FUNCTIONAL MEDICINE TESTING RECOMMENDED PRODUCTS DISCOUNT CODES

Consumer Health Data Privacy Policy

Effective Date: March 15, 2026

This Consumer Health Data Privacy Policy ("Consumer Health Data Policy") describes how Microbiome Consulting, LLC d/b/a Gut Healing Education ("Company," "we," "us," or "our") collects, uses, shares, and otherwise processes consumer health data, as that term is defined by applicable U.S. state laws ("Consumer Health Data"), through our Gut Healing Education platform located at guthealtheducation.com/gut-healing-education and related services (collectively, the "Service").

This Consumer Health Data Policy applies to the extent required by applicable U.S. state consumer health data laws, including the Washington My Health My Data Act (RCW 19.373), the Connecticut Data Privacy Act as amended by SB 3, Nevada SB 370, and similar laws that may apply to the processing of Consumer Health Data.

This Consumer Health Data Policy supplements our general Privacy Policy. In the event of a conflict between our Privacy Policy and this Consumer Health Data Policy, this Consumer Health Data Policy controls to the extent it is consistent with applicable state law. This Consumer Health Data Policy contains only disclosures required by applicable consumer health data laws and does not address other categories of personal information, which are governed by our general Privacy Policy.

Consumer Health Data We Collect

We may collect the following categories of Consumer Health Data in connection with the Service:

Information you provide directly to us:

Health history and symptom information, such as self-reported symptoms, health history, dietary information, and other health details you provide during checkout or on intake forms.
Laboratory test results, including GI-MAP results and any other functional medicine test results generated through our Service.
Communications about your health, including messages you send to our team regarding your test results or health-related questions.

Information we receive from third parties:

Lab Partner results data. Our independent laboratory partner, DHA Laboratory, generates and transmits your test results to us so that we can deliver them to you.

Information generated automatically:

Device and browsing data collected through cookies, web beacons, and similar technologies when you use the Service, including IP address, browser type, pages visited, and general location information (city/state level). For details on these technologies, see our general Privacy Policy.

We do not collect genetic data, biometric data, reproductive or sexual health data, gender-affirming care data, or precise geolocation data through the Service.

Sources of Consumer Health Data

We collect Consumer Health Data from the following categories of sources:

Directly from you, when you complete a purchase, fill out intake or checkout forms, or communicate with us.
From our Lab Partner, when your test results are generated and transmitted to us.
Through automated technologies, such as cookies and analytics tools, when you interact with the Service.

How We Use Your Consumer Health Data

We use your Consumer Health Data for the following purposes:

Purpose	Categories of Consumer Health Data Used
Facilitating lab test orders: placing your test order with our Lab Partner and coordinating kit shipment	Health history, symptom information, contact data
Delivering your test results: transmitting your Lab Results to you via email or through the Service	Laboratory test results, contact data
Providing educational resources: delivering the Interpretive Guide and related educational content in connection with your results	Laboratory test results
Recommending educational resources: suggesting relevant educational content or supplement information based on general result categories	Laboratory test results
Customer support: responding to your questions about your order, results, or our Service	Communications about your health, laboratory test results
Service improvement: improving and developing our educational content and Service offerings, including on an aggregated or de-identified basis	Laboratory test results (aggregated/de-identified only)
Compliance and legal obligations: complying with applicable laws, responding to lawful requests, and protecting our rights	All categories as necessary

We do not use your Consumer Health Data for:

Interest-based or targeted advertising
Marketing purposes (unless you separately consent)
Sale to any third party for monetary or other valuable consideration
Profiling or automated decision-making that produces legal or similarly significant effects

How We Share Your Consumer Health Data

We share your Consumer Health Data with the following categories of third parties, and only for the purposes described below:

Lab Partner. We share your personal information and health history with DHA Laboratory for the purpose of processing your test order, analyzing your sample, and generating your results. Our Lab Partner is contractually required to protect your information and use it only for the purposes of providing laboratory services.

Payment processors. We use third-party payment processors (such as Stripe or other processors identified at checkout) to handle transactions. These processors collect and process payment information according to their own privacy policies. We do not share your health history or test results with payment processors.

Service providers. We may share Consumer Health Data with service providers who assist us in operating the Service, such as email delivery providers (for transmitting your results), hosting providers, and customer support tools. These service providers are contractually required to protect your Consumer Health Data and may only use it to perform services on our behalf.

Legal and compliance. We may disclose Consumer Health Data when we believe in good faith that disclosure is necessary to comply with applicable law, respond to valid legal process, or protect the rights, safety, or property of the Company, our users, or others.

Corporate transactions. In connection with a merger, acquisition, sale of assets, or similar transaction, Consumer Health Data may be transferred as part of the Company's business assets, subject to applicable law.

Affiliates. As of the effective date of this policy, the Company does not have corporate affiliates that receive Consumer Health Data. If this changes, we will update this policy to identify any affiliates with access to Consumer Health Data.

We do not:

Sell Consumer Health Data for monetary gain or other valuable consideration
Share Consumer Health Data with advertising networks or data brokers
Share Consumer Health Data with third parties for their own marketing purposes
Use geofencing around any healthcare facility to collect Consumer Health Data or deliver advertising

Third-Party Platforms

If you choose to purchase supplements through our Fullscript affiliate link, you will be redirected to the Fullscript platform. We do not share your Consumer Health Data with Fullscript. Any information you provide directly to Fullscript is governed by Fullscript's own privacy policy.

Data Retention

We retain Consumer Health Data as follows:

Laboratory test results and associated health information: Seven (7) years from the date of testing, to comply with healthcare recordkeeping standards and to allow you continued access to your historical results.
Checkout and intake form data (health history, symptoms, dietary information): Retained as long as your account remains active or for seven (7) years from the date of collection, whichever is longer.
Communications with our team regarding health-related questions: Retained for three (3) years from the date of communication, or as long as your account remains active.

After the applicable retention period, we securely delete or anonymize your Consumer Health Data unless we are required by law to retain it for a longer period.

You may request deletion of your Consumer Health Data at any time by contacting us at the address below, subject to our legal obligations to retain certain records.

Your Consumer Health Data Rights

Depending on your state of residence, you may have the following rights regarding your Consumer Health Data:

Right to confirm and access. You may request that we confirm whether we collect, share, or sell your Consumer Health Data. You may also request access to the specific Consumer Health Data we have collected about you, including a list of third parties and affiliates with whom we have shared your Consumer Health Data.

Right to delete. You may request that we delete your Consumer Health Data. Upon receiving a verified deletion request, we will delete your Consumer Health Data from our records and direct our processors to do the same, subject to applicable legal exceptions (for example, if we are required by law to retain certain records).

Right to withdraw consent. To the extent we rely on your consent for the collection or sharing of your Consumer Health Data, you have the right to withdraw that consent at any time. Withdrawal of consent applies to future collection and sharing only and does not affect the lawfulness of processing that occurred before the withdrawal. If you withdraw consent for collection or sharing of Consumer Health Data that is necessary to provide the Service, we may be unable to continue providing the Service to you.

Right to correction. You may request that we correct inaccurate Consumer Health Data that we maintain about you.

Right to non-discrimination. We will not discriminate against you for exercising any of the rights described in this policy. We will not deny you services, charge you different prices, or provide a different level or quality of service because you exercise your Consumer Health Data rights.

Right to appeal. If we deny your request to exercise any of the rights above, you may appeal that decision by contacting us using the information below. We will respond to your appeal in accordance with applicable law.

How to Exercise Your Rights

To exercise any of the rights described above, please contact us:

Email: [email protected]

Subject line: Consumer Health Data Request

In your request, please include your full name, the email address associated with your account, a description of the right you wish to exercise, and sufficient detail for us to verify your identity and locate your records. We will respond to your request within the timeframes required by applicable law (generally within 45 days of receipt, with a possible extension of an additional 45 days if reasonably necessary).

We may need to verify your identity before processing your request. We will use the information you provide solely for verification and fraud-prevention purposes.

If you designate an authorized agent to make a request on your behalf, we may require you to verify your own identity and confirm the agent's authority, such as by providing a valid power of attorney or signed written authorization.

Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your Consumer Health Data from unauthorized access, use, or disclosure. Access to Consumer Health Data within our organization is restricted to personnel who need it to fulfill the purposes described in this policy and who are subject to a duty of confidentiality.

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your Consumer Health Data, we cannot guarantee its absolute security.

Children

Our laboratory testing Services are available only to individuals who are 18 years of age or older. We do not knowingly collect Consumer Health Data from individuals under 18 in connection with laboratory testing Services.

Changes to This Consumer Health Data Policy

We may update this Consumer Health Data Policy from time to time. If we make material changes, we will notify you by updating the effective date at the top of this policy and posting the revised version on the Service. Your continued use of the Service after any changes become effective constitutes your acknowledgment and acceptance of the updated Consumer Health Data Policy.

Contact Us

If you have questions about this Consumer Health Data Policy or wish to exercise your rights, please contact us:

Microbiome Consulting, LLC d/b/a Gut Healing Education Email: [email protected]