Your privacy is important to us at SparkDX. We respect your privacy regarding any information we may collect from you across our website.
Spark Diagnostics LLC d/b/a SparkDX
Effective Date: May 5, 2026
________________________________________
We take your privacy very seriously. Please read this Privacy Policy ("policy") carefully as it contains important information on who we are and our information practices, meaning how Spark Diagnostics LLC d/b/a SparkDX ("SparkDX") may collect, use, disclose, sell, share, store, retain and protect your personal information in connection with our website, mobile application, direct-to-consumer diagnostic and wellness testing products, and AI-generated reports (collectively, the Services). It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint or request.
This Policy applies to users of our Services in the United States. By using our Services, you agree to the collection and use of information as described in this Policy. If you do not agree, do not use the Services. This Policy is incorporated by reference into our Terms of Service.
For California consumers, we are subject to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). We are responsible as a "controller" of that personal information for the purposes of the GDPR. We are responsible for your personal information as a "business" under the CCPA/CPRA.
The following are key terms used in this policy:
| Term | Definition |
|---|---|
We, us, our | Spark Diagnostics LLC d/b/a SparkDX |
Our representative | Spark Diagnostics LLC d/b/a SparkDX, Attn: Privacy Officer 1820 N Glenville Drive, Suite 108 Richardson, TX 75081. Email: privacy@sparkdx.com |
Personal information | Any information relating to an identified or identifiable individual |
Wellness and diagnostic data | Test results, biomarker values, images of test strips, and related information you provide or generate through the Services |
De-identified data | data that has been processed such that it cannot reasonably be used to identify an individual. De-identified data is not personal information for purposes of this Policy |
AI-generated insights and reports | Insights and reports from SparkDX that are not medical advice and provided for informational and educational purposes |
Sensitive Personal Information | Personal information revealing a consumer's social security number, driver's license and passport numbers, account numbers and credentials, precise geolocation, racial or ethnic origin, religious beliefs, or union membership, personal information concerning a consumer's health, sex life, or sexual orientation, contents of a consumer's mail, email and text messages where the business is not the intended recipient, genetic data, biometric information, or citizenship and immigration status |
Special category personal information | Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership; genetic and biometric data; and data concerning health, sex life or sexual orientation. |
Biometric Information | An individual's physiological, biological, or behavioral characteristics, including information about an individual's deoxyribonucleic acid (DNA), that is used or is intended to be used singly or with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information |
3.1 How Your Personal Information is Collected
We may collect your personal information from the following categories of sources:
• You, directly in person, by telephone, text, or email and/or via our website and mobile app.
• Third party with your consent (e.g., your bank).
• Advertising networks.
• Internet service providers.
• Data analytics providers.
• Government entities.
• Operating systems and platforms.
• Social networks.
• Data brokers.
• Publicly accessible sources (e.g., property records).
• Cookies on our website.
• Our IT and security systems, including automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email, and instant messaging systems.
3.2 Types of Information You Provide Directly
We may collect and use the following personal information that we collect directly from you, including Sensitive Personal Information, that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
Identifiers
We may also collect information that identifies, relates to, describes or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, physical characteristics or description, address, and telephone number.
Account registration
We collect information during account registration related to account log-in, financial account, bank account number, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
Purchase and payment information
We collect order details and billing/shipping information. Payment card information is processed by PCI-compliant third-party payment processors and is not retained on our servers.
Wellness and diagnostic data
The following wellness-related data is collected when you use our products and the SparkDX mobile app:
• Test results (including quantitative biomarker values).
• Images of test strips captured through the app.
• Self-reported wellness and lifestyle information you provide.
• Historical trend data from repeated testing.
• Communications, surveys, and feedback. We collect the content of your messages and information you choose to provide through surveys, reviews, or feedback programs.
Communications
When you contact us for support or with inquiries, we collect: the content of your messages; your contact information; and records of your communications with us.
Surveys and Feedback
If you participate in surveys, reviews, or feedback programs, we collect the information you choose to provide.
3.3 Types of Information Collected Automatically
We may collect and use the following personal information that we collect automatically, including Sensitive Personal Information, that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
Device and usage information
We collect device type, operating system, browser type, IP address, device identifiers, pages visited, features used, session data, and crash reports.
Cookies and similar technologies
We use cookies, web beacons, pixel tags, and similar technologies as described in our Cookie Policy.
Location information
We may collect approximate location based on IP address. We do not collect precise GPS location unless you grant device permissions.
3.4 Types of Information from Third Parties
We may receive information from payment processors, analytics providers, app store platforms, and email service providers (for example, delivery confirmation and open rates).
Under data protection laws, we can only use your personal information if we have a proper reason for doing so, for example:
• To comply with our legal and regulatory obligations.
• For the performance of our contract with you or to take steps at your request before entering into a contract.
• For our legitimate interests or those of a third party.
• Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The following describes what we use (process) your personal information for and our reasons for doing so:
• To provide the Services to you, including processing orders, fulfilling shipments, managing accounts and subscriptions, and enabling app functionality. Reason: For the performance of our contract with you and/or to take steps at your request before entering into a contract.
• To prevent and detect fraud against you. Reason: For our legitimate interests or those of a third party, i.e., to minimize fraud that could be damaging for us and for you.
• Conducting checks to identify our customers and verify their identity and/or for such other processing necessary to comply with professional, legal, and regulatory obligations that apply to our business. Reason: To comply with our legal and regulatory obligations.
• Gathering and providing information required by or relating to audits, inquiries, or investigations by regulatory bodies. Reason: To comply with our legal and regulatory obligations.
• Ensuring business policies are adhered to, e.g., policies covering security and internet use. Reason: For our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you.
• Statistical analysis to help us manage our business, e.g., in relation to our financial performance, customer base, product range or other efficiency measures. Reason: For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
• Operational reasons, such as improving efficiency, training, and quality control. Reason: For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
• Ensuring the confidentiality of commercially sensitive information. Reason: For our legitimate interests or those of a third party, i.e., to protect trade secrets and other commercially valuable information and for the performance of our contract with you and/or to take steps at your request before entering a contract.
• Updating customer records. Reason: For the performance of our contract with you or to take steps at your request before entering into a contract.
• Ensuring safe working practices, staff administration and assessments. Reason: To comply with our legal and regulatory obligations.
• Marketing our services and those of selected third parties to existing and former customers, third parties who have previously expressed an interest in our services, and third parties with whom we have had no previous dealings. Reason: For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
• External audits and quality checks. Reason: For our legitimate interests or those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations.
• Generate AI-powered wellness insights by sending your test data — without your name, email address, or account identifier — to our third-party AI Provider as described in Section 13. We obtain your consent before this processing begins. This processing may not involve individual human review of your specific results. We do not use automated processing to make decisions that produce legal or similarly significant effects on you. Reason: For the performance of our contract with you and/or to take steps at your request before entering a contract.
• Customer Communications and Support, to send order confirmations, shipping notifications, test result notifications, reports, and support responses. Reason: For the performance of our contract with you and/or to take steps at your request before entering a contract.
• Account management, process cancellations or modifications and respond to requests. Reason: For the performance of our contract with you and/or to take steps at your request before entering a contract.
• Trend analysis and progress tracking. Display trends over time within your dashboard. Reason: For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
• Service Improvement using aggregated and de-identified usage patterns to improve products, app features, AI algorithms, and user experience. Reason: For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
• For research and development using de-identified, aggregated wellness and diagnostic data to improve testing methodologies, reference ranges, and AI models. Reason: For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
• Preventing unauthorized access and modifications to systems and to detect, investigate, and prevent fraud, unauthorized access, and other illegal or harmful activity. Reason: For our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for us and for you.
5.1 Nature of Our Products
SparkDX products are general wellness monitoring tools and are NOT medical devices or clinical diagnostic tests. SparkDX collects wellness and diagnostic-related data through direct-to-consumer services.
Some entities are subject to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations. The HIPAA status of your information depends on context. Whether HIPAA applies to a particular activity can depend on whether SparkDX is acting as a HIPAA-regulated entity (for example, in connection with certain transactions) or as a service provider to such an entity.
If SparkDX is acting as a HIPAA business associate, covered entity, or otherwise subject to HIPAA for a particular activity, SparkDX will handle Protected Health Information as defined by HIPAA (PHI) in accordance with applicable HIPAA requirements for that activity.
If SparkDX is not acting as a HIPAA-regulated entity for a particular activity, information you provide to SparkDX through the Services may not be treated as PHI. In that case, we will still treat wellness and diagnostic data with a high degree of care consistent with this Policy.
We do not share individually identifiable wellness/diagnostic data with third parties for their independent use without your explicit consent.
5.2 Our Commitment to Protecting Your Wellness Data
Regardless of HIPAA applicability, SparkDX commits that:
• We do not sell your individually identifiable wellness/diagnostic data or test results to third parties for their independent use or for advertising targeting purposes.
• We do not share your individually identifiable wellness/diagnostic data with insurance companies or employers for their independent use, and we do not share with law enforcement except as required by valid legal process.
• We use wellness/diagnostic data only to provide and improve the Services as described in this Policy.
• We apply security controls appropriate to the sensitivity of wellness data.
5.3 Aggregate and De-identified Research Data
We may use wellness data that has been de-identified and aggregated (such that it cannot reasonably be used to identify any individual) for product development, research, and improvement of our AI models and wellness algorithms. De-identified data is no longer personal information and is not subject to this Privacy Policy.
We do not sell your personal information. We share personal information only as described below.
6.1 Service Providers
We share personal information with vendors that perform services on our behalf, including:
• Payment Processing — Stripe, PayPal. Data shared: billing information, transaction data. Purpose: secure payment processing.
• Shipping & Fulfillment — USPS, UPS, FedEx, 3PL partners. Data shared: name, shipping address, order information. Purpose: product delivery.
• Email Delivery — SendGrid, Mailchimp. Data shared: email address, report content. Purpose: sending results and communications.
• Cloud Infrastructure — Amazon Web Services (AWS), Google Cloud, Render. Data shared: encrypted account and test data. Purpose: secure data storage and processing.
• Analytics — Google Analytics. Data shared: anonymized usage data. Purpose: website and app performance measurement.
• Image Processing (Computer Vision) — Roboflow, Inc. Data shared: test strip images captured through the app. No name, email address, or account identifier is sent. Purpose: extracting quantitative values from test strip images.
• AI Insight Generation — Google LLC (Gemini API). Data shared: extracted test values, self-reported wellness inputs, and non-identifying context (such as age range and sex). No name, email address, or account identifier is sent. Purpose: generating personalized wellness insights.
• Customer Support — Helpdesk platforms. Data shared: support communications. Purpose: resolving support inquiries.
• Credit Reporting Agencies — TransUnion, Experian. Data shared: name, billing information, transaction data. Purpose: payment verification.
We allow service providers to handle your personal information only if we are satisfied that they take appropriate measures to protect it. Service providers are contractually required to process information only as directed by us, maintain appropriate security measures, and not use information for their own independent purposes.
6.2 Business Transfers
If SparkDX is involved in a merger, acquisition, asset sale, reorganization, or bankruptcy, personal information may be transferred as part of that transaction.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
6.3 Legal Requirements and Protection of Rights
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
6.4 With Your Consent
We may share information with third parties when you explicitly consent, including when you choose to share wellness/diagnostic data with a healthcare provider or wellness professional through the Services.
We retain personal information as long as necessary while you have an account with us and/or while providing the Services to you.
Thereafter, we will keep your personal information as required by law and/or to serve our legitimate business needs. Our records retention periods may change from time to time and different retention periods apply for different types of personal information. Generally, although the retentions may change without notice to you, the following retention periods apply:
• For account information, up to 3 years following account deletion.
• Test results and AI-generated reports retained up to 5 years from the date of the test.
• Payment records retained for 7 years for tax and accounting purposes.
• Marketing opt-out records retained to honor your preferences as long as your account is active.
When information is no longer needed, we securely delete or anonymize it in accordance with our retention schedules.
We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction, including encryption in transit (TLS), encryption at rest for sensitive data, access controls, security assessments, and incident response procedures.
No method of transmission or storage is completely secure; we cannot guarantee absolute security. If you believe your account has been compromised, contact us at privacy@sparkdx.com.
In the event of a data breach affecting your personal information, we will notify you as required by applicable breach notification laws.
9.1 General Rights
You may request access, correction, deletion (subject to legal retention requirements), portability, objection, and restriction as described in this Policy.
To exercise rights, contact privacy@sparkdx.com or use account settings in the SparkDX app. We will respond within 45 days of receiving a verified request, and we may need to verify your identity.
9.2 California Privacy Rights (if applicable)
You have the right under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and data protection laws, as applicable, to exercise free of charge the following rights.
Disclosure of Personal Information We Collect About You
You have the right to know, and request disclosure of:
• The categories of personal information we have collected about you, including sensitive personal information.
• The categories of sources from which the personal information is collected.
• Our business or commercial purpose for collecting, selling, or sharing personal information.
• The categories of third parties to whom we disclose personal information, if any.
• The specific pieces of personal information we have collected about you.
Please note that we are not required to:
• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained.
• Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.
• Provide the personal information to you more than twice in a 12-month period.
Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose
In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, you have the right to know:
• The categories of personal information about you that we sold or shared and the categories of third parties to whom the personal information was sold or shared.
• The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.
You have the right to opt-out of the sale of your personal information or sharing of your personal information for the purpose of targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, we will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information.
To opt-out of the sale or sharing of your personal information, visit our homepage and click on the Do Not Sell or Share My Personal Information link here: [URL].
Right to Limit Use of Sensitive Personal Information
You have the right to limit the use and disclosure of your sensitive personal information to the use which is necessary to:
• Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
• Perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with the business, if the consumer's personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with the business; (3) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
• As authorized by further regulations.
You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.
To limit the use of your sensitive personal information, visit our homepage and click on the "Limit the Use of My Sensitive Personal Information" link here: [URL].
Right to Deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
• Delete your personal information from our records.
• Direct any service providers or contractors to delete your personal information from their records.
• Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort.
Please note that we may not delete your personal information if it is reasonably necessary to:
• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.
• Help to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for those purposes.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent.
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
• Comply with an existing legal obligation.
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right of Correction
If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.
Protection Against Retaliation
You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA/CPRA. This means we cannot, among other things:
• Deny goods or services to you.
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
• Provide a different level or quality of goods or services to you.
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, discounts, or club card programs consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information.
9.3 Communications Preferences
You may opt out of marketing emails using the unsubscribe link or by contacting privacy@sparkdx.com. Transactional messages will continue.
9.4 Account Deletion
You may request deletion of your account and associated personal information via privacy@sparkdx.com or app settings. We will delete or anonymize personal information within 30 days, subject to legal retention obligations.
9.5 How to Exercise Your Rights
If you would like to exercise any of your rights as described in this Privacy Policy, you can do so here: [URL]. You may also email us at privacy@sparkdx.com.
Be prepared to provide us with:
• Enough information to identify you (e.g., your full name, address and customer or matter reference number).
• Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill).
• A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf.
Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
The Services are intended for individuals 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we learn we collected such information, we will delete it.
The Services are directed to users in the United States. Information is processed in the United States and subject to U.S. law; if you access from outside the United States, you consent to transfer to the United States.
Our website and app may link to third-party websites or services. This policy applies only to information collected through our Services; we are not responsible for third-party privacy practices.
13.1 How insights are generated
When you capture a test strip image in the SparkDX app, the following processing occurs:
• The image is uploaded to the SparkDX backend, which is hosted on Render.
• The image is sent to Roboflow, Inc., our Image Processing Provider, to extract the quantitative values from the strip. The image is sent without your name, email address, or account identifier.
• The extracted values, together with any self-reported wellness inputs and non-identifying context (such as age range or sex), are then sent to Google LLC's Gemini API, our AI Provider, to generate a personalized wellness insight. No name, email address, or account identifier is sent to Google.
• The generated insight is returned to the SparkDX backend, associated with your account on our servers, and displayed to you in the app.
13.2 Your consent
Before SparkDX sends any data to Roboflow or Google for the first time, the SparkDX app will ask for your explicit consent. You may withdraw your consent at any time in the app's settings or by emailing privacy@sparkdx.com. If you withdraw consent, you will no longer be able to generate new AI-powered insights, but previously generated insights will remain available in your account unless you also request deletion.
13.3 Equal or equivalent protection
Both Roboflow and Google are contractually obligated, under our agreements with them, to:
• Process your data only as directed by SparkDX and only for the purposes described in Section 13.1.
• Apply security protections that are equivalent to those described in this Policy.
• Not use your data to train their general-purpose AI models or for any other independent purpose.
• Retain the data only for as long as necessary to perform the requested processing.
13.4 Model improvement
SparkDX may use aggregated and de-identified data to improve our own AI prompts, reference ranges, and product features. Your individual test results contribute to this improvement only in de-identified form. You may opt out of this de-identified contribution by contacting privacy@sparkdx.com.
13.5 Automated decision-making
Our AI Provider does not make decisions that produce legal or similarly significant effects on you. Insights are informational only and are not medical advice or diagnoses.
This policy was published on May 5, 2026. We may update this Policy from time to time. When we make material changes, we will update the effective date, post the revised Policy, and notify you by email if changes are significant. Continued use after posting constitutes acceptance.
Contact our Privacy Team at:
Spark Diagnostics LLC d/b/a SparkDX
Attn: Privacy Officer
1820 N Glenville Drive, Suite 108
Richardson, TX 75081
Email: privacy@sparkdx.com
Website: www.sparkdx.com
Spend $50.00 more and get free shipping!
Your cart is empty.
Continue Shopping