Privacy Policy

Last updated: June 26, 2026

Cytio (“Cytio,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use our website, mobile application, test kits, sample-related services, reports, subscriptions, customer support, and related services (collectively, the “Services”).

By using our Services, you acknowledge that you have read and understand this Privacy Policy.

Scope

This Privacy Policy applies to personal information we collect through:

Our website and pages
Mobile application and app-based features
Account creation and login
Purchase, checkout, and subscription flows
Test kit registration and sample processing
Reports, results, insights, and recommendations
Contact and support requests
Newsletter, marketing, and promotional forms
Surveys, feedback, or other interactions with Cytio

It does not apply to third-party websites or services we do not control.

Information We Collect

We may collect the following categories of personal information.

Information You Provide

Identity and contact details (for example: name, email, phone number)
Shipping and billing information (for example: address)
Account or order-related details
Communications you send us (support messages, feedback, survey responses)
Newsletter and marketing preferences

Account Information

If you create an account, we may collect account credentials, login information, account settings, subscription status, app preferences, saved inputs, linked kit or sample identifiers, and account activity.

Sample, Results, and Wellness Information

If you purchase or use a Cytio test kit or related service, we may collect information related to your sample, kit registration, testing process, reports, results, app insights, and related wellness information.

This may include:

Kit identifiers, sample identifiers, and registration information
Sample collection date, shipping status, receipt status, and processing status
Laboratory testing information and test-related data
Results, reports, interpretations, insights, recommendations, and app-generated guidance
Information you provide about caffeine use, sleep, schedule, lifestyle, preferences, or goals
Information needed to provide personalized or population-based insights

Cytio does not provide medical diagnosis or treatment, and our Services are intended for wellness, educational, and informational purposes only.

Payment Information

Payments are processed by third-party payment providers. We generally do not store full payment card numbers or security codes on our servers.

Information Collected Automatically

Device and browser information
IP address and approximate geolocation
Pages viewed, actions taken, referring URLs, and timestamps
Cookies and similar technologies (see Cookies section below)
App usage information, feature interactions, session information, crash logs, diagnostics, and performance data
Device identifiers, operating system, app version, device type, and mobile network information

Information From Third Parties

We may receive limited information from service providers or partners, including laboratory partners, analytics providers, payment processors, subscription billing providers, fraud prevention vendors, shipping providers, CRM platforms, customer support tools, and marketing tools.

How We Use Information

We use personal information to:

Provide, operate, and improve our Services
Process and fulfill orders, including shipping and customer support
Send transactional communications (order confirmations, shipping updates, service notices)
Register kits, process samples, coordinate laboratory testing, and generate reports or results
Provide app features, insights, recommendations, population-based information, and personalized wellness guidance
Manage accounts, subscriptions, free trials, promotional access, and billing-related services
Analyze, develop, validate, and improve our reports, algorithms, app features, and Services
Evaluate sample quality, troubleshoot sample processing issues, and determine whether a replacement sample, replacement kit, credit, refund, or other remedy may be appropriate
Send newsletters and promotional messages (where permitted by law)
Personalize website content and user experience
Detect, prevent, and investigate fraud, abuse, and security incidents
Comply with legal obligations and enforce our Terms

Legal Bases for Processing (Where Applicable)

If you are in a jurisdiction that requires a legal basis (such as the UK/EEA), we process personal information on one or more of the following grounds:

Performance of a contract (for example, processing your order)
Legitimate interests (for example, site security, analytics, service improvements)
Consent (for example, certain marketing communications)
Legal obligation (for example, tax or consumer protection laws)

Cookies and Similar Technologies

We use cookies, pixels, local storage, and similar technologies to:

Keep the website functioning
Remember preferences
Analyze traffic and usage patterns
Support marketing and advertising activities

Depending on your location, you may be able to manage cookie preferences through your browser settings or consent tools shown on the site.

For mobile applications, you may also be able to manage certain tracking or advertising preferences through your device settings.

Analytics and Advertising

We may use analytics, attribution, advertising, and measurement tools to understand how users interact with the Services, improve performance, measure marketing campaigns, and display Cytio promotional content.

We use Google Analytics to help us understand website traffic, usage patterns, page performance, referral sources, and interactions with our website. Google Analytics may collect information such as pages visited, time spent on pages, device and browser information, approximate location, referring URLs, and interactions with website features through cookies, identifiers, and similar technologies.

Google may process this information as described in Google’s explanation of how it uses information from sites or apps that use its services: How Google uses information from sites or apps that use our services.

If we use third-party advertising, remarketing, Google Analytics Advertising Features, Google Signals, cross-context behavioral advertising, or similar tools, those tools may collect or receive information such as device identifiers, app activity, cookie identifiers, IP address, approximate location, and interaction data, subject to applicable law and your available privacy choices.

Do Not Track and Global Privacy Signals

Some browsers and devices offer “Do Not Track” or similar privacy signals. Because there is not yet a uniform industry standard for responding to all such signals, we do not currently respond to all browser “Do Not Track” signals.

Where required by applicable law, we may recognize legally required opt-out preference signals, such as Global Privacy Control, or provide other methods for exercising applicable privacy choices.

Third-party analytics, advertising, attribution, or marketing providers may collect information about your interactions with our Services over time and across different websites, apps, or online services, as described in this Privacy Policy.

We may share personal information with:

Laboratory partners that process samples or generate test-related information
App, cloud hosting, database, and infrastructure providers
CRM, customer support, and communication platforms
Payment processors and subscription billing providers
Shipping and fulfillment providers
Analytics, advertising, attribution, and marketing providers
Professional advisors (legal, tax, accounting, insurance) where necessary
Government authorities or regulators when required by law
Parties involved in a business transaction (for example, merger, acquisition, restructuring, or asset sale)

We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising except as described through cookies, analytics, advertising, or marketing tools, where applicable law permits.

De-Identified or Aggregated Information

We may create, use, disclose, and retain information that has been de-identified or aggregated so that it is not reasonably associated with an identifiable individual, as permitted by applicable law.

We may use de-identified or aggregated information to operate, analyze, improve, develop, or validate our Services, including reports, app features, population-based insights, algorithms, educational content, and service performance.

We do not attempt to re-identify de-identified or aggregated information unless permitted or required by applicable law.

Sensitive Information

Some information we collect may be considered sensitive personal information under applicable law, such as account login information, sample-related information, results, or wellness-related information.

We use sensitive personal information only as reasonably necessary to provide the Services, process transactions, maintain security, comply with law, prevent fraud, support customer requests, improve our Services, or as otherwise permitted by applicable law.

Data Retention

We retain personal information only as long as necessary for the purposes described in this Privacy Policy, including to:

Provide Services to you
Maintain business and tax records
Resolve disputes and enforce agreements
Comply with legal obligations

Retention periods vary by data type and legal requirements.

Some information may be retained after account deletion where necessary for legal, regulatory, tax, accounting, security, fraud-prevention, dispute-resolution, laboratory, customer support, backup, or business-record purposes.

If you request deletion of your account or personal information, we may delete, de-identify, or retain information as permitted or required by applicable law.

Data Security

We use reasonable technical and organizational safeguards designed to protect personal information. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

If we become aware of a security incident involving personal information, we will take steps to investigate and respond as required by applicable law.

Your Privacy Rights

Depending on your location, you may have rights such as:

Access to personal information we hold about you
Correction of inaccurate information
Deletion of your personal information
Restriction or objection to certain processing
Data portability
Withdrawal of consent where processing is based on consent
Non-discrimination for exercising privacy rights

To exercise rights, contact us using the details in the Contact section. We may need to verify your identity before completing your request.

California Privacy Rights

This section applies only to the extent California privacy laws apply to Cytio and the personal information at issue. If you are a California resident, you may have certain privacy rights under California law, subject to applicable limitations and exceptions.

These rights may include:

The right to know what categories of personal information we collect, use, disclose, sell, or share
The right to access the specific pieces of personal information we maintain about you
The right to request deletion of personal information
The right to request correction of inaccurate personal information
The right to opt out of the sale or sharing of personal information, where applicable
The right to limit certain uses or disclosures of sensitive personal information, where applicable
The right not to be discriminated against for exercising privacy rights

You or your authorized agent may submit a privacy request by contacting us through our Contact page. We may need to verify your identity before processing your request. If an authorized agent submits a request on your behalf, we may require proof of authorization and may ask you to verify your identity directly with us.

Some requests may be limited or denied where permitted by law, including where retaining information is necessary to complete a transaction, provide the Services, maintain security, prevent fraud, comply with legal obligations, resolve disputes, or preserve business records.

If we are required to provide additional opt-out methods, such as a “Do Not Sell or Share My Personal Information” link or preference tool, we will make those methods available as required by applicable law.

Service Communications

We may send transactional, administrative, security, account, order, subscription, sample, results, support, or other service-related communications. These communications are not promotional, and you may not be able to opt out of them while you use the Services.

Marketing Communications

You can unsubscribe from marketing emails at any time by:

Clicking the unsubscribe link in the email, or
Contacting us directly

Even if you opt out of marketing messages, we may still send non-promotional communications related to orders, transactions, or important service notices.

Children’s Privacy

Our Services are intended for use only by adults and are not directed to children or minors. We do not knowingly collect personal information from children or minors, except where Cytio expressly permits otherwise in writing and as permitted by applicable law.

You may not create an account, register a kit, submit a sample, or use the Services on behalf of a child or minor unless Cytio expressly permits this in writing.

If you believe a child has provided personal information to us, contact us and we will take appropriate steps.

International Data Transfers

If you access our Services from outside the country where our systems or service providers operate, your information may be transferred to, stored in, or processed in other countries. Where required, we use appropriate safeguards for international transfers.

Third-Party Links and Services

Our website may include links to third-party websites or integrations. We are not responsible for third-party privacy practices. Please review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top indicates when the latest revision was made. Material changes will be posted on this page.

Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, send us a message through our Contact Form or email us at privacy@cytiolabs.com