1. Who we are
Expand Education (referred to as "we", "us", "the Academy") is the data controller for the personal data described in this policy. We're contactable at hello@expand.health.
The Business of Longevity Academy is delivered via education.expand.health, a service operated by Expand Education.
2. The summary
What we collect. The data you submit when you apply, subscribe, or enrol — name, email, role, company, motivation. We do not collect biomarker, health-test, or clinical data: those stay with you, by design.
Why. To review your application, deliver the programme you bought, and write to you about programme operations. Marketing only with your consent and you can stop it any time.
Who we share it with. Our processors (Resend for email, Stripe for payment, Railway for hosting, Cloudflare for DNS). Never your sponsoring company at participant-level. Never anyone else for marketing.
3. What we collect
Application data
- Name, email, country, time zone
- Role / title, company, years in role, company size
- LinkedIn URL (if you choose to share it)
- The free-text answers about motivation, desired outcome, and referral source
- Cohort preference, whether you can attend live, budget-approval status
Account data
- Your sign-in email, optional password (we never store passwords in plaintext)
- The enrolments and progress associated with your account
- Your in-product notification history, including read/unread state
- Any Q&A or assignment submissions you choose to make
Payment data
- Billing email and address (passed through to Stripe)
- Stripe session ID, payment intent, amount, and currency (we store these as audit trail; we never see or store full card numbers)
Operational data
- Server logs (your IP address, browser user agent, the routes you hit, status codes). Retained for 30 days for security and debugging, then rotated out.
- Privacy-preserving site analytics via Plausible — no cookies, no fingerprinting, aggregated counts only. Plausible cannot identify you.
Health and biomarker data
We don't collect it, by deliberate design. Your baseline questionnaire, lab results, biometrics, and personal playbook are written down by you in your own files. The platform doesn't have a field to capture them. The cohort never sees specifics, only the patterns you choose to share. This is a deliberate design choice for senior-leader privacy and we do not intend to change it.
4. Why we use it (lawful basis)
Contract performance
Reviewing your application, enrolling you in the programme, taking payment, delivering live sessions and async materials, communicating about the programme you bought.
Legitimate interest
Keeping the service running (logs, error monitoring, security). Improving the curriculum and experience based on aggregated usage. Reaching out about new cohorts of programmes you've previously expressed interest in. You can opt out at any time using the unsubscribe link in every marketing email.
Consent
Marketing emails beyond programmes you've engaged with. Use of any optional features that say "with your consent" explicitly. You can withdraw consent at any time.
Legal obligation
Keeping invoices and payment records for the period required by UK tax law (currently 6 years). Responding to lawful requests from law-enforcement and courts.
5. Who we share it with
Our processors
- Resend — transactional and marketing email delivery. Receives recipient email + message body.
- Stripe — payment processing. Receives billing details and card data directly from your browser; we never see card numbers.
- Railway — hosting and database. Receives everything our application stores.
- Cloudflare — DNS only (we don't route customer traffic through Cloudflare's proxy).
- Plausible — privacy-preserving analytics. Receives aggregated, anonymous pageview data only.
All processors are bound by data-processing agreements. Our hosting is in the EU/UK by default.
Sponsoring companies (for B2B participants)
If your seat is sponsored by your employer, your sponsoring CHRO receives a quarterly summary of cohort engagement and completion only. They never see your individual application content, your in-session contributions, or anything about your health. That separation is non-negotiable.
Cohort peers
Your name and (optionally) your LinkedIn appear in the cohort directory so participants can recognise each other. Your application content is never shared with peers. Anything you say in live sessions is shared only within that cohort.
We do not sell your data, ever.
6. International transfers
Our primary processors (Resend, Stripe, Railway, Cloudflare) operate globally. Where data is transferred outside the UK or EEA, it's covered by Standard Contractual Clauses or equivalent. If you'd like a copy of the SCCs applicable to your data, write to hello@expand.health.
7. Retention
- Application data: kept for 24 months from submission, so we can revisit your application for a future cohort. Delete on request.
- Account + enrolment data: kept for as long as your account is active, plus 2 years for alumni-network access.
- Payment records: 6 years (UK tax law requirement).
- Server logs: 30 days.
- Marketing-consent records: kept until you withdraw consent, then deleted.
8. Your rights (UK GDPR / EU GDPR)
You have the right to:
- Access a copy of your personal data
- Rectify data that's inaccurate or incomplete
- Erase your data (subject to the legal-retention exceptions above)
- Restrict processing while you challenge it
- Object to processing based on legitimate interest
- Portability — a machine-readable copy of data you've given us
- Withdraw consent at any time without losing your account
- Complain to the UK ICO at ico.org.uk or your local supervisory authority
To exercise any of these rights, email hello@expand.health. We aim to respond within 30 days; ID verification may be needed for sensitive requests.
9. Security
TLS in transit on every page (HSTS via the Railway edge). Passwords hashed (bcrypt). Session tokens signed (JWT, HS256). Application status links HMAC-signed and email-bound. Payment data tokenised through Stripe; we never see full card numbers. Admin access restricted by allow-list. We do not collect health data, so we have nothing of that kind to lose.
10. Cookies
We use one cookie: a signed session token that keeps you logged in (httpOnly, SameSite=Lax, 30-day rolling expiry). We don't use marketing cookies. Plausible analytics is cookie-free by design. No third-party advertising trackers.
11. Children
The Academy is for senior executives. We do not knowingly collect data from anyone under 18.
12. Changes to this policy
If we change the substance of this policy, we'll announce it in-product and email anyone with an active account at least 14 days before the change takes effect. Cosmetic changes (typos, clarifications) may be made silently.
13. Contact
Privacy questions, data-subject requests, or anything else: hello@expand.health with subject line prefix [Privacy]. We aim to acknowledge within 2 business days.