When you explore your health and wellbeing with us, you entrust us with important personal information. That’s why, since day one, protecting your privacy has been our number one priority. We're committed to providing you with a safe place where you can learn about your health and wellbeing knowing your privacy is protected.
It’s your data, and you are in control. From the moment you become a member, you have meaningful choice in everything you do. That means you decide how your information is used. We’ve answered a few frequently asked questions below.
No. Your data (blood test or self-reported) will not be provided to an insurance company or employer. End of story.
Absolutely not. If you choose to participate in our groundbreaking research (that hopes to accelerate scientific discovery and treatments), your data will be de-identified (stripped of your personal information) and aggregated (put into a data set with other people's data) before being analysed by our researchers.
You decide whether the lab biobanks your blood sample or safely discards it after it is analysed.
You are free to change your mind at any time and request to delete your account or have us discard your sample in your account settings at any point.
Your health and wellbeing information deserves the highest level of security, because without security, you can’t have privacy. Drop Bio Health employs software, hardware, and physical security measures to protect your data. And while no security standard or system is hack proof, we’re doing everything in our power to keep your personal data safe.
Drop Bio Health employs software, hardware, and physical security measures to protect your data. Third-party security experts regularly conduct audits and assessments of our systems, ensuring we will never let our guard down. And we encrypt all sensitive information, both when it is stored and when it is being transmitted, so that we make it difficult for potential hackers to gain access.
Your personally identifiable information (such as your name and email) is stored in separate databases from your blood and self-reported data so that no one but you (when you use your username and password) can connect the dots between the two. That means even if someone gained access to one of these databases, they could not connect your identity to your health, or vice versa.
Your data consists of things like your name, address, password, blood test and self-reported data and health insights.
The majority of this data is stored on an encrypted database at both rest and in-transit within Amazon Web Services. Encryption at rest is like storing data in a safe with a combination that only a few people know (a key), encryption in transit is like using an armored vehicle to transport it between services. Our member database server is behind a firewall (or virtual private cloud, VPC) that only privileged servers have access to (such as our backend application servers). Only approved applications and Drop Bio Health staff members have access to deidentified member data, these applications and individuals also need security keys to access data at any time. Our APIs use an authentication token to authenticate and authorize.
We use technologies that help to deliver a member experience which is as secure as it is insightful. We only send data to trusted third-party systems that are subject to strict privacy and security controls.
We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t understand our reasoning, please email us at privacy@dropbiohealth.com. If you do not agree with your data going to a specific system, deleting your Drop Bio Health account will permanently delete all of your data from all our systems.
Here are some resources for you which we hope make you feel more confident that you are in control and your data is well-protected. We also understand that you may want to dive deeper and we want to make sure you have all of your questions answered. You can contact us here - privacy@dropbiohealth.com
🇦🇺 Australia
Member Identity and Access Management
Auth0 is a world class identity management system. We use it to verify member access to our systems.
🌍 Global
Subscription management
Stripe allows us to manage member subscriptions and shopping checkout processes.
🇨🇦 Canada & 🇺🇸 USA
Order management
We use Shopify to manage & fulfill orders of our kits.
🇺🇸 USA
Customer Experience Automation - EDM & CRM
Active Campaign is email marketing and customer experience platform.
🇪🇺 European Union
Analytics and User Behavioural Data
We use Mixpanel to analyze & improve our member’s experience across our different touchpoints.
Japan
Customer support service
Member support and service is paramount to us. This is why we use Zendesk to manage all member questions & queries.
🇺🇸 USA
Error logging service
Sentry helps us know if, when & where there might be an issue in one of our applications.
🇺🇸 USA
Content Management System
Webflow powers our Dropbiohealth.com website and it’s the platform that you are most likely reading this on.
Order Fulfillment
We use Shipstation as our fulfillment platform to get our kits to our members.
🇦🇺 Australia
Member Data
DropBio Health platform infrastructure is hosted on AWS, AWS data centres are secured using the best in class security protocols which include procedures on, security by design, physical access, monitoring & logging, surveillance & detection, ongoing governance & risk. Read more about how AWS keeps data secure.
Here are some resources for you which we hope make you feel more confident that you are in control and your data is well-protected. We also understand that you may want to dive deeper and we want to make sure you have all of your questions answered. You can contact us here - privacy@dropbiohealth.com
🔒 Encrypted
Encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally-identifiable data (videos, images and text) are encrypted at-rest and in-transit across all systems.
🏃 In-transit
Your data is being sent from one location to another (usually one server/computer to another)
🛌🏾 At-rest
Your data is physically being stored on a device (usually a server)
🕳️ S3 Bucket
This is where we store larger (usually media) files such as images and videos
🤝 Database
This is a server that stores data that relates to one another. In other words, this is where we can query to answer questions like: "what is a user?", "does a user own one or many videos?", "could you get me a list of all of this user's comments?"
🔌 API
Short for Application Programming Interface. APIs are like the wires, plugs and adapters that we connect together to give us the ability to communicate between our different systems passing on the electricity (in our case data & information) which powers our systems.
🤖 AWS
Short for Amazon Web Services. This is the cloud provider we use at Drop Bio Health that allows us to rent storage and compute capacity from their data centers.
🔥 VPC
A firewall that blocks access to a server or group of servers only to users/robots that have the proper permissionsIf you have any questions about privacy at Drop Bio Health, we are here to help. Email us at privacy@dropbiohealth.com.
