notice transparency and imposes obligations regarding national and international transfers of personal data, subject to statutory exceptions and consent requirements.

AXIONOVA will use reasonable contractual, administrative, technical, and organizational safeguards for cross-border transfers, including confidentiality clauses, service-provider agreements, business-associate agreements where applicable, data-processing terms, access controls, and secure document-room permissions.

12. Mexico Privacy Rights: ARCO and Limitation Rights

Individuals in Mexico may have rights under the LFPDPPP to Access, Rectify, Cancel, and Oppose processing of their personal data, commonly known as ARCO rights, as well as rights to limit use or disclosure and to revoke consent where legally available.

To exercise these rights, contact AXIONOVA at privacy@axionova.com with your name, contact information, the right you wish to exercise, information sufficient to identify the relevant record, and proof of identity or authority where required. AXIONOVA will respond within the timelines required by Mexican law after receiving a complete request.

13. U.S. State Privacy Rights

Depending on your state of residence and whether AXIONOVA meets statutory applicability thresholds, you may have rights to know or access personal information, receive a portable copy, delete personal information, correct inaccurate information, opt out of certain sale, sharing, targeted advertising, or profiling activities, limit use of sensitive personal information, and appeal a denied request.

For California residents, the CCPA/CPRA provides rights to know, delete, opt out of sale or sharing, correct inaccurate information, limit use and disclosure of sensitive personal information, receive notice at or before collection, and exercise rights without discrimination. These rights apply only when AXIONOVA is subject to the CCPA’s applicability thresholds or otherwise chooses to extend similar rights voluntarily.

14. HIPAA, PHI, and Practitioner Workflows

AXIONOVA may receive health-related information from users, practitioners, clinics, laboratories, or connected devices. Not all health-related data is HIPAA-regulated PHI. Where AXIONOVA acts as a business associate for a HIPAA covered entity, AXIONOVA will handle PHI according to the applicable Business Associate Agreement, HIPAA Privacy Rule, HIPAA Security Rule, and breach-notification requirements.

Where HIPAA does not apply, AXIONOVA will still treat health-adjacent, physiology, biometric, laboratory, and protocol information as sensitive and will apply appropriate privacy, security, access-control, and retention safeguards.

15. Security Safeguards

AXIONOVA will maintain administrative, technical, and physical safeguards reasonably designed to protect personal information against unauthorized access, loss, misuse, alteration, destruction, or disclosure. These safeguards may include role-based access controls, multi-factor authentication, encryption in transit and at rest where appropriate, secure document-room permissions, audit logging, vendor diligence, least-privilege access, incident-response procedures, and periodic security reviews.

Mexico’s LFPDPPP requires controllers to establish and maintain administrative, technical, and physical security measures to protect personal data, and to notify data subjects immediately when security breaches significantly affect patrimonial or moral rights. AXIONOVA will evaluate security incidents under applicable U.S. state breach-notification laws, HIPAA where applicable, and Mexican law.

16. Retention

AXIONOVA retains personal information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law, contract, audit requirements, research documentation needs, chain-of-custody controls, electronic-signature record retention, dispute resolution, tax, accounting, regulatory, or safety obligations.

Because AXIONOVA operates controlled access, RUO, chain-of-custody, device-event, and practitioner-review workflows, certain compliance, authorization, lot, cartridge, DocuSign, Datasite, and ALETHRA audit records may be retained longer than ordinary contact or marketing records.

Halo configuration records, consent records, notification records, incident records, practitioner-review notes, device-readiness records, and audit logs may be retained for safety, governance, legal, operational, and review purposes according to AXIONOVA’s approved retention schedule. Revocation, deletion, or export requests must be handled according to applicable law, approved access requirements, safety-record obligations, and technical feasibility.

17. Children and Age Restrictions

AXIONOVA’s restricted platform, professional access workflows, and RUO materials are not directed to children. The governed access gate should require users to confirm that they are at least 21 years old or otherwise legally authorized to act on behalf of an approved organization. AXIONOVA does not knowingly collect personal information from children for consumer use of RUO materials.

18. Your Choices

You may update certain account information, request marketing opt-outs, unsubscribe from commercial email, request deletion where legally available, limit certain disclosures, revoke consent where applicable, or contact AXIONOVA to restrict optional data integrations. Some choices may limit access to AXIONOVA services because identity verification, chain-of-custody records, practitioner review, DocuSign records, and restricted-access controls are necessary to operate the platform.

Approved Halo users must be provided controls to review consent status, update emergency contacts, change notification preferences, revoke eligible Halo permissions, request export of eligible records, and request deletion where permitted by applicable law and operational requirements. Revocation of Halo permissions may disable configured escalation workflows.

19. Changes to this Policy

AXIONOVA may update this Privacy Policy as its platform, product classifications, service providers, jurisdictions, and legal requirements evolve. AXIONOVA will post the updated version and revise the effective date. Where required by law, AXIONOVA will provide additional notice or obtain consent for material changes.

20. Contact

Questions, privacy requests, ARCO requests, state privacy requests, HIPAA-related inquiries, and data-protection concerns may be submitted to:

AXIONOVA Privacy OfficeAXIONOVA INC.
Email: privacy@axionova.com