Last updated January 29, 2022
BillionToOne respects your privacy and is committed to protecting it through compliance with this Privacy Statement. This Statement describes how information about you may be collected, used, and disclosed. Please review this Privacy Statement carefully.
How Information is Collected and Used
Your healthcare provider will facilitate the collection of a blood sample and will provide the sample and your information to BillionToOne for the purpose of providing laboratory testing services (the Service). BillionToOne will process your blood sample; DNA will be extracted from the submitted sample and sequenced. BillionToOne will store your genetic sequencing and related data as required by applicable laws and regulations. All sequence data may be used for regulatory compliance or healthcare operations, and de-identified for internal quality control, validation studies, and internal research and development purposes.
BillionToOne will retain your sample (blood and/or extracted DNA) only for the maximum duration permitted under applicable law or regulation, after which point it will be destroyed. Until such time that your sample is destroyed, BillionToOne may de-identify your sample and use or store it for regulatory compliance purposes; internal quality control; laboratory validation studies; or internal research and development.
Information We Collect Automatically
We may automatically collect certain information when you visit, use or navigate the Website (“Site”). This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use the Site and other technical information. We may collect such automatically generated or collected information through a variety of tracking technologies, including cookies, Flash objects, web beacons, embedded scripts, mobile SDKs, location-identifying technologies and similar technology (“tracking technologies”), and we may use third-party partners or services to assist with this effort. Information we collect automatically about you or your device may be combined with other personal information we collect directly.
While such automatically generated or collected information is primarily needed to maintain the security and operation of the Site, and for our internal analytics and reporting purposes, we, or the third-party partners we use, may also use information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Site; (b) provide custom, personalized content and information to you; (c) identify and contact you across multiple devices; (d) provide and monitor the effectiveness of the Site; (e) perform analytics and detect usage patterns on the Site; (f) diagnose or fix technology problems; (g) detect or prevent fraud or other harmful activities, and (h) otherwise plan for and enhance the Site and for other internal purposes.
BillionToOne will not sell your information, sample, genetic data, or results.
We may use your information to contact you for quality assurance purposes. You can opt out of such contact by notifying the healthcare provider who ordered your test or by contacting us directly at [email protected].
How Information is Shared
This section describes the circumstances under which we may share your information with third parties.
To provide the Services
- We may disclose your information to others involved in your care, including your healthcare providers, genetic counselors (the Services include complimentary access to independent genetic counselors), confirmatory laboratories, the health system or clinic where your provider practices, and other providers that you or your healthcare provider designated to receive your information. We may contact your healthcare provider to obtain additional information about the Service we provided.
- We may disclose your information to bill and collect payment for the Services from you, your health insurance, or other responsible third parties. We may also engage third parties to assist us with these billing and collection efforts.
- We may work with third party service providers to provide application development, analytics, variant analysis, payment processing, hosting, maintenance, support ticketing, transmission of test results, and other services for us. We limit the personal and health information we share with these service providers to that which is minimally necessary for them to perform their services for us, and we require them to agree to maintain the confidentiality and security of such information.
For research, development, and analytics.
- With your consent, we may share your de-identified genetic information with public databases in order to advance medical research. By contributing this information to such databases, we can help scientists better understand the impact of genetic variants on the risk of diseases and health conditions.
- We may use your de-identified sample, genetic information, and results in our research. We may engage in research with third parties like universities, hospitals, health systems, government institutions, or private companies to develop new tests, validate technologies, or improve existing technologies or processes. You can opt out of such third-party research by notifying the healthcare provider who ordered your test or by contacting us directly at [email protected]. However, if you have consented in the past and later opt out, BillionToOne cannot retract your de-identified sample, information, and/or results from research already performed.
For BillionToOne’s purposes.
- We may author publications using de-identified information, either on our own or in collaboration with academic or commercial third parties.
- We may share aggregated, de-identified information (for example, aggregated trends about the general use of our Services) publicly and with our partners. This information will not include medical or genetic information.
- Information about our users may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
For security or legal purposes.
We may also disclose your information under the following circumstances:
- If we believe in good faith that doing so is appropriate or necessary to address fraud, security, or technical issues, or protect against harm to us or others to the extent required or permitted by law.
- To comply with applicable federal and state laws, rules, and regulations, as well as law enforcement requests and legal process, such as a court order or subpoena. When possible, we will attempt to notify the individual who is the subject of the court order or subpoena so they may have an opportunity to oppose the disclosure.
- Business Transfers. We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of assets, financing, or acquisition of all or a portion of our organization to another party.
- Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Statement. Affiliates would include a parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us, if any.
- Business Partners. We may share your personal information with our business partners to offer you certain products, services, or promotions.
How We Protect Your Information
BillionToOne takes reasonable and appropriate measures to protect your information from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. BillionToOne implements physical, administrative, and technical safeguards that are designed to protect the integrity and security of your information. BillionToOne regularly reviews and improves our security practices to help ensure the integrity of our systems and your information. These practices include but are not limited to:
BillionToOne personnel may access and use information only if they are authorized to do so and only for the purpose for which they are authorized.
- Encryption. BillionToOne uses industry standard security measures to encrypt Sensitive Information in transit and at rest.
- Limited access to essential personnel. We limit access to Sensitive Information to authorized personnel, based on job function and role. Access controls include multifactor authentication and least-privileged authorization policies and practices.
Please recognize that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password you use to access our Services. You should not disclose your authentication-n information to any third-party and should immediately notify BillionToOne of any unauthorized use of your password. BillionToOne cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in the United States or any other country in which BillionToOne or its affiliates, subsidiaries, or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
We cannot however guarantee that information may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. You agree that BillionToOne is not liable for the unauthorized release of your information unless such release was the result of gross negligence or willful misconduct on the part of BillionToOne.
BillionToOne complies with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) to maintain the privacy and security of your information. If a breach occurs that may have compromised the privacy or security of your information, we intend to comply with all federal and state reporting requirements.
Children’s Privacy
BillionToOne is committed to protecting the privacy of children as well as adults. Neither BillionToOne nor any of its Services are designed for, intended to attract, or directed toward children under the age of 18. A parent or guardian, however, may collect a sample from, create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to BillionToOne about his or her child is kept secure and that the information submitted is accurate.
Changes To Our Privacy Policy
At our sole discretion, we may make changes to this Privacy Statement at any time. When changes are made, we will post an updated Privacy Statement on our website. The changes will apply to all information we have about you. All changes are effective immediately upon posting; the date the Privacy Statement was last revised is identified at the top of the page. BillionToOne will notify individuals via email upon substantive changes to the Policy Statement.
Questions and Comments
BillionToOne commits to resolving questions and comments about your privacy and our collection and use of your information. Individuals with inquiries or comments should contact BillionToOne at [email protected].