Optimize
Privacy & security

Your health data, protected by design.

Health data is among the most sensitive personal data you can hold. At Optimize, we treat that responsibility as the foundation of every feature we build — guided by the seven principles of Privacy by Design and the requirements of GDPR and the Dutch AVG.

Why it matters

Health data deserves more.

A blood result can describe risk factors, lifestyle patterns and clinical conditions — information that can follow you for years. Generic privacy practices aren't enough. The bar has to be higher: not just compliant, but designed from the ground up to keep the individual in control.

Cardiovasculair (ApoB)
62
mg/dL
Laboratorium
2026-01-03
Moet ik me zorgen maken om mijn LDL?
Supplementen
33,4
Biologische leeftijd
Our framework

Privacy by Design.

Privacy by Design is a set of seven foundational principles, originally formulated by Dr. Ann Cavoukian and adopted as a global standard for privacy-respecting systems. It moves privacy from an afterthought to a property of the architecture itself.

We use these principles as the lens for every product decision that touches your health data — from how we collect a single biomarker to how we run aggregate analytics for organisations.

Principle01Principle02Principle03Principle04Principle05Principle06Principle07Privacyby Design

Tap a segment to read how we apply that principle.

Proactive, not reactive

01 / 07

Anticipate privacy risks before they occur — preventative, not remedial.

Every feature that touches health data passes a privacy and security review before launch. We threat-model new flows, run penetration tests, and keep a coordinated disclosure channel open for outside researchers.

Practical safeguards

What it looks like in practice.

GDPR & AVG, EEA-based processing

Full compliance with European privacy law. Personal data is primarily processed within the EEA; limited transfers outside use Standard Contractual Clauses or adequacy decisions.

Encryption + pseudonymisation

AES-256 encryption at rest. Identity and health data live in separate databases, re-linkable only via a private key held by Optimize — so health data alone can't be tied to a person.

Aligned with ISO 27001 + OWASP

Our security measures are aligned with ISO/IEC 27001, the OWASP Mobile Security Guidelines and the Dutch DPA's recommendations. Sign-in uses OAuth 2.0 with PKCE plus biometric authentication.

Certified lab partners

Blood samples are processed by ISO-accredited diagnostic labs (Unilabs, Eurofins) under their own clinical privacy duties.

Clear retention windows

Your data is removed within one year of account deletion. Payment records are kept seven years for tax compliance; lab results stay available for one year so you can still retrieve them.

Your rights, by email

Access, rectify, port or delete your data via privacy@optimizelifestyle.io. We verify your identity and respond within one month.

Questions about your data?

Our team and Data Protection Officer are happy to help with privacy, security and compliance.