How we handle your information.

Effective date: June 8, 2026 · Last updated: June 8, 2026

This Privacy Policy describes how Kascade Health LLC (“Kascade,” “we,” “our,” or “us”) collects, uses, and discloses information about you when you visit kascadehealth.com or use our lab interpretation service (collectively, the “Service”).

01Information we collect

Information you provide directly

• Contact information: first name and email address when you sign up for the free Lab Decoder Guide, purchase a lab interpretation, or contact us.
• Lab values you enter: the specific biomarker values you input to generate your interpretation (e.g., fasting insulin, SHBG, hsCRP, etc.), along with optional context such as age, current medications, and self-reported symptoms.
• Payment information: when you purchase a report, payment is processed by Stripe. Kascade does not store your full payment card number; we receive only a Stripe customer identifier and basic transaction metadata.
• Communications: the contents of emails or other messages you send us.

Information collected automatically

• Usage data: pages viewed, links clicked, time spent, browser and device type, approximate location (city/region level), and similar analytics, only after you consent via our cookie banner.
• Cookies: see the Cookies section below for detail.

01aNotice at collection (California residents)

This section is provided to comply with California Civil Code § 1798.100(b). At or before the point of collection, we inform you of:

• Categories of personal information collected: identifiers (name, email), commercial information (purchases), internet activity (analytics with consent), and sensitive personal information (the lab values you voluntarily enter to generate your interpretation).
• Purposes: to provide the educational interpretation, deliver your report, communicate with you, and operate and improve the Service.
• Retention: as described in Section 5 below.
• Sale or sharing: Kascade does not sell or share personal information for cross-context behavioral advertising.

01bSensitive personal information

The lab values you enter (e.g., fasting insulin, SHBG, hsCRP, etc.) may constitute sensitive personal information under California law. We use your lab values solely to generate the educational interpretation you requested and to operate the Service. We do not use your lab values for any other purpose, including marketing, profiling for cross-context advertising, or training third-party AI models. You have the right to limit our use of sensitive personal information; however, doing so will prevent us from generating your interpretation.

01cAutomated decision-making

Your educational interpretation is generated by an AI system (Anthropic’s Claude model) using a system prompt designed and maintained by Kascade. The interpretation is educational research context based on published literature and is not a diagnostic determination, treatment recommendation, or clinical evaluation. The output may contain errors, omissions, or generalizations and should always be reviewed with a qualified healthcare provider. By submitting your lab values, you understand and consent to automated generation of the interpretation. You may opt out of automated generation only by not purchasing the Service.

02How we use your information

We use the information we collect to:

• Provide the educational lab interpretation you requested.
• Deliver your report by email and send transactional communications (receipts, account messages).
• Send you the free Lab Decoder Guide and follow-up educational content if you opted in.
• Respond to your questions and provide customer support.
• Improve the Service, including by analyzing aggregate, de-identified usage patterns.
• Detect, prevent, and respond to security incidents, fraud, and unauthorized use.
• Comply with legal obligations.

We do not sell your personal information. We do not share your lab values with advertisers or data brokers. We do not use your lab values to train third-party AI models beyond the single interpretation you requested.

03Who we share information with

We share information only with the third-party service providers we need to operate the Service, each under contractual confidentiality and security obligations:

• Stripe · payment processing
• Anthropic (Claude API) · the AI model that generates the educational interpretation from your lab values. Anthropic processes the data on our behalf and does not retain it for model training.
• Resend · transactional email delivery
• Beehiiv · newsletter and lead-magnet email delivery
• Supabase · authentication and data storage
• Netlify · website hosting and serverless function execution
• Google Analytics and Netlify RUM · product analytics, only after you consent

We may also disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or a governmental request, or to protect the rights, property, or safety of Kascade, our users, or others.

04Cookies and tracking

We use cookies and similar technologies to operate the Service and measure how it is used. On your first visit, our cookie banner asks you to choose between “Accept all” (essential plus analytics) or “Essential only.” You can change your preference at any time by clicking “Cookie preferences” in the footer.

• Strictly necessary cookies · required for the Service to function (e.g., remembering your consent choice).
• Analytics cookies · help us understand how visitors use the Service. Loaded only after you consent.

05How long we keep information

We retain personal information for as long as needed to provide the Service and for legitimate business purposes, including tax, accounting, and legal compliance. Generally:

• Lab values and reports: retained while your account is active and for up to 24 months thereafter so you can re-download past reports. Deleted on request.
• Email lists (Beehiiv): retained until you unsubscribe.
• Transaction records (Stripe): retained for at least 7 years for tax and accounting purposes.

06Your rights

For California residents (CCPA / CPRA)

You have the right to:

• Know what personal information we have collected about you.
• Request deletion of your personal information (subject to legal retention requirements).
• Correct inaccurate personal information.
• Opt out of any “sale” or “sharing” of personal information. Kascade does not sell or share personal information for cross-context behavioral advertising.
• Limit use of sensitive personal information. The lab values you provide may be considered sensitive personal information; we use them solely to generate the educational interpretation you requested.
• Non-discrimination for exercising any of these rights.

To exercise these rights, email hello@kascadehealth.com with the subject line “Privacy Rights Request.” We will respond within 45 days.

For all users

You may unsubscribe from marketing emails at any time using the link in any email. You may request a copy or deletion of your data by emailing the address above.

How we verify requests

To protect your information, we verify your identity before fulfilling rights requests. We may ask you to confirm your email address used at signup and at least one of: your full name as provided, the date of your most recent purchase, or other reasonably available information. We do not require account creation or government ID. We respond to verified requests within 45 days (extendable once by 45 days if reasonably necessary, with notice).

Global Privacy Control (GPC)

If your browser sends a Global Privacy Control signal, we treat it as a valid request to opt out of any “sale” or “sharing” of personal information. Because we do not sell or share for cross-context behavioral advertising in the first place, the practical effect is consistent with our default practice.

Authorized agents

You may designate an authorized agent to make a privacy rights request on your behalf. The agent must provide written authorization signed by you, and we may verify your identity directly.

06aBreach notification

In the event of a security breach affecting your personal information, we will provide notice as required by applicable law (including CCPA § 1798.82 for California residents). Notice will include, where known, the categories of information affected, the date(s) of the breach, our response, and steps you may take to protect yourself. We will issue notice without unreasonable delay following confirmation of a breach affecting more than 500 California residents and will notify the California Attorney General as required.

07Security

We implement administrative, technical, and physical safeguards designed to protect your information. No system is perfectly secure, and we cannot guarantee the absolute security of information transmitted over the internet. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

08Children

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will delete it promptly. If you believe a child under 18 has provided information to us, please contact hello@kascadehealth.com.

09International users

The Service is operated from the United States and intended for U.S. residents. If you access the Service from outside the United States, you do so on your own initiative and are responsible for compliance with local law. We do not currently offer the Service to residents of the European Economic Area or the United Kingdom.

10Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have provided one) and post the updated policy on the Service with a new effective date. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11Contact

If you have questions about this Privacy Policy or how we handle your information, contact us at:

Kascade Health LLC
hello@kascadehealth.com