Introduction

Criystal, Inc. (“we”, “us” or “our”) respects your privacy and we are committed to protecting it through our compliance with this privacy policy (“Privacy Policy”).

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the website criystal.com or use our products, services, or applications (the “Services”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. Your use of the Services is at all times subject to the Terms of Service (https://criystal.com/terms).

This policy applies to information we collect:

• In email, text and other electronic messages between you and our Services.
• When and where available, through mobile and desktop applications developed by us.
• When you interact with our advertising and applications on third party websites and services, if those applications or advertising include links to this policy.
• Via our third party laboratories or physicians.

It does not apply to information collected by:

• us offline or through any other means, including on any other website operated by us or any third party (including our affiliates and subsidiaries); or
• any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Site.

By accessing or using our Services, you agree to this Privacy Policy.

1. INFORMATION WE COLLECT ABOUT YOU

In General. We collect both information that can be used to identify individuals (“Personal Data”) and information related to your health (“Health Data”) from you as described in greater detail below. (“Personal Data ” and “Health Data” are referred to collectively herein as “Your Data”).

We may ask you to provide certain categories of information such as: demographic and personal identifiable information, which is information that identifies you personally, such as your first and last name, age, gender, email address, address, and phone number (“Personal and Demographic ​Data”​ ). In addition, we may ask you about your history of disease, symptoms, information about the medications you are taking (“Health Data) In connection with the Services, we may collect Your Information through your connection and interaction with our Services.

2. INFORMATION COLLECTED VIA TECHNOLOGY

In addition to Your Information and other information that you choose to submit to us via our Services, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect and store certain information whenever you visit or interact with the Services (“Usage Information”).

IP and Device Identifiers​. Our Services automatically collects usage information, such as the number and frequency of visitors to our website and users of our Services. We may also collect device-specific information if you access the via our mobile applications. Device information may include unique device identifier, media access control address, network information, as well as non-personally identifiable usage and traffic data and information about how the device interacts with our Services. This type of data enables us and third parties authorized by us to figure out how often individuals use parts our Services and learn more about our users’ demographics and behaviors, so that we can analyze, operate and improve our Services.

Cookies and Web Beacons​. When you use our Services, we may automatically collect information from your web browser, including your IP address, and may assign your computer or device one or more cookies to facilitate access to our Services and to analyze and personalize your online experience. Cookies may automatically collect information about your online activity, such as the links you click. The code is temporarily downloaded onto your Device from our web server or a third party service provider, is active only while you are connected to the Services, and is deactivated or deleted thereafter. Our Services do not include third party advertisements and we do not use web beacons or cookies to target advertisements. This Policy covers our use of cookies and similar technologies only and does not cover uses by third parties.

3. HOW WE USE THE INFORMATION WE COLLECT

We may use Your Information or Usage Information for various purposes, including:

• to provide you with the Services a​ nd any products that you purchase from us;
• to suggest biomarkers to analyze and to design the test you will take;
• to communicate with you regarding the status of any of your test orders;
• to improve the Services, or our offerings;
• to provide customer support;
• to contact you with regard to your use of the Services and, in our discretion, changes to the Services and/or Services’ policies;
• send you marketing communications about our products and services
• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. ; and
• for other internal purposes in connection with our business or the Services;

4. DISCLOSURE TO THIRD PARTIES

We do not share your Personal Data with any third parties without your consent, except with entities with whom we have contracted to perform functions integral to our operations and our Services, such as processing payments, performing analytics, handling email, etc., and only to the extent required in order for such entity to provide such services. In no event will we sell your Personal Data to any third party for marketing, advertising, or other purposes.

Agents.​ We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you, such as, for example, our extended warranty service providers, payment processor or hosting provider for our Services. Unless we explicitly inform you in advance, including as set forth in this Policy, our agents do not have the right to use Personal Data we share with them beyond what is necessary to assist us.

Financial Information.​ We may provide your personal information to a third-party payment processor, such as Stripe, to assist us in processing your payments. Unless we tell you differently, our service providers do not have any right to use the information we share with them beyond what is necessary to assist us. We may provide these vendors with access to user information, including Device Identifiers, only as necessary to carry out the services they are performing for you or for us. Third-party analytics and other service providers may set and access their own Tracking Technologies on your Device and they may otherwise collect or have access to information about you, potentially including Your Information. We are not responsible for those third party technologies or activities arising out of them. However, some may offer you certain choices regarding their practices, and if we receive information from such parties regarding how you can opt-out or customize their use of information about you, we will make that information available on our website. We are not responsible for the effectiveness of or compliance with any third parties’ opt-out options.

When You Request Information From or Provide Information to Third Parties.​ You may be presented with an option on our Services to receive certain information directly from third parties or to have us send certain information to third parties or give them access to it. If you choose to do so, Your Data and other information may be disclosed to such third parties and all information you disclose will be subject to the third-party privacy policies and practices of such third parties.

Other Situations. W​e may also disclose your information:

• In response to a subpoena or similar investigative demand, court order, or request for cooperation from law enforcement or other government agencies; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
• In connection with a corporate transaction, such as the sale of our business or offering of securities, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy. In any of these cases user information, including Personal Data, could be one of the assets transferred to or acquired or accessed by a third party.
• We may access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with any law or order as described above, to enforce or apply the Agreement, or to protect the rights, property, or safety of Criystal, our employees, our users, or others.

5. YOUR CHOICES REGARDING YOUR INFORMATION

You may choose to delete your account by sending a request to legal@criystal.com. When deleting an account, we remove all personally identifiable information from your account within thirty (30) days of our receipt of your request. Our third party laboratories and physicians may also retain Your Data as required by local law and we may retain backup copies for a limited period of time pursuant to our data protection policies. In addition, we retain limited amounts of your Personal and Demographic Data related to your order history (e.g., name, contact, and transaction data) as long as your account is active or as needed to provide you Services, as well as for accounting, audit and compliance purposes.

Opt Outs.​ If you have provided us with your email address and you would like to stop receiving marketing emails about Criystal from us, click on the unsubscribe link at the bottom of any of our email communications. It may take up to 72 hours to process your unsubscribe requests. Please note that even if you opt out of receiving marketing communications from us, we may contact you for non-marketing reasons related to our Services, such as for password recovery purposes or service calls that you have requested.

6. HOW WE PROTECT YOUR PERSONAL INFORMATION

We take legally mandated and commercially reasonable security measures (including physical, electronic and procedural measures) to help safeguard Personal Data from unauthorized access and disclosure. For example, only authorized employees are permitted to access Personal Data, and they may do so only for permitted business functions. In addition, we use encryption in the transmission of Personal Data between your system and ours in addition to the storage of this information, and we use firewalls to help prevent unauthorized persons from gaining access to personal information. Your account is also protected by a password for your privacy and security and you must prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately, limiting access to our Services to only individuals authorized to do so (i.e., members of your household), and by signing off after you have finished accessing your account. Please keep in mind, however, that no method of storage or transmission over the Internet is completely secure, so your use of our Services and provision of information to us is at your own risk.

7. CHANGES TO THIS POLICY

This policy may change from time to time and will be posted at https://www.criystal.com/privacy-policy. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Contact Us

If you have any questions about this Policy or our information handling practices, please contact us by email at legal@criystal.com