Last Updated: January 1, 2026
Consumer Health Data Privacy Policy
This Consumer Health Data Privacy Policy is provided in compliance with the Washington My Health My Data Act (MHMDA), RCW 19.373, and similar state consumer health data privacy laws. This is a standalone document as required by law and must be linked from the SoDNAscan homepage.
This policy supplements our general Privacy Policy and applies to all consumer health data collected, used, or shared by SoDNAscan.
1. About SoDNAscan
SoDNAscan is operated by Samuel Virag, a sole proprietorship.
- Contact Email: info@sodnascan.com
SoDNAscan provides a wellness platform that generates personalized Health Books using AI-powered analysis of genetic data, blood work, wearable health data, and self-reported health information.
2. Categories of Consumer Health Data Collected
SoDNAscan collects the following categories of consumer health data:
2.1 Genetic Data
- Raw genetic files uploaded from consumer testing providers (23andMe, AncestryDNA)
- Parsed individual genotype data (SNP identifiers, chromosome positions, allele values)
- Matched genetic variant data correlated with health-relevant research
2.2 Blood Work Data
- Lab test biomarker results (marker names, values, units, reference ranges, flags)
- Lab metadata (lab name, test date)
- Uploaded blood work PDF documents or pasted text
2.3 Wearable Health Data
- Device health exports from Apple Health, Oura, Fitbit, Whoop, or generic CSV formats
- Parsed health metrics: heart rate, resting heart rate, heart rate variability (HRV), blood oxygen saturation (SpO2), respiratory rate, active calories, exercise minutes, steps, sleep duration and stages (core, deep, REM), sleep score, VO2 max, body mass, BMI, readiness score, recovery score, and strain
2.4 Self-Reported Health Information
- Current health status
- Health history
- Family health history
- Current supplements
- Health goals
- Lifestyle notes and preferences
2.5 Health Insights Derived by AI
- AI-generated analytical reports analyzing genetic, blood work, and wearable data
- Personalized Health Book content
3. Sources of Health Data
All consumer health data is collected directly from you through the following mechanisms:
| Source | Data Type |
|---|---|
| File upload | Genetic files (23andMe/AncestryDNA format), blood work PDFs, wearable device exports (XML, ZIP, CSV) |
| Text input | Pasted blood work results, health history, family history, demographics, goals |
| AI processing | Health insights derived by analyzing your uploaded data with AI |
SoDNAscan does not purchase, receive, or infer consumer health data from third-party sources.
4. Purposes of Collection, Use, and Sharing
Consumer health data is collected and used for the following purposes:
| Purpose | Description |
|---|---|
| Service delivery | Parsing, storing, and analyzing your health data to generate your personalized Health Book |
| AI processing | Transmitting your health data to Anthropic's Claude API for analysis and report generation |
| Blood work extraction | Using AI to extract structured biomarker data from uploaded PDFs or pasted text |
| Data storage | Storing your health data in our database and file storage systems for your ongoing access |
| Account management | Maintaining your user profile and health data in association with your account |
| Security | Protecting the integrity and confidentiality of your health data |
We do not use consumer health data for:
- Advertising, marketing, or profiling
- Sale to any third party
- Sharing with insurance companies or employers
- Training AI models
- Research (unless separately and explicitly consented to)
5. Third Parties Receiving Consumer Health Data
The following third parties receive consumer health data from SoDNAscan. Each is identified by name as required by MHMDA:
Anthropic, PBC
- What they receive: Your full health profile (name, age, sex, height, weight, ethnicity, health status, health history, family history, supplements, goals), all matched genetic variant data, all confirmed blood biomarker values, all wearable health metrics
- Purpose: AI-powered analysis and Health Book generation
- Retention: 7 days, then deleted
- Training: Does not use API data to train AI models
- Location: United States
- Website: anthropic.com
Supabase, Inc.
- What they receive: All consumer health data listed in Section 2 (stored in Supabase-hosted PostgreSQL database and file storage buckets)
- Purpose: Persistent data storage, file storage, and user authentication
- Data residency: EU West — Frankfurt
- Backup retention: Automated backups persist for up to the backup retention window after deletion
- Website: supabase.com
Stripe, Inc.
- What they receive: Email address and internal user ID only. Stripe does not receive genetic data, health data, or wearable data
- Purpose: Payment processing for Health Book purchases
- Website: stripe.com
No other third parties receive consumer health data from SoDNAscan.
6. Consent
6.1 Consent for Collection
SoDNAscan collects consumer health data only when you actively upload files or enter information. No health data is collected passively or without your direct action.
6.2 Consent for AI Processing
AI-powered analysis of your health data requires your explicit, separate consent via our Data Use Policy. You may use your SoDNAscan account without enabling AI features.
6.3 No Sale of Consumer Health Data
SoDNAscan does not sell consumer health data. Any future sale of consumer health data would require a separate, signed authorization from you — which we have no plans to request.
7. Consumer Rights
Under MHMDA and applicable state consumer health data privacy laws, you have the following rights:
7.1 Right to Access
You may request a copy of all consumer health data we have collected about you. We will provide this data in a structured, machine-readable format.
7.2 Right to Deletion
You may request deletion of all consumer health data we hold. Deletion:
- Removes all health data from active database systems
- Removes all uploaded files (genetic files, blood work PDFs, wearable exports) from file storage
- Removes all generated Health Books and analytical reports
- Extends to archives and backups — we will delete your data from backup systems within the backup retention window (typically 7 days). We do not retain health data in backups or disaster recovery systems beyond this period after a deletion request
- Triggers deletion propagation to our third-party processors (Anthropic data expires within 7 days; Supabase is notified of deletion)
7.3 Right to Know Third Parties
You may request a list of all third parties to whom we have shared your consumer health data. See Section 5 of this policy for the current complete list.
7.4 Right to Withdraw Consent
You may withdraw consent for any purpose at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
8. How to Exercise Your Rights
To exercise any of the rights described in this policy:
- Email: info@sodnascan.com with the subject line "Health Data Request"
- Account deletion: Use the account deletion feature in the SoDNAscan application, which cascades deletion across all data types
We will acknowledge your request within 10 business days and complete it within 30 calendar days.
9. Enforcement
MHMDA provides consumers with a private right of action for violations of this policy. You may bring legal action in Washington state courts without first filing a complaint with a regulatory agency.
10. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated by email and by updating the "Last Updated" date.
11. Contact
- Email: info@sodnascan.com