Privacy Policy

1. Overview

Cash Price Labs ("we," "us," or "our") operates the website cashpricelabs.com and provides direct-to-consumer laboratory testing services. This Privacy Policy describes how we collect, use, disclose, and protect your personal information and protected health information ("PHI") when you use our website and services.

By using our website or ordering lab tests through our platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. Information We Collect

Personal Information

When you create an account, place an order, or contact us, we may collect the following personal information:

• Full name, date of birth, and gender
• Email address, phone number, and mailing address
• Payment information (credit card details are processed by our PCI-compliant payment processor and are not stored on our servers)
• Account login credentials (passwords are encrypted and never stored in plain text)

Health Information (Protected Health Information)

As a provider of laboratory testing services, we collect and handle health-related information that may be considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA):

• Lab test orders and requisition details
• Lab test results and related clinical data
• Health history or information you voluntarily provide
• Information provided by our partner laboratories regarding your test specimens

Automatically Collected Information

When you visit our website, we automatically collect certain technical information:

• IP address, browser type, and operating system
• Pages visited, time spent on pages, and referral sources
• Device identifiers and cookie data

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To process your lab test orders, generate requisition forms, deliver results, and provide customer support
• Physician authorization: To enable our supervising physician to review and authorize your lab test orders as required by law
• Laboratory processing: To transmit your order information to our CLIA-certified partner laboratories for specimen processing
• Payment processing: To process your payments and issue refunds when applicable
• Communication: To send you order confirmations, result notifications, and service-related updates
• Account management: To maintain your account, order history, and result archive
• Legal compliance: To comply with applicable laws, regulations, and legal processes
• Quality improvement: To improve our website, services, and customer experience (using aggregated, de-identified data only)

4. Information Sharing & Third Parties

We share your information only as necessary to provide our services and as permitted by law:

Laboratory Partners

We share your name, date of birth, gender, and test order details with our CLIA-certified partner laboratories for the purpose of processing your lab tests. Our laboratory partners are bound by their own HIPAA obligations and handle your information in accordance with federal privacy requirements.

Supervising Physician

Your order information is shared with our supervising physician for the purpose of reviewing and authorizing lab orders as required by applicable state and federal regulations.

Payment Processors

Payment information is transmitted to our PCI DSS-compliant payment processor (Stripe) for transaction processing. We do not store your full credit card number on our servers.

Service Providers

We may use third-party service providers for email delivery, website hosting, and customer support tools. These providers are contractually obligated to protect your information and use it only for the specific services they provide to us.

Legal Requirements

We may disclose your information when required by law, court order, subpoena, or government regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. How We Protect Your Information

We implement comprehensive security measures to protect your personal and health information:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
• Encryption at rest: Sensitive health information and personal data are encrypted when stored in our databases
• Access controls: Access to patient data is restricted to authorized personnel on a need-to-know basis
• Secure payment: Payment processing is handled by PCI DSS-compliant processors; we never store full credit card numbers
• Regular monitoring: We monitor our systems for unauthorized access and security vulnerabilities
• Password security: Account passwords are hashed using industry-standard cryptographic algorithms and are never stored in plain text

While we employ reasonable security measures, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute security of your information.

6. HIPAA Compliance

Cash Price Labs is committed to protecting your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

As a service that handles health information in connection with laboratory testing, we maintain appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your PHI.

Our laboratory partners are HIPAA-covered entities and maintain their own HIPAA compliance programs. We enter into Business Associate Agreements (BAAs) with all service providers who may access PHI on our behalf.

7. Your Rights

You have the following rights regarding your personal and health information:

• Access: You may request a copy of your personal information and health records that we maintain
• Correction: You may request that we correct inaccurate personal information in your account
• Deletion: You may request deletion of your account and personal information, subject to legal retention requirements
• Data portability: You may request your lab test results in a downloadable format (PDF)
• Opt-out: You may opt out of non-essential marketing communications at any time
• Restrict processing: You may request that we limit how we use your information in certain circumstances

To exercise any of these rights, please contact us at the address provided below. We will respond to your request within 30 days. Note that certain information may need to be retained to comply with legal obligations or complete pending transactions.

8. Cookies & Tracking Technologies

Our website uses cookies and similar technologies for the following purposes:

• Essential cookies: Required for the website to function properly (login sessions, shopping cart, security tokens)
• Analytics cookies: Help us understand how visitors interact with our website so we can improve the experience
• Preference cookies: Remember your settings and preferences for future visits

We do not use advertising or tracking cookies that follow you across other websites. You can manage your cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.

9. Data Retention

We retain your personal information and health records for as long as necessary to provide our services and comply with legal obligations:

• Account information: Retained as long as your account is active, plus a reasonable period after account closure
• Lab test results: Retained for a minimum of 7 years in accordance with medical record retention requirements
• Transaction records: Retained for a minimum of 7 years for tax and accounting purposes
• Website analytics: Aggregated and de-identified data may be retained indefinitely

10. Children's Privacy

Cash Price Labs services are intended for individuals 18 years of age or older. We do not knowingly collect personal information from children under 18. If you believe a child under 18 has provided us with personal information, please contact us immediately and we will take steps to remove that information from our systems.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights regarding your personal information, or have concerns about our data practices, please contact us: