Trust & Legal
Every place your data actually goes.
We don’t sell your data, but we do use a small set of operational services to run the platform. This is the complete list.
Last updated: 2026-06-06
| Service | Purpose | Data types | Region |
|---|---|---|---|
| Render | Application + managed PostgreSQL database hosting | Account records, encrypted PHI, encrypted lab data, application logs (PHI scrubbed). PHI columns are encrypted at the application layer with a key held in Render’s encrypted environment-variable secret store. | United States |
| OpenAI (Business API) | LLM inference (text only) for plan generation, refinements, expert chat. Paid business-tier API — required for BAA eligibility. No voice/audio services used. | Plan-relevant intake fields, lab summaries, deep-dive transcripts. Identifiers stripped where possible. Per business-tier terms, not used for model training. BAA in process. | United States |
| Stripe (US + MX) | Subscription billing and payment processing. Stripe MX collects 16% IVA on Mexican subscriptions. | Email, billing address, last 4 of card, Stripe customer ID. We never receive raw card numbers. | United States + Mexico |
| Resend | Customer service and technical support email only — sign-up, verification, sign-in codes, password reset, billing receipts, dunning, marketing, generic alerts. This service does NOT offer HIPAA/BAA compliance. PHI is never transmitted through Resend — no medication names, lab panel names, biomarker values, diagnoses, or treatment details. | Account email, account name, non-PHI message content. Health-specific content stays inside our BAA-covered application and is accessed via the dashboard, never by email. | United States |
| Quo | Customer service ticketing and live chat — technical support inquiries only. This service does NOT offer HIPAA/BAA compliance. PHI is never transmitted through Quo — no medication names, lab results, biomarker values, diagnoses, or treatment details. Clinical questions are redirected to the in-app dashboard. | Account email, account name, non-PHI support message content. | United States |
| Cloudflare | Marketing-site CDN, DDoS protection, edge cache | Public marketing-site requests. No PHI passes through this layer. | Global edge |
| Apple / Google (OAuth) | Optional federated sign-in | Authentication tokens only. We never receive your provider password. We receive name + email if you grant them at sign-up. | United States |
| Agora | Real-time video and voice engine powering telehealth consultations | Voice audio, video stream, IP address, session metadata. HIPAA-compliant (BAA in progress). SOC 2 + ISO 27001 certified. Per Agora’s PaaS terms, end-user data is managed by TTL in our own application — Agora only processes operational data necessary to deliver the session. | United States + Mexico |
Notification
When this list changes.
We update this page within 30 days of adding, removing, or materially changing a subprocessor. Customers on the App Subscription and above can request 30-day advance notice for material changes by emailing privacy@ttlongevity.com.
Honest about every line of the data path.
If something on this list doesn't sit right, tell us — we'll explain or fix it.