Health Data Privacy Notice

1. Definitions

"Health Data" / "Sensitive Health Data"

Health Data includes any past, present, or future physical or mental health status, including but not limited to:

• Lab test results and bloodwork values
• Biomarkers, diagnostic values, trends, and interpretations
• Self-reported health history, symptoms, or conditions
• Wearable-device data (such as heart rate, activity, sleep, or biometrics)
• Data collected through surveys, questionnaires, quizzes, or assessments
• Inferences or derived health insights (e.g., risk scores, wellness indicators, trends inferred from raw results or wearable metrics)

"Personal Data" or "Personal Information"

Any data that identifies, relates to, describes, or can reasonably be linked to an individual, such as name, email, device identifiers, IP address, payment information, or account data.

"Processing"

Any operation performed on data, including collection, storage, retrieval, use, disclosure, sharing, analysis, deletion, or other handling.

2. Categories of Data We Collect

A. Data You Provide Directly

• Lab results you upload
• Health history and health-related inputs
• Survey/quiz answers
• Wearable data you manually add
• Account information: name, email, login credentials
• Billing and payment information (processed through third-party PCI-compliant providers)

B. Data Collected from Devices or Integrations (With Your Permission)

• Wearable-device or health-app data (e.g., Apple Health, Fitbit, Oura, Garmin, Google Fit)
• Automatically synced metrics where authorized
• Device information, technical logs, interaction data, crash logs, IP address

C. Derived or Inferred Data

We may generate insights based on your data, such as:

• Trend analysis
• Highlighted biomarkers
• Potential risk indicators
• Condition-related wellness analysis
• Personalized recommendations
• Internal analytics and scoring

D. Payment & Transaction Data

Because Bloodwork.org offers one-time purchases and auto-renewing subscriptions, we collect:

• Transaction details
• Subscription status
• Billing-related information (via third-party processors)

E. Aggregated & De-identified Data

We may create aggregated or de-identified datasets for:

• Analytics
• Service improvements
• Research
• Reporting

Aggregated or de-identified data does not identify any individual.

3. How We Use Health Data

We use your Health Data and Personal Data to:

A. Provide the Services

• Display and interpret lab results
• Sync wearable data
• Generate personalized insights
• Provide dashboards and health summaries
• Enable data download/export
• Facilitate integrations
• Deliver customer support

B. Improve and Develop the Platform

• Feature development
• Algorithm improvements
• Testing and research
• Bug fixing
• Performance enhancements

C. Communications

• Service notifications
• Account updates
• Security alerts
• Support messages
• Purchase and subscription confirmations

D. Payment Processing

• Processing one-time purchases
• Managing auto-renewing subscriptions
• Preventing fraud
• Transaction notifications

E. Research and Analytical Purposes

• Aggregated analyses
• De-identified research
• Trend evaluation
• Product development

(never identifying individual users unless explicitly consented)

F. Legal, Compliance & Security

• Detecting and preventing fraud
• Complying with legal obligations
• Protecting rights, safety, and property

4. How We Share or Disclose Health Data

Bloodwork.org does not sell Health Data and does not share it for cross-context behavioral advertising.

We may disclose data to:

A. Service Providers

• Hosting & cloud infrastructure
• Data storage
• Analytics
• Customer support
• Payment processors
• Security tools
• Email providers

B. At Your Direction

For example:

• When you sync with a wearable
• When you share or export data
• When you authorize a third party

C. Legal or Safety Requirements

We may disclose data to comply with:

• Laws
• Court orders
• Law enforcement requests
• Security investigations

D. Corporate Transactions

Data may be transferred during:

• Mergers
• Acquisitions
• Financing
• Bankruptcy
• Sale of assets

E. Aggregated or De-identified Data

Used for research, analytics, publications, and reporting.

5. Your Rights and Choices

You may have the following rights depending on your jurisdiction:

• Right to Know / Access
• Right to Correct
• Right to Delete
• Right to Withdraw Consent
• Right to Data Export / Portability
• Right to Appeal (if a request is denied)

To exercise your rights:

Email: support@bloodwork.org

6. Data Retention

We retain your data:

• As long as necessary to provide services
• As required by law
• As needed for security and fraud prevention

On account deletion:

• Your account is deactivated
• Personal and Health Data are deleted or anonymized
• Aggregated data may be retained

7. Data Security

We apply industry-standard security measures such as:

• Encryption at rest and in transit
• Role-based access control
• Secure server infrastructure
• Monitoring and intrusion detection
• Regular security audits

No system is 100% secure, but we follow best practices to protect your data.

8. International Users

Bloodwork.org operates from the United States. If you use the Services from outside the U.S.:

• Your data will be transferred to the United States
• U.S. laws may differ from those in your country
• By using the Services, you consent to these transfers

9. Children's Privacy

Bloodwork.org is not intended for individuals under 18 without parental consent. We do not knowingly collect data from children under 13 (or 16 where applicable).

We will delete such data if discovered.

10. Changes to This Notice

We may update this Notice periodically.

We will notify users of material changes via:

• Email
• In-app notifications

Continued use constitutes acceptance.

11. Contact Information

Bloodwork.org – Privacy Department
Email: support@bloodwork.org