The Upload a Test feature is a service operated by VITAMIN-ONE FORMULAS LTD. (“VitaminLab”) that allows practitioner clients to upload patient lab results for the purpose of creating a recommended formula for the practitioner’s patients. This Privacy Policy describes how data submitted through the Upload a Test feature is collected, stored, used, and protected.

Practitioner Responsibility

By using the Upload a Test feature, practitioners confirm that:

  • They have the legal right to share the lab results and related patient data under HIPAA and/or other applicable regulatory requirements in their jurisdiction.
  • They understand that VitaminLab relies on this representation and does not independently verify the practitioner’s right to disclose such information.

Practitioners should not use the Upload a Test feature unless they agree to this Privacy Policy and are authorized to share the relevant patient information.

Data Collection and Storage

  • Lab Results: The lab results uploaded through this feature are transmitted directly to VitaminLab’s HIPAA-compliant data storage partner, Box.com.
  • Access Control: Lab results stored in Box.com are only accessible to team members who require access in order to:
    • formulate personalized supplement recommendations,
    • perform quality control, or
    • ensure the proper functioning of the Upload a Test service.
  • Resulting Formula: The only data retained outside of Box.com is the resulting formula created based on the uploaded lab results.

Data Retention

  • Patient information uploaded to Box.com through the Upload a Test feature will be retained for 180 days.
  • After 180 days, the uploaded patient information will be deleted and no longer accessible to VitaminLab.
  • The resulting formula may be retained in accordance with VitaminLab’s standard business and compliance processes.

Use of Data

Patient lab data uploaded through the Upload a Test feature will be used solely for the purpose of:

  • creating a recommended formula for the practitioner’s patient,
  • ensuring quality and accuracy of the formulation, and
  • supporting the proper operation of the service.

This data will not be used for marketing or any other secondary purposes.

Security

VitaminLab uses Box.com’s HIPAA-compliant platform to safeguard uploaded lab results. Access is restricted to authorized personnel only, and measures are in place to protect patient information against unauthorized use or disclosure.

Updates to This Privacy Policy

VitaminLab reserves the right, at its sole discretion, to update, amend, and/or change this Privacy Policy without prior notice and at any time. Updates to this Privacy Policy will be posted here, and continued use of the Upload a Test feature following the posting of any such changes shall automatically be deemed acceptance of all changes.

Privacy Policy – Upload a Test Feature (Canada – excluding Quebec)

Operated by VITAMIN-ONE FORMULAS LTD. (“VitaminLab”)

Effective Date: Nov 24th 2025

This Privacy Policy applies exclusively to the Upload a Test feature, which enables practitioner clients to upload patient lab results for the purpose of creating a personalized supplement formula for their patients. This policy complies with PIPEDA and applicable provincial private-sector privacy laws, as well as relevant health-sector obligations where practitioners act as custodians or trustees under provincial health information legislation (e.g., Ontario PHIPA, Alberta HIA, BC FIPPA for public-sector clinics).

Practitioner Responsibility and Legal Authority

By using the Upload a Test feature, the practitioner represents and warrants that:

  • They have all necessary authority, consent, and legal rights to disclose patient health information to VitaminLab.
  • They comply with applicable laws, such as PHIPA in Ontario or HIA in Alberta, where applicable.
  • They will not upload any information they are not authorized to share.

VitaminLab does not verify the practitioner’s authority to disclose patient information and relies fully on the practitioner’s representation.

Collection and Storage of Personal Health Information

Data Uploaded: The Upload a Test feature is used to upload:

  • patient lab results,
  • patient identifiers included within those results, if any,
  • any information required to create a recommended formula.

Storage Location: All uploaded files are stored directly within Box.com, VitaminLab’s HIPAA-compliant and PIPEDA-compliant secure data storage partner.

Access Controls: Uploaded data is accessible only to VitaminLab team members who require access for:

  • performing formulation work,
  • conducting quality assurance,
  • ensuring the proper functioning and security of the Upload a Test feature.

Use of Personal Health Information

Patient information uploaded through this feature will only be used to:

  • create the recommended formula,
  • support formulation quality and accuracy,
  • ensure proper operation of the service.

The information will not be used for marketing, profiling, research, or any secondary purpose.

Data Retention and Deletion

  • All uploaded patient information stored in Box.com will be retained for 90 days.
  • After 90 days, the patient information will be deleted from VitaminLab systems and no longer accessible.
  • The resulting formula, which does not require identifiable patient information to exist, may be retained by VitaminLab in accordance with applicable business and compliance practices.

Safeguards

VitaminLab uses technical, administrative, and physical safeguards appropriate to the sensitivity of personal health information, including:

  • encrypted data transfer,
  • restricted access controls,
  • secure storage within Box.com’s HIPAA-compliant environment,
  • staff confidentiality obligations.

Cross-Border Storage

Personal health information stored in Box.com may be processed or stored in the United States or other jurisdictions. Such information may be accessible to courts, law enforcement, or national security authorities under applicable foreign laws. VitaminLab takes reasonable measures to protect data that is transferred across borders.

Access, Correction, and Requests

Since practitioners, not VitaminLab, maintain the patient relationship:

  • Patients wishing to access, correct, or withdraw consent regarding their information should contact their practitioner directly.
  • VitaminLab will assist the practitioner with such requests where required by law.

Changes to This Policy

VitaminLab reserves the right, at its sole discretion, to update, amend, or change this Privacy Policy without prior notice. Continued use of the Upload a Test feature constitutes acceptance of any changes.