“METABOLIC PSYCHIATRY LABS INC.” – WEBSITE PRIVACY POLICY
Effective Date: August 7, 2025
This website privacy policy (“Privacy Policy”) applies to our collection, use, and disclosure of data received or created by your access to and use of certain items provided by us, “Metabolic Psychiatry Labs Inc.,” (referred to here as “Company,” “we,” “us,” or “our”). These items consist of our website at https://www.metabolicpsychiatrylabs.com/ (the “Site”). This Privacy Policy also governs your use of our patient facing application (“Application”).
Your Consent
By accessing or using the Site, you are consenting to our processing of the information described in this Privacy Policy. “Processing,” means using cookies on a computer or mobile device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining, and disclosing information. Information processed by the Site will be transferred, processed, and stored in accordance with United States state and federal law.
What information is collected by the Site and how is it used?
The Site may collect certain information automatically, such as the type of device you use, your device’s unique device ID, the IP address of your device, your operating system, location data if enabled, the type of internet browsers you use, and information about your use of the Site (“Usage Data”). Usage Data will be used by us either individually or in aggregated form to enhance and improve the Site and for other lawful purposes.
The Site may also collect information that you enter into the Site, this may include Personally Identifiable Information (“PII”) such as name, email address, mailing address, telephone number, login credentials, if you create an account, device identifiers, and any other information that can reasonably identify you. If you use the Site for health related services, we may need to collect Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including but not limited to medical history, treatment or diagnostic information, health insurance information, physician or provider names and any identifiable health data you submit to the Site.
Do third parties see and/or have access to information obtained by the Site?
Usage Data may be shared with the third-party service providers who host and support the application on our behalf. These service providers do not have any right to independently use any personal information that we share with them.
PHI may be shared with Business Associates, as defined by HIPAA, as required to provide services to you in accordance with a required Business Associate Agreement. PHI may also be shared with health care providers and health insurance companies for Treatment, Payment or Operations purposes. PHI and PII will only be shared in accordance with applicable law.
We do not sell your PHI or PII. We may disclose it to service providers, to comply with legal obligations to protect rights and safety or with your consent.
What are my opt-out rights?
We only collect the Usage Data that is necessary to provide you with the Site. Because of this, the only way to opt out of us collecting Usage Data is to stop using the Site. You can terminate your user account at any time.
Data retention policy
We retain personal information about you for as long as you use the Site and for a reasonable period after you stop visiting the Site. We use and retain Usage Data, in both individualized and in aggregate form, indefinitely.
If you delete your user account, we are obligated to retain records in accordance with applicable state and federal law. We will only retain your PII and PHI as required by law.
Security
We are concerned about protecting the confidentiality of all information that we interact with in providing the Site. We and our service providers make use of physical, electronic, and procedural safeguards to protect the information that we process and maintain. Although we endeavor to provide security for the information that we process and maintain based on the sensitivity of that information, no security system can prevent all potential security breaches.
In addition to the security safeguards we provide, we urge you to take precautionary measures in maintaining the integrity of your data.
YOUR STATE PRIVACY RIGHTS: TERMS APPLICABLE TO CALIFORNIA, COLORADO, CONNECTICUT, IOWA, MINNESOTA, MONTANA, NEBRASKA, NEW HAMPSHIRE, NEW JERSEY, OREGON, TEXAS, UTAH AND VIRGINIA, RESIDENTS, INCLUDING YOUR CALIFORNIA PRIVACY RIGHTS (“collectively “State Consumer Privacy Laws”). If you believe you have additional rights under your State Consumer Privacy Law, please contact us.
State-Specific Disclosures (Supplemental to HIPAA Privacy Rights). We are committed to protecting the privacy of PII and PHI. To the extent we handle PHI our practices are governed by HIPAA and its implementing regulations. In addition to your rights under HIPAA, residents of certain U.S. states may have additional privacy rights under State Consumer Privacy Laws. Relationship Between State Consumer Privacy Laws and HIPAA. Where information is protected under HIPAA, State Consumer Privacy Laws may not apply. However, if we collect or process PII outside of HIPAA-covered contexts (e.g., via marketing websites, mobile apps, or consumer-facing tools), State Consumer Privacy Laws may apply.
How to Submit a Privacy Request
To exercise your state-specific privacy rights (where applicable), please contact us using the contact information below:
Email: admin@metabolicpsychiatrylabs.com
Mailing Address: Metabolic Psychiatry Labs Inc., 325 Sharon Park Drive, Suite 209, Menlo Park, CA 94025
Right to Know or Access Your personal information
California residents have a right to access any of the following which occurred in the prior 12-month period:
The specific pieces of personal information that we have collected from you;
The categories of personal information we collected from you;
The categories of sources from which the personal information was collected;
The categories of third parties to whom we have disclosed your personal information;
The categories of personal information that we sold or shared for a Business Purpose (as defined under the California Privacy Rights Act) and the categories of third parties to whom it was disclosed for a Business Purpose; and
The business or commercial purpose for collecting, sharing, or selling your personal information.
Colorado, Connecticut, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia residents have the right to confirm whether we are processing your personal data and to access such personal data. Oregon residents may also request a list of third parties to which we disclose personal data.
Right to Deletion
Depending on the state in which you live, you may have a right to request that we delete personal information or personal data we collected from you or the right to request that we delete all personal information or personal data we have collected about you. We will comply with such requests, and direct our service providers to do the same, subject to certain exceptions permitted by applicable law.
Right to Correct Your Information
Depending on the state in which you live, you may have a right to request that we correct your inaccurate personal information or personal data. If you request that we correct inaccurate personal information or personal data about you, we will use commercially reasonable efforts to correct it. If necessary, we may ask that you provide documentation showing that the information we retained is inaccurate.
Right to Data Portability
Depending on the state in which you live, you may request a copy of your personal information or personal data we collected from you or request a copy of all the personal information or personal data we have collected about you in a portable and, to the extent technically feasible, readily usable format.
Who May Exercise Your Rights. You may only make a request to exercise your rights on behalf of yourself. A parent or legal guardian may make a request on behalf of their child. If you are a California, Colorado, Connecticut, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, or Texas resident, a person that you authorize to act on your behalf may make a request related to your personal information. See “Authorized Agents” below for more information.
Verifiable Consumer Request. To verify your request, you must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or personal data, and you must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. To verify your identity, we may ask you to log into your account (if you have an account with us) or provide additional information. Any information you provide will only be used to verify your request. When seeking additional information from you, we may contact you through your account or the contact phone number or email address you provided in your request. If we cannot verify your identity, we may deny your request.
Authorized Agents. Colorado, Connecticut, Montana, Nebraska, New Hampshire, New Jersey, Oregon, and Texas residents may submit a request to opt out through an authorized agent. California residents also have a right to submit requests to exercise any privacy right through an authorized agent. If you choose to use an authorized agent, you must (a) provide signed permission to that authorized agent to submit requests on your behalf, and (b) verify your identity.
We may deny a request from an authorized agent if we do not have proof that they are authorized by you to act on your behalf.
When We Will Respond. We will try to respond to your request within 45 days. If we require additional time, we will inform you of the reason and extension period. Any disclosures we provide to California residents will only cover the 12-month period preceding our receipt of your request. For data portability requests, we will select a format to provide your personal information to you. We may charge a fee to process or respond to your request if it is excessive , repetitive, or manifestly unfounded.
Changes
We may change or update this Privacy Policy from time to time for any reason. We will inform you of any changes to the Privacy Policy before those changes go into effect.
