Your privacy is the priority.

When you explore your health and wellbeing with us, you entrust us with important personal information. That’s why, since day one, protecting your privacy has been our number one priority. We're committed to providing you with a safe place where you can learn about your health and wellbeing knowing your privacy is protected.

So what does that mean?

  • We will never share your blood results or self-reported data with employers, insurance companies, public databases or third party marketers without your explicit consent.
  • We give you full control to decide how your information is used and with whom it is shared.
  • We break everything down into easy-to-understand language so that each choice you make is an informed choice.
  • We encrypt all sensitive information and conduct regular assessments to identify security vulnerabilities and threats.
  • We will not release any individual-level personal information to law enforcement unless we are required to do so by a court order we determine to be legally valid.

You are in control of your data.

It’s your data, and you are in control. From the moment you become a member, you have meaningful choice in everything you do. That means you decide how your information is used. We’ve answered a few frequently asked questions below.

Will you share my data with my insurance company or my employer?

No. Your data (blood test or self-reported) will not be provided to an insurance company or employer. End of story.

If I opt in to participate in research, will the researchers be able to connect my name to my data?

Absolutely not. If you choose to participate in our groundbreaking research (that hopes to accelerate scientific discovery and treatments), your data will be de-identified (stripped of your personal information) and aggregated (put into a data set with  other people's data) before being analysed by our researchers.

What do you do with my blood sample after it’s tested?

You decide whether the lab biobanks your blood sample or safely discards it after it is analysed.

What if I change my mind?

You are free to change your mind at any time and request to delete your account or have us discard your sample in your account settings at any point.

How we protect your data.

Your health and wellbeing information deserves the highest level of security, because without security, you can’t have privacy. Drop Bio Health employs software, hardware, and physical security measures to protect your data. And while no security standard or system is hack proof, we’re doing everything in our power to keep your personal data safe.

How do you protect my data?

Drop Bio Health employs software, hardware, and physical security measures to protect your data. Third-party security experts regularly conduct audits and assessments of our systems, ensuring we will never let our guard down. And we encrypt all sensitive information, both when it is stored and when it is being transmitted, so that we make it difficult for potential hackers to gain access.

Anything else you can tell me to put my mind at ease?

Your personally identifiable information (such as your name and email) is stored in separate databases from your blood and self-reported data so that no one but you (when you use your username and password) can connect the dots between the two. That means even if someone gained access to one of these databases, they could not connect your identity to your health, or vice versa.

Where does my data go
within Drop Bio Health?

Your data consists of things like your name, address, password, blood test and self-reported data and health insights. 

The majority of this data is stored on an encrypted database at both rest and in-transit within Amazon Web Services. Encryption at rest is like storing data in a safe with a combination that only a few people know (a key), encryption in transit is like using an armored vehicle to transport it between services. Our member database server is behind a firewall (or virtual private cloud, VPC) that only privileged servers have access to (such as our backend application servers). Only approved applications and Drop Bio Health staff members have access to deidentified member data, these applications and individuals also need security keys to access data at any time. Our APIs use an authentication token to authenticate and authorize.

Where does my data go outside of Drop Bio Health?

We use technologies that help to deliver a member experience which is as secure as it is insightful. We only send data to trusted third-party systems that are subject to strict privacy and security controls. 
We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t understand our reasoning, please email us at If you do not agree with your data going to a specific system, deleting your Drop Bio Health account will permanently delete all of your data from all our systems.

Here are some resources for you which we hope make you feel more confident that you are in control and your data is well-protected. We also understand that you may want to dive deeper and we want to make sure you have all of your questions answered. You can contact us here -



Nature of Processing

About Service

Auth0 - Identity Management

🇦🇺 Australia

Member Identity and Access Management

Auth0 is a world class identity management system. We use it to verify member access to our systems.


🌍 Global

Subscription management

Stripe allows us to manage member subscriptions and shopping checkout processes.


🇨🇦 Canada & 🇺🇸 USA

Order management

We use Shopify to manage & fulfill orders of our kits.

Active Campaign

🇺🇸 USA

Customer Experience Automation - EDM & CRM

Active Campaign is email marketing and customer experience platform.


🇪🇺 European Union

Analytics and User Behavioural Data

We use Mixpanel to analyze & improve our member’s experience across our different touchpoints.



Customer support service

Member support and service is paramount to us. This is why we use Zendesk to manage all member questions & queries.


🇺🇸 USA

Error logging service

Sentry helps us know if, when & where there might be an issue in one of our applications.


🇺🇸 USA

Content Management System

Webflow powers our website and it’s the platform that you are most likely reading this on.


Order Fulfillment

We use Shipstation as our fulfillment platform to get our kits to our members.

Amazon Web Services

🇦🇺 Australia

Member Data

DropBio Health platform infrastructure is hosted on AWS, AWS data centres are secured using the best in class security protocols which include procedures on, security by design, physical access, monitoring & logging, surveillance & detection, ongoing governance & risk. Read more about how AWS keeps data secure.

Like to know more?

Here are some resources for you which we hope make you feel more confident that you are in control and your data is well-protected. We also understand that you may want to dive deeper and we want to make sure you have all of your questions answered. You can contact us here -

Useful Vocabulary

🔒 Encrypted
Encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally-identifiable data (videos, images and text) are encrypted at-rest and in-transit across all systems.

🏃 In-transit
Your data is being sent from one location to another (usually one server/computer to another)

🛌🏾 At-rest
Your data is physically being stored on a device (usually a server)

🕳️ S3 Bucket
This is where we store larger (usually media) files such as images and videos

🤝 Database
This is a server that stores data that relates to one another. In other words, this is where we can query to answer questions like: "what is a user?", "does a user own one or many videos?", "could you get me a list of all of this user's comments?"

Short for Application Programming Interface. APIs are like the wires, plugs and adapters that we connect together to give us the ability to communicate between our different systems passing on the  electricity (in our case data & information) which powers our systems.

Short for Amazon Web Services. This is the cloud provider we use at Drop Bio Health that allows us to rent storage and compute capacity from their data centers.

A firewall that blocks access to a server or group of servers only to users/robots that have the proper permissionsIf you have any questions about privacy at Drop Bio Health, we are here to help. Email us at