Privacy policy

 

 

 

XELLA HEALTH PRIVACY POLICY

Last Updated: April, 2026

Welcome to Xella Health. Xella Health, PBC (“Xella Health”, “we”, “us”, “our”, or similar) owns and operates the proprietary Xella Health technology platform, which enables users to obtain clinical and laboratory services provided through Xella Health's affiliates and partners (collectively, the “Platform”). 

This Privacy Policy (the “Policy”) describes the types of personal information Xella Health collects about you in its operation of its business, including information we collect from you through the Platform, as well as when you communicate with us, interact with us, or otherwise provide us with information in connection with the Platform. This Policy also describes how we use that information, who we disclose it to, and certain rights and options you may have regarding your personal information. 

You may be presented with other privacy notices during the course of interacting with us, our affiliates and partners, or using our services; this Policy supplements those other notices. 

By using the Platform, communicating with us, or otherwise interacting with us, you expressly consent to the information-handling practices described in this Policy. If you do not agree with this Policy, please do not use the Platform or provide us with your information.

Important Information About This Policy

While we always aim to provide complete and transparent information about how we process your personal information, we reserve the right to amend or update this Policy from time to time, or to create additional policies, in order to accurately reflect changed circumstances or new legal requirements. As a result, it is important that you read this Policy closely so that you are fully aware of how and why we are using your personal information.

To assist us in ensuring that we can provide the most accurate information possible, we ask that you check this Policy for updates. We also ask that, if we have an ongoing relationship with you and any of the data you have provided is no longer accurate, you keep us informed of this so we can amend our records accordingly. 

Consumer Health Data Notice

If the laws of your state of residence (e.g., the laws of Connecticut, Nevada, or Washington) regulate our handling of “consumer health data,” you may have additional rights and choices with respect to such data that we process about you. Please see our Consumer Health Data Privacy Policy to learn more about our consumer health data handling practices, which supplements this policy. 

Notice Regarding Use of Artificial Intelligence

We may deploy, via our Platform, algorithmic tools and artificial intelligence technologies, such as generative pre-trained transformers and similar tools, (collectively, “AI”) to analyze laboratory results, as well as to provide users with information, content, or other materials (e.g., via  a chatbot). If you have any questions about how our AI works, or you would like to interact with a real person, please contact us using the information below. Note, however, AI is key to the delivery of our services. In some cases, there is no human or natural person substitute for the task being performed by AI. If you prefer to not interact with any AI-powered system, then please discontinue your use of the Platform. 

Personal Information We Receive or Collect About You

For the purposes of this Policy, “personal information” is any information that identifies, relates to, or can be used to contact a particular individual. The types of personal information we may collect include the following categories.

  1. Information You Provide

Personal Information we collect from you can be categorized as follows:

  • Contact information: First name, last name, salutation, email address, billing and mailing address, and telephone number.

  • Communication information: Copies of communications and inquiries you have submitted to us, including through email, phone, social media, chatbot, features available on our Platform, and otherwise.

  • Demographic information: When completing your user profile, interacting with a tool or survey, or when you otherwise choose to provide the information, your age or date of birth, gender or gender identity, assigned sex at birth, marital status, employment status, parent status, race or ethnicity, military status, preferred pronouns, sexual orientation, and sex life.

  • Account information: If you create or register an account with us, your username, password, account number, biographical details, photograph or picture, preferences, information about your participation in our promotions or surveys, and other information that we may request or that you may provide relating to your account. 

  • Government-issued identification card information: In connection with your creation of or access of an account, your state or local identification number (e.g., driver’s license or state ID number) and an image of the relevant identification card.

  • Audiovisual recordings: When completing your user profile, interacting with a Xella Provider, or engaging with a tool or survey through the Platform, video and audio recordings of you. 

  • Medical condition information: To the extent inferred from your interactions with our Platform, when you choose to provide such information as part of your account profile, or otherwise (e.g., through receiving results from the Laboratory for Insights analysis), information about your physical or mental health status, condition, or diagnosis, including treatments you are receiving, medications you are taking, the type of care you are seeking, medical or health-related interventions you have received or are interested in, laboratory results, diagnostic testing, medical imaging, biomarkers, laboratory samples, clinical notes, other physical health information, and information related to your receipt of medical and health services (such as primary care provider), in each case, to the extent applicable. Please review our Consumer Health Data Privacy Policy to learn more about our consumer health data practices.   

  • Genetic information: To the extent that certain laboratory tests available through the Platform may produce information that relates to inherited characteristics, your genetic and inherited characteristics information. Please review our Consumer Health Data Privacy Policy to learn more about our consumer health data practices.

  • Marketing information: Details regarding informational and promotional materials you may have requested or received from us, goods or services in which you are interested, your receipt of promotional communications, and information on your marketing or communication preferences.

  • Relationship information: To the extent inferred from your interactions with our Platform, when you choose to provide such information as part of your account profile, or otherwise (e.g., providing authorization to a Xella Provider), your familial or other relationships to third parties whose personal information you may provide.

  • User submissions: To the extent you choose to provide such information as part of your account profile or otherwise, user generated information such as photos, images, videos, comments, reviews, questions, messages, and other content or information that you generate, transmit, or otherwise make available on the Platform, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.

  • Transactional information: Details about your transactions with us, including method of payment, payments received, payment details, transaction history, and other information relating to any payments transmitted to us by you. 

  • Financial information: To the extent you pay for our services using a payment mechanism, the details of the mechanisms used to remit payment or ensure coverage for services, such as payment card details, bank account details, or other payment information. Please note that this information is collected and processed on our behalf by a third-party payment processor. 

  • Device and usage information: Details regarding how and when you use our Platform, including the device used to connect to our Platform, your IP address and device identifier, the frequency and duration of your usage, the pages you view, what websites or search terms referred you to our Platform, and information about your interaction with our Platform.

Some of the information identified above, such as demographic, genetic, and medical condition information, may be considered “sensitive personal information,” “sensitive data,” or similar under certain states law. In general, the processing of such information is necessary for us to provide you the product or service you have requested. If required by applicable law, however, we will collect and process sensitive personal data only with your consent. By providing us with this information upon request, you are consenting to our collection and processing of such “sensitive personal information” or “sensitive data.” If you choose not to provide or allow us to collect only some information, we may not be able to provide you with requested features, products, services, or information.

We collect this information when you visit, use, or navigate our Platform, fill in forms, interact with our affiliates and partners (such as by setting an appointment or receiving test results through the Platform), submit questions or inquiries to us, communicate with us (including by phone, email, or otherwise), visit or engage with our social media pages, participate in surveys or sponsored activities, otherwise provide us with personal information, or provide such information to our affiliates and partners.

Please note that we may aggregate or anonymize the foregoing types of information such that they are no longer capable of identifying you, in which case they are no longer considered “personal information.”  We may also collect information about you from third-party sources and information about you that is publicly available.

  1. Automatically Collected Usage and Device Information

Like most website operators, we use various technologies to automatically collect information about visitors. Those technologies include:    

  • Cookies. Cookies are small text files that a website transfers to a visitor’s browser or device for recordkeeping purposes. We use cookies to personalize visitors’ experiences on our Platform, provide content that we believe may be of interest, track visitor trends and patterns, engage in marketing and advertising, and otherwise analyze our Platform traffic. For further information about cookies, including how to refuse cookies, please visit www.allaboutcookies.org. Please note that if cookies are disabled, you may not be able to enjoy certain features of our Platform.

  • Log Files and Device Identifiers. We use log files to track actions occurring on the Platform and collect data about visitors, including IP address, browser type, Internet service provider, referring/exit pages, date/time stamps, and device identifiers. This information is used for security purposes and to detect and prevent fraud. 

  • Pixels, tags, and web beacons. Our Platform may also use “pixels,” “tags,” or “web beacons.” When we refer to “pixels,” we are generally referring to all of these types of technologies. These technologies are small pieces of code that run when a page or email is loaded. They are used to monitor the behavior of the visitor or email recipient (such as what icons were clicked or whether links in an email were opened) and gather analytics. For example, when you open our homepage, a pixel may run and generate information based on the visit, and then this information is processed by us and our vendors. Pixels work in conjunction with cookies to let us know what portions of our Platform are of interest to you and to help us provide you with tailored information from our Platform. If you turn off cookies, the pixels, tags, and web beacons we use may still detect certain information about your interaction with our Platform and disregard any cookie-prohibitive markers or signals. Note, the vendors that supply us with these pixels, tags, web beacons, or similar tracking technologies collect your personal information instantaneously and simultaneously to our collection of your information and, with your consent or to the extent permitted by law, they may use the information for their own or others’ purposes.

  • Analytics. Our Platform may also use third-party analytics tools, such as Google Analytics. You can find more information about how data is collected and processed in connection with the Google Analytics service here.  You can also read Google’s privacy policy here.

The information collected through these technologies may be combined with personal information or aggregated with other information on Platform visits. We may disclose information about your use of our Platform to our advertising and analytics partners, who may combine it with other information that you previously provided to them.

  1.  Information from Other Sources

We may obtain both personal and non-personal information about you from our vendors, affiliates, business partners, contractors, suppliers, and other third parties and add it to other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across our Platform, with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.

D. Social Media

If you interact with us on any social media platform (e.g., Meta, X, LinkedIn), depending on your social media privacy settings, the personal information that you submit on the social media platform may be read, collected, or used by us as described in this Policy. In addition, where we respond to any interaction with you on social media, your account name/handle may be viewable by any and all members or users of our social media accounts. Social media platforms operate independently from us, and we are not responsible for the personal information that you choose to submit or link to on any social media platform. We encourage you to review the privacy policies and settings of any social media platform with which you interact to help you understand their privacy practices. 

How We Use Personal Information

We (or service providers acting on our behalf) may use the personal information identified above for the following purposes:

  • Negotiating, entering into, and managing our relationship and agreements with you.

  • Providing and optimizing your experience on our Platform and ensuring that our content is presented to you in the most effective manner.

  • Providing and operating the services offered through our Platform, our business, and our affiliates and partners, such as setting up Xella Provider or Laboratory appointments or generating Insights on test results.

  • Allowing our partners and affiliates to provide you with healthcare services, laboratory services, other medical and medical-adjacent services, and diagnostic testing results and analysis.

  • Processing your requests, appointments, orders and transactions through our Platform and with our affiliates and partners.

  • Administering our Platform, including our software solutions (including algorithmic tools and artificial intelligence technologies), your account, and clinician portal.

  • Communicating with you and communicating regarding our services, our agreements with you, and other issues.

  • Sending you promotional or informational communications and solicitations, tracking your marketing preferences, and for our internal marketing purposes, such as developing new client marketing materials.

  • Managing customer service issues, including issues relating to the performance of our services and user feedback.

  • Developing, updating, and improving our Platform, products and services, user experience, our administrative processes that support our business, and otherwise improving our knowledge and insights regarding customers and services.

  • Allowing our partners and affiliates to communicate with you and deliver relevant information to you, including information about the products and services available from them.

  • Creating de-identified data, including so that we can engage in health research relating to women’s health issues with research partners (such as universities, pharmaceutical companies, researchers, and other non-profit or commercial entities).

  • Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with our Platform. 

  • Operating our business, including engaging in accounting, auditing, invoicing, or reconciliation and collection activities

  • Enforcing our agreements with participants, partners, or vendors, complying with our legal or regulatory obligations, and defending or advancing legal claims.

  • Notifying you about changes to our Platform, goods and services offered, or material changes to this Policy.

  • Providing you with surveys or otherwise soliciting feedback from you.

  • Performing other functions as otherwise described to you at the time of collection or to which you otherwise consent.

For more information about your options relating to your personal information and your communication preferences, see “Your Choices About Personal Information” below.

Our Marketing Efforts

We may send you direct marketing communications from time to time including news, updates, offers, and other promotions relating to our services and activities. We will only send marketing messages where the law allows us to do so and, in the event that you no longer wish to receive marketing from us, then you can always unsubscribe using the option provided in the footer of the communication you have received or by contacting us using the information below.

Disclosure of Personal Information

When the information we collect about you is aggregated, anonymized, or otherwise does not identify you, it is no longer considered “personal information” and we may use that information for any purpose or disclose it to third parties, to the extent permitted by applicable law.

In addition, we may disclose your personal information to the following types of third parties:

  • Service providers we use to facilitate our business operations and administration. For example, our service providers include (i) IT and system administration providers, (ii) data storage providers, and (iii) vendors to facilitate payments and payment processing.

  • Individuals or organizations to whom you direct us to provide your information, for example your primary care provider whom you direct us to disclose your personal information, such as test results and Insights. 

  • Vendors whose technologies we leverage to provide certain features of our Platform, such as video players and chat software providers. 

  • Analytics vendors in order to understand our Platform traffic and usage patterns, optimize our Platform. Note, the technologies we use on our Platform to automatically collect information about you and your interaction with our Platform may be supplied by third-party vendors that collect your information instantaneously and simultaneously to our collection of your information. 

  • Marketing and advertising vendors that may assist with lead generation, hosting information relating to users and participants, marketing automation, advertisement placement and targeting, and marketing campaigns and communications.

  • Regulatory and governmental authorities, law enforcement agencies, and courts, as necessary to comply with applicable laws and regulations, respond to a subpoena, search warrant, or other lawful request for information, or to otherwise protect our rights.

  • Our professional advisors, such as lawyers, accountants, and other similar advisors.

  • Buyers or other successors prior to or in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as a part of bankruptcy, liquidation, or similar proceeding, where the information is among the assets being transferred.

  • Other users and the public, as certain user-generated information, including your health-related information and other information you submit to us may be visible to other users and the public, such as when you post comments in publicly accessible parts of the Platform or provide a testimonial that is intended to be public. 

  • Other parties for any purpose we disclose at the time you provide the information.

We further reserve the right to refer or disclose your information to law enforcement or regulatory authorities in the event that we believe you, other individuals, our partners or service providers, or anyone else is in danger, at risk of harm, in violation of applicable laws, representing a safety concern, or to enforce or apply the terms and conditions of our Platform, any terms and conditions of your membership (to the extent applicable), and other agreements between you, us, or our affiliates and providers.

De-Identified Data

We may process personal information to create de-identified data that is no longer reasonably capable of being associated with, or used to identify, you or any other individual. Once information has been de-identified, it is no longer considered “personal information” under this Policy or applicable law. We maintain technical, administrative, and procedural safeguards designed to prevent the re-identification of de-identified data. We commit to not attempt to re-identify any de-identified information, except as may be permitted or required by applicable law (for example, to verify that de-identification processes are functioning as intended). We may use de-identified data for any lawful purpose, including research, analytics, product development, and other business purposes, without restriction.

Your Choices About Personal Information

We respect your right to make choices about the ways we collect, use, and disclose your information. We try to offer you meaningful choices regarding your personal information. Some choices you have regarding personal information include the following.

  • Marketing Emails: As required by applicable laws, you can opt-out of receiving promotional emails from us by clicking the “opt out” link in any such promotional emails and following the instructions provided.

  • Tracking Technologies: Depending on your browser or device, you may have the option to set the browser to accept all cookies, reject all cookies, notify you when a cookie is set, or delete cookies. Each browser and device are different, so we recommend you evaluate the tools and settings available in your browser or device, as well as any available instructions for the same. Please note that if you disable or delete cookies, you may not be able to access or use certain features of our Platform. The National Advertising Initiative also makes resources available to assist consumers in opt-out of certain tailored online ads, which you can access here: https://optout.networkadvertising.org/?c=1

  • Google Analytics: As discussed above, we may use Google Analytics in connection with our Platform. If you would like to refrain from having your data collected by Google Analytics, Google has developed an opt-out browser that you can use.  You can find more information on how Google uses information it collects here.

  • Updating Your Information: We take reasonable steps to keep your personal information accurate and complete. You can access or update your personal information, including contact or account information, by accessing your account through the Platform or by contacting us at the “Contact Us” information below.

  • Declining to Provide Information: You can choose not to provide us with information we may request through our Platform, but that may result in you being unable to use certain features of our Platform, request information about our services, or initiate other transactions with us.

  • Do Not Track Mechanisms: Please note that our Platform does not honor “Do Not Track” signals, and such signals will not impact the operation of our Platform. 

In addition to the above, you may contact us using the details provided at the end of this Policy with any questions about the choices relating to your personal information.

Data Retention

We retain personal information for as long as necessary to fulfil the purposes we collected it, including for the purposes of satisfying any legal, accounting, or other mandatory reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider any specific limitation periods under applicable law.

Protection of Personal Information

We use appropriate administrative, technical, and physical measures to protect your personal information from loss, theft, and unauthorized use, disclosure, or modification. Please be aware that no data transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot ensure or warranty the security of any information you transmit to us and you do so at your own risk.

Links to Third-Party Websites

Our Platform may contain links to third-party websites, including the websites of vendors we use to process information on our behalf. Such websites have separate privacy policies that you should review. We do not control these third-party websites and are not responsible for the content of linked websites or those companies’ data-handling practices.

Additional Information for Nevada Residents

Under Nevada law, Nevada “consumers” may request that certain “operators” of internet sites and online services refrain from the “sale” of their “covered information” to third parties (as such terms are defined under Nevada law). Our disclosures of your information to third parties (as described above) may qualify as a sale under Nevada law and you may contact us using the information below to make a request under the laws of the state of Nevada. 

Additional Information for Residents of Other U.S. States

The laws of the jurisdiction where you reside (e.g., Oregon, Connecticut, Texas, etc.) may afford you certain rights with respect to your personal information. 

The categories of personal information we process are described in the Section above titled “Personal Information We Receive or Collect About You.” We collect and process “sensitive data,” “sensitive personal information,” or similarly defined terms of residents of U.S. states because the collection and processing of such information is necessary to provide the product or service you have requested.

Our purposes in processing personal information are described in the Section above titled “How We Use Personal Information.”

We disclose the personal information described above to the third parties described in the “Disclosure of Personal Information” section of this Privacy Policy. 

Subject to any applicable limitations or exceptions, the laws of your state of residence may provide you with the right to:

  • Confirm whether a company processes personal information about you, access such personal information, and to obtain a copy of the personal information in a readable format;

  • Correct inaccuracies in your personal information, taking into account the nature of the data and purposes for which it is processed;

  • Delete personal information regarding or provided by you;

  • Obtain a list of the third parties to whom we have disclosed your personal information; 

  • Opt out of the processing of your personal information for the purposes of targeted advertising, the sale of your personal information, or using your personal information for automated decision-making or automated profiling in furtherance of a decision that produces legal or similarly significant effects; and/or

  • Be free from discrimination for exercising any of the rights described in this section, including by denying goods or services, charging different prices or rates for goods or services, or providing a different quality of goods or services.

We do not sell personal information for monetary or other remuneration. 

Xella Health does not engage in the processing of personal information for the purpose of targeted advertising or profiling in furtherance of a decision that produces legal or similarly significant effects, and as a result, will not be able to honor requests seeking to exercise those rights with respect to such conduct. 

Please email us at privacy@joinxella.com to exercise any applicable rights on behalf of yourself or as an authorized agent of a consumer. Your request must include your name, email address, mailing address, phone number, the nature of your inquiry and the context in which we may have received your information. To protect the privacy and security of your information, we require your verifiable consumer request to: 

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information; and 

  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. 

We will respond within the timeframe and manner required by any applicable law. For example, we will respond to a verifiable Texas resident’s request without undue delay and, in any event, within forty-five (45) days of its receipt though that may be extended by an additional 45 days, taking into account the complexity and number of requests. If we require more time, we will inform you of the reason and extension period in writing via email. We will deliver our written response via e-mail.

In the event Xella Health declines your request, you have the right to appeal the decision. You can do so by contacting Xella Health at privacy@joinxella.com and explaining the basis for your appeal. We will respond to your appeal within the timeframe and manner required by any applicable law. For example, we will respond to a Texas resident’s appeal no later than 60 days after receipt and if such appeal is unsuccessful, we will also provide information to contact the Texas Attorney General’s Office to submit a complaint. 

You may submit a request to exercise any of the rights described above twice annually.  We will not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

Additional Information for California Residents

California Civil Code § 1798.83 (California’s Shine the Light Act) further permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from providing your personal information to certain of our affiliates and other third parties for their marketing purposes. Please tell us your preference by contacting us at the contact information below.

Children’s Privacy

Our services are intended for a general audience and are not directed at, or intended for use by, children under the age of 13 years. Accordingly, we do not knowingly collect personal information from children under age 13. Should we discover that a person under the age of 13 years has provided us with their personal information, we will use that information only to respond to that individual and inform them that we must have parental consent before receiving such information.

Data Location

You understand and agree that information about you may be stored or processed by information technology systems located in the United States or jurisdictions that may have laws that differ from the laws of your country of residence or the jurisdiction in which you reside.

Changes to this Policy

Please note that we may change this Policy from time to time. If there are changes to our Policy, we will post them here and update the “Last Updated” date at the top of this document. Continued use of our Platform after any changes is deemed to be acceptance of those changes. Accordingly, we encourage you to check the Policy periodically for updates.

How to Contact Us

For questions or more information about our privacy practices, please contact us by using the contact information provided below:

Xella Health, PBC

Email: privacy@joinxella.com

Postal Address: 785 Main Street, St. 206. Half Moon Bay - CA, 94022