Project Rewind

Project Rewind collects biometric data from connected wearable devices and health platforms, including Whoop, Apple Health, and Withings. The specific data types include:

• —Heart Rate Variability (HRV)
• —Sleep duration, stages (deep, REM, light), and efficiency
• —Recovery scores and readiness metrics
• —Daily activity, strain, and step counts
• —Body metrics: weight, body composition, resting heart rate
• —Respiratory rate and blood oxygen saturation (SpO₂)

We also collect basic account information: your name, email address, and chronological age, which are required to create your profile and calculate your biological age score.

Your biometric data is used exclusively for the following purposes:

• —Calculating your biological age score using our longevity scoring algorithm
• —Generating your personal health and recovery reports
• —Populating the competition leaderboard with your aggregate score (not raw biometrics)
• —Tracking your score trajectory over the competition period

We do not use your data for advertising, profiling, or any purpose outside of Project Rewind competition operations.

Your raw biometric data is private and visible only to you on your personal dashboard.

The competition leaderboard displays your name and biological age score only — no raw health metrics are visible to other participants.

Administrators can access aggregate scores for competition management purposes. No raw biometric data is shared with other participants, third parties, or external organizations.

Your data is never sold, licensed, or shared with advertisers or data brokers. Ever.

All data is stored on Railway-hosted infrastructure using PostgreSQL. Data is encrypted in transit using TLS 1.2+. Access to the database is restricted to internal Railway private networking — it is not exposed to the public internet.

Biometric data is sourced via Junction (formerly Vital), a HIPAA-compliant health data aggregation platform. Junction handles the secure connection and data transfer between your wearable devices and Project Rewind.

We retain your data for the duration of the competition and a reasonable period afterward. You may request deletion at any time (see below).

You have the right to request deletion of your account and all associated data at any time. To submit a deletion request, email the administrator at the address provided to you during onboarding.

Deletion requests are processed within 30 days. Upon deletion, your biometric data, account profile, and score history are permanently removed from our systems. Aggregate, anonymized competition statistics may be retained.

Project Rewind contains no advertising of any kind. Your data is not sold, rented, or shared with third-party marketers or data brokers.

We do not use tracking pixels, ad networks, or behavioral analytics platforms. The only third-party service with access to your health data is Junction, which acts as a data processor under our instructions and is contractually prohibited from using your data for any other purpose.