Privacy Policy

KEYSPAN PRIVACY POLICY

Effective Date: May 1, 2026

This Privacy Policy describes how Keyspan, Inc. (“Keyspan,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you interact with our website, mobile application, and services. It also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.

Keyspan is a precision wellness company. Our services include at-home biomarker testing, a microplastics blood test, personalized supplements, human health coaching, and an in-app artificial intelligence (“AI”) health coach called Kai. Because some of our services involve sensitive health information, parts of this Privacy Policy address how we handle Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”) and how we work with third-party AI service providers.

Information We Collect

We collect information about you in a variety of ways depending on how you interact with us and our website, mobile application, products, and services, including:

Directly from you when you provide it to us, such as when you register for an account, sign up to receive communications, place an order or subscribe to our services, submit a blood sample for testing, interact with our human or AI health coaches, connect a wearable device or Apple Health, or contact us by phone, email, or otherwise.
Automatically through the use of cookies, server logs, and other similar technologies when you interact with our website, mobile application, advertisements, and emails.
From other sources, including our affiliates, business partners, and service providers (such as Junction (formerly Vital), Quest Diagnostics, Bioreference Laboratories, Mobile Phlebotomy, GetLabs, Plastictox, OK Capsule, Apple Health/HealthKit, and connected wearable devices) that facilitate or conduct biomarker, microplastics, and related testing or provide health and fitness data, or from publicly available sources. For example, if you submit a job application we may conduct a background check.

The following table provides examples of the types of information we collect in different contexts and how we use it.

Context	Types of Information	Primary Purpose for Collection and Use
Account Registration	We collect your name and contact information when you create an account. We also collect information relating to the actions that you perform while logged into your account.	We collect this information to provide account-related functionality. Accounts can be used for easy checkout and to save your preferences, transaction and subscription history, test results, and customized supplement and nutrition recommendations.
Blood Sample Information	We collect your blood sample, which you submit using our blood sample kits.	We collect this information for testing, for analysis, and to develop tailored diet, exercise, supplement, and lifestyle plans for our users.
Health Information	We collect information concerning your health, fitness, overall wellbeing, and self-reported medical and lifestyle history.	We collect this information so we can better understand your physiology, develop tailored diet, exercise, supplement, and lifestyle plans for you, and so our AI health coach (Kai) and human coaches can provide context-aware wellness guidance.
Wearable, Apple Health, and Connected Device Data	When you connect a wearable device, Apple Health (HealthKit), or another connected health source, we collect health and activity data that you authorize us to access. Depending on the data types you permit and the device you use, this may include heart rate, heart rate variability, sleep, steps, active energy, workouts, body measurements, and similar metrics.	We use this data to generate personalized wellness insights, inform coaching recommendations, send proactive notifications from Kai, and provide context to your human health coach. Apple Health data is governed by the permissions you grant in iOS Settings, is processed in accordance with Apple’s requirements, and is never used for advertising or sold.
Vendor Information	We may collect information about the employees of companies with whom we do business, including name, email address, and mailing address.	We collect this information to communicate with our vendors and their employees concerning normal business administration, such as test results, test analysis, and billing, and to otherwise provide our services to you.
Cookies and First-Party Tracking	We use cookies and clear GIFs. Cookies are small pieces of information that a website sends to a device’s storage while a website is viewed.	We use cookies to ensure that our website operates efficiently, to provide more customized offers and information, and to customize our website to match your preferences.
Cookies and Third-Party Tracking	We may place tracking technology on our website that collects analytics, records how you interact with our website, or allows us to participate in behavior-based advertising. A third party may use technology (e.g., a cookie) to collect information about your use of our website so they can report analytics to us or provide advertising about products and services tailored to your interests.	We collect this information to analyze how our website is accessed and used, to improve user experience, and to customize advertising and content. We do not use health, biomarker, Apple Health, wearable, or other sensitive health data for advertising or behavior-based ad targeting.
Demographic Information	We collect personal information such as your age, gender, and location.	We collect this information to understand our users and provide tailored services.
Location Information	When you use our website or mobile application, we may collect your approximate or precise location from GPS, Wi-Fi, and/or cellular technology in your device.	We use this information to provide location-dependent services, such as routing you to the nearest mobile phlebotomy provider or laboratory.
Email Interconnectivity	If you receive email from us, we use tools to capture data related to when you open our messages, click on any links or banners they contain, and make purchases.	We have a legitimate interest in understanding how you interact with our communications.
Job Applicants	If you apply for a job posting, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment.	We collect this information to make employment-related decisions (e.g., hiring for new positions).
Inquiries, Comments, Feedback, and Support	If you provide us feedback or contact us for support or inquiries regarding your order or subscription, we collect your name and email address, as well as any other content you send to us.	We collect this information to respond to or follow up on your comments, reviews, inquiries, and other requests.
Mailing List	When you sign up for a mailing list, we collect your email address or postal address.	We collect this information to share material about our products and services or other special offers that may be of interest to you.
Mobile Devices	We collect information from your mobile device such as unique identifying information broadcast from your device when visiting our website or using our app.	We collect this information to identify unique visitors and understand how users interact with us on their mobile devices.
Order Placement and Subscriptions	We collect your name, billing address, shipping address, email address, phone number, credit or debit card number, and/or bank account information when you place an order or sign up for a subscription.	We use your information to fulfill your order, arrange for shipping, and provide you with invoices and order confirmations.
Coaching Interactions and Recordings	When you participate in live coaching sessions with a Keyspan health coach (including audio, video, screen shares, and in-session chat), we collect a recording of the session. Coaching sessions are recorded as an integral part of the service and may include discussion of your health information.	We use recordings to deliver the coaching service, train and evaluate coaches, monitor adherence to policy and law, investigate complaints and safety events, maintain documentation of the interaction, and improve the service. Recordings are not used for advertising and are not sold. Recording practices are described in further detail in our Terms of Service.
Kai (AI Health Coach) Interactions	When you interact with Kai, we collect the messages you exchange with Kai, the prompts you provide, the responses Kai generates, your daily action plan and adherence history, and metadata about the interaction.	We use this information to deliver Kai’s coaching features, generate personalized recommendations, improve and debug Kai, and provide context to your human health coach. See “AI Services and Third-Party AI Providers” below for details on how this information is processed.
Partner Promotion	We collect information you provide as part of a co-branded promotion with another company.	We collect this information to fulfill our promotions.
Public Health and Safety	In certain situations where a serious public health threat has been identified, we may collect information from individuals accessing our facilities. This may include medical and health information, such as body temperature, symptoms, and underlying health conditions.	We collect this information to protect the health and safety of our visitors and guests. In some jurisdictions we may be required by law to collect and retain such information.
Surveys	When you participate in a survey, we collect information you provide through the survey. If the survey is provided by a third-party service provider, that third party’s privacy policy applies to its handling of your information.	We collect this information to understand your opinions and gather information relevant to our organization.
Website Interactions	We use technology to monitor how you interact with our website, including which links you click, information you type into our online forms, and information about your device or browser.	We collect this information to understand how you interact with our website, to improve it, to detect and prevent fraud, and to select offerings you might find useful.
Web Logs	We collect information including your browser type, operating system, Internet Protocol (IP) address, domain name, click activity, referring website, and date/time stamp for your visit.	We collect this information to monitor our networks and visitors to our websites, and to understand which of our services is most popular.

How We Use Information

In addition to the purposes and uses described above, we use information in the following ways:

To identify you when you visit our website or use our mobile application.
To provide our products and services, including biomarker analysis, personalized supplements, human coaching, and the Kai AI health coach.
To process orders, subscriptions, returns, and refunds.
To improve our services and product offerings.
To streamline checkout and to facilitate new subscriptions and renewals.
To conduct analytics and operational reporting.
To communicate with you, including to respond to or follow up on your requests, inquiries, issues, or feedback.
To send marketing and promotional materials (we do not use health, biomarker, Apple Health, or wearable data for advertising).
To detect and protect against malicious, deceptive, fraudulent, or illegal activity, violations of our policies and terms, security incidents, and harm to the rights, property, or safety of our company, users, employees, or others.
To debug, identify, and repair errors that impair the functionality of our website and mobile application.
To comply with our legal or regulatory obligations, including HIPAA and applicable state privacy laws, to establish or exercise our rights, and to defend against legal claims.
For internal administrative purposes and to manage our relationships.
To generate sample data from your test results to make personalized supplements and lifestyle recommendations through the Service.
For such other purposes as you may consent to from time to time.

Although the sections above describe our primary purposes for collecting your information, in many situations we have more than one purpose.

AI Services and Third-Party AI Providers

Keyspan’s in-app AI assistant (“Kai”) is powered by third-party artificial intelligence (“AI”) foundation models. To deliver personalized health coaching, your information is transmitted to these AI service providers for processing.

AI Service Providers We Use

Anthropic, PBC — provides the Claude family of large language models (Claude Opus, Claude Sonnet, Claude Haiku), which power the Kai chat experience, daily action plan generation, lab PDF biomarker extraction, and other AI-driven coaching features.

Information Shared With AI Service Providers

Depending on the feature you use, the following categories of information may be transmitted to Anthropic:

Your name
Self-reported health survey responses, including allergies, medications, pre-existing conditions, food restrictions, and lifestyle inputs
Lab biomarker values, reference ranges, and historical trends
Lab result PDFs you upload (for biomarker extraction)
Wearable and Apple Health data summaries (when you have connected a device or HealthKit)
Active supplements
Health coach session notes and clinical insights
Your messages to Kai and prior conversation history
Daily action plan and adherence history
Time zone (used to deliver time-appropriate notifications and contextual recommendations)

We do not transmit your password, payment information, government identifiers, or precise location (such as GPS coordinates) to AI service providers. Time zone is general regional information and is not equivalent to precise geolocation.

Safeguards

Keyspan has executed Business Associate Agreements (“BAAs”) with Anthropic covering the handling of Protected Health Information (“PHI”) under HIPAA.
Anthropic is engaged under enterprise terms that contractually prohibit the use of your data to train their AI models.
All data is transmitted over encrypted HTTPS connections.
We may engage additional AI service providers in the future. If we do, we will update this policy and ensure equivalent contractual protections (including BAAs where applicable) are in place before transmitting any PHI.

Limitations of AI-Generated Content

Kai’s responses are generated by large language models and may occasionally be inaccurate, incomplete, or out of date. Kai is not a licensed medical professional and does not provide medical diagnosis, treatment, or prescription. Kai’s guidance is general wellness and lifestyle information. You should always consult a qualified healthcare provider for medical concerns and never disregard or delay seeking medical advice because of something Kai or any other part of the Service has communicated to you.

Your Choices Regarding AI Processing

You may withdraw consent and request deletion of your data at any time by deleting your account from within the app or by contacting us at the address in the Contact Information section below. Account deletion will trigger a deletion request to our AI service providers in accordance with our agreements with them. Note that limited information may be retained as required by law (for example, to satisfy recordkeeping obligations) and that AI providers may retain logs for a limited period as permitted by our BAAs and applicable law.

HIPAA, Protected Health Information, and Business Associate Agreements

Some — but not all — of the information we collect from you may constitute Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). PHI includes individually identifiable health information that we receive, create, or maintain in connection with the provision of certain regulated services, such as biomarker test results processed through our clinical partners. Other information we collect (for example, your name and email address, your interactions with our website, marketing preferences, and certain wearable or HealthKit data depending on context) is not PHI and is governed by this Privacy Policy and applicable state and federal privacy laws other than HIPAA.

Keyspan has executed Business Associate Agreements (“BAAs”) with the third parties that handle PHI on our behalf, including:

Our clinical and laboratory partners (which may include Junction, Quest Diagnostics, Bioreference Laboratories, and others involved in lab orders, phlebotomy, and result delivery).
Our AI service providers that process PHI in connection with the Kai AI health coach (currently Anthropic, as described in the AI section above).
Other vendors and service providers that, in the course of providing services to Keyspan, receive or process PHI.

These BAAs require each business associate to safeguard PHI consistent with HIPAA, limit use and disclosure of PHI to permitted purposes, implement appropriate administrative, physical, and technical safeguards, and report any security incidents or unauthorized uses or disclosures of PHI.

We will not use or disclose your PHI for marketing or advertising purposes without your authorization, and we do not sell PHI.

Apple Health and HealthKit Integration

Keyspan’s iOS application integrates with Apple Health (“HealthKit”) so that, with your permission, we can access health and activity data that improves the personalization of your wellness experience. This section describes how we handle HealthKit data specifically. HealthKit data is handled in accordance with Apple’s HealthKit and App Store requirements, which impose their own restrictions on the use of HealthKit data that apply regardless of whether the data also constitutes Protected Health Information (“PHI”) under HIPAA.

Data We May Access

Subject to the specific permissions you grant in iOS Settings, the categories of HealthKit data we may access include heart rate, heart rate variability, sleep, steps, active energy, workouts, body measurements, and similar metrics. You can review, modify, or revoke these permissions at any time in iOS Settings > Privacy & Security > Health.

How We Use HealthKit Data

HealthKit data is used to generate personalized wellness insights, inform coaching recommendations, trigger proactive notifications and daily action items from Kai, and provide context to your human health coach. Summary inputs derived from HealthKit data may be transmitted to our AI service providers as part of the Kai AI health coach experience described in the AI section above. Where HealthKit data, on its own or in combination with other information we hold about you, qualifies as PHI under HIPAA, it is also subject to our HIPAA safeguards and the Business Associate Agreements described in this Privacy Policy.

HealthKit Data Restrictions

We will never use HealthKit data for advertising, marketing, or other use-based data mining purposes.
We will never sell HealthKit data or disclose HealthKit data to data brokers.
We will not share HealthKit data with any third party for that party’s own purposes. HealthKit data is only transmitted to service providers (including our AI service providers) to deliver the Services you have engaged with, under contractual obligations of confidentiality and security.
HealthKit data is handled in accordance with Apple’s HealthKit and App Store requirements.

How We Share Information

In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal information in the following situations:

Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, our business, or our assets, we will share information with that company, including at the negotiation stage.
Other Disclosures Without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information to establish or exercise our rights, defend against a legal claim, investigate or take action regarding suspected illegal activity, fraud, or violations of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
Public Forums. Some of our websites may provide the opportunity to post comments or reviews in a public forum. If you decide to submit information on these pages, that information may be publicly available.
Partner Promotions. We may offer contests, sweepstakes, or other promotions with third-party partners. If you decide to enter a contest, sweepstakes, or promotion sponsored by a third-party partner, the information you provide will be shared with us and with them. Their use of your information is not governed by this Privacy Policy.
Service Providers. We share your information with service providers that help us operate the business. Among other things, service providers help us administer our website and mobile application, conduct surveys, provide technical support, process payments, fulfill orders and subscriptions, deliver biomarker test results, provide phlebotomy services (Mobile Phlebotomy, GetLabs), fulfill lab orders (Junction, Quest Diagnostics, Bioreference Laboratories), fulfill the microplastics test (Plastictox), fulfill supplements (OK Capsule), provide wearable and HealthKit integrations, and process information through our AI service providers (Anthropic, as described above).
AI Service Providers. As described in the “AI Services and Third-Party AI Providers” section above, we share specified categories of information with our AI service providers (currently Anthropic) under contractual safeguards, including BAAs where PHI is involved.
Other Disclosures With Your Consent. We may disclose your information to other third parties when we have your consent or direction to do so.

Any third party with which we share information is required by contract to provide protection of the information that is at least as protective as that stated in this Privacy Policy or required by applicable law.

Your Choices

Some jurisdictions give you the following choices regarding your personal information:

Access. You may request access to your personal information or confirmation that we have and process information about you. In certain limited circumstances, you may request to receive your data in a portable, machine-readable format.
Correction. We rely on you to update and correct your personal information. Our website and mobile application may allow you to modify or delete your account profile. If our website does not permit you to update or correct certain information, you can contact us at the address described below. You may ask us to correct information that is inaccurate or incomplete. Note that we may keep historical information in our backup files as permitted by law.
Deletion. You may request that we delete your personal information. If required by law, we will grant a request to delete information, but in many situations we must keep your personal information to comply with our legal obligations, to resolve disputes, to enforce our agreements, or for other business purposes. Deletion requests will trigger corresponding deletion requests to our AI service providers and other business associates in accordance with our agreements with them.
Opt-Out of Sales and Targeted Advertising. We do not sell personal information as that term is defined under applicable law. Some of our online advertising practices that involve sharing limited online identifiers with advertising partners for cross-context behavioral advertising may constitute a “share” under certain state privacy laws. You may opt out by clicking the “Do Not Sell or Share My Personal Information” link on our homepage. We do not use health, biomarker, HealthKit, or wearable data for advertising under any circumstances, and we do not currently share or sell de-identified data with third parties.
Limit the Use of Sensitive Personal Information. If you are a California resident, you have the right to limit our use and disclosure of your sensitive personal information (as defined under the California Privacy Rights Act) to purposes necessary to perform the Services, comply with law, ensure security and integrity, or other permitted purposes. You may exercise this right by contacting us as indicated in the Contact Information section below. Outside of the limited operational uses described in this Privacy Policy, we do not currently use sensitive personal information for purposes that would trigger a right to limit.
Objection to Certain Processing. You may object to our use or disclosure of your personal information by contacting us at the address described below.
Online Tracking. We do not currently recognize the “Do Not Track” signal.
Promotional Emails. You can stop receiving promotional emails by following the unsubscribe instructions in emails you receive. We may still send you service-related communications.
Revocation of Consent. Where we process your personal information based on consent, you may revoke consent. If you revoke consent, we may no longer be able to provide you services.

Not all of the rights described above are absolute, and they do not apply in all circumstances. We may limit or deny your request where the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.

Submitting Requests

You may exercise the rights described above through our online portal or by contacting us as indicated in the Contact Information section below. If you disagree with how we handled a request, you may appeal our decision by contacting us with the subject line “Appeal.”

As required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we may ask for information such as your name, the last item you purchased from us, or the date of your last purchase from us. We may also ask you to provide a signed declaration confirming your identity.

In some circumstances, you may designate an authorized agent to submit requests on your behalf. If you are an authorized agent, you must attach a copy of a completed Authorized Agent Designation Form indicating that you are able to act on another person’s behalf.

How We Protect and Retain Information

No method of transmission over the internet, or method of electronic storage, is fully secure. While we use reasonable administrative, physical, and technical safeguards to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee its absolute security. Where required by law, we will notify you of a breach of your personal information electronically, in writing, or by telephone.

When you create an account you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password. You should notify us of any unauthorized use of your password or account.

We retain your personal information for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, including for purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. PHI is retained in accordance with HIPAA and applicable state law. AI providers retain transmitted information only for the limited periods permitted under our BAAs and their enterprise agreements with us.

Third-Party Applications and Websites

For your convenience, we may provide links to websites and other third-party content or services that we do not own or operate. The websites and third-party content to which we link may have separate privacy notices or policies. We have no control over the privacy practices of websites or services we do not own. We encourage you to review the privacy policies of any third-party website or application for details about that third party’s privacy practices.

Changes to This Privacy Policy

We may change our privacy policy and practices over time. To the extent that our policy changes in a material way, the policy in place at the time you submitted personal information will generally govern that information unless we receive your consent to the new privacy policy. The Effective Date at the top of this Privacy Policy indicates when the current version took effect.

Contact Information

If you have any questions, comments, or complaints concerning our privacy practices, or if you need to access this Privacy Policy in an alternative format due to having a disability, please contact us:

Keyspan, Inc.
Email: support@getkeyspan.com
Mailing Address: PO Box 5837 Austin, TX 78763
Phone: 512-222-7751

Additional Information for California Residents

California law requires us to disclose the following additional information related to our privacy practices. If you are a California resident, the following disclosures apply to you in addition to the rest of this Privacy Policy.

California Shine the Light. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing, please submit a written request using the Contact Information above.
California Notice of Financial Incentive. We offer programs that provide certain perks, such as rewards, discounts, and exclusive offers (the “Reward Programs”). When you sign up for a Reward Program, we will ask you to provide your name, email address, and in some cases your telephone number. Under California law, our Reward Programs might be interpreted as “financial incentive” programs as they involve the collection of personal information. We do not assign a monetary value to the information we collect. Based on our reasonable estimate, the value of your personal information to us is related to the value of the free or discounted products or services that you obtain when you redeem points. You may withdraw from participating in the Reward Programs at any time by contacting us.

Notice of Collection

The table below describes the categories of personal information we collect, disclose for a business purpose, and “sell” and/or “share” (as those terms are defined by California law). In addition to the recipients identified below, we may disclose any category of personal information to government entities as needed to comply with law or prevent illegal activity. We do not “sell” your personal information for money. We do not use HealthKit data, biomarker data, or other sensitive health data for cross-context behavioral advertising.

California Sensitive Information Disclosure

We collect the following categories of sensitive personal information (as defined under California law): account log-in; financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email, or text messages when we are not the intended recipient; biometric information for the purpose of uniquely identifying an individual; health information; and information concerning sex life and sexual orientation. This information is collected to process transactions, comply with laws, manage our business, or provide you with services. We do not use such information for purposes that are not identified within the California Privacy Rights Act Section 1798.121. We do not “sell” or “share” sensitive personal information for purposes of cross-context behavioral advertising. We do not currently share or sell de-identified data derived from sensitive personal information with third parties.