Privacy Policy

Last Updated: May 1, 2026

Professional Healthcare Labs, Inc. (“PHL”, “we”, “us”, “our”) operates a clinical diagnostic lab and the website at phl.health (the “Service”). This Privacy Policy explains what information we collect when you use the Service, how we use it, who we share it with, and the choices you have. Our handling of protected health information is also governed by our HIPAA Compliance Policy.

1. Information we collect

1.1 Information you provide

Account information — name, email, phone number, date of birth, sex assigned at birth and shipping address.
Booking information — tests selected, preferred slot, payment method and any notes for the phlebotomist.
Health information — symptoms or pre-test answers you share, plus the lab results generated from the samples we process.
Communications — content of emails, WhatsApp messages, support tickets or phone calls you exchange with our team.

1.2 Information collected automatically

Device, browser and IP address.
Pages visited, referring URLs and basic interaction analytics.
Cookies and similar technologies — see our Cookies Policy for details and how to opt out.

2. How we use your information

Schedule home visits and lab appointments.
Process samples, generate lab reports and deliver them to you securely.
Process payments and apply HSA/FSA reimbursement coding.
Comply with US healthcare regulations (HIPAA, CLIA, CAP) and respond to lawful information requests from public-health authorities.
Improve our Service — diagnostic accuracy, scheduling, support quality.
Send service emails and SMS (booking confirmations, report-ready notices).
Marketing communications — only with your explicit opt-in; you can unsubscribe any time.

3. How we share your information

We never sell your personal or health information. We share data only with:

Healthcare providers you authorise — your physician or any clinician you ask us to send reports to.
Service providers bound by written confidentiality and HIPAA-grade Business Associate Agreements (payment processor Stripe, SMS provider Twilio, email provider, cloud storage AWS).
Regulators and law enforcement when required by valid legal process, court order or to protect human life.
Successor entities in the event of a merger or acquisition — under terms at least as protective as this Policy.

4. Data retention

We retain account and booking data while your account is active. Lab reports and the accompanying chain-of-custody records are retained for seven (7) years after the date of the test, in line with CLIA and Illinois state retention requirements. Marketing-only contact data is deleted within 30 days of unsubscribe.

5. Your rights

Subject to applicable law you have the right to:

Access a copy of the personal information we hold about you.
Correct inaccurate information.
Request deletion (subject to mandatory retention periods for clinical records).
Request a copy of your data in a portable format.
Opt out of marketing communications.
Lodge a complaint with the US Department of Health & Human Services Office for Civil Rights or your state attorney general.

To exercise any of these, email care@phl.health with subject “Privacy request”. We respond within 30 days.

6. Security

All PHI is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is role-based and audited; our infrastructure is hosted in HIPAA-eligible AWS regions in the United States. Despite these measures, no system is 100% secure — see our breach-notification commitments in the HIPAA Compliance Policy.

7. Children’s privacy

The Service is intended for adults aged 18 and over and for parents/guardians booking tests for minors in their care. We do not knowingly collect information from children under 13 directly.

8. International transfers

Your data is stored in the United States. If you access the Service from outside the US you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

9. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, notify registered users by email at least 30 days before they take effect.

10. Contact

Professional Healthcare Labs, Inc.
2220 Hicks Rd, Rolling Meadows, IL 60008, USA
Email: care@phl.health
Phone: +1 (800) 555-0199

1. Information we collect

1.1 Information you provide

Account information — name, email, phone number, date of birth, sex assigned at birth and shipping address.

Booking information — tests selected, preferred slot, payment method and any notes for the phlebotomist.

Health information — symptoms or pre-test answers you share, plus the lab results generated from the samples we process.

Communications — content of emails, WhatsApp messages, support tickets or phone calls you exchange with our team.

1.2 Information collected automatically

Device, browser and IP address.

Pages visited, referring URLs and basic interaction analytics.

Cookies and similar technologies — see our Cookies Policy for details and how to opt out.

2. How we use your information

Schedule home visits and lab appointments.

Process samples, generate lab reports and deliver them to you securely.

Process payments and apply HSA/FSA reimbursement coding.

Comply with US healthcare regulations (HIPAA, CLIA, CAP) and respond to lawful information requests from public-health authorities.

Improve our Service — diagnostic accuracy, scheduling, support quality.

Send service emails and SMS (booking confirmations, report-ready notices).

Marketing communications — only with your explicit opt-in; you can unsubscribe any time.

3. How we share your information

We never sell your personal or health information. We share data only with:

Healthcare providers you authorise — your physician or any clinician you ask us to send reports to.

Service providers bound by written confidentiality and HIPAA-grade Business Associate Agreements (payment processor Stripe, SMS provider Twilio, email provider, cloud storage AWS).

Regulators and law enforcement when required by valid legal process, court order or to protect human life.

Successor entities in the event of a merger or acquisition — under terms at least as protective as this Policy.

4. Data retention

5. Your rights

Subject to applicable law you have the right to:

Access a copy of the personal information we hold about you.

Correct inaccurate information.

Request deletion (subject to mandatory retention periods for clinical records).

Request a copy of your data in a portable format.

Opt out of marketing communications.

Lodge a complaint with the US Department of Health & Human Services Office for Civil Rights or your state attorney general.

To exercise any of these, email care@phl.health with subject “Privacy request”. We respond within 30 days.

6. Security