Privatliv & fortrolighed

How we protect your data

Health information is among the most sensitive personal data the law recognises. This policy explains how we collect, use and protect your data.

Last updated: 17 June 2026

1. Data controller

Aevia Health (a secondary business name of Klart Studio, sole proprietorship), Bredgade 11, 7400 Herning, Denmark, CVR 46 52 07 50, is the data controller for the processing of your personal data. Contact: kontakt@aevia.dk.

2. What information we process

  • Contact details: name, job title, company, email and phone that you provide yourself via a form or conversation.
  • Booking details: chosen package and services plus appointment date/time and area, which we store to complete and administer your booking.
  • Health information: diagnostic results are sensitive personal data (GDPR Article 9). Clinical results (e.g. blood test values) are not collected via the website's public pages, only in connection with an agreed programme and with your explicit consent. If you use our biological-age estimator, we process your self-reported lifestyle answers and the calculated estimate to send you the result (sent via our email provider, see section 5).
  • Technical data: anonymised usage statistics via Google Analytics 4 and Microsoft Clarity, only if you accept cookies.

3. Legal basis for processing

Contact details are processed on the basis of your enquiry and our legitimate interest in responding to it (Article 6(1)(b) and (f)). Booking details are processed to perform the agreement for your programme (Article 6(1)(b)). If you sign up for our checklist/newsletter or use the biological-age estimator, we process your email and answers on the basis of your consent (Article 6(1)(a)), which you may withdraw at any time. Health information is processed solely on the basis of your explicit consent (Article 9(2)(a)) and for the purpose of medical assessment.

4. Sensitive health data

Your health data is stored encrypted and is only accessible to the treating staff and the specialists involved in your programme. We never share individual health results with your employer. With company agreements, the employer receives only anonymised and aggregated reports in which no individual can be identified.

5. Data processors & partners

To deliver the service we use a number of data processors and partners that process personal data on our behalf or as independent/joint controllers. Data-processing agreements are in place where relevant:

  • Partner clinics, accredited laboratories and imaging centres — perform the diagnostics; receive your name, one contact detail and the appointment time to coordinate your programme.
  • Upstash (cloud database) — stores booking details (name, email, phone, package and times).
  • Resend (email provider) — sends confirmation and service emails and stores email/lead contacts.
  • Stripe (payment provider) — processes name, billing details and phone at payment.
  • Vercel (hosting) — operates the website and server functions.
  • Google (Analytics 4) and Microsoft (Clarity) — anonymous statistics, only with your consent.
  • Anthropic (AI) — powers the chat assistant and drafts the report's wording from already-classified, pseudonymised data (see section 9). A physician always reviews and approves the report before delivery.

International transfers: Some of the above providers (incl. Anthropic, Google, Microsoft and Stripe) are established in or transfer data to the USA. Transfers rely on the European Commission's Standard Contractual Clauses (SCCs) and/or the provider's certification under the EU-US Data Privacy Framework. You can contact us for a copy of the relevant transfer safeguard.

6. Retention

Contact details from enquiries and lead/newsletter contacts are kept until you unsubscribe or until removed during periodic cleanup — at most 12 months after the last contact if no agreement is made. Booking details (name, email, phone, package and times) are kept for up to ~6 months; cancelled bookings are pseudonymised/deleted within ~30 days; a payment marker linked to your email for up to ~6 months. Health data is retained in accordance with applicable medical record-keeping rules and deleted thereafter.

7. Your rights

  • Access to the information we process about you
  • Rectification of inaccurate information
  • Erasure ("the right to be forgotten")
  • Restriction of and objection to processing
  • Withdrawal of consent at any time
  • Data portability

You can exercise your rights by writing to kontakt@aevia.dk. You can complain to the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby.

8. Cookies

We use necessary cookies and, with your consent, statistical cookies (Google Analytics 4 and Microsoft Clarity) to improve the website. You can change your choice at any time by deleting cookies in your browser. Health data is never collected via cookies.

9. AI chat assistant

Our website has an AI chat assistant. By default it is on and answers questions based on information about Aevia without sending anything onward. Only when you have chosen "Accept all" in the cookie banner can your messages be sent to an external AI service (Anthropic) that generates the answer on our behalf; without consent you are answered locally only.

Never write sensitive health information in the chat. The assistant provides general information and cannot make diagnoses or replace a doctor. You can withdraw your consent at any time by choosing "necessary only" or deleting cookies in your browser.

10. Changes

We may update this policy. The version in force at any time is available on this page with its update date.

Book your health check