Privacy Policy
Privacy Statement Overview
We take your privacy seriously. Please read this Privacy Statement to learn how we treat your personal data.
Last Updated: June 1, 2024
These “Privacy Highlights” provide an overview of some core components of our data handling practices. Please be sure to review the Full Privacy Statement. Capitalized terms not defined in these highlights have the meaning described in our full Privacy Statement.
Information We Collect
We generally collect the following information:
- Information we receive when you use our Services. We collect Web-Behavior Information via cookies and other similar tracking technologies when you use and access our Services (our website, mobile apps, products, software and other services). See our Cookie Policy for more information.
- Information you share with us. We collect and process your information when you onboard information to our app or website, place an order, create an account, complete research or other surveys, post on our blogs or forums or use other messaging features, and contact our customer care representatives. This information can generally be categorized as Registration Information, Self-Reported Information, and/or User Content as defined in our full Privacy Statement.
How We Use Information
We generally process Personal Information for the following reasons:
- To provide our Services. We process Personal Information in order to provide our Services, which include creating customer accounts and authenticating logins, analyzing information and records you provide to us, processing purchases and payments, and shipping products to customers.
- To analyze and improve our Services. We constantly work to improve and provide new reports, tools, and Services. For example, we are constantly working to improve our ability to personalize recommendations for you, and to make our Services easier and more enjoyable to use. We may also need to fix bugs or issues, and analyze the use of our website and app(s) to improve the customer experience or assess our marketing campaigns.
Control: Your Choices
You have the ability to make decisions about how your data is shared and used. You choose:
- Whether and when you share information with us.
- When and with whom you share information with third party services that accept Vydiant data, or with friends, family members, health care professionals or others outside our Services.
- To give or decline consent for Vydiant Research. By agreeing to the Research Consent Document, Individual Data Sharing Consent Document, or participating in a Vydiant Research Community you can consent to the use of your de-identified data for scientific research purposes.
- To store or discard your biological sample after it has been analyzed.
- Which health recommendations or reports you view and/or opt-in to view.
- To delete your Vydiant account and data, at any time.
Access To Your Information
Your Personal Information may be shared in the following ways:
- With our service providers, as necessary for them to provide their services to us.
- With qualified research collaborators, only if you provide your explicit consent.
Vydiant will not sell, lease, or rent your Individual-Level Information to a third party for research purposes without your explicit consent. With regard to such Information:
- We will not share your data with any public databases.
- We will not provide your data (genetic or non-genetic) to an insurance company or employer.
- We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.
How We Secure Information
Vydiant implements measures and systems to ensure confidentiality, integrity, and availability of Vydiant data. Our team regularly reviews and improves our security practices to help ensure the integrity of our systems and your information. These practices include, but are not limited to, the following areas:
- Independent security certification and audit. The cloud information security system which protects Vydiant information assets supporting our Services, has been certified under the internationally recognized ISO/IEC 27001:2013 standard. Some of those controls are described below.
- Encryption. Vydiant uses industry standard security measures to encrypt Sensitive Information both when it is stored and when it is being transmitted.
- Access limited to essential personnel. We limit access of information to authorized personnel, based on job function and role.
Risks and Considerations
There may be some consequences of using our Services that you have not considered.
- In the event of a data breach it is possible that your data could be associated with your identity, which could be used against your interests.
Privacy Statement
Last Updated: June 1, 2024
What you should know about privacy at Vydiant
This Privacy Statement applies to all websites owned and operated by Vydiant, Inc., including www.vydiant.com, and any other websites, pages, features, or content we own or operate, and to your use of the Vydiant or OneHealth mobile apps and any related Services.
To keep things simple, we use the same terms here as in our Terms of Service. We’ll let you know in this Privacy Statement if we have a new or different definition for a term. You should read our entire Privacy Statement, but if you only have a few minutes you can take a look at the above Privacy Highlights.
The information Vydiant collects
We try not to speak in legalese, but there are some useful definitions we use to describe data we collect in providing the Services to you.
When we say Personal Information, we use this as a general term to refer to the different data categories we describe in this section that either personally identify you or are about you. Your Personal Information can be either
- Individual-level Information: information about a single individual, such as their genotypes, diseases or other traits or characteristics.
- De-identified Information: information that has been stripped of identifying data, such as name and contact information, so that an individual cannot reasonably be identified.
Here are the types of Personal Information we collect:
- Registration Information: information you provide during account registration or when purchasing the Services, such as a name, user ID, password, date of birth, billing address, shipping address, payment information (e.g., credit card), account authentication information, or contact information (e.g., email, phone number).
- Genetic Information: information regarding your genotype (e.g., the As, Ts, Cs, and Gs at particular locations in your DNA). Genetic Information includes the Vydiant genetic data and reports provided to you as part of our Services.
- Sample Information: information regarding any sample, such as a saliva sample, that you submit for processing to be analyzed to provide you with Genetic Information, laboratory values or other data provided through our Services.
- Self-Reported Information: information you provide to Vydiant including your gender, disease conditions, health-related information, traits, ethnicity, family history, or anything else you provide to us within our Services.
- Biometric information: certain Self-Reported Information you provide to us or our service providers to verify your identity using biological characteristics.
- User Content: information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials, other than Genetic Information and Self-Reported Information, generated by users of Vydiant Services and transmitted, whether publicly or privately, to or through Vydiant. For example, User Content includes comments posted on our Blog or messages you send through our Services.
- Web-Behavior Information: information on how you use our Services or about the way your devices use our Services is collected through log files, cookies, web beacons, and similar technologies (e.g., device information, device identifiers, IP address, browser type, location, domains, page views).
Aggregate Information is different from Personal Information
Aggregate Information is not Personal Information because Aggregate Information does not contain information about, nor can it reasonably be linked to, a specific individual. Aggregate Information is information about a group of people, such as an analysis or evaluation of a group. Aggregate Information describes the group as a whole in such a way that no specific individual may be reasonably identified. For example, the number of Vydiant customers with a specific variant or health condition is Aggregate Information.
How we collect information
- You: We collect information you provide to us when you request or purchase Services or information from us (including authorizations to share data with us from another entity, like lab test results and other medical information), register with us (including when you link your account on a third-party site or platform with your Vydiant account, such as via Apple or Google), participate in forums or other activities on our sites, features, and applications, respond to surveys, visit our physical properties, call our Customer Care support line, or otherwise interact with us using one or more devices. You may provide information in a variety of ways, including by typing or using voice commands.
- Service Providers: We may collect information through service providers who use a variety of technologies and tools, such as cookies, analytics tools, software development kits, application program interfaces, web beacons, pixels, and tags when you visit, use or interact with our Services. For more detail on how we collect and use Web-Behavior Information, please see our Cookie Policy.
- Other Third Parties: We may receive information about you from other users, individuals, our corporate affiliates, or other third parties. For example, if someone gifts you a testing kit or Subscription, invites you to view their Vydiant Report, or otherwise refers you to Vydiant, we may collect information about you.
- Vydiant: We may infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics. For example, we use your Genetic Information to predict certain health predispositions, or we may infer your location (such as city, state, and country) based on your IP address.
How we use your information
Now that we’ve covered the types of information we collect and how we collect it, let’s review how we may use it.
We use your information to:
- Provide our Services, including to develop, operate, improve, maintain, and safeguard our Services, including developing new product tools and features.
- Analyze and measure trends and usage of the Services.
- Communicate with you, including customer support, or to share information about our Services or other offers or information we think may be relevant to you.
- Personalize, contextualize and market our Services to you.
- Provide cross-context behavioral or targeted advertising (learn more in our Cookie Policy page).
- Enhance the safety, integrity, and security of our Services, including prevention of fraud and other unauthorized or illegal activities on our Services.
- Verify your identity and administer your User Account.
- Enforce, investigate, and report conduct violating our Terms of Service or other policies.
- Conduct surveys or polls, and obtain testimonials or stories about you.
- Comply with our legal, licensing, and regulatory obligations.
- Conduct Vydiant Research, if you choose to participate.
What Vydiant Research participation means for you
Vydiant has an opt-in research program, meaning that for eligible customers, taking part in Vydiant Research is completely voluntary. Here are key points about Vydiant Research, how Research uses personal information, and other ways we safeguard your privacy.
Before explaining how Research uses Personal Information, let’s cover a few basics:
What is Vydiant Research?
The purpose of Vydiant Research is to make new discoveries about genetics and other factors behind diseases and traits. “Vydiant Research” means research activities performed by Vydiant, either independently or jointly with third parties. Vydiant Research may be sponsored by, conducted on behalf of, or in collaboration with third parties, including non-profit foundations, academic institutions or pharmaceutical companies.
What if I do not want to participate in Research?
If you are eligible to participate in Research, you choose whether to participate or not, and you can change your mind any time. Customers never need to participate in Research to use Vydiant. Nothing changes about your core Vydiant experience if you do not participate in Research. We do not use your information for Research unless you explicitly choose to participate in Research.
How does Vydiant protect my information in Research?
Vydiant Research analyses are conducted with information that has been stripped of your identifying Registration Information.
Data sharing
We appreciate the level of trust you put into us. Here’s how we do, and do not share your information.
Who we share with:
Service providers: Our service providers and contractors help us provide our Services and act on our behalf to get things done. We implement procedures and maintain contractual terms with each service provider and contractor to protect the confidentiality and security of your Personal Information. For example, some of the things we use service providers and contractors to help us with include: order fulfillment and shipping; processing and analyzing your samples; sample storage (as we like to call it, “biobanking”); customer care support; cloud storage, IT, and security; marketing and analytics; and more. Learn more about cookies, analytics, and advertising partners we use on our Services in our Cookie Policy.
Your sharing choices: You may direct us to share your Personal Information with friends, family members, doctors or other healthcare professionals, and/or any other individuals or entities who may or may not be using our Services, including through third party services such as social networks and third-party apps that connect to our Services. If you share your Personal Information with a third party, they may use your Personal Information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy policies of all other third parties involved.
Commonly owned entities, affiliates and change of ownership: If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your Personal Information may be accessed, sold or transferred as part of that transaction and this Privacy Statement will apply to your Personal Information as transferred to the new entity. We may also disclose Personal Information about you to our corporate affiliates to help operate our services and our affiliates’ services.
Third parties related to law, harm, and the public interest: Vydiant will not provide information to law enforcement unless required by law to comply with a valid court order, subpoena, or search warrant. We require all law enforcement inquiries to follow a valid legal process, such as a court order or search warrant, and are prepared to exhaust available legal remedies to protect customer privacy. If we are compelled to disclose your Personal Information to law enforcement, we will try our best to provide you with prior notice, unless we are prohibited from doing so under the law.
Vydiant will preserve and disclose any and all information if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that Vydiant may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce the Vydiant Terms of Service and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of Vydiant, its employees, officers, directors, contractors or other personnel, its users, and the public. Nothing in this Privacy Statement is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your Personal Information.
Who we DO NOT share with:
We will not voluntarily share your Personal Information with:
- Public databases
- Insurance companies or employers
- Law enforcement, absent a valid court order, subpoena, or search warrant
Your privacy settings and controls
It’s your data, and we make it easy to make decisions and certain choices about it. We do not make choices on your behalf for the privacy settings described below. Below are the types of controls you have in your Account Settings and we’ve listed what it means to opt-out or to opt-in:
Viewing your health reports
- Opt-out: No, I do not want to receive my health reports.
- Opt-in: Yes, I do want to receive Genetic Health Risk and Carrier Status reports, as well as other reports (e.g., Pharmacogenetics reports) if available.
Sharing features
- Opt-out: No, I do not want to share my information with genetic relatives or other users via features like DNA Relatives or My Connections.
- Opt-in: Yes, I want to be able to share my information so I can discover genetic relatives or connect with others.
Personalized recommendations
- Opt-out: No, I do not want to receive Personalized Recommendations based on my sensitive data categories.
- Opt-in: Yes, I want to receive Personalized Recommendations to receive custom health and wellness recommendations, offers, and other information based on my sensitive data categories.
Communications preferences
- Opt-out: Please don’t contact me for promotional purposes. In addition to changing your preferences via Account Settings or your device, you can also click the “unsubscribe” button at the bottom of promotional email communications.
- Opt-in: Yes, you can contact me (such as through email, in-product notifications, or push notifications) for product or promotional purposes.
Research participation
- Opt-out: I don’t want to participate in Vydiant Research. If you experience difficulties changing your consent status in Account Settings, contact the Human Protections Administrator at hpa@vydiant.com. You can change your mind any time about your participation, however any Research involving your data that has already been performed or published prior to your withdrawal from Vydiant Research will not be reversed, undone, or withdrawn.
- Opt-in: Yes, I’d like to participate in Vydiant Research.
You can also:
Access & Download: You can access and download your Personal Information processed by Vydiant. Please note, if you lose access to your Vydiant Account, we require that you submit additional information to verify your identity before providing access or otherwise releasing information to you.
Correct Information: You can correct your Registration Information and modify Self-Reported Information entered into surveys.
Delete your Account: You can delete your Vydiant account within your Account Settings at any time. Upon account deletion, we will automatically opt you out of Research. Keep in mind this process cannot be canceled, undone, withdrawn, or reversed, and your account deletion is subject to retention requirements and certain exceptions.
Other things to know about privacy
Security Measures
We implement physical, technical, and administrative measures aimed at preventing unauthorized access to or disclosure of your Personal Information. Our team regularly reviews and improves our security practices to help ensure the integrity of our systems and your Personal Information.
Please recognize that protecting your Personal Information is also your responsibility. Be mindful of keeping your password and other authentication information safe from third parties, and immediately notify Vydiant of any unauthorized use of your login credentials. Your password is not visible to Vydiant staff, and we encourage you not to share your password with Vydiant or any third parties. Vydiant cannot secure Personal Information that you release on your own or that you request us to release.
Retention of Personal Information
We retain Personal Information for as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
Vydiant and/or our contracted genotyping laboratory will retain your Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations, including the federal Clinical Laboratory Improvement Amendments of 1988 (CLIA), California Business and Professions Code Section 1265 and College of American Pathologists (CAP) accreditation requirements, even if you chose to delete your account. Vydiant will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, communications related to inquiries or complaints and legal agreements for a limited period of time as required by law, contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
Third Party Content and Integrations
Our Services may contain third party content, integrations or links to third party websites operated by organizations not affiliated with Vydiant. Through these integrations, you may be providing information to the third party as well as to Vydiant. Since we can only control our own Services, we are not responsible for how those third parties collect or use your information so please review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our Services.
Federal, State, and Region-Specific Information
You may have specific privacy rights in your state or region. For example, in the United States, residents of California and other states have specific privacy rights, as well as Vydiant residents of the European Economic Area (EEA), the UK, Switzerland and other jurisdictions. Federal and state laws (including the federal Genetic Information Non-discrimination Act or “GINA”) provide some protection from employer and health insurance discrimination based on your genetics. For more information, see our Privacy Notice for U.S. State Residents.
Changes to this Privacy Statement
We may make changes to this Privacy Statement from time to time. We’ll let you know about those changes here or by reaching out to you via email or some other contact method, such as through in-app notification, or on another website page or feature.
Contact Information
If you have questions about this Privacy Statement, or have a complaint or inquiry, please email Vydiant’s Privacy Administrator at privacy@vydiant.com, call us at 1.916.806.0209, or send a letter to:
Privacy Administrator
Vydiant, Inc.
c/o T. Carlone, General Counsel
988 Glide Ferry Way
Sacramento CA 95831