Privacy Policies

Effective date: Aug 1, 2024  
Last updated:  March 31, 2025

This policy governs your use of all software and services provided by HealthLab Innovations Inc.

Registering or using HealthLab’s services means you accept these terms.

Introduction

HealthLab is a software company that assists individuals to connect to services and technologies that can be used to improve their health.

HealthLab Privacy Principles

Your health data is yours, and you decide how it is used.

We believe that control over your health data should be in your hands. Our aim is to simplify the process for you to view, export, and delete your information.

You have the autonomy to determine how your data on HealthLab is utilized. If you prefer not to share your personal data for product development and health research, you can opt out by emailing us at privacy@healthlab.com. We will not access or use your information without your consent.


We honor your privacy and protect your information.

We strive to collect minimal information necessary to provide valuable services, always looking for ways to reduce data collection.

We prioritize data security in all decisions and ensure that our security measures are continually updated.


We do not profit from your data.

We do not sell your data or provide third-party access for advertising.

You may be invited by us or our clients to contribute your data to research that aims to improve health. Your participation helps researchers understand lifestyle impacts on health and develop better health outcomes.

What Information We Collect, and Why


Your Account Details

- When creating a HealthLab account, we ask for your name, email address, phone number, and address.

- We may ask you to provide additional details like your date of birth, weight, height, and other biometrics depending upon the needs of the third-party providers for the care journey you have chosen.

Your Medical Consult & Personal Health Information

- The medical information you provide during the consultation is necessary for a physician to determine your eligibility for the care journeys you choose. This information is stored as personal health information in compliance with HealthLab's HIPAA obligations.

Your Payment Information

- For payments or subscriptions, we use Stripe (https://stripe.com/privacy-center/legal) to handle your payment information securely.

- HealthLab does not access your full credit card information and will never request it directly from you.

Your Health Data from Your Device

- HealthLab may ask for permission to import your Activity, Sleep, and Heart Rate data from Apple Health or Google Fit.

 - You can disable these integrations in your account settings within the app.

Your Glucose Data from a CGM

- A CGM records blood glucose levels and syncs this data with the manufacturer's software platform, subject to their privacy policy.

- If you link your CGM account with HealthLab, you allow us to retrieve and display your glucose data in our app.

- HealthLab analyzes this data to provide insights, zone scores, and metabolic scores visible in the app.

Our Interactions – Feedback & Support

- When you contact our Support or Member Experiences team, we keep the chat or email log for records.

- Product feedback sessions may be recorded for future reference, with prior notification provided.

Your Logs – Meals, Activities, Notes

- HealthLab may allow you to log meal photos, titles, notes, and activities. You may be given the option to import sleep, heart rate, and activity data from your device.

- Access to this information is restricted to individuals with a business need, such as support team members, data scientists, product managers, or engineers.

Third-Party Tools, Analytics & Advertising

We are committed to integrating with third-party tools that respect your privacy and share our data privacy standards, avoiding unnecessary data collection.

For example:

- Our mobile app collects information about your device, including the app version, platform (iOS/Android), time zone, locale, and operating system version for troubleshooting and analytics.

    - Where possible, we disable location coordinate collection in mobile app bug and crash reporting services.

- We disable the use of invisible pixels in transactional or support emails to prevent read-receipts, location tracking, and device details.

    - Open tracking and similar tools are selectively used for improving marketing emails, advertising services, and product performance initiatives.

- Minimal app logging and analytics SDKs collect app crash and performance information, which you can disable in your account settings within the app.

    - We avoid using SDKs, code, or trackers from advertising networks that may track or retarget you for commercial purposes.

How We Use Your Data


Identifiable, Member-Specific Data

- HealthLab may use your data to customize in-app insights, education, and resources to enhance your experience.

- Support or engineering teams may access your account and associated information for troubleshooting if you request assistance.

- HealthLab may involve your data in non-diabetic, wellness-focused glucose management research, with your consent.

Aggregated and De-Identified Health Data for Product Improvement and Research Purposes

- Aggregated, anonymized data is used to enhance the product, including developing health, food, and exercise insights.

How We Store & Secure Your Data


How:

Your data is securely stored in databases hosted by third-party providers, who do not access your personal information beyond cloud storage and retrieval.

Our security measures to protect your personal information include but aren’t limited to:

- Multi-factor authentication for internal data access

- IP whitelists

- Encryption at rest

- Quick revocation of data access if necessary

Your information’s safety also depends on you. If you have a password for certain parts of our App or website, keep it confidential and do not share it with anyone.

Where:

HealthLab is based in the United States, and that’s where your data is stored and processed. By using HealthLab, you consent to your data being transferred and processed in the United States.

How We Share or Disclose Your Data

We will share your data with third parties only in these situations:

- You request or authorize us to share your data.

- Agents, vendors, or service providers need the information to perform tasks on our behalf.

- Legal requirements (such as compliance with a search warrant, subpoena, or court order) necessitate it.

- If required and with your consent, we will share medical information with an independent telemedicine service.

We do not sell your data or provide access for advertising purposes.

How to Export & Delete Your Data

HealthLab retains member data on secure servers for the duration of the business relationship and indefinitely thereafter. As a steward of your data, you have the right to request its deletion at any time.

What You Can Export & Delete

- You can receive your biometric data, activity logs, and other similar data in CSV format by emailing us help@healthlab.com.

- Request deletion of all identifiable data stored by HealthLab by emailing privacy@healthlab.com. We will verify your identity before proceeding.

    - We will comply with your deletion request within one month, unless more time is needed to verify your identity.

What We Cannot Delete

- Payment history and details, including billing address are stored with payment processors for accounting and fraud prevention.

- Data that is part of your official medical records. HealthLab, not being a healthcare provider, cannot modify or delete official medical records.

- Data stored with third parties.

    - Contact third parties directly to remove your records from their services.

    - List of third parties handling HealthLab member data:

        | Third-Party Processor Name | Third-Party Processor Actions |

        | Google Cloud Platform | Data warehouse and analysis |

        | Google Analytics | Usage analytics |

        | Google Firebase | User authentication |

        | Abbott | Glucose data |

        | Dexcom | Glucose data |

        | MailChimp | Marketing email campaigns/newsletters |

        | Stripe | Payment processing, subscription management, identity verification |

        

GDPR (UK + EU)

Under the GDPR (EU-GDPR and UK-GDPR) and other privacy laws, you have rights regarding your data, including:

- Right to be informed: Understand what data we collect, how we use it, and your rights.

- Right of access: Request access to your data.

- Right to rectification: Correct any inaccuracies in your data.

- Right to erasure: Request the deletion of your data where legally permissible.

- Right to restrict processing: Ask us to stop using your data.

- Right of data portability: Request your data in a machine-readable format for transfer to another service.

- Right to object: Object to how we use your data.

- Rights related to automated decision-making, including profiling: Request that your personal information is not used for automated decisions.

Additionally, you have the right to:

- Withdraw any consents given to HealthLab.

- Request details on how your data is used, who has received it, its origin, and its storage duration.

- Lodge a complaint with the relevant data-protection authority regarding HealthLab's data processing.

For questions or to exercise these rights, email privacy@healthlab.com.

Data Protection Officer

For any queries or concerns about our data policies or practices contact:

privacy@healthlab.com

HealthLab Innovations Inc.  
4315 50th St. NW
Ste 100 Unit #2524
Washington, DC 20016

HIPAA (US only)

HealthLab does not provide medical care and is not a Covered Entity under HIPAA (US Health Insurance Portability and Accountability Act).

As a HIPAA Business Associate to our insurer, benefit manager, and pharmacy/physician network partners, we comply with HIPAA requirements for the personal health information collected during the medical consult process.

Additional Details

Age Requirement

You must be 18 years or older to use HealthLab products and services.

HealthLab does not knowingly collect information from children under 18. If you are under 18, please do not submit any information. We encourage parents and guardians to monitor their children's internet usage.

- If we learn that we have collected information from a person under 18, we will delete it and notify the parents about what was collected and deleted.

- If you believe a person under 18 has provided us with personal information, please email support@healthlab.com.

Cookies

- A cookie is a small file placed on your computer’s hard drive. You can refuse browser cookies by adjusting your browser settings, but this may limit access to certain parts of our App and/or Website. Our system will issue cookies unless you refuse them.

Changes & Amendments

- We may update this privacy policy periodically. If changes are made, we will post the new policy on our website and notify you via the email you provided.

Questions

For any inquiries, email privacy@healthlab.com. We’re here to help.

HealthLab Innovations Inc.  
4315 50th St. NW
Ste 100 Unit #2524
Washington, DC 20016

http://www.healthlab.com