Together, we can transform the future of cancer care.
Tracking early stage breast cancer with ultrasensitive ctDNA
Information for patients with breast cancer
Monitoring therapy response with ultrasensitive ctDNA across cancer types
Ultrasensitive ctDNA detection in early-stage lung cancer
Personalis is transforming the development of next-generation therapies.
Last Updated: March 23, 2023
Personalis, Inc. (“Personalis”, “We”, or “Us”) respects the privacy of visitors to our website and is committed to protecting it through our compliance with this policy.
Personalis is located in the United States and personal data provided to us will be used and maintained by us in the United States. For United States residents, we provide this policy in accordance with the California Consumer Privacy Act of 2018 (“CCPA”), the California Consumer Rights and Protection Act (“CPRA”) and other applicable California privacy laws (collectively, “California Law”).
For European Union (“EU”), Swiss, and United Kingdom (“UK”) residents, the section on “European Users” provides information regarding our appropriate mechanisms for personal data transfer from the EU and Switzerland, as well as information related to the UK Data Protection Act of 2018 (“DPA 2018”) and the General Data Protection Regulation of 2018 (“GDPR”), EU 2016/679.
This Privacy Policy describes the categories of information we may collect from you or that you may provide when you visit www.personalis.com, the Personalis Clinical Portal, NeXTDx.com, mobile applications, and any websites or services that refer to this Privacy Policy (collectively, our “Websites” and “Services”) and our practices and purposes for collecting, using, maintaining, protecting, and disclosing that information. This policy applies to information that we collect: on our Websites or through performance of our Services; communications via email, text, or any other electronic media between you and Personalis; and through downloadable information you obtain or request through our Websites or Services. It does not apply to information collected by: interactions with us offline; or by any third party, including through links to our Website.
Please read this entire policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use our Websites and Services. By accessing or using our Websites or Services, you agree to this Privacy Policy. This policy may change from time to time in accordance with applicable law. Your continued use of our Websites and Services after we make changes is deemed to be acceptance of those changes.
If you live in the US, please read our Notice of Privacy Practices Under HIPAA for US Residents.
We may collect, store, and use several types of information that is provided to us by you, or on your behalf. Examples include both (1) personally identifiable information and (2) non-personal information. This information may include information voluntarily submitted by you (e.g., emails, requests for information through our Websites, other correspondence) or information collected from activity with our Websites. We may also receive information about you from your physicians or other healthcare providers when ordering tests or Services from us. For more detailed information on personal information from children, please refer to the “Children’s Policy” section below.
The categories of information that we may collect are:
We will only use your personal information for the purposes for which it was collected. We will only collect as much personal data as is reasonably necessary in relation to our business purposes. We may use information that we collect about you or that you provide to us, including any personal information, for the following purposes: to provide our Websites and/or Services to you; to provide you with information, products, or services that you request from us or that we believe may be of interest to you; to contact you; for payment purposes; to provide information to your physicians and other healthcare providers; and to fulfill any other purpose for which you provide it. We may also use and process your personal information for marketing purposes (e.g., to offer or furnish additional information to you about Personalis, its products and/or services), to personalize the types of information you receive from Personalis, to store your interests and preferences in order to customize your use of our Websites, to communicate with you, to verify compliance with the terms and conditions of our Websites, to authenticate customers and users, to evaluate how our Websites are being used and the audience the Websites are reaching, to compile, identify, and analyze trends and interests to help us improve our Websites and/or Services, and to develop and improve the content and operation of our Websites or Services to better serve the needs of our customers and users.
We may also use your personal information to provide you with customer support and to maintain and improve our Websites. We may combine your information with other information about you that is available to us, including information from other sources, in order to maintain accurate records of individuals who engage our services and to assist with the marketing of Personalis products and services. Additionally, your personal information may be aggregated with information from other users of our Websites such that the information no longer personally identifies you. We will take reasonable measures to ensure this de-identified data cannot be associated with you. We will not attempt to re-identify individuals from the aggregated information. Any recipient of de-identified data from Personalis is contractually obligated to also refrain from attempting to re-identify individuals from aggregated data as well as to take steps to ensure the aggregated information cannot be associated with any one individual.
We may use and process the aggregated information for the general purpose of evaluating our market and/or business trends, our customer and user demographics, interests and behavior, our past and future product and/or service offerings and/or pricing, or other aspects of our business. We may share such aggregated information with our business partners, vendors, distributors, or other collaborators for these same purposes. We may also sell or license such aggregate information to one or more third parties for use and processing in a similar manner.
While Personalis makes every reasonable effort to protect information collected through our Websites and Services, based on the volume, scope, and nature of the personal data processed, please be aware that there is always some risk involved when submitting data over the Internet. We cannot guarantee that our Websites are 100% safe from illegal tampering or “hacking.” Any data transmitted over the Internet may be at risk; however, once it is received at Personalis and entered into its database, it has the same protection that Personalis extends to its own confidential information. We track the total number of visitors to our Websites, the number of visitors to each page of the Websites, and the domain names of our visitors’ Internet service providers. No personally identifiable information is gathered in this process.
Personalis’s general retention policy is to retain your personal information for only as long as is necessary for the business purposes for which your personal information was collected. The length of time that Personalis retains any personal information including, but not limited to, first-party cookies, and your name, address, email and genetic information varies depending on the legal basis for processing that personal information, applicable regulations, and Personalis’s need to establish, exercise, or defend legal claims.
The following table outlines the criteria applied to retention decisions for each category of personal information. The retention period for each category will only be as long as is reasonably necessary to achieve the business purpose(s) for which it was collected and to comply with applicable regulations.
Personalis follows contractual rights and responsibilities with respect to processing and retaining personal information. Please note that, if Personalis processes your personal information on the legal basis of your consent and you withdraw your consent, your personal information will not be retained unless another legal basis for retaining your data has been established and communicated to you. In some circumstances Personalis may anonymize personal information so that it may no longer be associated with an individual, and in such cases we may use that anonymized information without further notice to you and outside of this Policy.
Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:
We provide the above disclosures and mechanisms described in this policy so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your personal information. We provide two mechanisms that allow you to submit requests to access, review, update, and/or delete your information. You can submit such requests by (1) calling our toll-free number at 1-855-436-6634 or (2) emailing us at privacy@personalis.com. These are the same mechanisms that you may use to appeal any refusal of the data subject rights described in California Law. We will provide a written description of the actions and reasons taken in response to an appeal within 60 days. Appeals will be addressed within 60 days.
The CCPA provides California consumers with specific rights regarding their personal information, including your right to request that we disclose certain information to you about our collection and use of your personal information over the past year. Once we receive and can confirm that your request is verified and legitimate, we will disclose to you: (1) the categories of personal information we collected about you; (2) the categories of sources for the personal information we have collected; (3) our business purpose for collecting that personal information; (4) the categories of third parties with whom we have shared that personal information; and (5) the specific pieces of personal information that we have collected about you (this is also known as a data portability request). In addition, you also have the right to request that we delete any of your personal information that we’ve collected from you and retained, subject to certain laws and other exceptions. Once we receive your verified and legitimate request, we will delete your personal information, unless an exception applies, and inform you of the deletion. We reserve the right to deny your deletion request if retaining the information is necessary for us to perform the Services that you’ve requested from us, or pursuant to applicable law.
Personalis does not sell your identifiable personal information. We only share your information as described in this policy. Personalis also processes your information for the purposes described in this policy which include disclosures permitted for ‘business purposes’ or ‘internal operations’. These purposes include:
As a convenience to our visitors, our Website currently contains links to a number of other non-Personalis websites that we believe may offer useful information. Those websites have their own privacy policies and the privacy policy presented here does not apply to those websites. You should contact these websites directly for information on their privacy policies, confidentiality agreements and data collection/distribution procedures.
We are committed to protecting the privacy of children. Our Website is not intended for or designed to attract children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe that we may have any information from or about a child under 13, please contact us at privacy@personalis.com. Parents of a child under 13 may initiate the process of verifying their consent for their child to use the site by contacting us at privacy@personalis.com.
Our Website may employ “cookies”, which are small bits of data cached or stored on your computer or smartphone based on internet activity. We may use cookies in order to monitor individual activity in aggregate to improve our Website and provide features that are tailored to your needs. Most web browsers automatically accept cookies, but you can usually change your settings to prevent this. If you disable cookies, your ability to use some features of our Website may be limited.
If you are an EU or Swiss citizen or are accessing the Website from within the European Economic Area, then this section may apply to you and you may contact us at privacy@personalis.com in order to exercise your rights to request access to, update, remove, and restrict the processing of your information.
Personalis is located and operates in the United States, as such your information may be transferred to entities located outside the European Economic Area, including entities located in the United States, for processing consistent with those listed above. Personalis will treat all personal information received from you in accordance with GDPR requirements.
Personalis may, at any time, revise this Privacy Policy by updating this posting. Data will be handled in accordance with the policy in effect at the time the data is collected.
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with our Website, please contact us at privacy@personalis.com.
