Meta Pixel

Generation Lab Privacy Policy

Version: GL-Primary — Last Revised: April 2026

Download

1. Introduction

Generation Lab Inc. (“Generation Lab,” “we,” “us,” or “our”) provides at-home specimen collection, testing services, epigenetic aging reports, and a digital health portal to individuals and business clients. This Privacy Policy describes how we collect, use, share, and protect personal information of:

  • Test-takers who use our kits and services
  • Portal users who store reports, book appointments, or conduct telehealth consultations
  • Clients who contract with us for testing programs
  • Visitors to our websites, apps, and digital platforms

This Privacy Policy applies to users in the United States and Canada. By using our services or registering a test kit, you agree to the practices described in this policy.

We are not a healthcare provider and do not establish a doctor-patient relationship through our services. Testing logistics and fulfillment are provided by Spot Health Inc. as a contracted service provider to Generation Lab. If a healthcare provider conducts an appointment through our Portal, they have their own independent privacy and confidentiality obligations.

2. Information We Collect

A. From Test-Takers

  • Identifiers: name, date of birth, email address, phone number, shipping address
  • Health and medical information: answers to health intake questions, test type and results, symptoms, medications, and other data you provide
  • Biological samples: blood, urine, or other specimens collected through kits
  • Communications: messages you send us or support inquiries
  • Technical information: IP address, device type, browser, cookies, and analytics data

B. From Portal Users

  • Report data: stored reports, historical results, and related annotations
  • Appointment and consultation data: booking history, provider selections, and consultation records to the extent maintained on the Platform
  • Communications: messages between you and providers or Generation Lab support conducted through the Portal

C. From Clients

  • Business contact information: name, title, business email, phone number
  • Client Data: employee or member data submitted to Generation Lab under a Master Services Agreement (MSA)

D. From Website Visitors

  • Device and browsing data: IP address, browser type, device ID, access time
  • Cookies and tracking technologies: see Section 9 below

3. How We Use Your Information

We use the information described above for the following purposes:

  • To provide services: processing test kit orders, enabling registration, analyzing samples, delivering Results and Reports, and providing customer support
  • To facilitate medical oversight: sharing data with ordering physicians or clinicians as required by law or your test program
  • To operate the Portal: enabling report storage, appointment booking, and telehealth consultations
  • To fulfill legal and regulatory obligations: including public health reporting of notifiable conditions, recordkeeping, and responding to lawful requests
  • To communicate with you: about your test, Report, Portal activity, support inquiries, marketing (if opted in), and account updates
  • To personalize and improve our services: using de-identified data to understand usage patterns, improve testing accuracy, and develop new features
  • To conduct research: if you opt in via a separate Research Consent, we may use your de-identified data for health-related or product research
  • To protect against fraud and misuse: and to maintain platform integrity and security

We do not sell personal information.

4. How We Share Information

We may share personal information in the following limited circumstances:

  • With Spot Health Inc., our contracted testing logistics and fulfillment provider, under binding confidentiality agreements
  • With CLIA-certified laboratories that analyze your samples
  • With ordering physicians or healthcare professionals, if required by law or as part of your test program
  • With licensed providers you select through the Portal, limited to information necessary for your consultation
  • With clients who sponsor or fund your test, if you provide consent
  • With service providers who perform functions on our behalf (e.g., shipping, IT, analytics) under binding confidentiality agreements
  • With research partners, only if you opt in and only in de-identified or aggregated form
  • With public health authorities as required by law
  • With regulators, courts, or law enforcement, when we believe disclosure is legally required or necessary to protect rights, safety, or property
  • With acquirers in connection with a merger, sale, or other business transaction, with continued protections for your information
  • With your consent, in cases not otherwise listed above

We never disclose your identifiable health information to advertisers or data brokers.

5. Your Rights and Choices

A. U.S. Residents

Depending on your state, you may have rights to:

  • Access or request a copy of your personal information
  • Correct inaccuracies
  • Delete your data (with exceptions for legal obligations)
  • Opt out of marketing communications
  • Opt out of the sale or sharing of your personal information (Generation Lab does not sell your information)

B. Canadian Residents

Under PIPEDA and similar provincial laws, you may:

  • Access and correct your personal information
  • Withdraw consent to data collection and usage (subject to exceptions)
  • Inquire about how we handle your data or file a complaint

To exercise your rights, contact us at privacy@generationlab.com.

6. Research Use

We will only use your information for research purposes if you have explicitly consented via our Research Consent process. If you opt in:

  • Only de-identified data will be used
  • We may collaborate with non-profit organizations, pharmaceutical companies, or academic institutions
  • Participation is voluntary and can be withdrawn at any time
  • Research data already used in aggregate cannot be retrieved after withdrawal

Declining research consent will not affect your ability to use Generation Lab’s services.

7. Data Retention

We retain personal information only as long as necessary:

  • To provide you with services
  • To meet legal, regulatory, and contractual requirements (e.g., CLIA, HIPAA, PIPEDA)
  • To protect our rights or resolve disputes

De-identified data may be retained indefinitely for research, analytics, or service improvement.

You may request deletion of your account and associated data, subject to retention obligations, by contacting us at privacy@generationlab.com.

8. Data Security

We use technical, physical, and administrative safeguards to protect your data, including:

  • Encryption of sensitive data in transit and at rest
  • Access controls and authentication protocols
  • Staff training and confidentiality agreements

Despite our efforts, no system is completely secure. If we identify a data breach that affects your personal health information, we will notify you and appropriate authorities as required by law.

9. Cookies and Tracking Technologies

We use cookies and similar tools for:

  • Site performance and analytics
  • User preferences and session management
  • Marketing and email effectiveness

You may control cookies through browser settings or by adjusting preferences through our cookie banner. We do not use cookies to collect or share health information with third-party advertisers.

10. Cross-Border Data Transfers

Generation Lab is based in the United States. If you are in Canada, your data will be transferred to and stored in the U.S. and may be subject to U.S. laws. We implement safeguards to protect your data in accordance with Canadian privacy standards.

11. Children’s Privacy

Our services are not intended for children under 13 (U.S.) or under 16 (Canada), and we do not knowingly collect personal information from children without verifiable parental consent.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via our website or by email. Your continued use of our services after such changes means you accept the updated policy.

13. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices:

Generation Lab Inc.

Email: privacy@generationlab.com

If you are in Canada, you may also contact the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/.

This Privacy Policy is intended to comply with all applicable U.S. state privacy laws, HIPAA, and Canada’s PIPEDA.