DRAFT — ATTORNEY REVIEW REQUIRED. This content is a placeholder and is not legally binding.

Legal

Privacy Policy

Last updated: [DATE TO BE ADDED BY COUNSEL]

1. Information We Collect

We collect information that you provide directly to us, including:

  • Contact information (name, email address, phone number)
  • Professional credentials (NPI number, state license number, license state, credential type)
  • Practice information (business address, practice name)
  • Order history and shipping addresses
  • Sales representative attribution (if applicable)

We also collect information from third-party services we use to operate the Service, including NPPES (NPI verification), Clerk (authentication), Supabase (database hosting), Shopify (commerce and payment processing), and Resend (transactional email).

2. How We Use Your Information

We use your information to:

  • Verify your identity and professional credentials
  • Provide, operate, and maintain the Service
  • Process orders and deliver products
  • Send transactional emails (order confirmations, etc.)
  • Detect and prevent fraud or misuse
  • Comply with legal obligations

3. Sharing of Information

We share information with:

  • Service providers (Clerk, Supabase, Shopify, Resend) as needed to operate the Service
  • Your designated sales representative (if you register under a rep attribution link)
  • Law enforcement if legally required
  • Parties involved in a business transaction (merger, acquisition, sale of assets)

[COUNSEL: list subprocessors explicitly and add any required DPA language for GDPR/CCPA.]

4. Data Retention

[COUNSEL: specify how long we retain verified provider records, denied applications, order history, and support tickets.]

5. Your Rights

[COUNSEL: add GDPR/CCPA/state privacy rights (access, correction, deletion, portability, opt-out of sale) and how providers can exercise them.]

6. Security

We use industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, and access controls on our database. No system is fully secure; we cannot guarantee absolute security.

7. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

8. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via email or a notice on the Service.

9. Contact

Questions about this Policy: info@thebiogenomics.com