Legal Policies

  • Mobile Privacy Policy

    Mobile Application Privacy Policy

    Effective Date: 6/5/2026     Last Updated:6/5/2026

    Introduction

    Enable Biosciences, Inc. (“Enable,” “we,” “our,” or “us”) is a diagnostics company headquartered in South San Francisco, California. We develop and operate the ADAP (Antibody Detection by Agglutination-PCR) platform, which enables ultrasensitive detection of autoantibodies from minimally invasive sample types including dried blood spots (DBS).


    This Privacy Policy describes how Enable Biosciences collects, uses, protects, and discloses personal information—including protected health information (PHI) and other sensitive health-related data—through our mobile application (Enable Health App, the “App”) and its associated services. Because our App involves the collection and processing of health and diagnostic information, we are committed to complying with all applicable laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and applicable state privacy laws.


    If our App contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. This Privacy Policy does not apply to your activities after you leave our App.


    Information We Collect

    We collect two categories of information: information you voluntarily provide and information automatically collected through your use of the App.


    1. Voluntarily Provided Information

    When you register, use, or interact with our App, you may provide:

    • Full name, date of birth, and contact information (email address, phone number, mailing address)

    • Health and medical information, including prior diagnoses, medications, and medical history

    • Autoantibody test requisition data and associated clinical context

    • Ordering physician and healthcare provider information

    • Insurance or billing information, where applicable

    • Sample collection details, including DBS collection date, lot numbers, and shipping information

    • Communications you send to us, including support requests or inquiries


    2. Automatically Collected Information

    When you access the App, we may automatically collect:

    • Device identifiers (device type, operating system version, unique device ID)

    • Internet Protocol (IP) address and approximate geographic location

    • App usage data, including features accessed, actions taken, and timestamps

    • Diagnostic and error logs generated during App use


    3. Health and Diagnostic Data (Sensitive Information)

    Enable Biosciences operates in the clinical diagnostics space. Our App may collect and process the following categories of sensitive health information, which are subject to heightened protection under HIPAA and applicable law:

    • Autoantibody test results and associated quantitative data generated by the ADAP platform

    • Clinical indications, including autoimmune disease risk markers and diagnostic outputs

    • Physician orders and test requisitions

    • Patient demographic data linked to laboratory test records


    We will not collect sensitive information without first obtaining your consent (or, for PHI, the consent of the relevant patient or their authorized representative), and we will only use or disclose such information as permitted, required, or authorized by law.


    4. Device Data Accessed

    Depending on your device settings and the permissions you grant, the App may access:

    • Camera – for scanning sample barcodes or capturing DBS card images

    • Photo library – for uploading sample images or documentation

    • Location data – for confirming collection site or shipping origin


    How We Use Your Information

    We collect and use personal and health information only for the following legitimate purposes:

    • To process laboratory test orders and deliver ADAP platform diagnostic results to ordering physicians and authorized clinical personnel

    • To facilitate sample collection logistics, including DBS card shipment tracking and chain-of-custody documentation

    • To communicate test results, report status updates, and send clinically relevant notifications

    • To comply with applicable CLIA, CAP, HIPAA, and other regulatory requirements governing clinical laboratory operations

    • To support clinical quality assurance, internal auditing, and laboratory accreditation activities

    • To improve the performance, accuracy, and usability of the ADAP platform and associated software

    • To respond to inquiries, provide technical support, and manage customer relationships

    • To detect, investigate, and prevent fraud, misuse, or security incidents

    • To conduct internal research and development to improve the ADAP platform, test performance, and diagnostic capabilities, using de-identified or aggregated data where possible


    HIPAA and Protected Health Information

    To the extent that Enable Biosciences functions as a HIPAA Covered Entity in connection with your use of the App, we are required to maintain the privacy and security of Protected Health Information (PHI) in accordance with HIPAA and HITECH. Our practices with respect to PHI are further described in our Notice of Privacy Practices (NPP), which is available upon request.


    We will use and disclose PHI only as permitted by our NPP and applicable law, including:

    • For treatment, payment, and healthcare operations purposes

    • As required by law (e.g., public health reporting, law enforcement disclosures)

    • With your written authorization for uses not otherwise permitted


    Security of Your Personal Information

    Enable Biosciences implements administrative, physical, and technical safeguards designed to protect personal information and PHI from unauthorized access, disclosure, alteration, or destruction. These safeguards include:

    • Encryption of data in transit (TLS/SSL) and at rest

    • Role-based access controls limiting data access to authorized personnel

    • Audit logging of access to PHI and sensitive data

    • Regular security assessments and penetration testing

    • Business Associate Agreements (BAAs) with third-party vendors who access PHI


    No method of electronic transmission or storage is 100% secure. While we work diligently to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your App credentials and access controls.


    How Long We Retain Your Information

    We retain personal information and PHI for as long as necessary to fulfill the purposes described in this Policy, or as required by applicable law. Retention periods are determined as follows:

    • Laboratory test records and associated PHI: retained in accordance with CLIA requirements (minimum 2 years for test records; 10 years for certain records) and applicable state law

    • Account and registration data: retained for the duration of your account plus a reasonable period thereafter for legal and compliance purposes

    • Device and usage logs: retained for up to 12 months unless a longer period is required for security or compliance purposes

    • De-identified or aggregated data: may be retained indefinitely for research and product improvement purposes


    Disclosure of Personal Information to Third Parties

    We may disclose personal information and PHI to the following categories of third parties, subject to applicable legal protections and, where required, Business Associate Agreements:

    • Ordering physicians, healthcare providers, and authorized clinical personnel who have requested testing services

    • Clinical laboratory information systems and EHR platforms integrated with Enable’s ordering workflow

    • Third-party logistics and courier services facilitating DBS sample transport

    • Cloud infrastructure and data hosting providers supporting App and platform operations

    • Regulatory authorities (FDA, CMS, state health departments) as required by law

    • Legal counsel, auditors, and compliance consultants under appropriate confidentiality obligations


    We do not sell personal information or PHI to third parties for marketing or commercial purposes.


    Your Rights and Controlling Your Personal Information

    Depending on applicable law and your relationship to Enable Biosciences, you may have the following rights with respect to your personal information:

    • Access: Request a copy of the personal information or PHI we hold about you

    • Correction / Amendment: Request correction of inaccurate or incomplete information

    • Restriction: Request that we limit certain uses or disclosures of your information

    • Accounting of Disclosures: For PHI subject to HIPAA, request a list of certain disclosures we have made

    • Deletion: Request deletion of personal information where we are not legally required to retain it

    • Portability: Request your data in a machine-readable format, where applicable

    • Non-Discrimination: We will not deny services or treat you differently for exercising your privacy rights


    To exercise any of these rights, please contact us using the details in the Contact section below. We may need to verify your identity before processing your request. For HIPAA-specific rights, please refer to our Notice of Privacy Practices.


    Data Breach Notification

    In the event of a breach of unsecured PHI or a security incident affecting personal information, Enable Biosciences will comply with all applicable breach notification requirements under HIPAA, HITECH, and applicable state law. This includes providing timely notification to affected individuals, the U.S. Department of Health and Human Services (HHS), and, where required, the media.


    Business Transfers

    If Enable Biosciences is acquired, merges with another entity, or transfers substantially all of its assets, personal information and PHI may be transferred to the acquiring party as part of the transaction, subject to applicable legal protections. Any successor entity will be required to honor the terms of this Privacy Policy and applicable HIPAA obligations with respect to PHI.


    Use by Minors

    Our App is intended for use by licensed healthcare providers, authorized clinical personnel, and adult patients. We do not knowingly collect personal information from children under 13 without verifiable parental consent. Pediatric patient PHI submitted through clinical test orders is handled in accordance with HIPAA and applicable law.


    Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our business practices, legal requirements, or platform capabilities. Material changes will be communicated via in-App notification or email to registered users. The “Last Updated” date at the top of this Policy reflects the most recent revision. Continued use of the App following notice of material changes constitutes your acceptance of the revised Policy.


    Contact Us

    For questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:


    Enable Biosciences, Inc.

    Privacy / Compliance Contact

    clinical@enablebiosciences.com

    South San Francisco, California


    For HIPAA-specific complaints, you also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at www.hhs.gov/ocr/privacy.