Instalab | Privacy Policy

Last Updated: June 23, 2024

This Privacy Policy ("Policy") describes how Instalab, Inc. ("Instalab," "we," "us," or "our") collects, uses, shares, and protects your personal information. It also explains your privacy rights and how to exercise them. This Policy applies when you use our website (www.instalab.com), mobile apps, or any other services we provide (collectively, the "Services").

This Policy is designed to provide transparency and clarity regarding our data practices and also describes the choices and rights available to you with respect to your Personal Information. It further outlines the means by which you can exercise those rights and contact us with inquiries or concerns. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the practices and procedures described in this Policy. If you do not agree with any portion of this Policy, please do not use our Services.

1. Definitions

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes but is not limited to identifiers such as your name, email address, phone number, device information, and online activity.

"Consumer Health Data" means any form of Personal Information that is linked or reasonably linkable to an individual and that identifies that individual's past, present, or anticipated physical or mental health status, condition, or behavior, including but not limited to health measurements, diagnoses, testing data, symptoms, treatment history, and physiological responses.

"Self-Reported Health Information" refers specifically to Consumer Health Data that you directly provide to us voluntarily. This may occur through forms you complete on our platform, integrations with wearable devices or health apps, or other user-driven disclosures.

2. Scope and Applicability

This Privacy Policy applies to all Personal Information that we collect, access, use, disclose, or otherwise process in the course of providing our Services. This includes, without limitation:

Information you provide directly to us via our Site, mobile application, surveys, customer service communications, or other user interfaces;
Information we collect passively through automated technologies such as cookies, pixels, beacons, and device analytics;
Information received from third-party service providers, including laboratory testing facilities, healthcare providers, wearable device manufacturers, data enrichment partners, and marketing platforms, where such third parties have a lawful basis to share data with us.

This Policy does not govern the data practices of entities or services that are not owned or controlled by Instalab. For example, when you access third-party websites, applications, or tools via links on our Site or as part of our Services, those third parties may collect information independently and their own privacy policies will apply. We are not responsible for and do not endorse the privacy practices of third parties.

3. Categories of Personal Information We Collect

We collect and process various types of Personal Information, which includes a specialized subset referred to as Consumer Health Data. While Consumer Health Data falls under the broader umbrella of Personal Information, it is subject to distinct legal protections and consent requirements under applicable state and federal privacy laws.

A. General Categories of Personal Information

This includes, but is not limited to:

Identifiers: Name, email address, username, IP address, device ID, and similar unique identifiers.
Commercial Information: Purchase history, service preferences, and responses to promotions or surveys.
Financial Information: Credit card details (processed through secure third-party platforms), billing addresses, and transaction metadata.
Geolocation Data: Information derived from your IP address or mobile device, ranging from general region to precise GPS coordinates.
Audio/Visual Content: Voice recordings, video submissions, and photos voluntarily provided through customer interactions or service use.
Inferences: Profiles, predictions, or derived data used to analyze or anticipate behaviors, preferences, or interests.

B. Consumer Health Data

Consumer Health Data is a subcategory of Personal Information and includes any data that identifies or is reasonably capable of being associated with your past, present, or future physical or mental health status. Examples include:

Lab Results and Diagnostic Data received from third-party healthcare or laboratory providers.
Self-Reported Health Information submitted through health assessments, symptom checkers, or intake forms.
Biometric or Physiological Data collected from connected health devices, such as heart rate, sleep patterns, and blood oxygen levels.
Health History and Risk Indicators such as medication use, chronic conditions, or reproductive health information.

Because of its sensitive nature, we handle Consumer Health Data with additional care, and only use or disclose it with your explicit consent.

4. Sources of Personal Information

We obtain Personal Information from the following types of sources:

Direct Interactions with You: Information you provide via account creation, forms, surveys, and health assessments.
Automated Tracking Technologies: Cookies, pixels, beacons, and other digital tools used to monitor engagement and device characteristics.
Linked Wearables and Health Apps: Devices and platforms (e.g., fitness trackers, smartwatches) that you authorize to transmit health metrics or activity data.
Healthcare and Laboratory Partners: Authorized third parties that provide lab reports, test results, and clinical interpretations.
Third-Party Services: Entities such as identity verification tools, marketing partners, or analytics platforms that contribute supplementary Personal Information.

We do not collect or share Consumer Health Data from third-party sources without your consent. Any integration with external healthcare entities is subject to applicable privacy laws and informed authorization.

5. Use of Personal Information

We use Personal Information to provide and improve our Services. We distinguish between uses of general Personal Information and those involving Consumer Health Data.

A. Use of General Personal Information

To operate and maintain the functionality of the Site and mobile app.
To personalize and improve your experience based on usage patterns.
To communicate with you, including sending notifications, updates, and promotional content.
To perform internal analytics, develop new features, and optimize business operations.
To detect, investigate, and prevent fraud, security incidents, and service abuse.
For advertising and marketing purposes, including tailored messaging (subject to your opt-out rights).

B. Use of Consumer Health Data

To deliver core health-related Services, such as displaying lab results or generating health reports.
To coordinate with authorized laboratories, providers, or devices.
To maintain accuracy and quality in diagnostic or health-related outputs.
To fulfill regulatory obligations and respond to lawful health information requests.
To support scientific research or development initiatives, only with your explicit consent.

We do not use Consumer Health Data for marketing, targeted advertising, or third-party commercial purposes without your prior, affirmative consent.

6. Disclosure of Personal Information

We may disclose Personal Information, including Consumer Health Data, to authorized recipients, subject to your privacy choices and applicable legal constraints.

A. Disclosures of Personal Information

We may disclose Personal Information:

To Service Providers and Affiliates: For the purpose of supporting our operations, including hosting, analytics, communications, fulfillment, customer support, and internal business functions. These disclosures are governed by contractual agreements requiring data protection and limiting use to service-related purposes.
To Advertising and Marketing Partners: For interest-based advertising and campaign measurement. We do not share or sell sensitive data in these contexts. You may opt out as described in the "Your Rights" section.
To Legal Authorities: In response to lawful requests such as subpoenas, court orders, or legal investigations, and to enforce our rights or protect our property or safety.
To the Public (If You Choose): When you post voluntarily in a public area of the Site or Services (e.g., forums, testimonials).

B. Disclosures of Consumer Health Data

To Healthcare Providers and Labs: With your consent, to perform testing, coordinate care, or provide diagnostic interpretations.
To Health-Related Service Providers: For functions like report generation or wearable integrations, in accordance with contractual protections.

We do not sell Personal Information, including Consumer Health Data, for monetary compensation. In certain jurisdictions, some disclosures (e.g., cookie data for advertising) may be considered a "sale" or "share" under law. Consumer Health Data is excluded from such activities.

7. Cookies and Tracking Technologies

We use cookies and similar tracking mechanisms to support functionality and measure performance. These tools help us:

Remember your login state and preferences
Understand engagement with features or content
Provide targeted offers (where permitted)
Analyze technical diagnostics and site behavior

We honor legally recognized browser signals, such as Global Privacy Control (GPC). Blocking or disabling certain cookies may affect your experience.

8. Data Security

We employ administrative, technical, and physical safeguards designed to protect Personal Information, including Consumer Health Data, from unauthorized access, misuse, disclosure, loss, or alteration. These safeguards include:

Data encryption in transit and at rest
Role-based access controls and audit trails
Intrusion detection systems and continuous monitoring
Regular security testing, patching, and vulnerability assessments

While we strive to maintain strong protections, no system can be 100% secure. If a data breach affecting your information occurs, we will notify you as required by applicable laws.

9. Data Retention

We retain Personal Information, including Consumer Health Data, only for as long as is reasonably necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy. These purposes may include:

Providing and maintaining the Services you have requested
Complying with legal, regulatory, or contractual obligations
Enforcing our terms and resolving disputes
Conducting audits, fraud prevention, and security operations
Supporting research and service improvements (where legally permitted)

Retention durations vary based on the type and sensitivity of the data, the nature of our relationship with you, and applicable legal requirements. When your data is no longer needed for any of these purposes, we securely delete or de-identify it in accordance with industry best practices and legal mandates.

10. Children's Privacy

Our Services are intended solely for individuals aged 18 and older. We do not knowingly collect, solicit, or process Personal Information from anyone under the age of 18 without their parent's permission. If we become aware that we have inadvertently collected such information, we will take prompt steps to delete it from our systems.

If you are a parent or legal guardian and believe that your child under 18 has provided Personal Information to us, please contact us immediately at legal@instalab.com so we can investigate and address the issue.

11. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights under applicable privacy laws regarding your Personal Information, including any Consumer Health Data we collect and process. These rights may include, but are not limited to:

Right to Access: You may request a copy of the Personal Information we hold about you.
Right to Correct: You may request correction of any inaccurate or incomplete data.
Right to Delete: You may request deletion of your Personal Information, subject to certain legal exceptions.
Right to Opt Out: You may opt out of the sale or sharing of Personal Information, or the use of your data for targeted advertising, profiling, or marketing.
Right to Limit Use of Sensitive Data: In jurisdictions where applicable, you may limit our use of sensitive Personal Information to only what is necessary for the Services.
Right to Data Portability: You may request a portable copy of your Personal Information in a commonly used format.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time.
Right to Appeal: If we deny your privacy-related request, you may appeal our decision in accordance with the procedures outlined in state-specific sections.

To exercise any of these rights, please contact us at legal@instalab.com or visit our Contact page. We will respond to verifiable requests in accordance with applicable laws, typically within 30 days. If additional time is needed, we will notify you and explain the reason for the delay.

Note: We may need to verify your identity before processing your request. In some cases, certain rights may not apply due to legal exceptions or operational limitations. We will inform you of any such limitations in our response.

12. California Privacy Notice

This section applies exclusively to California residents and is provided in accordance with the California Consumer Privacy Act of 2018 ("CCPA"), the California Privacy Rights Act of 2020 ("CPRA"), and other applicable California statutes and regulations. It supplements the broader Privacy Policy and addresses specific rights, data categories, and disclosures required under California law.

For the purposes of this section, "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It excludes Publicly Available Information, aggregated or de-identified data, and information protected by other sector-specific laws (e.g., HIPAA).

California residents who are visually impaired, require language accommodations, or need accessible formats to exercise their privacy rights may contact us at legal@instalab.com.

A. Categories of Personal Information Collected

We may collect the following categories of Personal Information about California consumers:

Identifiers (e.g., name, email address, IP address, device ID)
Commercial Information (e.g., transaction history, preferences)
Financial Information (e.g., payment details, billing data)
Internet or Network Activity (e.g., browsing data, cookie usage)
Geolocation Data (e.g., GPS-based or IP-based location)
Professional or Employment Information (e.g., job title, employer)
Audio/Visual Information (e.g., support calls, image uploads)
Characteristics of Protected Classifications (as defined under CA or federal law)
Inferences (e.g., profiles based on behavior or attributes)

Certain Personal Information we collect may qualify as Sensitive Personal Information under California law, including:

Account login credentials
Payment and financial access data
Message content submitted through Services
Consumer Health Data (as defined and described in prior sections)
Precise geolocation data

B. How We Use Your Personal Information

We use Personal Information for the following purposes:

To contact you and provide information
To deliver customer service and support
To verify identity, eligibility, and age as required by law
To operate, maintain, and improve our Site and Services
To facilitate account features and user interaction
To conduct internal analytics and usage insights
To market our Services and products directly to you
To promote third-party offerings (with your consent)
To run promotions and sweepstakes
For internal operations, governance, and development
To comply with legal, auditing, and compliance obligations
To investigate fraud or enforce claims
To protect our infrastructure and employee safety
For targeted or cross-context behavioral advertising (with notice and opt-out rights)

C. Sources of Personal Information

We collect Personal Information from:

You directly (e.g., forms, account creation, health surveys)
Automated tracking via cookies and device identifiers
Linked wearable devices or third-party integrations
Lab and healthcare partners (with your consent)
Third-party service providers and marketing partners
Social media platforms and data enrichment vendors
Public databases and offline interactions where applicable

D. Disclosure of Personal Information

We disclose Personal Information for business purposes to:

Service providers and contractors
Payment processors and fraud prevention vendors
Advertising platforms and data processors
Legal, regulatory, or government authorities
Professional advisors and auditors
Business transferees in connection with mergers or acquisitions

Under the CCPA/CPRA, a "sale" or "share" of Personal Information may include sharing data for cross-context behavioral advertising. While we do not sell Personal Information for monetary value, we may share identifiers, commercial data, and internet activity with ad tech providers in this context.

We do not sell or share your Lab Results or any Consumer Health Data without your explicit, affirmative consent.

E. California Privacy Rights

If you are a California resident, you may have the following rights:

Right to Know and Access: Request what Personal Information we have collected, used, disclosed, or sold in the past 12 months.
Right to Correct: Request correction of inaccurate Personal Information we hold about you.
Right to Delete: Request that we delete Personal Information, subject to certain exceptions.
Right to Opt Out of Sale/Sharing: Request to opt out of the sale or sharing of your Personal Information, including via cookies.
Right to Limit Use of Sensitive Information: Restrict our use of Sensitive Personal Information to only what is necessary to perform Services.
Right to Non-Discrimination: You will not be treated differently for exercising your privacy rights.
Right to Request Disclosure: Under California's "Shine the Light" law, request a list of categories of Personal Information disclosed to third parties for their own marketing purposes, if applicable.

To exercise these rights, email legal@instalab.com or use the links provided in our Your Privacy Choices section at the bottom of our website.

F. Opt-Out of Sale and Sharing

You may opt out of sale/sharing by:

Enabling a recognized opt-out signal, such as the Global Privacy Control (GPC) in your browser (see https://globalprivacycontrol.org/orgs)
Adjusting cookie settings in our cookie banner
Managing app tracking settings on your mobile device

If you are not logged into your account, your opt-out choice will be linked to your browser/device only. We do not knowingly sell or share the Personal Information of children under 18 without legally required opt-in authorization. If you believe your child has provided data in error, contact us at legal@instalab.com.

G. Retention of Personal Information

We retain Personal Information only for as long as necessary for the purposes outlined in this Policy. Retention durations vary depending on the type of data, the nature of our relationship, and applicable legal requirements. Our retention criteria include:

Duration of your account or service use
Statutory or contractual record-keeping obligations
Ongoing legal disputes, investigations, or risk management

We securely delete or de-identify data once it is no longer needed.

H. Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. At this time, we do not respond to DNT signals. For more information, visit www.allaboutdnt.com.

13. Nevada Privacy Notice

We do not sell Personal Information for monetary value as defined under Nevada Revised Statutes Chapter 603A. However, under Nevada Senate Bills 220 and 370, Nevada residents have the right to request that we not sell certain Personal Information in the future.

If you are a Nevada resident and wish to make such a request, please email legal@instalab.com and include your full name, email address, and physical address so that we can verify your Nevada residency and respond appropriately. Should we begin selling Personal Information after your request, we will make reasonable efforts to comply with your opt-out.

In addition, Nevada SB 370 grants residents specific rights regarding Consumer Health Data, including the right to understand how such data is collected, used, shared, and retained. For more information about our handling of Consumer Health Data, please read the previous relevant sections.

14. Privacy Notice for Residents of Other U.S. States

This section provides additional information for residents of states with enacted comprehensive privacy laws, including: Colorado, Connecticut, Delaware (2025), Iowa (2025), Montana (October 2024), Nebraska (2025), New Hampshire (2025), New Jersey (January 2025), Oregon, Texas, Utah, and Virginia (collectively referred to as the "State Privacy Laws"). These provisions apply to the extent Instalab is subject to each respective law.

For the purposes of this section, "personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual, excluding publicly available data and de-identified information.

A. Our Personal Data Practices

The categories of personal data we collect, the purposes for which we use it, and the categories of third parties to whom we disclose it are fully described in:

"Types of Personal Information We Collect"
"Sources of Personal Information and Consumer Health Data"
"Disclosure of Personal Information and Consumer Health Data"

We do not sell personal data to third parties for monetary consideration. However, we may engage in data disclosures via cookies and tracking tools for advertising purposes, which may be considered a "sale" or "sharing" under some state laws. We do not sell or share Lab Results or Self-Reported Health Information without your explicit consent.

B. Your Privacy Rights

If you reside in a state covered by a State Privacy Law, you may have the following rights (subject to applicable legal exceptions):

Right to Know and Access: Obtain a copy of the personal data we process about you.
Right to Correct: Request corrections of inaccurate or outdated personal data.
Right to Delete: Request deletion of personal data held by us and our processors.
Right to Opt Out: Object to the sale of personal data, targeted advertising, and profiling in connection with significant decisions (e.g., eligibility or access to services).
Right to Data Portability: Obtain your personal data in a portable, structured format.
Right to Limit Use of Sensitive Data: Restrict processing of sensitive data to that which is necessary to deliver requested Services.
Right to Appeal: Challenge decisions related to the denial of your privacy requests.

If you are a Connecticut, Colorado, Delaware, Montana, Nebraska, New Jersey, Oregon, Texas, or Virginia resident, we will not process your sensitive personal data or infer such data from other signals without your affirmative, express consent. Residents of Iowa and Utah have the right to opt out of such processing.

To exercise any of your rights, please contact us at legal@instalab.com. We will verify your request and respond within the timeframe required by law, generally within 45 to 60 days.

C. Appeals Process by State

If we decline your request, you have the right to appeal our decision. Below are instructions for submitting an appeal and how to contact your state's Attorney General if you remain unsatisfied:

Colorado: Appeal within 45 days. Contact the CO Attorney General at (720) 508-6000 or submit online.
Connecticut: Appeal within 60 days. Contact the CT Attorney General at (860) 808-5420 or submit online.
Delaware (2025): Appeal within 60 days. Contact the DE DOJ at (302) 683-8800 or submit online.
Iowa (2025): Appeal within 60 days. Contact the IA Attorney General at (888) 777-4590 or submit online.
Montana (October 2024): Appeal within 60 days. Contact the MT Attorney General at (406) 444-4500 or submit online.
Nebraska (2025): Appeal within 60 days. Contact the NE Attorney General at (402) 471-2683 or submit online.
New Hampshire (2025): Appeal within 60 days. Contact the NH Attorney General at (603) 271-3658 or submit online.
New Jersey (January 2025): Appeal within 45 days. Contact the NJ Attorney General at (800) 242-5846 or submit online.
Oregon: Appeal within 45 days. Contact the OR Attorney General at (877) 877-9392 or submit online.
Texas: Appeal within 60 days. Contact the TX Attorney General at (800) 621-0508 or submit online.
Virginia: Appeal within 60 days. Contact the VA Attorney General at (804) 786-2071 or submit online at oag.state.va.us.

If you are unsure of how your state's laws apply to you, we encourage you to reach out to us at legal@instalab.com for clarification or guidance.

15. Changes to This Policy

We reserve the right to modify this Policy at any time. Changes will be effective upon posting the updated Policy on our Site. Your continued use of the Services constitutes acceptance of those changes.

16. Contact Information

If you have any questions, comments, or concerns about this Privacy Policy, our data handling practices, your privacy rights, or if you would like to submit a request regarding your Personal Information, please contact us using the information below:

Email: legal@instalab.com
Mailing Address: 169 Madison Ave #2885, New York, NY 10016

We strive to respond to all inquiries in a timely and thorough manner consistent with our legal obligations and internal standards.