Privacy Policy

1. Introduction

MindX Sciences, Inc. ("MindX," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mindxsciences.com, use our services, or interact with our mental health testing platform.

We are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws to protect your protected health information (PHI).

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information for payment processing:

• Name, email address, phone number, and mailing address
• Date of birth and gender
• Healthcare provider information
• Payment and billing information

2.2 Protected Health Information (PHI)

When you use our testing services, we collect:

• Medical history and current medications
• Mental health history and diagnoses
• Prescription forms and test orders
• Test results and biomarker data
• Clinical notes and assessments

2.3 Technical Information

• IP address, browser type, and device information
• Website usage data and analytics
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information for the following purposes:

• Provide Services: Process test orders, generate reports, and deliver results
• Healthcare Operations: Coordinate with healthcare providers and laboratories
• Billing and Payment: Process payments and send invoices
• Communication: Send order confirmations, test results, and support responses
• Compliance: Meet legal and regulatory requirements, including HIPAA
• Improvement: Analyze usage to improve our services and website
• Security: Protect against fraud and unauthorized access

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Healthcare Providers

We share PHI with your prescribing physician or healthcare provider as necessary for treatment.

4.2 Service Providers

We work with trusted third-party service providers who assist us with:

• Laboratory testing and analysis
• Payment processing (QuickBooks, Stripe)
• Cloud hosting and data storage (Amazon Web Services)
• Email delivery and communications

All service providers are required to maintain the confidentiality and security of your information and comply with HIPAA where applicable.

4.3 Legal Requirements

We may disclose information when required by law, court order, or government regulation.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure cloud infrastructure with access controls
• Regular security assessments and vulnerability testing
• Employee training on privacy and security practices
• HIPAA-compliant data handling procedures

6. Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

• Access: Request a copy of your PHI
• Amendment: Request corrections to your PHI
• Accounting: Receive an accounting of disclosures of your PHI
• Restriction: Request restrictions on how we use or disclose your PHI
• Confidential Communication: Request communication through alternative means
• Revocation: Revoke authorization for use of your PHI (with exceptions)

To exercise these rights, please contact us at info@mindxsciences.com.

7. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations. Medical records and test results are retained in accordance with applicable healthcare regulations, typically for a minimum of 7 years.

8. Cookies and Tracking

We use cookies and similar technologies to improve your experience on our website. You can control cookie preferences through your browser settings. Some features may not function properly if cookies are disabled.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children without parental consent.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new effective date. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

13. HIPAA Notice of Privacy Practices

For a complete description of how we use and disclose your protected health information under HIPAA, please request our Notice of Privacy Practices by contacting us at the address above.