Privacy Policy

Version 1.0 · Effective 2026-04-20

1. Who we are

EveryGene (“EveryGene”, “Lived”, “we”) operates the Lived platform. For the purposes of the EU/UK GDPR and the Turkish Personal Data Protection Law (KVKK), EveryGene is the data controller for the personal data described below. You can reach our privacy team at privacy@everygene.com.

2. What we collect

We collect three broad categories of data:

  • Account data you provide — email address, display name, password hash, and the Terms / Privacy / Data Processing consent record (version, timestamp, IP address).
  • Content you post — stories, comments, follows, family-member notes, uploads, and any condition or treatment tags you attach. Some of this may reveal information about your health; see section 4 on special-category data.
  • Technical metadata — IP address, user-agent, request timestamps, session identifiers, and application logs generated while you use the Service. This is used to operate, secure, and debug the platform.

3. Why we process it, and our legal basis

  • Providing the Service (account creation, authentication, publishing your content, matching you to communities) — contract (GDPR Art. 6(1)(b)).
  • Security, fraud prevention, and abuse detection (rate limiting, account-lockout counters, audit logs) — legitimate interests (Art. 6(1)(f)).
  • AI-assisted features and de-identified research explicit consent (Art. 6(1)(a) and Art. 9(2)(a) for health data), captured separately via the Data Processing Consent. You can withdraw it at any time.
  • Legal compliance (tax, law-enforcement requests, regulatory duties) — legal obligation (Art. 6(1)(c)).

4. Health data

Content you post may reveal health information about you (a “special category” of personal data under GDPR Art. 9). We only process this on the basis of your explicit consent, or where you have manifestly made the information public by posting it to the community. You can edit or delete your own content from the profile page; deleted content is removed from public view immediately and purged from our primary database within 30 days.

5. How we use it

To operate the platform, surface relevant communities and references, detect abuse, provide AI-assisted features you have consented to, and communicate with you about your account. We do not sell personal data. De-identified aggregates used for research are separated from identifiable records; see the Data Processing Consent page for the de-identification approach.

6. Where it lives

Data is stored on infrastructure we control in the European Union, with encryption in transit (TLS 1.2+) and at rest where supported. Access is restricted to engineers who need it to operate the service, protected by SSO and logged for audit. Backups are encrypted and retained for up to 35 days.

7. Sharing

We share personal data only with: (a) infrastructure providers acting as our processors under written agreements (hosting, database, CDN, email delivery, error monitoring); (b) AI processors acting strictly under instruction, where you have consented (see the Data Processing Consent); (c) authorities, where we are legally compelled to disclose. We do not share personal data with advertisers. A current list of sub-processors is available on request at privacy@everygene.com.

8. Retention

  • Account data — for as long as your account exists, plus up to 30 days after deletion.
  • Consent records — kept for the lifetime of the account plus 6 years after deletion, as an audit of which version you accepted (required for regulatory reconstruction).
  • Stories and comments — retained as long as your account exists. On account deletion, they are anonymised (the author-user link is severed); the content itself remains visible to the community as a historical record unless you delete it first.
  • Application logs — 30 days rolling; security-audit logs, up to 12 months.

9. Your rights

Subject to applicable law, you have the right to: access your personal data, rectify inaccurate data, request erasure, restrict or object to processing, withdraw any consent you previously gave, and receive a portable copy of data you provided. The profile page exposes several of these (edit profile, change password, delete account). For any other request, email privacy@everygene.com. You also have the right to lodge a complaint with your local supervisory authority (in Türkiye, the KVKK Board).

10. Cookies and local storage

We use first-party browser storage to keep you signed in (a JSON Web Token) and to remember minor UI preferences. We do not use third-party advertising cookies. We use privacy-respecting, self-hosted analytics for aggregate product-usage counts; these do not identify individual users.

11. Children

Lived is not intended for users under 16. If you believe a minor has created an account, please contact us so we can remove it.

12. Changes

We may update this Policy. When a change is material, we will bump the version shown above and — once the re-consent flow ships — prompt you to re-accept on next sign-in. We will not apply a material change retroactively to data collected under an earlier version without a new legal basis.

13. Contact

Privacy questions, access requests, and complaints: privacy@everygene.com.