Privacy Notice
Last updated: July 15, 2025
MiraDx, Inc. (“MiraDx”, “we” or “us”) is committed to protecting your privacy. This Privacy Notice explains how we collect, use, share and protect personal information that you provide when you visit our miradx.com website, or any other applications, products, services, and social media accounts (if applicable) that link to this Privacy Notice.
You may be able to purchase or order patient testing services through our website or affiliated platforms. We may collect personal information, including health-related information, to process your order, communicate with you, and comply with applicable legal, regulatory, and ethical requirements. This Privacy Notice explains how we handle such information. However, if your test is ordered by a healthcare provider and billed to your health insurance, that provider is responsible for providing you with a HIPAA-compliant notice of privacy practices and this Privacy Notice will not apply.
As a research company in personalized cancer medication, we may receive biological or DNA samples (“Samples”) from research partners for processing for research purposes, in accordance with permissions granted through informed consent forms. While such Samples are de-identified, this Privacy Notice also describes our data handling practices related to information derived from or linked to them.
Please refer to our Consumer Health Data Privacy Policy for additional information about the processing of your consumer health data in connection with patient testing, and to learn about your rights under applicable state consumer health privacy laws.
Information We Collect
We may collect information directly from you, from third parties, or automatically through your use of our website, as described below.
Information you submit to us
- Contact information. MiraDx may collect, store, and use personal information that you voluntarily submit to us when you use our website, such as your first and last name, contact information, demographic data, and provider information.
- Patient testing. When you order and/or purchase patient tests through our website or affiliated platforms, such as tests for detecting genetic variants, we collect health information about you, such as your cancer diagnosis, current or past treatments, medications, records of prior genetic or cancer-related testing if you choose to provide them, or planned medical procedures. For more information, please read our Consumer Health Data Privacy Policy. We will also collect payment information needed to complete your order, including your name, payment card information, and billing information. This information is processed by our third-party payment processors. We may also collect information about your income to determine if you qualify for financial assistance.
Information we obtain from third parties
We may maintain pages on social media platforms, such as LinkedIn, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use, and processing of your personal information.
Information related to Samples
We may receive Samples from research partners in order to enable, support and validate our genetic testing services. We collect and process information associated with Samples, including coded or de-identified information such as genetic data, diagnostic results, or other health-related information derived from Samples. We use such information solely for research and development purposes, including validation and improvement of our testing methodologies, in accordance with the permissions granted through informed consent forms obtained by the originating organization, privacy laws and relevant contractual agreements.
Information collected automatically
We and our service providers may automatically collect information about you and your computing device when you use, browse, and interact with our website, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
- Usage data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened our marketing emails or clicked links within them.
We use the following tools for automatic data collection
- Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand website user activity and patterns, and for advertising purposes. For example, Google Analytics collects information about how users use our website, which we then use to compile reports that disclose trends without identifying individual visitors, and help us improve our website. For more information on Google Analytics, click here.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
How We Use Your Personal Information
Website Data
MiraDx may use personal information that we collect through our website to:
Provide, operate, maintain, and secure our website.
Communicate with you, including to respond to your requests and provide support, and send you announcements, surveys, updates, security alerts, and support and administrative messages.
Improve, monitor, and personalize our website, including by understanding your needs and interests, and personalizing your experience with the website and our communications.
For research and development. We may use your personal information for research and development purposes, including to analyze and improve our services and our business. As part of these activities, we may create aggregated or de-identified data from personal information we collect. We may use this data and disclose it to third parties for our lawful business purposes, including to analyze and improve our services and promote our business.
Direct marketing. We may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, newsletters, and updates on news and events. You may opt out of our marketing emails as described in the “Opt out of marketing communications” section below.
Interest-based advertising. We engage our advertising partners, including third-party advertising companies and social media companies, to display ads around the web. These companies may use cookies and similar technologies to collect information about your interaction over time across our website, our communications, and other online services, and use that information to serve online ads that they think will interest you. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the “Limit online tracking” section below.
Compliance and protection. We may use personal information to comply with legal obligations, enforce our terms, protect rights and safety, ensure internal compliance, and prevent or investigate fraud, abuse, or security incidents.
Patient Testing Data
When you order and/or purchase patient tests, we use your personal information to:
- Process and perform your test, including analyzing genetic variant information.
- Communicate with you about your test, such as regarding status, results, or clarifications.
- Meet legal, regulatory, and ethical obligations, including those related to diagnostic laboratories.
- Improve our services, using aggregated and de-identified data to enhance testing accuracy and interpretation.
- Ensure security and prevent fraud, such as verifying orders or detecting misuse.
- Comply with your direction or consent, such as if you direct us to share your test results with your doctor or genetic counselor.
Information related to Samples
We use information associated with Samples we may receive from research organizations solely for research and development purposes, including the validation and improvement of our testing methodologies, in accordance with the permissions granted through informed consent forms obtained by the originating organization, privacy laws and relevant contractual agreements.
We do not use any patient data, including data collected through our patient testing services, for marketing or advertising purposes.
Sharing Your Personal Information
MiraDx may share your information with third parties as described below. MiraDx will not sell or rent your personal information to any other company or organization.
- Service providers. We may occasionally hire third-party service providers to provide limited services on our behalf. MiraDx will give the providers only the personal information they require to perform the services and requires such providers to maintain the confidentiality of the information they receive.
- Authorities and others. We may need to access or disclose your personal information to comply with the law or legal process and to exercise our legal rights or defend against legal claims. We may share personal information and any additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or as otherwise required by law.
- Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Notice.
Security of Your Personal Information
MiraDx uses a combination of reasonable security measures designed to protect personal information. Information is processed and stored on servers with access controls in place.
Data Privacy Framework
MiraDx complies with the EU-US Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, “Data Privacy Framework”). MiraDx has certified to the U.S. Department of Commerce that it adheres to: (1) the EU-U.S. DPF Principles with regard to the processing of personal information received from the EEA in reliance on the EU-U.S. DPF; (2) the EU-U.S. DPF Principles with regard to the processing of personal information received from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF; and (3) the Swiss-U.S. DPF Principles with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”).
If there is any conflict between the terms in this Privacy Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit www.dataprivacyframework.gov.
Liability for Onward Transfers: MiraDx is accountable for onward transfers to third parties under the DPF Principles. In particular, MiraDx remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the DPF Principles unless MiraDx proves that it is not responsible for the event giving rise to the damage.
Access: You have the right to access personal information we hold about you and to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the DPF Principles, subject to applicable exemptions. To make such request, please contact us at info@miradx.com.
Choice: If MiraDx wishes to use personal data covered by this Privacy Notice for a purpose that is materially different from the purpose for which it was originally collected – or later authorized – or to disclose it to a non-agent third party in a manner not described here, we will first give you the opportunity to decide whether your personal data may be so used or disclosed. To opt out, please contact us at info@miradx.com.
Certain categories of personal data – such as information about medical or health conditions, racial or ethnic origin, political opinions, and religious or philosophical beliefs – are treated as “sensitive information.” MiraDx will not use or disclose sensitive information for any purpose other than as described in this Privacy Notice, unless we have obtained your affirmative express consent (opt in).
Recourse: In compliance with the DPF Principles, MiraDx commits to resolve complaints about our processing of your personal information. If you have inquiries or complaints, please contact us at info@miradx.com.
We have further committed to refer unresolved Data Privacy Framework complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our US-based third-party dispute resolution provider, JAMS, at https://www.jamsadr.com/DPF-Dispute-Resolution, for more information and/or to file a complaint. This service is provided free of charge to you.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For more information on this option, please see Annex I of the Data Privacy Framework Principles at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
MiraDx may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The Federal Trade Commission has jurisdiction over our compliance with the Data Privacy Framework.
Your Choices
Providing your information: You may choose to provide information to MiraDx by filling out forms on our website, contacting us by email, or reaching out to us through other means.
Opt out of marketing communications: You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.
Limit online tracking. There are a number of ways to limit online tracking, which we have summarized below. Please note that these tools are not associated with us and we cannot guarantee that they work as their providers advertise them:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://www.allaboutcookies.org/.
- Using privacy plug-ins or browsers. You can block our websites from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Platform opt-outs. The following advertising partners offer opt-out features that let you opt out of use of your information for interest-based advertising.
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Do Not Track
We do not currently employ a mechanism to act upon “Do Not Track” instructions but are in the process of investigating such mechanisms.
Children’s Privacy
MiraDx websites and services are directed toward adults. We do not normally collect the personal information of children under the age of 13. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under 13, we will promptly remove such information from our databases.
Linked Sites
MiraDx may provide links to websites operated by third parties that are not covered by this Notice. MiraDx does not maintain these sites and is not responsible for the privacy practices of sites it does not operate. We encourage you to review the privacy policies posted on those websites.
Changes to Our Privacy Notice
If we change our Privacy Notice and procedures, we will post those changes on our website to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it. Changes to this Privacy Notice are effective when they are posted on this page.
How to Contact Us
You can contact MiraDx using our website contact page or send an email to the address below. Please include your contact information and a detailed description of your request or privacy concern.
MiraDx, Inc.