Privacy Policy
Read how LabPreCheck collects, uses, shares, and protects information for public visitors, practices, and labs.
Scope And Relationship To Other Documents
This policy applies to both practices and labs and works together with the Terms and BAA.
This Privacy Policy applies to LabPreCheck, a practice-to-lab workflow service operated by Nunuworks, Inc. It applies to public visitors, practice customers, lab customers, and authorized users of LabPreCheck workspaces.
This Privacy Policy works alongside the LabPreCheck Terms of Service. For HIPAA-regulated use, the incorporated Business Associate Addendum also applies. This Privacy Policy explains how information is handled; it does not replace the Terms or the BAA.
Depending on context, LabPreCheck may act as a controller for public-site, account, billing, support, security, and direct customer-relationship information, and as a processor, service provider, or business associate for workflow information handled on behalf of customer organizations.
Information We Collect
LabPreCheck collects different categories of information for public access, account access, and live workflow operations.
LabPreCheck collects information directly from users, from customer organizations, and through the ordinary operation of the service. The exact information depends on whether the person is browsing the public site, operating a practice workspace, or operating a lab workspace.
For both practices and labs, we collect only the information reasonably needed to operate the service, support customer relationships, meet legal obligations, and protect the platform.
Public-site and inquiry information such as contact-form submissions, demo requests, attribution data, and basic technical details.
Account and workspace information such as names, email addresses, membership records, organization details, and setup data.
Workflow information such as case records, uploads, activity, status history, notes, case-related communications, and operational records needed to provide the service.
Billing and transaction information such as subscription status, invoices, payment-provider references, pricing-band data, and tax-related records needed to operate practice billing.
Security, audit, and compliance information such as access logs, account-recovery signals, legal-acceptance records, and support history.
Automatic Collection, Cookies, And Analytics
LabPreCheck automatically collects technical and site-usage information needed to run, secure, and improve the service.
Like most online services, LabPreCheck collects certain information automatically when users visit the public site or use the service. This information helps us operate the site, protect the platform, measure public-site and onboarding performance, and troubleshoot service issues.
Automatic collection does not change the rule that sensitive workflow content belongs inside the authenticated product and not inside public marketing or support channels.
LabPreCheck may use cookies, local browser storage, and similar technologies for session continuity, invite persistence, authentication hints, attribution, and limited analytics. Most browsers let users block or delete cookies, but some site features may not work correctly if those tools are disabled.
LabPreCheck does not currently respond to browser `Do Not Track` settings or similar browser-based signals in a uniform technical way across the service unless and until a specific legal requirement or product implementation says otherwise.
Browser, device, log, and network information used to operate, secure, and improve the service.
Cookie, analytics, attribution, and session information used for public-site performance and onboarding measurement.
Approximate location or regional information derived from technical signals where needed for site behavior, pricing preview, fraud prevention, or compliance support.
Information We Receive From Third Parties
Some information comes from sign-in providers, payment providers, workspace admins, and other service partners rather than directly from the user.
LabPreCheck may receive information about users and organizations from third parties where that information is needed to operate the service or support a customer relationship. Examples include identity details returned by sign-in providers, billing-state updates returned by payment providers, and organization details entered by workspace administrators.
LabPreCheck treats third-party information according to the same service, security, and contractual boundaries that apply to comparable information collected directly.
Authentication providers and sign-in partners that confirm identity and basic account details.
Payment providers that return billing, invoice, payment-method, and subscription-status records needed to run practice billing.
Customer organizations, workspace admins, and invite flows that supply organization, membership, or onboarding details.
Service providers and publicly available sources that help with security, fraud prevention, support routing, mapping, or lawful business administration.
How We Use Information
Information is used to provide the service, support customers, protect the platform, and meet legal obligations.
We use information to operate the service for both practice and lab customers, respond to public inquiries, support onboarding, manage billing, protect the platform, and improve the product.
Where HIPAA-regulated use applies, LabPreCheck handles PHI in accordance with the Terms, the incorporated Business Associate Addendum, this Privacy Policy, and applicable law.
Provide, maintain, secure, and improve the LabPreCheck service.
Operate practice and lab workspaces, case workflows, onboarding, notifications, and customer support.
Process subscriptions, enforce service rules, prevent abuse, and comply with law.
Measure public-site and onboarding activity using PHI-safe operational and analytics controls.
Maintain audit history, investigate incidents, enforce account boundaries, and protect the platform, users, and customer organizations.
Data Retention
Retention depends on service function, legal obligations, billing state, and security or audit needs.
LabPreCheck retains information according to the service’s architecture, legal obligations, operational needs, billing state, and deletion rules. Not every category of information is retained for the same period, and retention may differ for public inquiries, product accounts, billing records, audit history, and live workflow data.
When a customer requests deletion or when the service relationship ends, LabPreCheck will handle retained data according to applicable law, the Terms, the BAA where applicable, security requirements, and lawful business needs. Some information may need to be retained even after account closure or workspace shutdown for billing, legal, audit, fraud-prevention, or security reasons.
Retention periods vary by data category, customer relationship, security need, legal obligation, and product workflow.
Billing, tax, security, audit, and legal records may need to be retained longer than ordinary session or public-inquiry data.
Inactive canceled or unresolved non-paying practice data may be scheduled for deletion under the current service retention rules, including the current `30-day` post-trigger window where applicable.
Security Practices
Security controls are layered according to the sensitivity of the information and the role the service is performing.
LabPreCheck uses administrative, technical, and organizational safeguards designed to protect customer and user information according to the nature of the data and the service function involved. Those safeguards include authenticated access controls, workspace boundaries, protected transport, restricted public routes, and service-provider controls.
No system can promise absolute security. For a broader overview of the security posture that supports LabPreCheck, see Security.
Role-based access boundaries for practice and lab workspaces.
Safeguards designed to protect sensitive data, including PHI where applicable.
Monitoring, logging, incident-response, and provider-management controls appropriate to the service.
Privacy Rights And Choices
Privacy requests are supported, but they remain subject to lawful and operational limits.
LabPreCheck will handle reasonable privacy-related requests in accordance with applicable law and the nature of the information involved. Some information must be retained for security, billing, legal, or audit reasons, even when a request is made.
Privacy-related requests should be sent through Contact so they can be routed and verified appropriately. When writing in, users should identify the relevant workspace, organization, role, and request type so the request can be handled accurately.
Customers may request access, correction, deletion, or other support where applicable law provides those rights.
Depending on applicable law and the processing role involved, rights may include access, correction, deletion, restriction, objection, portability, or withdrawal of consent.
Some requests may be limited by security, legal, contractual, audit, clinical-workflow, or operational constraints.
Users may also manage certain account or organization details directly inside the product where those controls are available.
Verification And Authorized Agent Requests
Privacy requests may require identity and authority checks before LabPreCheck will act on them.
LabPreCheck takes request verification seriously because the service may contain sensitive account, workflow, billing, and health-related information. Verification steps may differ depending on the relationship between the requester and the information involved.
LabPreCheck may request information reasonably necessary to verify identity, authority, and the scope of the request before acting.
Where applicable law allows representative requests, LabPreCheck may require proof that an authorized agent is permitted to act for the requesting person or organization.
LabPreCheck may deny or limit a request that cannot be verified or that would compromise another person’s privacy, security, or legal rights.
International Processing And Transfers
Information may be processed across more than one jurisdiction where the service and its providers operate.
LabPreCheck may process information in the jurisdictions where it or its service providers operate, subject to the legal, contractual, and security protections that apply to the service. By using LabPreCheck, users understand that information may be processed in more than one jurisdiction where lawful and operationally necessary.
Information may be processed in Canada, the United States, and other jurisdictions where LabPreCheck or its service providers operate.
Where applicable law requires transfer safeguards, LabPreCheck relies on contractual, organizational, and technical protections appropriate to the transfer.
Users may request more information about the transfer posture applicable to their information where law gives them that right.
EEA, UK, And Similar Regional Disclosures
Regional privacy rights can depend on both local law and the role LabPreCheck is playing for the information involved.
For users in the European Economic Area, the United Kingdom, and similar jurisdictions, LabPreCheck aims to provide the transparency and request handling required by applicable privacy law. The exact rights and legal posture may differ depending on whether LabPreCheck is acting for itself or on behalf of a customer organization.
Where LabPreCheck acts as a controller for public-site, account, billing, support, or security information, the legal bases for processing may include contract performance, legitimate interests, legal obligations, and consent where applicable.
Where LabPreCheck acts as a processor, service provider, or business associate for customer workflow information, the governing customer relationship, customer instructions, and applicable law shape how that information is handled.
Subject to applicable law, users may have rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority.
California Privacy Disclosures
California users receive a public privacy notice plus request and non-discrimination information where applicable law requires it.
This page is intended to serve as LabPreCheck’s online privacy-policy notice for California privacy purposes, including the California Online Privacy Protection Act. It describes the categories of information LabPreCheck collects, the ways that information may be used or disclosed, how material changes are posted, and how users can submit requests or update certain account information.
LabPreCheck does not currently respond to browser `Do Not Track` settings or similar browser-based signals in a uniform technical way across the service unless a specific legal requirement or product implementation says otherwise.
California residents may have rights to know about categories, sources, purposes, and disclosures of personal information, and to request access, correction, deletion, or a portable copy where applicable.
Where California law applies, users may also have the right to use an authorized agent and to receive equal service and pricing even if they exercise privacy rights.
LabPreCheck does not sell personal information in the ordinary course of operating the service.
Children
LabPreCheck is intended for adult workforce use rather than children.
LabPreCheck is intended for workforce users of practices and labs. It is not directed to children and is not intended for direct use by minors.
If LabPreCheck becomes aware that personal information was submitted directly by a child in a way not intended by the service, LabPreCheck may take steps to remove that information or restrict the related account or submission path as appropriate.
Changes To This Policy
Updated policies will be posted here and should be read together with the rest of the legal package.
We may update this Privacy Policy from time to time. When we do, we will update the date on this page and apply the revised policy to future use of the service as allowed by law and by the Terms.
If a change materially affects rights or obligations, LabPreCheck may provide additional notice through the service, by email, or by another appropriate customer-communication path where appropriate or required by law.
For the broader customer agreement, see Terms. For HIPAA-regulated use, see the Business Associate Addendum and HIPAA.
Contact
Use the contact path for privacy questions, requests, and legal review support.
Privacy, legal, and data-handling questions should be sent through Contact. That path is also the standard route for privacy requests, procurement review, and questions about the current legal package.