BYSTRO AI

Bystro Consumer Health Data Privacy Policy

Effective Date: 2026-04-10

Last Updated: 2026-04-10

This Bystro Consumer Health Data Privacy Policy ("Policy") is a standalone notice that applies where Bystro processes consumer health data subject to applicable U.S. consumer health privacy laws, including Washington's My Health My Data Act and Nevada's consumer health data law, that require a separate consumer health data privacy policy. It should be read together with Bystro's general Privacy Policy and applicable Terms of Service.

1. Scope of This Policy

This Policy applies only to the extent Bystro collects, uses, discloses, or otherwise processes consumer health data covered by applicable law in connection with:

  • Bystro's genomics research and data analysis service offering ("Service"); and
  • support, account administration, and security operations related to the Service; and

This Policy does not expand the categories of data Bystro intentionally collects. Consistent with Bystro's general Privacy Policy:

  • Bystro does not intentionally collect Protected Health Information (PHI) or clinical records through its public website.
  • Bystro does not intentionally collect identifiable genomic data through its public website where such data is linked or reasonably linkable to an identified or identifiable person.
  • In certain service contexts, users may choose to upload datasets or files for processing through the Service. Where those materials contain information that qualifies as consumer health data under applicable law, this Policy applies to that processing.

2. What We Mean by "Consumer Health Data"

For purposes of this Policy, "consumer health data" means personal information that is linked or reasonably linkable to you and that identifies, describes, or could reasonably be used to infer your past, present, or future physical or mental health status.

Depending on the context, consumer health data may include information such as:

  • information about a health condition, diagnosis, treatment, disease, symptoms, or procedure;
  • data that reveals or could reasonably infer an individual's health status;
  • information about seeking, obtaining, or using health-related services or products;
  • precise location information that could reasonably indicate an attempt to obtain health-related services; and
  • information derived from support interactions, account activity, AI interactions, or uploaded materials if that information identifies or can reasonably be linked to health status.

3. How Bystro Collects Consumer Health Data

Bystro collects consumer health data only in connection with the Service:

  • with your consent, where consent is required; or
  • as necessary to provide a product or service you requested, including operating, securing, and supporting that product or service.

4. Categories of Consumer Health Data We May Collect

Bystro may collect the following categories of consumer health data, depending on how you use our website or services:

Category of consumer health dataExamples in the Bystro context
Account, profile, and registration data that may reveal health-related contextName, email address, organization, account details, and any health-related information you choose to include in your profile, project naming, or account communications
User-submitted content and filesOptional uploaded datasets, project files, configuration files, annotations, derived results, research materials, or other content you ask us to store or process that may contain health-related information
Research, genetic or genomic-related data submitted through the platformGenetic, genomic or research datasets submitted for annotation or similar workflows, where such data qualifies as consumer health data under applicable law
Support and communications dataEmails, tickets, chat messages, and other communications with our support or success teams that may contain health-related details
AI interaction dataAI conversation logs, prompts, outputs, and related usage information where the content includes or reveals health-related information
Usage, device, and activity data that may reasonably reveal health-related inferencesIP address, browser type, device identifiers, login events, page views, feature usage, and related metadata where the interaction itself concerns health-related tools, datasets, or services
Inferred or derived consumer health dataInformation we may infer from submitted content, workflow selections, usage patterns, support requests, or AI interactions where those inferences identify or reasonably relate to health status

5. Sources of Consumer Health Data

We may collect consumer health data from the following categories of sources:

Source categoryDescription
Directly from youWhen you create an account, contact us, use our services, submit support requests, communicate with us, or provide content to be processed
From your device or browserThrough logs, authentication events, device and browser signals, and service telemetry generated when you access our Service
From your use of the platformFrom the projects you create, files you upload, configurations you choose, analyses you run, and outputs you retain in your account
From AI-enabled featuresFrom prompts, conversation logs, usage patterns, and outputs associated with AI or automated assistance features
From service providers acting on our behalfFor example, cloud hosting, storage, analytics, support, communications, or security vendors that process data for us under contract
From affiliates or corporate group entitiesWhere one Bystro group entity provides administrative, technical, security, compliance, or support functions for another

6. Purposes for Which We Collect, Use, and Process Consumer Health Data

We may collect, use, and otherwise process consumer health data for the following purposes:

  • to provide, operate, maintain, and support the Service;
  • to create and manage accounts, authenticate users, and enable core functionality;
  • to process optional uploaded files, datasets, research materials, or project content at your direction;
  • to generate, store, and deliver results, annotations, reports, and related outputs;
  • to respond to inquiries, support requests, and other communications;
  • to monitor service performance, debug issues, conduct internal analytics, and improve platform reliability and usability;
  • to maintain AI service quality, safety, reliability, and observability, including retaining AI conversation logs and related usage information;
  • to protect the security, confidentiality, integrity, and availability of our systems and services;
  • to detect, investigate, prevent, and respond to fraud, abuse, unauthorized access, security incidents, and other harmful activity;
  • to comply with law, legal process, and valid governmental requests; and
  • to carry out internal business operations reasonably related to the Service.

7. How We Process Consumer Health Data

Bystro may process consumer health data by automated, manual, or mixed means, including:

  • collecting, recording, organizing, storing, and hosting data;
  • using data to authenticate accounts and operate requested features;
  • analyzing, annotating, transforming, querying, and generating outputs from submitted files or content;
  • reviewing communications and logs for support, safety, debugging, and quality assurance;
  • transmitting data to service providers acting on our behalf for hosting, storage, support, security, and similar operational purposes; and
  • deleting or de-identifying data where appropriate.

8. Categories of Consumer Health Data We May Share

Bystro may share the following categories of consumer health data, depending on the context and only as described in this Policy:

Category of consumer health data sharedTypical sharing context
Account and profile dataShared with service providers and affiliates for account administration, hosting, authentication, support, and security
Support and communications dataShared with support, communications, ticketing, and security vendors acting on our behalf
AI interaction dataShared with infrastructure, observability, safety, and support providers acting on our behalf
Uploaded files, derived results, and project-related contentShared with hosting, storage, compute, security, and support providers only as needed to provide requested services
Usage, device, and technical dataShared with analytics, infrastructure, fraud-prevention, and security providers acting on our behalf
Legal and compliance recordsShared where required with regulators, courts, law enforcement, or other governmental authorities, or in connection with legal claims or business transactions

9. Categories of Third Parties and Specific Affiliates With Whom We May Share Consumer Health Data

Bystro may share consumer health data with the following categories of third parties:

  • cloud hosting and storage providers;
  • infrastructure and compute providers;
  • analytics providers;
  • customer support and communications platforms;
  • security, logging, monitoring, and incident-response vendors;
  • professional advisers, such as legal, compliance, audit, and insurance advisers, where necessary;
  • government authorities, courts, regulators, and law enforcement where required or appropriate under applicable law;
  • transaction counterparties involved in a merger, acquisition, financing, reorganization, sale, or transfer of assets; and
  • other parties with your consent or at your direction.

Specific Affiliates / Corporate-Group Entities

At this time, no specific affiliate is identified by name in this Policy. If Bystro begins sharing consumer health data with a specific affiliate or corporate-group entity in a manner that requires named disclosure under applicable law, Bystro will update this Policy before or at the time of that sharing.

10. We Do Not Sell Consumer Health Data Without Required Authorization

Bystro does not sell consumer health data in exchange for money and does not share personal information with third parties for their own advertising or cross-context behavioral advertising purposes.

If Bystro were ever to engage in a transaction that qualifies as a sale of consumer health data under applicable law, Bystro would do so only with the separate written authorization required by applicable law.

11. Your Consumer Health Data Rights

Depending on applicable law and your relationship with Bystro, you may have the following rights with respect to consumer health data:

  • Right to know / access: to confirm whether Bystro is collecting, using, or sharing your consumer health data and to access that data.
  • Right to deletion: to request deletion of your consumer health data, subject to permitted exceptions.
  • Right to withdraw consent: where processing is based on consent, to withdraw that consent for future collection or sharing.
  • Right to information about sharing: where required, to obtain information about categories of third parties and affiliates with whom consumer health data has been shared.
  • Right to appeal: if we decline to act on your request, you may have the right to appeal that decision.
  • Right to non-discrimination: Bystro will not discriminate against you for exercising applicable privacy rights.

12. How to Submit a Request

You may submit a request regarding consumer health data by contacting Bystro at:

  • Email: team@bystro.io
  • Other channels: any request form, account setting, or in-product mechanism Bystro may make available from time to time

Please include enough information for us to understand and evaluate your request. We may need to verify your identity before fulfilling a request, including by confirming your email address or requesting limited additional information reasonably necessary for authentication. Where permitted by law, you may designate an authorized agent to submit a request on your behalf, and we may ask for proof of that authorization.

We will respond within the time required by applicable law.

13. Appeals

If Bystro denies your request in whole or in part, you may appeal by replying to our response email or by submitting a new request with the subject line "Privacy Appeal" to team@bystro.io.

When submitting an appeal, please:

  • identify the original request;
  • explain why you believe the request should have been granted; and
  • provide any additional information that may help us review the matter.

We will review your appeal and provide a written response within the time required by applicable law.

14. Review and Correction

Bystro's general Privacy Policy allows users to request correction of inaccurate or incomplete personal information. For consumer health data covered by this Policy:

  • if Bystro maintains consumer health data in a form that can reasonably be reviewed and corrected, you may request review and correction by contacting team@bystro.io; and
  • if correction is not feasible because of the nature of the data, system architecture, legal constraints, or the role in which Bystro processes the data, Bystro may instead offer deletion, account-level controls, or another lawful alternative.

15. Cookies, Online Tracking, and Cross-Site Collection

Bystro uses cookies and similar technologies that are strictly necessary to authenticate users, keep users signed in, and protect accounts and systems. If you disable essential cookies, some features may not function.

Bystro's general Privacy Policy states that Bystro does not allow third parties to use personal information for their own advertising or cross-context behavioral advertising purposes. Based on Bystro's current practices as described in that policy:

  • Bystro does not knowingly permit third parties to collect consumer health data over time and across different websites or online services for their own independent advertising purposes when you use Bystro's website or services; and
  • Bystro may use service providers that collect limited technical information on Bystro's behalf for hosting, security, analytics, fraud prevention, or service operation, subject to contractual restrictions.

16. Consent and Service-Necessary Processing

Where required by law, Bystro will obtain your affirmative, voluntary consent before collecting or sharing consumer health data, unless the collection or sharing is necessary to provide a product or service you requested.

If Bystro seeks consent, the request for consent shall describe:

  • the categories of consumer health data involved;
  • the purposes for collection, use, or sharing;
  • the categories of entities with whom the data may be shared; and
  • how you may withdraw consent for future processing.

Withdrawal of consent does not affect processing already completed before withdrawal, but Bystro will honor your withdrawal for future collection or sharing to the extent required by law.

17. Security

Bystro uses reasonable administrative, technical, and physical safeguards designed to protect consumer health data from unauthorized access, acquisition, disclosure, alteration, or destruction. These measures may include, as appropriate:

  • encryption in transit;
  • access controls and role-based limitations;
  • logging and monitoring;
  • security reviews and testing;
  • vendor management and contractual restrictions; and
  • incident detection and response procedures.

Access to consumer health data is limited to personnel, processors, contractors, and service providers who need access to provide requested services, maintain the platform, or support lawful and disclosed processing activities.

18. Retention

Bystro retains consumer health data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

Retention may vary by data type and service context. For example:

  • input genetic or genomic data submitted for annotation or similar processing may be deleted from active systems after the workflow is completed, subject to technical logs and backups retained for security and operational integrity;
  • derived results, annotations, project files, and configuration data may remain in your account until you delete them or ask us to delete them, subject to legal requirements and internal retention obligations; and
  • certain data may remain in archives or backups for a limited period before deletion is completed.

If you request deletion, Bystro will process that request in accordance with applicable law and may also notify applicable affiliates, processors, contractors, and third parties as required.

19. Material Changes to This Policy

Bystro may update this Policy from time to time to reflect changes in our practices, technology, services, or legal obligations.

When we make a material change to this Policy, we will take steps appropriate to the nature of the change, which may include:

  • revising the Last Updated date above;
  • posting the revised Policy on our website;
  • providing an in-product notice or website banner; or
  • sending a notice to the email address associated with your account, where appropriate or required by law.

If a material change would result in collection, use, or sharing of additional categories of consumer health data, sharing with additional third parties or affiliates, or use for additional purposes not previously disclosed, Bystro will provide any additional notice and obtain any consent required by applicable law before doing so.

20. Contact Us

If you have questions about this Policy, Bystro's privacy practices, or your consumer health data rights, please contact:

Bystro

Email: team@bystro.io

If Bystro makes available an online request form or in-product privacy request mechanism, you may also use that method to submit requests under this Policy.

← Back to Home