Privacy Policy

Last updated: June 3, 2026

This Privacy Policy explains what information Dirt Cheap Labs collects, how we use it, and who we share it with. Your lab orders and results are sensitive health information, and we treat them that way.

1. Who we are

Dirt Cheap Labs is a direct-to-consumer lab testing marketplace, operated by a United States limited liability company. We are a technology service that helps you order tests that an independent physician network authorizes and an independent laboratory (Quest Diagnostics or Labcorp) performs. For privacy questions, contact [email protected].

2. What we collect

When you use the Service we collect:

• Contact information: your name, email address, and phone number.
• Identity and demographic information needed to order tests: your date of birth and your sex (these are required by the lab to process the order and report results correctly).
• Address: your address, which we use in part to determine whether we can serve your state.
• Order and results information: the tests you selected, your order and payment status, and your lab results returned as a PDF.
• Technical information: basic information your browser sends, such as device and usage data.

We do not collect your full payment card number. Stripe collects and processes your payment details directly.

3. How we use your information

We use your information to:

• create and fulfill your lab order
• send the licensed physician network the information needed to authorize the order
• send your order to the laboratory and our lab-ordering partner so your blood can be drawn and tested
• return your results to you
• process your payment through Stripe
• send you order-related email through our email provider
• determine whether we can serve your state
• respond to your questions and provide support
• keep records we are required to keep and comply with the law

We do not sell your personal information. We do not use your lab results for advertising.

4. Who we share it with

We keep your health information confidential and share it only with the partners needed to fulfill your order, and only the information they need:

• The laboratory (Quest Diagnostics or Labcorp), to draw your blood and run your tests.
• Our lab-ordering partner, the technology that places your lab order with the physician network and the lab and returns your results to us.
• The licensed physician network, which authorizes your lab order.
• Stripe, our payment processor, to charge you and handle payment.
• Resend, our email provider, to send you order-related email.
• Legal and safety: if required by law, subpoena, or legal process, or to protect our rights, your safety, or the safety of others.
• Business transfer: if the business is sold or transferred, your information may transfer as part of that transaction, subject to this Policy.

5. Health data, HIPAA, and the FTC rules

Your date of birth, sex, the tests you order, and your results are health-related and more sensitive than ordinary contact information. We keep this information confidential, we limit who can access it, we transmit and store it using reasonable security measures, and we share it only as described above. No system is perfectly secure, and we cannot guarantee absolute security, but we take the sensitivity of this data seriously.

Dirt Cheap Labs is a technology service, not a healthcare provider or a laboratory, so it may not be a "covered entity" under the federal HIPAA law. That does not mean your data is unprotected. We are subject to the Federal Trade Commission's rules on consumer health data, including its Health Breach Notification Rule, and to state privacy and breach-notification laws. The laboratory and the physicians who authorize your order have their own HIPAA obligations for the information they hold.

6. If there is a data breach

If we discover a breach of unsecured health information that we hold, we will notify the people affected, and the Federal Trade Commission, without unreasonable delay and no later than 60 days after we discover it, and we will tell you what information was involved and what you can do about it. We will also follow any notification duties your state's law imposes.

7. Your account

If you create an account, you sign in with a one-time link sent to the email you used at checkout. There is no password. The link works once and expires quickly. Your account shows your past orders and lets you view and download your own requisition and results documents. Only someone who can receive email at your verified address can sign in. We keep a record of account sign-ins and of each time a document is viewed, so access can be audited. You can ask us to close your account at any time.

8. How long we keep it

We keep your information for as long as needed to provide the Service, to comply with our legal, tax, and recordkeeping obligations, and to resolve disputes. Your stored requisition and results documents are kept for a limited period (currently about 18 months) and then expire. When we no longer need information, we delete or de-identify it.

9. Your rights

Depending on where you live, you may have the right to: access the personal information we hold about you, correct it, request that we delete it, and opt out of any sale or sharing of it. We do not sell your information. To make a request, email [email protected]. We may need to verify your identity first. Some information we may have to keep even after a deletion request, where the law requires us to retain it.

10. Children

The Service is for adults 18 and older. We do not knowingly collect information from anyone under 18.

11. Changes

We may update this Policy. If we make a material change, we will update the date above and, where appropriate, notify you.

12. Contact

Privacy questions or requests: [email protected]