Menu

Menu

Privacy Policy

At The Lab by Custom Med (www.labxmd.com) (“The Lab,” “we,” or “our”), we value your privacy and are committed to protecting your personal and health information. We understand the importance of privacy and the confidentiality of your health information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our digital teletherapy platform and services. By using our platform and website (the “Platform”), you agree to the collection, use, and disclosure of your information as described in this Privacy Policy, and you acknowledge the practices and policies outlined in this Privacy Policy. If you are using the Platform on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.


1. Information We Collect

We collect various types of information to operate our platform effectively and provide you with high-quality services. The information we collect includes:

  • Contact Information: Such as your name, email address, and phone number.

  • Health Information: Information you choose to share regarding your health conditions, symptoms, and treatment goals, as well as any health data exchanged with healthcare providers through the Platform.

  • Platform Usage Data: Information on how you use the Platform, including session duration, frequency, and engagement with services.

  • Device and Geolocation Data: Information related to the device used to access the Platform and approximate location data for regional compliance and service optimization.

Additionally, we use third-party analytics services to collect data regarding Platform use and engagement, helping us improve the user experience.


2. Cookies and Similar Technologies

Our Platform uses cookies and similar tracking technologies to enhance your experience, collect analytics, and improve our services.

  • What Are Cookies? Cookies are small data files that are placed on your device when you visit a website. They help remember your preferences and activity on our Platform.

  • Types of Cookies We Use:

    • Essential Cookies: These cookies are necessary for the Platform’s operation and enable core functions such as user authentication and security.

    • Analytical and Performance Cookies: These cookies help us understand how visitors use our Platform, allowing us to improve the functionality and user experience.

    • Functionality Cookies: These cookies remember your preferences and choices, such as language settings, to provide a more personalized experience.

  • Managing Cookies: You have control over how cookies are used on the Platform. You can manage or disable cookies via your browser settings or use our cookie management tool (where applicable) to adjust your preferences. Please note that essential cookies are required for Platform functionality and cannot be disabled.

  • By continuing to use the Platform without changing your settings, you consent to our use of cookies and similar technologies.

  • In addition, we may use Google Analytics, an analytics tool that helps operators (like The Lab) understand how users (like you) engage with their applications. Google Analytics uses cookies to track your interactions with our Service and to collect information about how you use the Platform. We then use the information to compile reports that help us improve. Google Analytics collects, processes and creates reports about website trends without identifying individual users. For more information regarding Google Analytics visit “How Google uses data when you use our partners' sites or apps” located at www.google.com/policies/privacy/partners.

  • This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information, or other practices of any third parties.


3. How We Use Your Information

We use your information to provide and enhance our Platform and services:

  • Service Delivery: To facilitate consultations, appointments, and other services offered through the Platform, including teletherapy sessions.

  • Platform Maintenance: To troubleshoot, optimize, and improve the Platform, ensuring a smooth user experience.

  • Communications: To send reminders about upcoming appointments, respond to inquiries, and inform you about new services and updates.

  • Internal Training and Development: To train our team on improving user experience, handling inquiries, and service quality.

  • Compliance and Safety: To comply with our legal obligations and protect the rights, safety, and property of our team, patients, and visitors.

  • Marketing and Promotions: We may use your contact information to send you relevant promotional emails about our services, but you may opt out at any time.


4. Disclosure of Your Information

We limit the disclosure of your information to what is necessary for service delivery, compliance, and user safety:

  • With Providers: If you interact with a healthcare provider through the Platform, your health information may be shared with that Provider to facilitate your care. Providers are bound by their professional obligations and have separate privacy policies.

  • With Third-Party Service Providers: We may share information with trusted third-party vendors to support the Platform’s functionality, such as hosting, data storage, analytics, and communication tools. These vendors are required to implement security and privacy measures that meet or exceed industry standards to protect your data and use it only for authorized purposes.

  • As Required by Law: We may disclose information when necessary to comply with legal obligations, such as responding to subpoenas, court orders, or other government requests.

  • For Safety and Security: When disclosure is necessary to protect our rights or the rights, safety, or well-being of our users or others.

  • No Sale of Personal Health Information: We do not sell or share your health information for monetary gain.


5. Security of Your Information

We take commercially reasonable steps to safeguard your personal and health information against unauthorized access, alteration, disclosure, and destruction. Security measures include:

  • Data Encryption: We use encryption protocols to protect data transmitted between you and the Platform.

  • Access Controls: Only authorized personnel and healthcare providers have access to sensitive information.

  • Regular Audits: We conduct regular security audits and updates to maintain data protection standards.


While we strive to protect your information, please note that no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.


Data Breach Notification: In the event of a data breach involving your personal or health information, We will promptly investigate and notify affected individuals as required by applicable law.


6. Your Rights and Choices

You have the following rights regarding the information we collect:

  • Access and Update: You may access and update your personal and health information by logging into your account or contacting us at support@labxmd.com.

  • Delete Your Account: You may request account deletion by contacting us, and we will delete your data as required by applicable law, subject to any retention obligations.

  • Opt Out of Marketing Communications: You may unsubscribe from promotional emails by following the unsubscribe link in the communication or contacting us at support@labxmd.com.

  • International Privacy Rights: If you are a resident of the European Union, United Kingdom, or other regions with specific privacy rights, you may have additional rights under applicable data protection laws. Please contact us for more information or to exercise these rights.


7. HIPAA and Special Provisions for Health Information

We comply with applicable privacy laws and best practices to protect the privacy and security of your health information. The Lab is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 and its related regulations and amendments from time to time (collectively, “HIPAA”). Our healthcare provider and affiliated physician group may be a “covered entity” and, solely in its role providing administrative services thereto, The Lab may be a “business associate” of the Medical Group. As a consequence, we may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide (“PHI”). PHI does not include information that has been de-identified in accordance with HIPAA, and does not include information that you submit to The Lab for purposes other than connecting you with healthcare providers. Under HIPAA, a “covered entity” is required to provide their patients a Notice of Privacy Practices that describes how the covered entity uses and discloses PHI. In order to ensure that we are able to effectively provide services to you and that you are able to utilize the full functionality of the Platform, we may need to use or disclose your PHI in ways that would require an authorization under HIPAA. As a result, if we determine that an authorization is required, we may request that you authorize us in writing to use and disclose your PHI. By using the Platform, you are agreeing that any information, including any medical or health information, that you submit to The Lab for purposes of your direct relationship with The Lab is not considered PHI, and will only be subject to our Privacy Policy and not the protections afforded under HIPAA.

The Platform provide you with access to certain information from your medical data and records that we create and maintain for your care, including lab and test results, diagnoses, treatment plans, and other information accessed via the Platform. If someone accesses your computer or other device, they may be able to access the Platform and your data. You agree to allow information from your medical records to be contained in and accessible via the Platform, and you acknowledge that it is your responsibility to secure your devices and prevent unauthorized access to your data.


We may collect any information you provide when you use the Platform, including, but not limited to: (1) personally identifying information (“PII”) such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses; (2) your login and password; (3) demographic data (such as your gender, date of birth and zip code); (4) your communications with your Providers; and (5) any information you provide when you contact or communicate with us. We may also collect information from you necessary to provide you with services from your Providers, which may include, but is not limited to: (a) payment information; (b) insurance information; and (c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information and data you share with us). In addition, we may maintain information concerning diagnoses, treatment plans (including prescription details) and notes. We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.


In connection with the Platfrom, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to: (a) verifying your identity and administering your user account (“Account”), including processing your payments and fulfilling your orders; (b) communicating with you about the Platform or your use of the Platform, and sending you communications on behalf of the Medical Group or its Providers; (c) providing you customer support and responding to your requests or concerns; (d) facilitating the provision of services to you by the Medical Group or its Providers; (e) making certain information in your medical records accessible and available to you; (f) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); (g) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, or other misuse of our Service or the Medical Group’s services; (h) reviewing, monitoring, expanding or improving the Platform; (i) reviewing and analyzing the efficacy of some or all of the Platform; (j) identifying and creating new Content, software or tools offered through the Platform; (k) developing, testing and offering other products and services, whether or not through the Platform; (l) providing certain marketing communications or promotional materials relating to the Platform that may be of interest to you; and (m) any other use permitted by applicable law.

We may use information regarding your location or the location of your device through which you access the Platform for a number of purposes, including, but not limited to confirming you are located in a jurisdiction in which the Platform is offered.

.

We strive to use reasonable physical, technical, and administrative measures to protect information under our control. However, you must keep your account password secure and your Account confidential, and you are responsible for any and all use of your account. If you have reason to believe that the security of your account has been compromised, please notify us immediately.


When using the Platform, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Platform all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy. You may request that we provide you the information we hold about you, update your information, or ask us to remove your information, or to correct any inaccuracies in such personal data by sending an email to info@LABXMD.com with the subject heading “personal information request.” We will use reasonable efforts to deal with your request within a reasonable time.


Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to info@LABXMD.com with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.


  • Authorization: In certain cases, we may require your consent or authorization to use or disclose your health information for purposes not specified in this Privacy Policy.

  • Use of De-Identified Data: To improve our services, we may use aggregated or de-identified health information that cannot be traced back to you. We may use, create, or sell de-identified information for any business or other purpose not prohibited by applicable law.


8. Retention of Your Information

We retain your information only as long as necessary to fulfill the purposes for which it was collected, as required to comply with legal obligations, or as needed to resolve disputes. Health information will generally be retained for a minimum period in compliance with regulatory requirements, typically 6 years, after which it will be securely deleted or anonymized.


9. Children’s Privacy

Our Platform is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Platform. However, if you are a parent or legal guardian of a minor child, you may, in compliance with the Terms of Use, consent to use of our Service by such minor child provided that such minor child is at least 13 years old, or, if such minor child is under the age of 13, you

may, in compliance with the Terms of Use, use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. We do not knowingly collect information from individuals under the age of 13. If we learn that we have received any information from an individual under the age of 13 instead of from such individual’s parent or legal guardian, we will only use that information to respond directly to that child (or a parent a parent or legal guardian) to inform him or her that he or she cannot use the Platform directly and must have a parent or legal guardian use the Platform on his or her behalf, and subsequently we will delete such information from our own servers.


10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting an updated version on the Platform and, where appropriate, contacting you directly. Your continued use of the Platform signifies your acceptance of any changes.


11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your information, please contact us at:

Email: support@labxmd.com


Mail:

The Lab by Custom Med

2100 Webster Street, Suite 300

San Francisco, CA 94115

At The Lab by Custom Med (www.labxmd.com) (“The Lab,” “we,” or “our”), we value your privacy and are committed to protecting your personal and health information. We understand the importance of privacy and the confidentiality of your health information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our digital teletherapy platform and services. By using our platform and website (the “Platform”), you agree to the collection, use, and disclosure of your information as described in this Privacy Policy, and you acknowledge the practices and policies outlined in this Privacy Policy. If you are using the Platform on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.


1. Information We Collect

We collect various types of information to operate our platform effectively and provide you with high-quality services. The information we collect includes:

  • Contact Information: Such as your name, email address, and phone number.

  • Health Information: Information you choose to share regarding your health conditions, symptoms, and treatment goals, as well as any health data exchanged with healthcare providers through the Platform.

  • Platform Usage Data: Information on how you use the Platform, including session duration, frequency, and engagement with services.

  • Device and Geolocation Data: Information related to the device used to access the Platform and approximate location data for regional compliance and service optimization.

Additionally, we use third-party analytics services to collect data regarding Platform use and engagement, helping us improve the user experience.


2. Cookies and Similar Technologies

Our Platform uses cookies and similar tracking technologies to enhance your experience, collect analytics, and improve our services.

  • What Are Cookies? Cookies are small data files that are placed on your device when you visit a website. They help remember your preferences and activity on our Platform.

  • Types of Cookies We Use:

    • Essential Cookies: These cookies are necessary for the Platform’s operation and enable core functions such as user authentication and security.

    • Analytical and Performance Cookies: These cookies help us understand how visitors use our Platform, allowing us to improve the functionality and user experience.

    • Functionality Cookies: These cookies remember your preferences and choices, such as language settings, to provide a more personalized experience.

  • Managing Cookies: You have control over how cookies are used on the Platform. You can manage or disable cookies via your browser settings or use our cookie management tool (where applicable) to adjust your preferences. Please note that essential cookies are required for Platform functionality and cannot be disabled.

  • By continuing to use the Platform without changing your settings, you consent to our use of cookies and similar technologies.

  • In addition, we may use Google Analytics, an analytics tool that helps operators (like The Lab) understand how users (like you) engage with their applications. Google Analytics uses cookies to track your interactions with our Service and to collect information about how you use the Platform. We then use the information to compile reports that help us improve. Google Analytics collects, processes and creates reports about website trends without identifying individual users. For more information regarding Google Analytics visit “How Google uses data when you use our partners' sites or apps” located at www.google.com/policies/privacy/partners.

  • This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information, or other practices of any third parties.


3. How We Use Your Information

We use your information to provide and enhance our Platform and services:

  • Service Delivery: To facilitate consultations, appointments, and other services offered through the Platform, including teletherapy sessions.

  • Platform Maintenance: To troubleshoot, optimize, and improve the Platform, ensuring a smooth user experience.

  • Communications: To send reminders about upcoming appointments, respond to inquiries, and inform you about new services and updates.

  • Internal Training and Development: To train our team on improving user experience, handling inquiries, and service quality.

  • Compliance and Safety: To comply with our legal obligations and protect the rights, safety, and property of our team, patients, and visitors.

  • Marketing and Promotions: We may use your contact information to send you relevant promotional emails about our services, but you may opt out at any time.


4. Disclosure of Your Information

We limit the disclosure of your information to what is necessary for service delivery, compliance, and user safety:

  • With Providers: If you interact with a healthcare provider through the Platform, your health information may be shared with that Provider to facilitate your care. Providers are bound by their professional obligations and have separate privacy policies.

  • With Third-Party Service Providers: We may share information with trusted third-party vendors to support the Platform’s functionality, such as hosting, data storage, analytics, and communication tools. These vendors are required to implement security and privacy measures that meet or exceed industry standards to protect your data and use it only for authorized purposes.

  • As Required by Law: We may disclose information when necessary to comply with legal obligations, such as responding to subpoenas, court orders, or other government requests.

  • For Safety and Security: When disclosure is necessary to protect our rights or the rights, safety, or well-being of our users or others.

  • No Sale of Personal Health Information: We do not sell or share your health information for monetary gain.


5. Security of Your Information

We take commercially reasonable steps to safeguard your personal and health information against unauthorized access, alteration, disclosure, and destruction. Security measures include:

  • Data Encryption: We use encryption protocols to protect data transmitted between you and the Platform.

  • Access Controls: Only authorized personnel and healthcare providers have access to sensitive information.

  • Regular Audits: We conduct regular security audits and updates to maintain data protection standards.


While we strive to protect your information, please note that no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.


Data Breach Notification: In the event of a data breach involving your personal or health information, We will promptly investigate and notify affected individuals as required by applicable law.


6. Your Rights and Choices

You have the following rights regarding the information we collect:

  • Access and Update: You may access and update your personal and health information by logging into your account or contacting us at support@labxmd.com.

  • Delete Your Account: You may request account deletion by contacting us, and we will delete your data as required by applicable law, subject to any retention obligations.

  • Opt Out of Marketing Communications: You may unsubscribe from promotional emails by following the unsubscribe link in the communication or contacting us at support@labxmd.com.

  • International Privacy Rights: If you are a resident of the European Union, United Kingdom, or other regions with specific privacy rights, you may have additional rights under applicable data protection laws. Please contact us for more information or to exercise these rights.


7. HIPAA and Special Provisions for Health Information

We comply with applicable privacy laws and best practices to protect the privacy and security of your health information. The Lab is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 and its related regulations and amendments from time to time (collectively, “HIPAA”). Our healthcare provider and affiliated physician group may be a “covered entity” and, solely in its role providing administrative services thereto, The Lab may be a “business associate” of the Medical Group. As a consequence, we may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide (“PHI”). PHI does not include information that has been de-identified in accordance with HIPAA, and does not include information that you submit to The Lab for purposes other than connecting you with healthcare providers. Under HIPAA, a “covered entity” is required to provide their patients a Notice of Privacy Practices that describes how the covered entity uses and discloses PHI. In order to ensure that we are able to effectively provide services to you and that you are able to utilize the full functionality of the Platform, we may need to use or disclose your PHI in ways that would require an authorization under HIPAA. As a result, if we determine that an authorization is required, we may request that you authorize us in writing to use and disclose your PHI. By using the Platform, you are agreeing that any information, including any medical or health information, that you submit to The Lab for purposes of your direct relationship with The Lab is not considered PHI, and will only be subject to our Privacy Policy and not the protections afforded under HIPAA.

The Platform provide you with access to certain information from your medical data and records that we create and maintain for your care, including lab and test results, diagnoses, treatment plans, and other information accessed via the Platform. If someone accesses your computer or other device, they may be able to access the Platform and your data. You agree to allow information from your medical records to be contained in and accessible via the Platform, and you acknowledge that it is your responsibility to secure your devices and prevent unauthorized access to your data.


We may collect any information you provide when you use the Platform, including, but not limited to: (1) personally identifying information (“PII”) such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses; (2) your login and password; (3) demographic data (such as your gender, date of birth and zip code); (4) your communications with your Providers; and (5) any information you provide when you contact or communicate with us. We may also collect information from you necessary to provide you with services from your Providers, which may include, but is not limited to: (a) payment information; (b) insurance information; and (c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information and data you share with us). In addition, we may maintain information concerning diagnoses, treatment plans (including prescription details) and notes. We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.


In connection with the Platfrom, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to: (a) verifying your identity and administering your user account (“Account”), including processing your payments and fulfilling your orders; (b) communicating with you about the Platform or your use of the Platform, and sending you communications on behalf of the Medical Group or its Providers; (c) providing you customer support and responding to your requests or concerns; (d) facilitating the provision of services to you by the Medical Group or its Providers; (e) making certain information in your medical records accessible and available to you; (f) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); (g) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, or other misuse of our Service or the Medical Group’s services; (h) reviewing, monitoring, expanding or improving the Platform; (i) reviewing and analyzing the efficacy of some or all of the Platform; (j) identifying and creating new Content, software or tools offered through the Platform; (k) developing, testing and offering other products and services, whether or not through the Platform; (l) providing certain marketing communications or promotional materials relating to the Platform that may be of interest to you; and (m) any other use permitted by applicable law.

We may use information regarding your location or the location of your device through which you access the Platform for a number of purposes, including, but not limited to confirming you are located in a jurisdiction in which the Platform is offered.

.

We strive to use reasonable physical, technical, and administrative measures to protect information under our control. However, you must keep your account password secure and your Account confidential, and you are responsible for any and all use of your account. If you have reason to believe that the security of your account has been compromised, please notify us immediately.


When using the Platform, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Platform all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy. You may request that we provide you the information we hold about you, update your information, or ask us to remove your information, or to correct any inaccuracies in such personal data by sending an email to info@LABXMD.com with the subject heading “personal information request.” We will use reasonable efforts to deal with your request within a reasonable time.


Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to info@LABXMD.com with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.


  • Authorization: In certain cases, we may require your consent or authorization to use or disclose your health information for purposes not specified in this Privacy Policy.

  • Use of De-Identified Data: To improve our services, we may use aggregated or de-identified health information that cannot be traced back to you. We may use, create, or sell de-identified information for any business or other purpose not prohibited by applicable law.


8. Retention of Your Information

We retain your information only as long as necessary to fulfill the purposes for which it was collected, as required to comply with legal obligations, or as needed to resolve disputes. Health information will generally be retained for a minimum period in compliance with regulatory requirements, typically 6 years, after which it will be securely deleted or anonymized.


9. Children’s Privacy

Our Platform is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Platform. However, if you are a parent or legal guardian of a minor child, you may, in compliance with the Terms of Use, consent to use of our Service by such minor child provided that such minor child is at least 13 years old, or, if such minor child is under the age of 13, you

may, in compliance with the Terms of Use, use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. We do not knowingly collect information from individuals under the age of 13. If we learn that we have received any information from an individual under the age of 13 instead of from such individual’s parent or legal guardian, we will only use that information to respond directly to that child (or a parent a parent or legal guardian) to inform him or her that he or she cannot use the Platform directly and must have a parent or legal guardian use the Platform on his or her behalf, and subsequently we will delete such information from our own servers.


10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting an updated version on the Platform and, where appropriate, contacting you directly. Your continued use of the Platform signifies your acceptance of any changes.


11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your information, please contact us at:

Email: support@labxmd.com


Mail:

The Lab by Custom Med

2100 Webster Street, Suite 300

San Francisco, CA 94115

At The Lab by Custom Med (www.labxmd.com) (“The Lab,” “we,” or “our”), we value your privacy and are committed to protecting your personal and health information. We understand the importance of privacy and the confidentiality of your health information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our digital teletherapy platform and services. By using our platform and website (the “Platform”), you agree to the collection, use, and disclosure of your information as described in this Privacy Policy, and you acknowledge the practices and policies outlined in this Privacy Policy. If you are using the Platform on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.


1. Information We Collect

We collect various types of information to operate our platform effectively and provide you with high-quality services. The information we collect includes:

  • Contact Information: Such as your name, email address, and phone number.

  • Health Information: Information you choose to share regarding your health conditions, symptoms, and treatment goals, as well as any health data exchanged with healthcare providers through the Platform.

  • Platform Usage Data: Information on how you use the Platform, including session duration, frequency, and engagement with services.

  • Device and Geolocation Data: Information related to the device used to access the Platform and approximate location data for regional compliance and service optimization.

Additionally, we use third-party analytics services to collect data regarding Platform use and engagement, helping us improve the user experience.


2. Cookies and Similar Technologies

Our Platform uses cookies and similar tracking technologies to enhance your experience, collect analytics, and improve our services.

  • What Are Cookies? Cookies are small data files that are placed on your device when you visit a website. They help remember your preferences and activity on our Platform.

  • Types of Cookies We Use:

    • Essential Cookies: These cookies are necessary for the Platform’s operation and enable core functions such as user authentication and security.

    • Analytical and Performance Cookies: These cookies help us understand how visitors use our Platform, allowing us to improve the functionality and user experience.

    • Functionality Cookies: These cookies remember your preferences and choices, such as language settings, to provide a more personalized experience.

  • Managing Cookies: You have control over how cookies are used on the Platform. You can manage or disable cookies via your browser settings or use our cookie management tool (where applicable) to adjust your preferences. Please note that essential cookies are required for Platform functionality and cannot be disabled.

  • By continuing to use the Platform without changing your settings, you consent to our use of cookies and similar technologies.

  • In addition, we may use Google Analytics, an analytics tool that helps operators (like The Lab) understand how users (like you) engage with their applications. Google Analytics uses cookies to track your interactions with our Service and to collect information about how you use the Platform. We then use the information to compile reports that help us improve. Google Analytics collects, processes and creates reports about website trends without identifying individual users. For more information regarding Google Analytics visit “How Google uses data when you use our partners' sites or apps” located at www.google.com/policies/privacy/partners.

  • This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information, or other practices of any third parties.


3. How We Use Your Information

We use your information to provide and enhance our Platform and services:

  • Service Delivery: To facilitate consultations, appointments, and other services offered through the Platform, including teletherapy sessions.

  • Platform Maintenance: To troubleshoot, optimize, and improve the Platform, ensuring a smooth user experience.

  • Communications: To send reminders about upcoming appointments, respond to inquiries, and inform you about new services and updates.

  • Internal Training and Development: To train our team on improving user experience, handling inquiries, and service quality.

  • Compliance and Safety: To comply with our legal obligations and protect the rights, safety, and property of our team, patients, and visitors.

  • Marketing and Promotions: We may use your contact information to send you relevant promotional emails about our services, but you may opt out at any time.


4. Disclosure of Your Information

We limit the disclosure of your information to what is necessary for service delivery, compliance, and user safety:

  • With Providers: If you interact with a healthcare provider through the Platform, your health information may be shared with that Provider to facilitate your care. Providers are bound by their professional obligations and have separate privacy policies.

  • With Third-Party Service Providers: We may share information with trusted third-party vendors to support the Platform’s functionality, such as hosting, data storage, analytics, and communication tools. These vendors are required to implement security and privacy measures that meet or exceed industry standards to protect your data and use it only for authorized purposes.

  • As Required by Law: We may disclose information when necessary to comply with legal obligations, such as responding to subpoenas, court orders, or other government requests.

  • For Safety and Security: When disclosure is necessary to protect our rights or the rights, safety, or well-being of our users or others.

  • No Sale of Personal Health Information: We do not sell or share your health information for monetary gain.


5. Security of Your Information

We take commercially reasonable steps to safeguard your personal and health information against unauthorized access, alteration, disclosure, and destruction. Security measures include:

  • Data Encryption: We use encryption protocols to protect data transmitted between you and the Platform.

  • Access Controls: Only authorized personnel and healthcare providers have access to sensitive information.

  • Regular Audits: We conduct regular security audits and updates to maintain data protection standards.


While we strive to protect your information, please note that no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.


Data Breach Notification: In the event of a data breach involving your personal or health information, We will promptly investigate and notify affected individuals as required by applicable law.


6. Your Rights and Choices

You have the following rights regarding the information we collect:

  • Access and Update: You may access and update your personal and health information by logging into your account or contacting us at support@labxmd.com.

  • Delete Your Account: You may request account deletion by contacting us, and we will delete your data as required by applicable law, subject to any retention obligations.

  • Opt Out of Marketing Communications: You may unsubscribe from promotional emails by following the unsubscribe link in the communication or contacting us at support@labxmd.com.

  • International Privacy Rights: If you are a resident of the European Union, United Kingdom, or other regions with specific privacy rights, you may have additional rights under applicable data protection laws. Please contact us for more information or to exercise these rights.


7. HIPAA and Special Provisions for Health Information

We comply with applicable privacy laws and best practices to protect the privacy and security of your health information. The Lab is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 and its related regulations and amendments from time to time (collectively, “HIPAA”). Our healthcare provider and affiliated physician group may be a “covered entity” and, solely in its role providing administrative services thereto, The Lab may be a “business associate” of the Medical Group. As a consequence, we may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide (“PHI”). PHI does not include information that has been de-identified in accordance with HIPAA, and does not include information that you submit to The Lab for purposes other than connecting you with healthcare providers. Under HIPAA, a “covered entity” is required to provide their patients a Notice of Privacy Practices that describes how the covered entity uses and discloses PHI. In order to ensure that we are able to effectively provide services to you and that you are able to utilize the full functionality of the Platform, we may need to use or disclose your PHI in ways that would require an authorization under HIPAA. As a result, if we determine that an authorization is required, we may request that you authorize us in writing to use and disclose your PHI. By using the Platform, you are agreeing that any information, including any medical or health information, that you submit to The Lab for purposes of your direct relationship with The Lab is not considered PHI, and will only be subject to our Privacy Policy and not the protections afforded under HIPAA.

The Platform provide you with access to certain information from your medical data and records that we create and maintain for your care, including lab and test results, diagnoses, treatment plans, and other information accessed via the Platform. If someone accesses your computer or other device, they may be able to access the Platform and your data. You agree to allow information from your medical records to be contained in and accessible via the Platform, and you acknowledge that it is your responsibility to secure your devices and prevent unauthorized access to your data.


We may collect any information you provide when you use the Platform, including, but not limited to: (1) personally identifying information (“PII”) such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses; (2) your login and password; (3) demographic data (such as your gender, date of birth and zip code); (4) your communications with your Providers; and (5) any information you provide when you contact or communicate with us. We may also collect information from you necessary to provide you with services from your Providers, which may include, but is not limited to: (a) payment information; (b) insurance information; and (c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information and data you share with us). In addition, we may maintain information concerning diagnoses, treatment plans (including prescription details) and notes. We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.


In connection with the Platfrom, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to: (a) verifying your identity and administering your user account (“Account”), including processing your payments and fulfilling your orders; (b) communicating with you about the Platform or your use of the Platform, and sending you communications on behalf of the Medical Group or its Providers; (c) providing you customer support and responding to your requests or concerns; (d) facilitating the provision of services to you by the Medical Group or its Providers; (e) making certain information in your medical records accessible and available to you; (f) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); (g) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, or other misuse of our Service or the Medical Group’s services; (h) reviewing, monitoring, expanding or improving the Platform; (i) reviewing and analyzing the efficacy of some or all of the Platform; (j) identifying and creating new Content, software or tools offered through the Platform; (k) developing, testing and offering other products and services, whether or not through the Platform; (l) providing certain marketing communications or promotional materials relating to the Platform that may be of interest to you; and (m) any other use permitted by applicable law.

We may use information regarding your location or the location of your device through which you access the Platform for a number of purposes, including, but not limited to confirming you are located in a jurisdiction in which the Platform is offered.

.

We strive to use reasonable physical, technical, and administrative measures to protect information under our control. However, you must keep your account password secure and your Account confidential, and you are responsible for any and all use of your account. If you have reason to believe that the security of your account has been compromised, please notify us immediately.


When using the Platform, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Platform all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy. You may request that we provide you the information we hold about you, update your information, or ask us to remove your information, or to correct any inaccuracies in such personal data by sending an email to info@LABXMD.com with the subject heading “personal information request.” We will use reasonable efforts to deal with your request within a reasonable time.


Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to info@LABXMD.com with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.


  • Authorization: In certain cases, we may require your consent or authorization to use or disclose your health information for purposes not specified in this Privacy Policy.

  • Use of De-Identified Data: To improve our services, we may use aggregated or de-identified health information that cannot be traced back to you. We may use, create, or sell de-identified information for any business or other purpose not prohibited by applicable law.


8. Retention of Your Information

We retain your information only as long as necessary to fulfill the purposes for which it was collected, as required to comply with legal obligations, or as needed to resolve disputes. Health information will generally be retained for a minimum period in compliance with regulatory requirements, typically 6 years, after which it will be securely deleted or anonymized.


9. Children’s Privacy

Our Platform is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Platform. However, if you are a parent or legal guardian of a minor child, you may, in compliance with the Terms of Use, consent to use of our Service by such minor child provided that such minor child is at least 13 years old, or, if such minor child is under the age of 13, you

may, in compliance with the Terms of Use, use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. We do not knowingly collect information from individuals under the age of 13. If we learn that we have received any information from an individual under the age of 13 instead of from such individual’s parent or legal guardian, we will only use that information to respond directly to that child (or a parent a parent or legal guardian) to inform him or her that he or she cannot use the Platform directly and must have a parent or legal guardian use the Platform on his or her behalf, and subsequently we will delete such information from our own servers.


10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting an updated version on the Platform and, where appropriate, contacting you directly. Your continued use of the Platform signifies your acceptance of any changes.


11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your information, please contact us at:

Email: support@labxmd.com


Mail:

The Lab by Custom Med

2100 Webster Street, Suite 300

San Francisco, CA 94115