Privacy Policy

This Privacy Policy applies to:

• Visitors to the T1D Scout website;
• Individuals who create accounts on the T1D Scout platform;
• Parents or guardians submitting biological samples on behalf of minors;
• Individuals participating in T1D Scout’s at-home autoantibody screening, genetic risk assessment, or research programs.

This Policy does not apply to third-party services linked from our website (e.g., telehealth partners), whose privacy practices may differ.

We collect the following categories of information:

Information that identifies, relates to, or could reasonably be linked with you, including:

• Full name
• Date of birth
• Email address
• Mailing and shipping address
• Telephone number
• Account credentials
• Billing information (processed securely by PCI-compliant providers)

Information you voluntarily provide, including:

• Family history of autoimmune or metabolic diseases
• Personal health history
• Biological sex, age, and demographic information
• Symptoms or risk factors related to diabetes
• Survey responses (e.g., psychosocial questionnaires)

Data generated from processing your or your child’s biological sample, including:

• Autoantibody results (e.g., GAD65, IA-2, ZnT8)
• Genetic variants and polygenic risk scores
• Laboratory quality-control metrics
• Repeat or confirmatory test results
• De-identified derivative data

Automatically collected data when you use our digital Services:

• IP address
• Device identifiers
• Browser type/version
• Operating system
• Cookie identifiers
• Log data and usage analytics
• Pages visited, links clicked, and interaction heatmaps

Information you share when you contact us:

• Emails and support requests
• Feedback or survey responses
• Information provided during troubleshooting

We collect information through:

• Direct submissions (account creation, surveys, consent forms)
• Sample kits returned to our partner laboratories
• Device-based tracking technologies (cookies, pixels, local storage)
• Customer support interactions
• Telehealth partners (if applicable)
• Third-party analytics tools (e.g., Google Analytics)

We do not sell Personal Information for advertising, nor do we share biological or genetic data with advertisers.

We use your information to:

• Process biological samples
• Generate risk scores and screening results
• Provide secure access to your results
• Enhance platform functionality and user experience
• Conduct quality assurance and laboratory validation

• Notify you when your kit is shipped or your results are ready
• Provide educational content about T1D risk
• Respond to questions or technical issues
• Send updates about our programs (optional marketing preferences)

• Maintain audit trails
• Detect or prevent fraud and abuse
• Meet CLIA, CAP, and state medical record obligations
• Satisfy legal or regulatory requirements

By using the Services, you grant T1D Scout a perpetual, irrevocable, worldwide, royalty-free license to:

• De-identify your data in accordance with HIPAA’s Safe Harbor standard (45 CFR § 164.514)
• Use de-identified data for internal research, algorithm development, quality improvement, statistical analysis
• Publish de-identified aggregate findings in scientific journals
• Share de-identified data with academic and healthcare partners

No identifiable information is ever included in publications or shared datasets without your explicit, additional consent.

We share Personal Information necessary to:

• Identify your sample
• Conduct autoantibody testing
• Perform genetic analysis
• Deliver accurate results

All partner labs are CLIA-certified and CAP-accredited.

We use service providers for:

• Shipping and logistics
• Payment processing
• Cloud hosting and data storage
• Electronic signature and e-consent
• Customer communication

These vendors may access Personal Information only to perform services on our behalf and are contractually required to protect it.

We may share de-identified data with:

• Academic research institutions
• Public health databases (e.g., ClinVar)
• Scientific collaborators
• Foundations and disease registries

No identifiable data will be shared without explicit consent.

We may disclose information when required to:

• Comply with applicable law or regulations
• Respond to valid legal requests (subpoena, court order)
• Protect the rights, safety, or property of T1D Scout or users

We will notify you of such disclosures unless prohibited by law.

If T1D Scout undergoes a merger, acquisition, asset sale, or corporate reorganization, anonymized and identifiable information may be transferred as part of that transaction. You will be notified of material changes to data handling practices.

Although T1D Scout is not always a HIPAA “Covered Entity,” we voluntarily operate using HIPAA-equivalent safeguards, including:

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• Role-based access controls
• Regular penetration testing
• Monitoring for unauthorized access
• Vendor HIPAA Business Associate Agreements (BAAs) where applicable

Your Protected Health Information (PHI) is handled with the same rigor as required in medical settings.

We provide Services to minors only with parental or legal guardian consent.

• Parents control the minor’s account and results
• Personal and biological data for minors are handled with enhanced protections
• We do not knowingly collect information directly from children under 13

If you believe we have collected information from a child without parental consent, contact us immediately at info@t1dscout.com.

We use cookies and similar technologies to:

• Keep you logged in
• Improve website performance
• Customize your user experience
• Measure engagement and traffic patterns

You may modify cookie preferences through your browser settings. Disabling cookies may affect the usability of the Services.

Under CLIA and applicable state laws, laboratories must retain clinical data—including your autoantibody results and associated PHI—for at least ten (10) years.
These records cannot be deleted upon request.

If you request account deletion, we will:

• Remove your Personal Information from marketing databases
• Deactivate your user account
• Continue retaining PHI in compliance with legal obligations

Samples may be stored for quality control or research (de-identified). You may request sample destruction, subject to lab capabilities and legal requirements.

Depending on your location, you may have certain rights under CCPA, CPRA, GDPR, or similar laws.

These may include the right to:

• Access the Personal Information we hold about you
  
• Correct inaccurate Personal Information
• Request deletion (with medical record exceptions)
• Opt out of marketing communications
• Request a copy of your de-identified laboratory data
• Restrict certain types of processing
• Withdraw consent for optional research activities

Requests may be submitted to info@t1dscout.com. We will verify your identity before fulfilling requests.

We implement industry-standard security practices to protect your information, including:

• Encrypted data storage
  
• Multi-factor authentication for staff
• Continuous monitoring
• Incident response protocols
• Annual security audits and penetration tests

Our Services are operated in the United States. If you access the Services from outside the U.S., your information may be transferred, processed, or stored in the U.S.
We use appropriate safeguards for international transfers.

We may update this Privacy Policy periodically.
Material changes will be communicated via email or dashboard notification.
Continued use of the Services after changes become effective constitutes acceptance.

If you have questions about this Privacy Policy or your data rights, please contact us:

T1D Scout Screening Service
Email: info@t1dscout.com