Your Privacy Comes First

Our number one priority is to ensure that your data is protected. We know that you are entrusting us with your personal and genetic information and we take this responsibility seriously. Rest assured that your information is and will always be yours. 

We want to cut out all of the “legal languages” and tell you in terms you can understand how your data is stored and used so that you can more easily make your own choices. 

View Full Privacy Policy
View Full HIPAA Policy

Information We Collect:

Purchase information:

When you purchase a kit from us, we collect personal information so that you can receive our product (for example, we collect: your name, address, and email).

How it is used:

We use this to send you your kit. You may also choose to be added to our email distribution list so you can learn about our product and receive offers. 

Your choice:

You can unsubscribe at any time. 

Registration information:

When you receive and register your kit, we collect your personal and family medical history. This is traditionally called Personal Health Information or PHI. Phosphorus is a CLIA/CAP certified laboratory and this is a requirement so that our telehealth provider can authorize a test. 

How it is used:

Our telehealth provider uses this to authorize your test. This information may also be used if you use our telegenic counseling partners. This information will allow your genetic counselor to have a picture of your medical history so that you can have an informative discussion about your DNA. We cannot share your individual information with anyone else unless you give us permission to do so. 

Your choice:

If you are not comfortable sharing your personal medical history, our partner physicians will not be able to authorize your test. That’s okay - if you’ve purchased a kit we will provide you a refund. 

Genetic information:

We sequence and store a portion of your DNA as part of providing our services. Our bioinformatics algorithms and clinical team work on distilling this down to a clinical report of the variants that are most impactful. These are your test results which are made available to you in PDF format and online. After your kit is received and processed, this is the output of what your DNA can tell you about your health risks. 

How it is used:

Your personally identifiable information is always yours and will never be shared. 

Your choice:

Only you and our telehealth provider will receive your results. Who you choose to share this with is up to you. 

Interaction information:

We collect information when you visit our website or interact with us online. You have probably seen “cookie notices” when you visit a new website. That is what this is - your choice on whether to allow us to view our interaction and make the experience better.

How it is used:

This is used to improve your experience with us. 

Your choice:

You can opt-out of using cookies when you visit our website.

Deidentified data:

As a healthcare provider, we may de-identify and aggregate your data in order to improve our operation or conduct research. We are on a mission to use genetics to improve everyone’s health and wellness journey. We want to contribute to the improvement of science. Are there certain genetic mutations that are more common than we thought? 

What does this mean?

When analyzing our research data, we strip all your identifying information from our database per federal guidelines. We may use this aggregated information to explore research questions or provide this de-identified and aggregated data to research partners to improve science. 

Your choice:

When you register, you have the choice to opt-in or out of the research. 

How We Secure Information: 

Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other personal information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

Phosphorus implements measures and systems to ensure confidentiality, integrity, and availability of Phosphorus data. Our team regularly reviews and improves our security practices to help ensure the integrity of our systems and your information. These practices include, but are not limited to, the following areas:

Independent security certification and audit:

Our information security management system, which protects Phosphorus information assets supporting our Services, has been certified under an internationally recognized standard. Some of those controls are described below.

Encryption:

Phosphorus uses industry-standard security measures to encrypt Sensitive Information both when it is stored and when it is being transmitted. Storage data is also encrypted and protected by AWS services.

Limited access to essential personnel:

We limit access of information to authorized personnel, based on job function and role. Phosphorus access controls include multi-factor authentication, single sign-on, and a strict least-privileged authorization policy. With this, all Phosphorus employees are HIPAA certified.

Phosphorus does absolutely everything to ensure we are compliant with HIPAA and OWASP standards of security.

Monitor traffic:

Phosphorus also continually monitors traffic and activity to detect suspicious transactions.

HIPAA & OWASP compliant:

Phosphorus does absolutely everything to ensure we are compliant with HIPAA and OWASP standards of security.