Join the Waitlist (25% Off)

Privacy Policy

Last Updated: May 2025

1. Who We Are

EVA is a clinically guided longevity platform operated by Elite Vita, a Dubai-based health and wellness company. This Privacy Policy explains how EVA (we, us, our) collects, uses, stores, shares, and protects your personal and health data when you use the EVA Platform – including the mobile app, the website at eva.ae, and associated services.

We understand that the data you share with EVA – including genetic information, blood biomarkers, and health history – is among the most personal data that exists. We treat it with the highest standards of care, security, and respect.

By using the EVA Platform, you consent to the data practices described in this Policy. If you do not agree, please discontinue use of the Platform.

2. Data We Collect
2.1 Information You Provide Directly
  • Account information: Name, email address, date of birth, gender, nationality, contact details
  • Health history: Self-reported medical history, existing conditions, medications, and wellness goals
  • Biological samples: DNA samples (collected via at-home kit or clinic visit) and blood samples (collected under medical supervision)
  • Payment information: Processed securely by authorised payment providers; EVA does not store full card details
  • Communications: Messages, feedback, and support requests submitted to EVA
2.2 Data Generated by the Platform
  • DNA analysis results: Genetic predispositions, nutrient pathways, and risk factors derived from your sample
  • Blood biomarker data: Results from 70+ biomarker blood panels, analysed over time
  • DEVA insights and actions: Your daily interaction data, adherence patterns, and engagement with recommendations
  • Supplement protocol data: Your personalised supplement history, delivery records, and adjustments
  • Biological age estimates: Derived metrics calculated from your integrated biological data
2.3 Technical & Usage Data
  • Device information: Device type, operating system, app version
  • Usage data: Pages visited, features used, session duration, click behaviour
  • Location data: Country/region level only, used for service availability and shipping
  • Cookies and tracking technologies: Used on eva.ae for analytics and user experience optimisation (see Section 8)
3. How We Use Your Data

We use your data to:

  • Deliver and personalise EVA services – including DNA reports, blood analysis, DEVA daily insights, and supplement protocols
  • Support clinical oversight – enabling qualified clinicians to review and validate your personalised health protocols
  • Improve biological age tracking and monitor progress over time
  • Process payments and manage subscriptions
  • Communicate with you about your account, results, protocol updates, and service changes
  • Send educational content, longevity insights, and platform updates (where you have opted in)
  • Conduct anonymised research and platform improvement using aggregated, de-identified data
  • Comply with applicable UAE law and regulatory requirements
  • Investigate fraud, enforce our Terms, and protect the security of the Platform
4. Legal Basis for Processing

EVA processes your data on the following legal bases, consistent with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and applicable health data regulations:

  • Consent: For processing sensitive health and genetic data – you provide explicit consent upon registration and before each testing phase
  • Contractual necessity: To deliver the services you have subscribed to and paid for
  • Legitimate interests: For platform security, fraud prevention, and improving EVA services (where such interests do not override your rights)
  • Legal obligation: Where required to comply with UAE law or regulatory requirements

You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Contact privacy@eva.ae to exercise this right.

5. Sensitive Health & Genetic Data

EVA collects and processes special categories of sensitive personal data, including genetic data (DNA analysis results) and health data (blood biomarkers, biological age, health history).

We apply heightened protections to this data:

  • Explicit consent is obtained before any sensitive data is collected or processed
  • Access is strictly limited to authorised clinicians and the technical team responsible for delivering your service
  • Data is encrypted in transit and at rest using industry-standard encryption (AES-256)
  • We do not sell your genetic or health data to third parties under any circumstances
  • Anonymised, aggregated data may be used for internal research and platform improvement, in a manner that cannot identify you
6. Data Sharing
6.1 We Do Not Sell Your Data

EVA does not sell, rent, or trade your personal or health data to third parties for commercial purposes.

6.2 Data Shared with Service Partners

We share data only where necessary to deliver our services, with partners bound by strict confidentiality obligations:

  • Laboratory testing partners: DNA and blood samples are processed by accredited laboratories under data processing agreements
  • Supplement fulfilment: Shipping data (name, address) is shared with Elite Vita’s fulfilment operations
  • Payment processors: Payment data is processed by PCI-DSS compliant payment providers
  • Cloud infrastructure: Data is hosted on secure, UAE PDPL-compliant cloud infrastructure
  • Clinical oversight partners: De-identified or consented data may be reviewed by licensed clinicians in the EVA network
6.3 Legal Disclosure

We may disclose your data where required by UAE law, a court order, or lawful regulatory authority. We will notify you where legally permitted to do so.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services:

  • Account data: Retained for the duration of your account plus 3 years following closure
  • DNA data and reports: Retained for 7 years unless you request deletion
  • Blood biomarker records: Retained for 7 years for continuity of clinical care
  • Financial/transaction records: Retained for 7 years as required by UAE commercial law
  • Communications and support records: Retained for 3 years

After retention periods expire, data is securely deleted or permanently anonymised. You may request earlier deletion (see Section 9), subject to legal retention obligations.

8. Cookies & Tracking

The EVA website (eva.ae) uses cookies and similar tracking technologies to:

  • Remember your preferences and login state
  • Analyse website traffic and user behaviour (via privacy-compliant analytics tools)
  • Support advertising and retargeting campaigns (where you have consented)

You can control cookie preferences through your browser settings or via our cookie consent banner. Disabling certain cookies may affect Platform functionality.

9. Your Rights

Subject to UAE PDPL and applicable law, you have the right to:

  • Access: Request a copy of the personal data EVA holds about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention obligations)
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Data portability: Request your data in a structured, machine-readable format
  • Withdraw consent: Withdraw consent to processing of sensitive data at any time
  • Objection: Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@eva.ae. We will respond within 30 days. We may request identity verification before processing your request.

10. Data Security

EVA implements robust technical and organisational measures to protect your data:

  • AES-256 encryption for data at rest
  • TLS encryption for all data in transit
  • Role-based access controls – only authorised personnel access your data
  • Regular security audits and vulnerability assessments
  • Incident response procedures in compliance with UAE PDPL notification requirements

No system is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities as required by law.

11. International Data Transfers

EVA is headquartered in Dubai, UAE. Your data may be processed by service partners in other jurisdictions (e.g., laboratory partners, cloud providers). Where data is transferred internationally, we ensure appropriate safeguards are in place, consistent with UAE PDPL requirements.

12. Children’s Privacy

The EVA Platform is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided data to EVA, please contact us immediately at privacy@eva.ae and we will take prompt steps to delete such data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before changes take effect. Continued use of the Platform after changes take effect constitutes acceptance.

14. Contact & Complaints

For privacy-related questions, data access requests, or concerns, please contact:

EVA Privacy Team – Elite Vita

Email: privacy@eva.ae

Website: eva.ae

Location: Dubai, United Arab Emirates

If you believe we have not adequately addressed your privacy concerns, you may lodge a complaint with the UAE Data Office or your local data protection authority.

Pages
Support
Get in Touch

Elite Vita, Building 49, Healthcare City, Dubai

contact@eva.ae

+971 54 74 00555

07.00 AM - 23.00 PM

Copyright ©
eva 2026

Founding Member Offer

Be first.
Get 25% off
when we launch.

Join the EVATM waitlist and lock in your founding member discount — applied automatically when the app goes live.

I’m interested in