Privacy Policy

1. Introduction
Genoplex, Inc. (“Genoplex,” “we,” “us,” or “our”) is a United States health technology company that provides AI-enabled referral coordination and patient intake solutions designed to connect patients to qualified treatment centers and specialists offering advanced therapies.
This Privacy Policy describes how we collect, use, disclose, and protect personal information and Protected Health Information (“PHI”) in connection with:
• Advanced Therapy Connect™
• Cell Therapy Connect™
• Gene Therapy Connect™
• Therapy4Me.ai
• Any related websites, mobile applications, APIs, integrations, and services (collectively, the “Services”).
By using the Services, you acknowledge that you have read and understand this Privacy Policy.

2. HIPAA Status and Protected Health Information (PHI)
2.1 Business Associate Role
Genoplex operates as a HIPAA-regulated entity and, where applicable, acts as a Business Associate to healthcare providers and treatment centers. We handle Protected Health Information (“PHI”) in accordance with:
• The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)
• The Health Information Technology for Economic and Clinical Health Act (“HITECH”)
• Applicable federal and state health privacy laws

2.2 Definition of PHI
PHI includes individually identifiable health information that relates to:
• Past, present, or future physical or mental health conditions
• Healthcare services provided
• Payment for healthcare services

2.3 Use of PHI
We collect and use PHI solely for purposes including:
• Facilitating referral coordination
• Matching patients to qualified treatment centers
• Supporting treatment center intake workflows
• Transmitting referral documentation to providers
• Enabling secure communication between patients and providers
• Operating and improving AI-assisted triage tools
We apply the HIPAA “minimum necessary” standard where applicable.

2.4 Disclosure of PHI
We disclose PHI only:
• To treatment centers and providers for referral purposes
• To subcontractors subject to HIPAA-compliant agreements
• As required by law
• As otherwise permitted under HIPAA
We do not sell PHI.

2.5 De-Identification
We may create de-identified data from PHI using HIPAA-compliant de-identification methods, including:
• HIPAA Safe Harbor standard, or
• Expert Determination method
Once de-identified, data is no longer PHI and may be used for analytics, research, and commercial insight purposes. Re-identification is contractually prohibited.

3. Information We Collect
3.1 Personal Information
We collect personal information that you provide directly, including:
• Name
• Address
• Email address
• Phone number
• Date of birth
• Insurance information
• Healthcare provider information
• Referral documentation

3.2 Sensitive Personal Information
For purposes of this Policy, “Sensitive Personal Information” includes:
• Health conditions
• Symptoms
• Diagnoses
• Treatment history
• Genetic information (if provided)
• Insurance and billing data
• Referral documentation
Sensitive Personal Information is collected solely to facilitate referral coordination and treatment matching.

3.3 Automatically Collected Information
We may collect:
• IP address
• Device information
• Browser type
• Log data
• Usage activity
We use this information for security, fraud detection, and service improvement.

4. Information Obtained from Third Parties
We may obtain information from:
• Healthcare providers
• EHR integrations (FHIR/HL7)
• Public databases (e.g., NPI records)
• Business partners
Such information is used solely for service delivery and compliance purposes.

5. How We Use Information
We use personal information and PHI to:
• Provide and operate the Services
• Match patients to qualified treatment centers
• Transmit referral documentation
• Improve platform performance
• Conduct de-identified analytics
• Comply with legal obligations
• Detect and prevent fraud or unauthorized access
We do not use PHI for cross-context behavioral advertising.

6. AI-Assisted Matching and Algorithmic Tools
Genoplex uses AI-assisted tools to help match patients to qualified treatment centers.
These tools:
• Assist in triage and referral coordination
• Do not provide medical advice
• Do not diagnose or treat medical conditions
• Do not replace provider judgment
Referral outcomes are not guaranteed. Final treatment decisions are made by licensed healthcare providers.

7. Data Sharing
7.1 Treatment Centers and Providers
We share PHI and referral documentation with treatment centers selected for evaluation and intake.

7.2 Service Providers
We share information with subcontractors who provide services such as:
• Cloud hosting
• Security monitoring
• Identity verification
• Data analytics
Such providers are subject to contractual confidentiality and, where applicable, HIPAA-compliant agreements.

7.3 Commercial Clients (De-Identified Data Only)
We may provide commercial clients (including life sciences companies and hospital systems) with:
• De-identified referral trend data
• Aggregated health analytics
• Real-world data insights
These disclosures do not include identifiable personal information or PHI.

7.4 Legal Requirements
We may disclose information:
• To comply with legal process
• To respond to lawful government requests
• To report adverse events as required by law

8. Security Safeguards
Genoplex maintains administrative, technical, and physical safeguards designed to protect personal information and PHI, including:
• SOC 2 Type II–aligned controls
• HIPAA-compliant safeguards
• Encryption at rest (AES-256 or equivalent)
• Encryption in transit (TLS 1.2+)
• Multi-factor authentication (MFA)
• Role-based access controls
• Audit logging
• Vendor security assessments
• Incident response procedures
No system can guarantee absolute security.

9. Data Retention
We retain personal information and PHI only for as long as necessary to:
• Facilitate referral coordination
• Meet contractual obligations
• Comply with legal requirements
We securely delete or de-identify data when no longer required.

10. Your Privacy Rights (Colorado and Applicable State Law)
Subject to applicable law, individuals may have rights to:
• Access personal information
• Correct inaccuracies
• Request deletion
• Receive data in portable formatTo submit a request, contact:
support@genoplex.ai
If a request is denied, you may appeal by contacting the same address.
Certain PHI-related requests may be governed by HIPAA and applicable healthcare provider policies.

11. Cookies and Analytics
We use cookies and similar technologies to:
• Maintain session integrity
• Improve user experience
• Enhance security
We may use analytics providers such as Google Analytics.
We do not use PHI for cross-context behavioral advertising.

12. Third-Party Links
Our Services may link to third-party websites. We are not responsible for their privacy practices.

13. International Access
Genoplex is intended for use within the United States.
Data may be accessed from outside the U.S., but all data processing is governed by U.S. law.

14. Minors
The Services are not directed to individuals under 18.
We do not knowingly collect personal information from minors.
If we become aware of such collection, we will delete the information promptly.

15. Breach Notification
In the event of a breach involving PHI, Genoplex will provide notification in accordance with HIPAA and HITECH requirements.

16. Changes to this Policy
We may update this Privacy Policy periodically. Changes will be posted with a revised Effective Date.

17. Contact Information
Genoplex, Inc.

ATTN: Privacy Officer

4845 Pearl East Cir Ste 118

Boulder, CO 80301
Email: support@genoplex.ai

Begin Path to Advanced Treatment.

Take the first step towards receiving cutting-edge therapies. Submit your referral now and let our AI guide you to the best treatment centers available
Continue as a Patient >
Continue as a Physician >
Advanced Therapy Connect logo

Contact:

support@genoplex.ai

@ 2024 Genoplex.ai, Inc. All rights reserved.