Privacy Policy
GRN Labs is committed to handling your health and personal data with care. This policy explains what we collect, how we store it, who can access it, and what rights you have.
Data We Collect
Depending on how you use GRN Labs, we may collect the following categories of information:
- Calculator inputs: your responses to the 15 vascular risk factor questions and your calculated vascular age score.
- Lab results: PDF uploads you provide and individual biomarker values you enter. You upload these voluntarily; we do not receive them from any lab directly.
- Check-in data: weekly energy, sleep quality, and symptom responses submitted through your dashboard.
- Blood pressure logs: readings you manually enter into the BP tracking tool.
- Attribution cookies: a cookie named
grn_refis set when you arrive via a URL containing a?ref=parameter. This cookie persists for 30 days and stores only the partner or referral source identifier. It is used solely for attribution tracking at Stripe checkout and is never shared with third parties. - Account information: email address and subscription status.
How We Store Your Data
Account data, dashboard inputs, and health records are stored on US-based servers. Lab results and symptom data are encrypted at rest. Session data such as calculator state may also be stored in your browser's localStorage for the duration of your session.
Third-Party Access
We do not share your personal data with third parties without your explicit consent. There is one important workflow to understand: when you choose to order a lab panel, we provide a direct link to Ulta Lab Tests. That transaction occurs entirely on their platform. We do not receive your lab results from Ulta Lab Tests. You receive them directly, and you choose whether to upload them to your GRN Labs dashboard.
Stripe processes subscription payments. Stripe receives your payment details directly and we do not store card numbers. We receive only subscription status and billing timestamps from Stripe.
Data Retention
Your account data is retained for as long as your subscription is active, plus 90 days following cancellation. This grace period allows you to reactivate your account and recover your data. After 90 days post-cancellation, your personal data is deleted from our systems. Anonymized aggregate data derived from research opt-ins is retained indefinitely for research purposes, as described in our Research Data Use Policy.
Health Data Handling
Lab results, symptom logs, and blood pressure readings are treated as sensitive health data. This data is encrypted at rest, is never sold, and is never used for advertising or marketing profiling of any kind. Access within our systems is restricted to what is necessary to deliver your dashboard experience.
Research Use
Research data use is opt-in only. Anonymized versions of your data may contribute to population-level health research only if you have consented in your dashboard settings. You can review and change your research consent status at any time in Settings. Users who have not opted in have no data included in any research output. See our full Research Data Use Policy for details on anonymization standards, minimum cohort sizes, and how to withdraw consent.
Your Deletion Rights
You may request full deletion of your account and all associated personal data at any time. Send a deletion request to privacy@getrightnutrition.online. We will complete the deletion within 30 days of receiving your request and confirm when it is done.
Cookies
We use a minimal set of cookies. For full details, see our Cookie Policy.
Changes to This Policy
If we make material changes to this policy, we will update the "Last updated" date at the top of this page. Continued use of GRN Labs after a policy update constitutes acceptance of the revised terms.
Contact
For privacy questions or data requests, contact us at privacy@getrightnutrition.online.