future self

privacy policy

effective date: 2026-06-04

Last updated: 2026-06-04

Decade Young (decadeyoung.com) is a property of Vital Health, a product of Gigploy, LLC ("Vital Health," "we," "us," or "our"). This Privacy Policy explains what information we collect through decadeyoung.com (the "Site") and the Future Self experience, how we use and protect it, and the choices you have.

This Site and experience are intended for residents of the United States who are 18 years of age or older. They are not directed to individuals in the European Union or European Economic Area, and we block access from those regions.

The Future Self experience is provided for entertainment and educational purposes only. It is not medical advice and does not provide medical services, diagnosis, or treatment.

1. Information we collect

When you use the Future Self experience, we collect:

Email address. Used to send you your generated image and related communications.

Facial photograph (biometric information). You upload a photo of your face so we can generate a visualization of your future self. Section 2 explains how we handle biometric information.

Quiz responses. Your answers to the questions in the experience.

ZIP code. Used to help route your information to relevant providers.

Limited technical data. Your IP address and browser user-agent, recorded with your consent record. We also use server-side analytics (PostHog) that operate without personal identifiers, using only an internal lead identifier and no email, photograph, or image links.

2. Biometric information

We take the handling of biometric information seriously and comply with applicable biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA).

What we collect. A facial photograph that you upload, and the AI-generated image derived from it.

Purpose. We collect and process your photograph solely to generate a visualization of your future self for the entertainment and educational experience you requested. We do not use it for identification, surveillance, or any other purpose.

Consent. Before you upload a photograph, we obtain your written consent through a checkbox you must actively select. We store the exact text of that consent, its version, and the date and time you provided it.

How it is processed. To create your image, your photograph is sent to OpenAI, our image-generation provider. Two OpenAI models process your photograph: one analyzes the image to build a generation prompt, and one generates the resulting visualization. Your photograph and the generated image are stored in a private, access-controlled storage bucket hosted by Supabase. Under our agreement with OpenAI, your photograph is not used to train its models.

Retention and destruction schedule. This is our publicly posted biometric retention and destruction schedule:

  • Your original uploaded photograph is permanently deleted within 30 days of upload.
  • The AI-generated image is permanently deleted within 30 days of creation.
  • The secure link used to deliver your image expires within 30 days.

Deletion is automated and permanent. We do not retain biometric information beyond these windows.

No sale, no profit. We do not sell, lease, trade, or otherwise profit from your biometric information. We do not disclose it to any party other than the processors named above (OpenAI and Supabase) for the sole purpose of generating and storing your image. Your photograph and generated image are never shared with partner providers.

3. How we use your information

We use the information we collect to:

  • Generate and deliver your future-self image
  • Communicate with you about the experience
  • Connect you, through your contact and quiz information, with partner providers who may be able to help with the goals you indicated (see Section 4)
  • Operate, secure, and improve the Site
  • Comply with legal obligations

4. How we share your information

We share information only as described here.

With service providers (sub-processors). We use trusted vendors to operate the experience:

  • OpenAI processes your photograph to analyze it and generate your image.
  • Supabase stores your data and images in private, access-controlled storage.
  • Resend delivers your result email, which includes your name, email address, and a link to your image.
  • PostHog provides server-side analytics using a non-identifying internal lead identifier only.

Each provider is permitted to use your information only to provide services to us.

With partner providers. Your contact information and quiz responses (but not your photograph or generated image) are shared with Vital Health's partner providers so a qualified provider can follow up with you about the goals you indicated. Partner providers are independent businesses. Any communications they send you, including text messages, require their own separate consent, which they will request directly.

For legal reasons. We may disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of Vital Health, our users, or others.

We do not sell your personal information.

5. Data retention

We retain biometric information only as described in Section 2 (the 30-day schedule). We retain other information, such as your email, quiz responses, and ZIP code, for as long as needed to provide the experience, connect you with partner providers, comply with legal obligations, and operate our business, after which we delete or de-identify it.

6. Security

We use administrative, technical, and physical safeguards designed to protect your information, including private access-controlled storage and encrypted transmission. No system is perfectly secure, but we work to protect your information consistent with its sensitivity.

7. Your choices and rights

You may:

  • Request access to the personal information we hold about you
  • Request deletion of your personal information
  • Withdraw consent to biometric processing (your photograph is in any case deleted within 30 days)
  • Opt out of non-essential communications

To make a request, contact us using the details in Section 11. We will respond as required by applicable law.

California residents. If you are a California resident, you have rights under the California Consumer Privacy Act, as amended, including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to limit the use of sensitive personal information (which includes biometric information). We do not sell or share your personal information for cross-context behavioral advertising. To exercise these rights, contact us as described below. We will not discriminate against you for exercising them.

8. Children's privacy

The Site is intended for adults 18 and older. We do not knowingly collect information from anyone under 18. We require confirmation of age before you use the experience, and we apply an additional automated age check before generating an image. If we learn that we have collected information from a minor, we will delete it.

9. Geographic scope

The Site is intended for use in the United States only. It is not directed to, and we block access from, the European Union and European Economic Area. If you access the Site from outside the United States, you do so on your own initiative.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and post the new version here. Material changes that affect biometric information will be communicated as required by law.

11. Contact us

Vital Health (a product of Gigploy, LLC)

16835 Algonquin Street, Unit 327

Huntington Beach, CA 92649

Email: privacy@decadeyoung.com