Privacy Policy

In order to provide valuable and actionable health guidance, we require that you share as much information as possible about your personal health history, including medical labs and data from genetic testing services. We take the privacy and security of your information extremely seriously and have one of the most restrictive and protective privacy policies in the industry.

Before formally engaging in either our comprehensive program or consulting services, you must become acquainted with both this privacy policy and our terms and conditions. This policy describes what kind of information we collect, how that information is used internally, and other important details about access, control, and security. By using our services, you are agreeing to both this privacy policy as well as our explicit terms and conditions.

Information that we collect

We collect several types of information as part of the formal client agreement:

During registration, your name, physical address, phone number, and e-mail address are collected to create a user account and profile.
As part of the consulting process, we also collect medical labs, your genetic data (if available), and additional detailed information about your personal medical history provided via the initial intake questionnaire. The level of detail provided on the questionnaire is exclusively at your discretion.
Payment information is also collected and stored securely on our payment processor’s servers for hourly consulting, full program enrollment, and monthly / recurring subscriptions. Such information is deleted at the time the client agreement is terminated.

How your information is used

All information is collected for the sole purpose of understanding you, your health challenges, and your personal history as deeply as possible. Your age, weight, vitals, geographical location, ancestry, genetics, and lifestyle are brought together to formulate a complete picture of your past and current health as well as predict outcomes for the future.

All payment processing is handled securely via Paypal and payment details are stored exclusively in the Paypal system. We have chosen this payment processing platform due to their high levels of compliance with online financial institutions.

All medical labs and personal history data are accessed exclusively by our Chief Scientist, John Ledford Gregory, and are not stored in any other location than in the secure, HIPAA-compliant repository to which you upload them. Labs are scanned and correlated against relevant genetic pathways, your medical history, and other such information and are never transferred outside the repository for any reason, without your explicit consent.

Data from genetic testing services is also processed in our HIPAA-compliant cloud-based analytics pipeline and is used exclusively for the generation of our proprietary gene-based reports. This data is also integrated with other databases in the same computing cloud to provide additional insights regarding your response to substances, foods, and lifestyle adjustments.

Your information will never be shared for any reason

Unlike other services in our industry, we are not interested in profiting from the harvesting of customer information for larger population studies, whether privately or publicly funded. As stated on our BiopathFx page, we are strongly against such uses of genetic information and, as such, limit access to medical data exclusively for the purposes of analysis and development of personal health guidance. We will not sell, rent, or share your information under any circumstances, except with your explicit consent, unless required to do so by the law.

You, as the client, have the right to share all information associated with your account with any person or company that you choose, but we will not be liable for any repercussions from doing so. As such, if you choose to share your data with a third party, the data will then be governed by that party’s own privacy policy. Therefore, we recommend that if you do choose to share your information, that you ensure that the involved party complies strictly with the same HIPAA regulations that we abide by.

You are in complete control of your information

Access to your client profile and personal document repository is restricted to our Chief Scientist, John Ledford Gregory and you, with no exceptions. You have complete control over your profile, including creating, viewing, and deleting documents as you choose. Rest assured, backups of data are performed to a secondary HIPAA-compliant respository in the event data is deleted by accident.

Security is our highest priority

Our primary data repository is hosted on Google’s G Suite and Cloud. Both have received security certifications for ISO 27001, 27017, and 27018 and have passed SOC2 and SOC3 Type II audits. Their audit reports may be found here. We have signed a Business Associate Agreement (BSA) with Google and have ensured both HIPAA and GDPR compliance, strictly adhering to their guidelines. You can read more about their policies here.

That being said, any data transmitted across the internet (especially via e-mail) is not guaranteed to be 100% secure. We are constantly evolving our security strategy, and you will be notified of all modifications that affect the transfer, storage, and handling of your private information. Nonetheless, we make no assurances that your information will not be accessed, altered or lost through a breach of any of our physical and electronic safeguards, and this may be said of any company world-wide that stores health information.

Changes to privacy policy

All changes to the policy described herein will be communicated to you via the e-mail address associated with your account. It is your responsibility, as the client, to ensure your e-mail address is able to receive our communications and that they do not end up in your spam folder. You are further responsible for periodically checking changes to our privacy policy on this page. If you are using our services at the time of a policy change, you explicitly agree to any changes of terms and, in the event of disagreement, are encouraged to cancel your enrollment at your convenience.