Your Data, Protected

SIA Enliven is incorporated in Latvia, EU. GDPR compliance is built into every layer of our platform — from data collection consent flows to automated data subject request handling and right-to-erasure support.

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Authentication tokens are managed through AWS Cognito with KMS-backed encryption for sensitive operations like email verification codes.

Our entire platform runs on Amazon Web Services (us-east-1) with multi-AZ redundancy. We leverage API Gateway, Lambda, DynamoDB, S3, and CloudFront — all SOC 2 Type II certified services.

User authentication is handled by AWS Cognito with MFA support. API endpoints are protected by Cognito authorizers with JWT validation. Role-based access control separates user, admin, and organization permissions.

We collect only what is needed to deliver personalized wellness recommendations. Health data is processed on-device where possible (ML Vision runs locally via MediaPipe). We never sell user data to third parties.

All 5 API Gateways enforce rate limiting, CORS restrictions, and request validation. Webhook endpoints use signature verification. Admin APIs are isolated on separate gateways with independent authorizers.

What We Collect

• Account information (name, email)
• Workout logs and exercise history
• Body metrics (optional — weight, height, body fat)
• Biometric data from wearables (optional — heart rate, sleep)
• EATS readiness inputs (subjective ratings)
• ML Vision pose data (processed on-device, not stored)

What We Never Do

• Sell your personal data to third parties
• Share health data with advertisers
• Store raw camera footage from ML Vision
• Track you across other websites
• Retain data after account deletion beyond legal requirements
• Use your data to train models without explicit consent