Privacy Policy

1. Changes to this Privacy Policy and Notices

We can update this Privacy Policy at any time. If we materially change how we handle your data, we’ll either ask you to accept the new version or we’ll notify you through reasonable channels (email, in-app, SMS, or notices inside the Platform). Your continued use of the Services after changes means you accept the updated Privacy Policy. It’s on you to review this Privacy Policy from time to time. We will not retroactively reduce your privacy rights unless we’re legally required to.

2. Information We Collect

The data we collect depends on how you interact with us, what features you use, and what you choose to connect.

(a) Personal Information you give us

Examples include:

• Name, email, phone number, mailing address
• Demographics (age, sex, etc.)
• Payment / billing info (handled by our payment partners)
• Messages you send us (email, SMS, chat)
• Connected account info (for example, if you link social, lab portals, or other platforms)

(b) Health / biometric / lab information

With your permission, we may collect what this Privacy Policy calls Healthcare Information, such as:

• Lab results, bloodwork, imaging, and similar diagnostic data
• Historical conditions, symptoms, medications, or prescriptions relevant to eligibility for certain services
• Biometrics and physiological data (like HRV, resting heart rate, sleep staging, recovery, strain, readiness, temperature trends, etc.) from hardware and wearable integrations you choose to connect — including devices like WHOOP and Oura
• Prior clinical notes or care history that you share or that an affiliated provider shares with us to deliver services to you

We collect this only if you actively connect it or provide it.

(c) Automatically collected / technical data

When you use the Services we also receive:

• Device and browser info (IP address, OS, device identifiers)
• Usage activity (pages viewed, actions taken, session length)
• Cookie data, analytics events, crash/diagnostic logs
• Approximate location (for example city/state/country inferred from IP, or location you tell us)

(d) Inferences

We may generate internal inferences about likely preferences, engagement patterns, or general wellness trends (for example, estimating your general location from IP, or using your historical lab patterns to suggest retesting windows). We refer to everything above collectively as “Personal Information.” In this Policy, when we specifically mean health-related data, we call it “Healthcare Information.” You can decline to share certain data, use browser/device controls to limit certain collection, or disconnect an integration. If you block necessary data, some features may not work.

3. Company Information

Planck is a technology company, not a medical practice. We may introduce you to independent clinicians, labs, pharmacies, imaging partners, and other licensed professionals (“Affiliated Providers”). Some of those parties are regulated under healthcare privacy law (for example HIPAA in the U.S. or equivalent requirements in other regions), and they have their own Notice of Privacy Practices.

When an Affiliated Provider shares Healthcare Information with us so we can support them in delivering services to you (for example: storing records, logistics, messaging, follow-up coordination), we handle that information under the applicable privacy laws and contractual obligations that apply to that provider. We do not use that Healthcare Information for unrelated purposes without proper legal basis or consent.

4. How We Use Personal Information

We use Personal Information (including Healthcare Information, when permitted) to:

• Provide the Services you requested (dashboards, insights, appointments, follow-up, summaries)
• Determine eligibility or availability of certain services in your location (for example, lab draws or prescription workflows may be limited by region or medical rules)
• Operate, maintain, and improve the Platform, including building new features and training internal quality systems
• Communicate with you about your account, billing, and changes to terms, policies, or product features
• Coordinate with Affiliated Providers or partner labs/pharmacies when you ask us to
• Comply with legal or regulatory obligations (for example, responding to lawful requests from authorities)
• Protect our rights, safety, property, users, or the public
• Detect, investigate, and prevent fraud, abuse, or security incidents
• Conduct research, testing, analytics, product development, and performance tracking
• Send marketing, product updates, promotions, and educational content (you can opt out of marketing any time)

We may de-identify data (remove personal identifiers so it no longer reasonably identifies you) and use or disclose that de-identified data for any business or research purpose allowed by law.

5. Cookies, Pixels, and Similar Tech

We (and our analytics/measurement partners) use cookies, local storage, mobile advertising IDs, web beacons, log files, and similar tools (“data collection tools”) to:

• Keep you logged in
• Remember preferences
• Measure performance
• Understand feature usage
• Fight fraud / abuse
• Deliver or measure marketing and interest-based messaging
• Improve user experience and product quality over time

Most browsers and mobile devices let you block or delete cookies/IDs.

Blocking certain cookies or IDs may limit parts of the Services. We currently do not respond to browser “Do Not Track” signals. If that changes, we’ll update this Privacy Policy.

6. AI Features

Some parts of the Services may use AI systems (for example: automated Q&A, summarizing your data, surfacing non-clinical recommendations). These features are evaluated for quality and fairness, and we may review interactions to improve safety and performance. We do not allow AI alone to make legally significant decisions about you without human review.

7. Text Messaging

By using the Services, you consent to receive SMS/text messages from Planck and certain partners, including service updates, logistics, reminders, and limited promotions. Standard carrier rates apply. Message frequency may vary. You can opt out by replying STOP, and we’ll confirm and stop non-required texts. If you’re concerned about sensitive info in text/email, contact us at support@planck.health.

8. Marketing / Analytics / Opt-Out

We may use analytics and advertising tools to understand how users interact with Planck, improve the product, and present relevant content. You can often opt out or limit tracking via those platforms’ own privacy/opt-out settings, industry tools, and/or device settings. You can also tell us directly that you don’t want marketing emails or promotional texts. We’ll still send transactional messages that are required to deliver Services you’re actively using (for example, “your lab kit shipped”).

9. When We Share Personal Information

We do not sell your Personal Information. We also don’t “share” it for cross-context behavioral advertising except as described in this Policy.

We may disclose Personal Information to:

• Affiliated Providers you choose to work with (clinicians, labs, pharmacies, imaging centers)
• Our subsidiaries/affiliates under common control
• Approved vendors and infrastructure partners who help us run the business (hosting, analytics, email/SMS delivery, diagnostic logistics, payment processing, etc.)
• Legal/government authorities when required by law, valid legal process, or to protect safety and rights
• Marketing / analytics partners, but only in ways that comply with applicable law
• A buyer, investor, or successor entity in connection with a merger, acquisition, restructuring, financing, or similar corporate transaction

We may also share aggregated or de-identified data that cannot reasonably identify you.

10. Your Rights

You can access, review, correct, or update certain account details directly in the app / dashboard. You can also email us at support@planck.health if you want to:

• Confirm whether we’re processing your Personal Information
• Access a copy
• Fix inaccuracies
• Request deletion (where legally allowed)
• Ask for a portable copy in a reasonable, machine-readable format
• Ask for a list of categories of third parties we’ve shared Personal Information with
• Object to certain uses (like marketing) or withdraw consent where consent is our legal basis

Some regions, including certain U.S. states, give residents specific rights to know, delete, opt out of targeted ads / sale / profiling, limit sensitive data use, or avoid discrimination for exercising those rights. We honor those rights as required by law.

Users in the UK and EU-style jurisdictions generally have rights to access, correct, delete, restrict processing, object to processing, and request portability of Personal Information, and also have the right to lodge a complaint with a data protection authority.

Users in India have rights under India’s data protection framework, including access, correction, and grievance redress. We will make reasonable efforts to honor requests consistent with applicable law in your region.

To exercise any of these rights, email support@planck.health. We may need to verify you control the email tied to the account. We aim to respond within the response windows required by applicable law. We may ask you to verify identity (for example, by contacting us from the email on file or confirming limited account details). You may also authorize someone to act for you if you give them proper written authority, and we can request proof of that authority.

11. Children / Minimum Age

The Services are designed for adults. Individuals under 18 (“Minors”) are not allowed to create accounts or send us Personal Information. We do not knowingly collect data from Minors. If you believe a Minor has provided data, contact support@planck.health and we will remove it.

12. How We Protect Personal Information

We use technical, administrative, and physical safeguards aligned with industry standards to protect against unauthorized access, accidental loss, alteration, or disclosure of Personal Information. These protections scale with the sensitivity of the data (for example, Healthcare Information is treated with stricter controls).

You’re responsible for keeping your login credentials secure. If you believe your account security is compromised, tell us immediately at support@planck.health.

If there’s a breach of security, we will investigate, take steps to remediate, comply with applicable breach-notification laws, and follow any required reporting or cooperation obligations.

13. Data Retention

We keep Personal Information as long as needed for business operations, to deliver the Services, to comply with legal obligations, to resolve disputes, to prevent fraud, and to enforce agreements. After that, we dispose of it consistent with our retention and deletion policies and applicable law. Affiliated Providers may have their own retention rules.

14. Links and Third Parties

The Services may link out to websites, apps, labs, pharmacies, wearable/device companies, or other services we don’t control (“Third-Party Services”). Their privacy practices are their own. Planck is not responsible for their data handling, security, retention, or compliance. Personal Information collected directly by those independent providers (for example, a clinician or lab you choose to work with) is governed by that provider’s own notice.

15. International Data Transfer

Planck is based in the United States, and we may store and process data in the U.S. and in other countries where we or our vendors operate (including the U.K., EU, or India). By using the Services, you understand your data may move across borders to jurisdictions whose data protection laws may differ from the laws where you live. We apply safeguards required by applicable law when we transfer data internationally.

16. Opting Out of Marketing

You can opt out of marketing emails (email support@planck.health). We may still send you non-marketing messages needed to run your account or deliver services you requested (for example, “your results are ready”).

17. Contact Us

Questions about this Privacy Policy, your data, or your rights?

Email: support@planck.health