Privacy Policy

Version 4 · Effective: May 17, 2026

Company (Controller): Immortal Company, Inc., 11273 COLINWARD AVE, LAS VEGAS, NV 89135, USA ("Immortal," "we," "us," or "our")

Contact: privacy@a-list.com

This Privacy Policy explains how we collect, use, disclose, and protect information in connection with A-LIST (the "Service"), a wellness and social application available at a-list.com and via our mobile apps.

Important: A-LIST is not a medical device and does not provide medical advice. The Service is intended only for individuals located in the United States and aged 18 or older.

Not a contract. This Policy is for transparency and compliance; it does not create contractual rights beyond those required by law. Your use of the Service is governed by our Terms of Use.

1. Scope & Eligibility

This Policy applies to all Services operated by Immortal that link to it.

  • U.S. only. Data is processed in the United States.
  • Age 18+. We do not knowingly collect data from individuals under 18.

2. Notice at Collection (U.S. State Privacy Laws)

We collect the following categories of personal information:

Identifiers

Phone number, email, account handle, IP, device identifiers

Sources: You, your device, service providers

Purposes: Authentication, security, analytics, marketing and promotional communications (including via third-party marketing partners)

Disclosure: Service providers, marketing and attribution partners, legal

Account & Profile

Name, bio, photos

Disclosure: May be public depending on settings

User Content

Posts, messages, photos, videos, comments, reactions, follower graph

Disclosure: Public or private depending on feature

Wellness & Health Inputs (Sensitive)

Diet, exercise, supplements, routines, goals

Health Integrations (Sensitive)

Apple HealthKit data (only what you authorize)

Biometric-Adjacent Image Processing (Sensitive)

We may offer features that analyze photos or videos you provide (e.g., skin-related analysis or classification).

Scope of processing

  • Images are processed solely to provide the feature you request
  • Processing may include analysis of visible characteristics such as skin tone or appearance
  • These features are not designed to identify you or verify your identity

No biometric identification

We do not:

  • Use facial recognition
  • Identify individuals across images or sessions
  • Create or store facial templates, faceprints, or biometric identifiers
  • Use images for identity verification

User consent

  • By using these features and submitting images, you provide explicit consent to this processing
  • Use of these features is optional

Retention & deletion

  • Images are retained only as long as necessary to provide the requested feature
  • Many operations are transient (processed and not persistently stored)
  • Stored images are deleted when you delete them, when your account is deleted, or within a reasonable retention period consistent with service operation

No sale or advertising use

  • We do not sell image data
  • We do not use image data for advertising or cross-context behavioral tracking
  • We do not train our own models on your images unless explicitly disclosed and consented to

Third-party processing

Images may be processed by service providers (e.g., AI model providers) solely to provide functionality under our instructions and contractual safeguards.

Compliance statement

To the extent any data processed is considered "biometric information" under applicable law, we:

  • inform you of the purpose and duration of processing
  • obtain consent prior to collection
  • do not retain data longer than necessary to fulfill the disclosed purpose

Geolocation (Sensitive)

GPS (if enabled), IP-based location

Contacts Matching

Hashed (SHA-256) contacts for friend discovery

Internet / Technical Data

Usage events, logs, device information

Communications

Email, SMS, push notifications, including service and marketing messages

Disclosure: Messaging, attribution, and marketing service providers (e.g., AppsFlyer) to deliver and measure communications

Voice Data (Sensitive)

Audio captured during AI interactions

  • May be processed in real time or via streaming sessions
  • Used to generate transcriptions and responses
  • Not retained beyond what is necessary to provide the feature unless otherwise disclosed

AI Interaction Data

Inputs, outputs, prompts, interaction history, and session metadata

Screen Context Data

Visible UI elements and app state when using AI-powered navigation features (e.g., Guardian)

Authentication Data

Passkeys (FIDO2/WebAuthn), OTP credentials

Subscription & Entitlement Data

StoreKit transaction metadata, subscription status, billing intervals, renewal state, and administrative overrides

Inferences

Content ranking and personalization signals

No Selling / Sharing for cross-context behavioral advertising: We do not sell personal information, and we do not share it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws. We may, however, disclose contact details (such as email, phone number, and device identifiers) to third-party marketing, attribution, and advertising partners (including AppsFlyer) so that they can help us deliver, target, and measure our own marketing communications and campaigns. You can opt out of marketing communications at any time as described in Section 9.

3. Information We Collect

We collect information directly from you, from your device, and from integrations you authorize.

Includes:

  • Account information
  • User content and media (including DMs)
  • Wellness and health inputs
  • Camera and image data
  • AI interaction data
  • Voice and real-time session data
  • Screen context data
  • Subscription and entitlement data
  • Technical diagnostics

4. Sources of Information

  • You
  • Your device and OS
  • Integrations (e.g., HealthKit)
  • Service providers
  • Public content

5. How We Use Information

We use information to:

  • Operate and authenticate accounts
  • Provide AI-powered features (including real-time voice and Guardian navigation/actions)
  • Process images and media for requested features
  • Provide subscriptions and entitlement access
  • Enable messaging and social features
  • Improve performance, reliability, and product quality
  • Conduct analytics and research
  • Communicate with users, including marketing and promotional messages (via email, SMS, push, and in-app), and measure the effectiveness of those communications with third-party marketing and attribution partners
  • Ensure safety, integrity, and abuse prevention
  • Comply with legal obligations

Automated systems: We do not use automated decision-making with legal or similarly significant effects.

6. Public Content & Messaging

  • Content may be public depending on settings
  • Direct messages (DMs) are intended to be private but may be processed for safety, moderation, and feature functionality
  • We do not guarantee absolute confidentiality of content

7. How We Disclose Information

Service Providers / Sub-processors

We use providers including:

  • Infrastructure: Google Cloud Platform (Cloud Run), AWS
  • Analytics: Mixpanel, BigQuery
  • AI: OpenAI, Anthropic, OpenRouter models
  • Speech processing: Whisper or equivalent
  • Diagnostics: Sentry, Shake
  • Messaging: Twilio, Firebase
  • Marketing & attribution: AppsFlyer (mobile attribution, deep linking, audience targeting, and campaign measurement)
  • Authentication: Supabase, Google Sign-In
  • Payments: Apple (StoreKit), Stripe
  • Experimentation: Statsig

Marketing partners. We share contact details (such as email address, phone number, and device identifiers) with marketing, advertising, and attribution providers (including AppsFlyer) so they can deliver, target, and measure marketing communications and ad campaigns on our behalf. These partners are contractually limited to using the data for our marketing purposes and may not use it for their own independent purposes except as permitted by law.

AI Processing

Data may be processed by AI providers to fulfill requests. We instruct providers to use data only to provide functionality and restrict training where supported.

Legal / Compliance

To comply with law or protect rights and safety

Business Transfers

In mergers, acquisitions, or financing events

Public Content

Visible to others as shared

8. Health Integrations (Apple HealthKit)

  • Access only with permission
  • Used only for requested features
  • Not used for advertising or sold

9. Your Choices & Controls

  • Location, contacts, and health data permissions (manage in your device settings)
  • Content deletion
  • Account deletion

How to opt out of marketing

You can opt out of marketing and promotional communications, and of sharing your contact details with marketing partners (including AppsFlyer), at any time:

  • Email: click the "unsubscribe" link in any marketing email.
  • SMS: reply STOP to any marketing text.
  • Push notifications: disable in your device's notification settings or in the A-LIST app settings.
  • In-app: turn off marketing communications in Settings → Notifications / Communications.
  • Mobile ad tracking: on iOS, deny App Tracking Transparency for A-LIST (Settings → Privacy & Security → Tracking) and/or reset your device advertising identifier.
  • By email: send a request to privacy@a-list.com and we will remove you from marketing audiences shared with third-party marketing partners.

Opting out of marketing will not stop service or transactional messages (e.g., security alerts, billing, account notices) that are needed to operate the Service.

10. Cookies, SDKs & Tracking

We use:

  • Cookies and SDKs
  • Analytics (Mixpanel, BigQuery)
  • Diagnostics (Sentry, Shake)
  • Communications (Twilio, Firebase)

11. Data Retention

  • Account data: retained while active
  • Logs: retained for limited operational periods
  • Audio: not retained beyond processing unless disclosed
  • AI data: retained as needed for functionality, safety, and debugging
  • Legal retention as required

12. Security

We use:

  • Encryption in transit and at rest
  • Access controls and least-privilege access
  • Monitoring and logging

No system is completely secure.

13. U.S. Privacy Rights

You may request:

  • Access
  • Deletion
  • Correction
  • Portability

Contact: privacy@a-list.com

14. International Transfers

Data is processed in the United States.

15. Children

We do not knowingly collect data from users under 18.

16. Third-Party Links

We are not responsible for third-party services.

17. Changes

We may update this Policy and provide notice where required.

18. Contact

Immortal Company, Inc.

11273 COLINWARD AVE

Las Vegas, NV 89135

privacy@a-list.com

Short Disclaimers

No medical advice. Not a healthcare provider.

AI Systems. Outputs may be inaccurate or incomplete.

Not a contract. See Terms of Use.

© 2026 The Immortal Company. All rights reserved.