Privacy Policy

Privacy Statement and Commitment

Revelation Diagnostics ("we," "us," "our," or "Company") is committed to protecting the privacy and confidentiality of our website visitors and customers. This Privacy Policy outlines all the ways our website collects, uses, discloses, processes, and manages the data of its visitors and customers, including our commitment to safeguarding your personal information and the mechanisms we employ to protect your privacy.

We understand the sensitive nature of the information we handle, particularly in relation to DNA testing, drug testing, and other laboratory services. Our privacy practices are designed to comply with all applicable federal and state privacy laws while maintaining the highest standards of data protection and confidentiality.

Information We Collect and How We Collect It

Types of Information Collected

Personal Information:

Contact information (name, address, phone, email)
Identification information (date of birth, government ID)
Payment and billing information
Legal documentation and court orders

Service-Related Information:

Biological samples and test results
Chain of custody documentation
Medical and health information relevant to testing
Immigration and legal documentation

Website Information:

IP address and browser information
Website usage data and navigation patterns
Cookies and tracking technologies
Communication records and customer service interactions

How We Collect Information

Direct Collection:

Information you provide through website forms
Data collected during service appointments
Documentation submitted for testing services
Customer service communications

Automatic Collection:

Website analytics and performance data
Cookies and similar tracking technologies
System logs and security monitoring
Technical information about your device and browser

Third-Party Sources:

Laboratory partners and testing facilities
Legal professionals and court systems
Verification services and background checks
Payment processors and financial institutions

Why We Collect This Information

Service Delivery:

To provide accurate DNA testing, drug testing, and laboratory services
To maintain chain of custody and ensure sample integrity
To deliver test results securely and confidentially
To schedule appointments and coordinate mobile services

Legal and Regulatory Compliance:

To comply with federal and state testing regulations
To maintain required documentation for legal proceedings
To fulfill court orders and legal mandates
To meet professional accreditation standards

Business Operations:

To process payments and manage billing
To provide customer service and technical support
To improve our services and website functionality
To protect against fraud and unauthorized access

Communication:

To send appointment confirmations and test results
To provide service updates and important notifications
To respond to customer inquiries and concerns
To deliver requested marketing communications (with consent)

Information Sharing Practices with Third Parties

When We Share Information

With Your Consent:

Written authorization for specific sharing purposes
Designated recipients as specified by you
Limited to authorized purposes only

Legal Requirements:

Court orders, subpoenas, and legal mandates
Law enforcement requests with proper authorization
Regulatory agency requirements and investigations
Mandatory reporting obligations under applicable laws

Service Providers:

AABB-accredited laboratories processing samples
Licensed medical professionals reviewing results
Secure transportation and courier services
Technology providers supporting our operations (under strict confidentiality agreements)

What We DO NOT Share

We DO NOT sell, rent, or trade your personal information to third parties for commercial purposes. We DO NOT share your information with insurance companies, employers, or family members without your explicit written authorization. We DO NOT use your genetic or health information for marketing purposes or unauthorized research.

Third-Party Safeguards

All third-party service providers must:

Sign comprehensive confidentiality and data processing agreements
Implement appropriate security and privacy safeguards
Limit data use to specifically authorized purposes
Maintain professional licensing and accreditation
Submit to regular compliance audits and assessments

Your Privacy Rights Under Applicable Legislation

Federal Privacy Rights

HIPAA Rights:

Right to access your health information
Right to request amendments to inaccurate records
Right to request restrictions on use and disclosure
Right to file complaints with us or the Department of Health and Human Services

GINA Protections:

Protection against genetic discrimination in employment and health insurance
Strict limitations on genetic information disclosure
Enhanced confidentiality protections for genetic data

State Privacy Rights

California Residents (CCPA/CPRA):

Right to know what personal information we collect and how we use it
Right to delete personal information (subject to legal retention requirements)
Right to correct inaccurate personal information
Right to opt out of sale of personal information (we don't sell data)
Right to non-discrimination for exercising privacy rights

Virginia Residents (VCDPA):

Right to access, correct, and delete personal data
Right to data portability
Right to opt out of targeted advertising and certain data processing

Other State Rights:

Rights under applicable state genetic privacy laws
Rights under state data breach notification laws
Rights under state consumer protection regulations

How to Exercise Your Rights

Making Requests:

Submit written requests via email, phone, or mail using contact information below
Clearly specify the type of request and information involved
Provide identity verification as required for security purposes
We will respond within 30-45 days depending on the type of request

Request Limitations:

Some information must be retained for legal compliance
Active legal proceedings may require information preservation
Safety and security concerns may limit certain requests
De-identified information may not be subject to certain rights

Minors' Data Collection Practices

Special Protections for Children

Children Under 13:

We do not knowingly collect information from children under 13 without verifiable parental consent
Enhanced security measures and limited data collection
Parents can review, modify, or delete their child's information
Special handling procedures for all children's information

Minors 13-17 Years Old:

Legal guardian consent required for all testing services
Court orders may authorize testing without parental consent
Enhanced confidentiality protections and access restrictions
Shorter retention periods when legally permissible

Guardian Rights and Responsibilities

Parental Authority:

Must provide proof of legal guardianship or parental rights
Must sign specialized consent forms for minors
Can access all information collected about their minor child
Can request corrections or deletion of their child's information (subject to legal requirements)

Special Circumstances:

Court-ordered testing may override normal consent requirements
Child protection cases may involve mandatory reporting obligations
Emergency medical situations may proceed with appropriate authorization
Enhanced confidentiality protections for sensitive cases

Privacy Protection Mechanisms

Technical Safeguards

Data Security:

Encryption of all sensitive data in transit and at rest
Multi-factor authentication for system access
Regular security audits and vulnerability assessments
Intrusion detection and network monitoring systems

Access Controls:

Role-based permissions limiting access to authorized personnel
Regular audits of user access and system permissions
Secure session management and automatic timeout procedures
Comprehensive audit logging of all system activities

Physical Security

Facility Protection:

Controlled access systems and visitor management
24/7 surveillance and monitoring systems
Climate-controlled storage for samples and documents
Secure transportation and chain of custody procedures

Administrative Safeguards

Staff Training:

Annual privacy and security training for all personnel
Background checks and confidentiality agreements
Regular updates on regulatory requirements and best practices
Incident response training and procedures

Policies and Procedures:

Comprehensive written privacy and security policies
Regular policy reviews and updates
Compliance monitoring and assessment procedures
Business continuity and disaster recovery plans

Data Retention and Security

Retention Periods

Personal Information: Retained for the duration of business relationship plus applicable legal requirements Testing Records: Maintained according to federal and state regulations (typically 3-25 years depending on test type) Payment Information: Kept for 7 years for tax and accounting purposes Website Data: Analytics data retained for 2 years in anonymized form

Secure Disposal

Digital Data: Secure deletion using multi-pass overwriting and cryptographic erasure Physical Samples: Incineration at approved facilities with certificates of destruction Documents: Cross-cut shredding with documented destruction procedures Storage Media: Physical destruction when necessary with proper certification

Cookies and Website Technologies

Types of Cookies

Essential Cookies: Required for basic website functionality and security Analytics Cookies: Used to monitor website performance and user experience (anonymized) Preference Cookies: Store user settings and customization choices Security Cookies: Protect against fraud and unauthorized access

Cookie Management

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. We provide clear information about cookie use and obtain consent where required by law.

Contact Information

Privacy Requests and General Inquiries

Email: support@revelationdiagnosticsllc.com
Phone: 240-310-9439
Mail: Revelation Diagnostics
649 Guilford Ave
Hagerstown, MD 21740

For Privacy Requests: Please mark communications as "PRIVACY REQUEST" for proper handling.

Filing Complaints

If you believe we have violated your privacy rights, you may contact:

Our office using the contact information above
Your state attorney general's office
Federal Trade Commission (FTC)
Department of Health and Human Services (for HIPAA complaints)

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. We will notify you of material changes through:

Email notification to your registered address
Prominent notice on our website
Updated "Last Modified" date at the top of this policy

Continued use of our services after policy changes constitutes acceptance of the updated policy.

Legal Disclaimer

This Privacy Policy constitutes our entire privacy statement and supersedes any previous privacy policies. It works in conjunction with our Terms of Service and applicable federal and state laws. This policy does not create contractual rights beyond those required by applicable law.

We reserve the right to modify our privacy practices as necessary to comply with changing legal requirements, industry standards, and business needs, while maintaining our commitment to protecting your privacy and confidentiality.

By using our website and services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data collection, use, and sharing practices as described herein.