JustLabs Privacy & Health Data Protection Notice

1. Who We Are

JustLabs is a consumer health platform that allows individuals to order laboratory tests and receive their results directly. JustLabs does not diagnose medical conditions, provide medical treatment, or establish a patient–provider relationship.

Laboratory testing services are performed by independent third-party laboratories. JustLabs is not a healthcare provider and does not offer medical advice.

2. Scope of This Notice

This notice describes how JustLabs collects, uses, shares, and protects personal and health-related information when you use our website, applications, and services (collectively, the "Services").

This notice applies to information we maintain in connection with the Services and supplements our Terms of Service.

This notice also describes how we collect, use, and protect health-related information that may be considered "consumer health data" under applicable U.S. state privacy laws.

3. How We Protect Health Information

Although JustLabs is not a "covered entity" or "business associate" as defined under the Health Insurance Portability and Accountability Act (HIPAA), we recognize the sensitive nature of health-related information.

We protect health information using administrative, technical, and physical safeguards aligned with healthcare industry best practices, including measures designed to maintain confidentiality, integrity, and security.

These safeguards may include:

• Access controls
• Encryption of data in transit and at rest
• Audit logging and monitoring
• Vendor security reviews
• Minimum-access principles

4. Information We Collect

Depending on how you use the Services, we may collect:

• Identifying information (such as name, contact information, and date of birth)
• Account and authentication information
• Order and transaction information
• Laboratory test selections and laboratory results
• Communications with us
• Technical and usage data related to your interaction with the Services

We collect only the information reasonably necessary to provide and operate the Services.

5. How We Use Information

We use information to:

• Facilitate laboratory test orders
• Deliver laboratory test results to you
• Communicate with you about your account, orders, or support requests
• Operate, maintain, and improve the Services
• Comply with legal and regulatory obligations
• Detect, prevent, and address fraud or security issues

JustLabs does not use your information to diagnose or treat medical conditions.

6. Sharing of Information

We may share information:

• With independent laboratory partners to fulfill your test orders
• With service providers that support our operations (such as payment processing, cloud infrastructure, analytics, or customer support)
• When required by law, regulation, or legal process
• To protect the rights, safety, and security of users, partners, or the platform
• With your consent or at your direction

We do not use consumer health data for targeted advertising, cross-context behavioral advertising, or data brokerage.

We do not use geofencing or location-based targeting to identify, track, or collect data from individuals in or near healthcare facilities.

7. Analytics and Tracking Technologies

We use analytics tools to understand how visitors interact with our public, informational pages (such as our homepage, pricing pages, and test catalog). These tools help us measure advertising effectiveness and improve the Services.

Analytics tools we use include Google Analytics 4 (via Google Tag Manager), Segment, and Google Ads conversion tracking.

How we protect your information in analytics:

• We do NOT track activity on pages where you are logged in or where health information may be displayed (such as your dashboard, test results, or health questionnaire).
• We do NOT send test names, biomarker results, or any health-related identifiers to analytics providers.
• We do NOT use Enhanced Conversions or any feature that sends personal identifiers (name, email, phone) to advertising platforms.
• We do NOT sell analytics data or use it for cross-context behavioral advertising.
• Analytics data from public pages (such as which marketing pages are visited and general geographic region) is used solely to improve our Services and measure advertising performance.
• We process analytics data through our own servers before it reaches third-party providers, allowing us to enforce data governance controls.

Your Opt-Out Rights

You have the right to opt out of analytics tracking at any time. You can do so by:

• Visiting our "Do Not Sell or Share My Personal Information" page
• Enabling the Global Privacy Control (GPC) setting in your browser
• Using your browser's "Do Not Track" setting
• Installing a browser extension such as Google Analytics Opt-Out

We honor the Global Privacy Control signal as required by California law.

For more information about how Google processes analytics data, visit Google's privacy policy at https://policies.google.com/privacy.

8. Relationship to Healthcare Providers

JustLabs operates independently from healthcare providers. If you choose to consult a clinician or telehealth provider based on your laboratory results, that relationship is separate from JustLabs and governed by the provider's own privacy practices.

Use of JustLabs does not create a patient–provider relationship.

9. Your Choices and Rights

Depending on applicable law, you may have rights to:

• Access information associated with your account
• Request corrections to inaccurate information
• Request deletion of certain information, subject to legal or operational requirements
• Opt out of certain communications

For health information rights under HIPAA, please see our HIPAA Notice.

To exercise these rights, please contact us using the information below.

Where we rely on your consent to collect or share consumer health data, you may withdraw that consent at any time by contacting us. Withdrawal of consent will not affect processing that occurred before the withdrawal and may limit our ability to provide certain services.

10. Data Retention

We retain information for as long as necessary to:

• Provide the Services
• Meet legal and regulatory obligations
• Resolve disputes
• Enforce agreements

Retention periods may vary depending on the type of information and applicable law.

11. Security Incidents

If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law and our incident response procedures.

12. International Users

The Services are intended for users in the United States. If you access the Services from outside the United States, you understand that information may be transferred to and processed in the United States.

13. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"). Subject to certain exceptions, these rights may include:

• The right to know what categories of personal information we collect, use, disclose, and share
• The right to access specific pieces of personal information associated with you
• The right to request correction of inaccurate personal information
• The right to request deletion of personal information
• The right to limit the use or disclosure of sensitive personal information
• The right to not be discriminated against for exercising your privacy rights

JustLabs does not sell personal information or share personal information for cross-context behavioral advertising.

To exercise your California privacy rights, please contact us using the information in the Contact Us section below. We may need to verify your identity before processing your request.

14. Changes to This Notice

We may update this notice from time to time. Updates will be posted on this page with a revised effective date. This notice applies to information we maintain going forward and replaces prior versions.

15. Contact Us

If you have questions about this notice or our privacy practices, please contact: