Consumer Health Data Privacy Notice

Home/Consumer Health Data Privacy Notice

 

Effective date: December 1st, 2025

This Consumer Health Data Privacy Notice (“Notice”) supplements our general Privacy Policy and applies only to data that may qualify as “Consumer Health Data” under certain U.S. state laws, including Washington’s My Health, My Data Act and Nevada SB 370 (together, “Consumer Health Data Laws”). 

This Notice applies only to individuals covered by those laws. If you have general questions, please review our Privacy Policy.

If there is a conflict between this Notice and our Privacy Policy regarding Consumer Health Data, this Notice controls to the extent required by applicable law.

 


1. Who we are

AMR Labs SA (“Biostarks”, “we”, “us”, “our”) provides wellness-focused at-home biomarker testing and related digital services.

Controller / business contact details:
AMR Labs SA (Biostarks)
Rue des Bosquets 31, 1800 Vevey, Switzerland
Email: hello@biostarks.com


2. What is "Consumer Health Data" at Biostarks

“Consumer Health Data” generally means personal data that identifies you (or can reasonably be linked to you) and relates to your past, present, or future physical or mental health status.

For Biostarks, this may include (depending on what you use):

  • Biomarker test results generated from your sample (e.g., dried blood spot results)

  • Information you provide about diet, lifestyle, symptoms, goals, supplements/medications (if you choose to share them)

  • Orders and kit workflow data that may indicate you sought a health-related service (e.g., kit activation, sample status)

  • Inferences we generate from your inputs or results (e.g., trends over time, wellness insights)

What is not included 

Consumer Health Data does not include de-identified or aggregated data, and this Notice does not apply to information that is excluded from or exempt under applicable Consumer Health Data Laws (such as data regulated by HIPAA, where applicable).


3. How we collect Consumer Health Data

We may collect Consumer Health Data:

  • Directly from you (account creation, kit activation, questionnaires, customer support, messages you send us)

  • From your sample when our lab processes your at-home test

  • Automatically through our websites/apps (device and usage data; cookie-based data where applicable)

  • From connected services only if you choose to connect them (e.g., optional wearable/app integrations, if offered)


4. What we do with Consumer Health Data

We use Consumer Health Data to:

  • Provide the service you requested, including processing your kit, generating your results, displaying reports, and enabling longitudinal tracking

  • Operate our business, including billing, accounting, quality control, internal operations, security, fraud prevention, and legal compliance

  • Provide customer support and respond to your questions

  • Communicate with you, including confirmations, service notices, updates, security alerts, and administrative messages

Where permitted, we may also use data to:

  • Improve our products (e.g., debugging, performance, feature improvement), including using de-identified and/or aggregated information where feasible

  • Conduct optional user research (surveys/interviews) and share updates or offers where you’ve opted in / where permitted by law


5. How and when we share Consumer Health Data

We may share Consumer Health Data in limited circumstances, such as:

A) Service providers (processors)

We may share data with vendors that help us run Biostarks (e.g., cloud hosting, customer support tools, analytics, payment processing, logistics, lab operations). They may access data only to perform services for us and under contractual safeguards.

We may share Consumer Health Data with the following categories of service providers, strictly to perform services on our behalf and subject to contractual safeguards:

  • Laboratory operations partners (e.g., handling of sample processing workflows, quality controls, and results generation support)

  • Sample logistics and fulfillment providers (e.g., kit shipping, returns coordination, and delivery tracking)

  • Payment processors and fraud-prevention providers (e.g., processing payments and helping detect or prevent fraudulent transactions)

  • Cloud hosting and infrastructure providers (e.g., secure data hosting, storage, and compute services)

  • Customer support and communications platforms (e.g., ticketing, chat support, email delivery, and SMS notifications)

  • Analytics, performance, and cookie-related tools (e.g., measuring site/app performance and improving user experience, subject to your cookie preferences where required)

  • Security and monitoring providers (e.g., threat detection, access controls, and audit logging)


We do not permit these service providers to use Consumer Health Data for their own purposes.

B) At your direction / with your consent

If you request or authorize us to share data (for example, exporting results or sharing with a clinician or third-party service), we will do so based on your instruction.

C) Legal, safety, and security

We may disclose information to comply with applicable law, respond to lawful requests, protect rights and safety, or prevent fraud/security incidents. 

D) Corporate transactions

If we undergo a merger, acquisition, financing, reorganization, or sale of assets, data may be disclosed as part of that transaction subject to appropriate protections.

 

“Sale” / “sharing” under Consumer Health Data Laws

Some disclosures may be considered a “sale” or “sharing” under certain Consumer Health Data Laws. We do not sell Consumer Health Data. If a situation ever required consent for “sale” or “sharing” as defined by those laws, we will obtain the required consent, and you may revoke it.


6. Your rights and choices

Depending on where you live and which law applies, you may have rights such as:

  • Right to access / know: confirm whether we collect, share, or sell Consumer Health Data and request access to it. You may request a list of third parties and affiliates with whom we shared CHD, and available contact info, as required by applicable law.

  • Right to delete: request deletion of Consumer Health Data (subject to certain legal exceptions) 

  • Right to withdraw consent: withdraw consent for collection/sharing where consent is the legal basis 

  • Right to correct: request correction of inaccurate data (where applicable)

  • Right to appeal: if we deny your request, you may have the right to appeal that decision 

How to exercise your rights

Email hello@biostarks.com with the subject line: “Consumer Health Data Request” and include:

  • Your full name

  • The email used for your Biostarks account (if any)

  • The right you want to exercise (access / delete / withdraw consent / correction)

  • Any helpful context (order ID, kit ID, approximate dates)

We will take reasonable steps to verify your identity before fulfilling the request.


7. Data security and storage

We maintain technical and organizational safeguards designed to protect Consumer Health Data (e.g., access controls and security monitoring). We use reputable cloud infrastructure providers (including AWS). Where we process or store data outside the U.S., we use safeguards appropriate to the nature of the data and the services provided.


8. Changes to this Notice

We may update this Notice from time to time. If we make material changes, we will post the updated Notice and revise the “Effective date” above.


9. Contact us

Questions or requests: hello@biostarks.com

 

This Privacy Policy is effective as of December 2025 and replaces all previous versions.