Kadance Privacy Policy

Last Updated: March 15, 2025

Your privacy is important to us. This privacy policy (“Privacy Policy”) provides details about how Kadance (“Kadance,” we,” “us,” or “our”) collects, uses, and discloses personal information we collect through our websites and mobile applications (collectively “Site”) and our genetic testing and counseling, proactive health management, precision care management, survivorship and recovery, and other services (collectively the “Services”). Before using the Site or our Services, you should review this Privacy Policy and the Terms of Service on this Site. Your access to and use of the Site and our Services constitutes acceptance of this Privacy Policy and consent to our collection and use of your personal information as outlined below.

Please note that the Site and our Services are directed towards users who reside in the United States. It is not our intent to gather personal information from individuals residing outside the United States. This Privacy Policy does not apply to instances where your information is collected under a different privacy policy or notice made available to you at the time your information is collected.

1. MINORS

The Site and our Services are not intended for or designed to attract children under the age of 18. Moreover, we do not knowingly collect any personal information from anyone under the age of 18 without the consent of a parent or guardian, and you must be 18 years of age or older to submit registration or survey information. If you are a parent or guardian and believe that we have collected personal information about your child in error, please contact us immediately at privacy@kadance.com and we will make reasonable efforts to remove all personal information related to the minor from our systems.

2. PRIVACY POLICY UPDATES

From time to time, we may revise this Privacy Policy. Any such changes to this Privacy Policy will be promptly reflected on this page. We encourage you to review this Privacy Policy regularly for any changes. Your continued use of the Site and our Services will be subject to the then-current Privacy Policy. The effective date of this Privacy Policy is provided above.

3. PERSONAL INFORMATION WE COLLECT

We collect personal information from consumers in three ways: (1) information consumers provide when they interact with us; (3) information collected from third parties in connection with our Services; and (2) information passively collected from consumers when they use the Site. 

Information Provided by Consumers. We collect personal information voluntarily provided to us, such as when a consumer contacts us via the Site, sends us an email, interacts with our social media accounts, or registers for our Services. To access certain Services we may ask you to provide certain personal information and without providing such personal information, you may be unable to access the Services. We typically collect the following categories of personal information in this manner (however, the information we collect may vary depending on the Services you register for): 

  • Contact details, such as your name, physical address, e-mail address and phone number
  • Electronic signature
  • Demographic information, including your gender, date of birth and zip code
  • Insurance information, including if you have health, life, or long-term care insurance 
  • Account information, including your username and password
  • Location information
  • Photographic or video images submitted for identification purposes, including photographs of your driver’s license or passport
  • User information, including information or content you post or submit on the Site
  • Commercial information such as transaction history and interest in certain Services
  • Audio/electronic records, such as recordings of consumer service calls 
  • Inferences drawn from any of the information listed above to create a profile about you reflecting your preferences, characteristics, behavior, and attitudes
  • Sensitive information, including genetic data and personal information concerning your health 

Information Collected from Third Parties. If you register for our Services, we may also collect personal information about you from the Laboratories, Providers, and Practices (as those terms are defined in our Terms of Service) who provide genetic testing and counseling Services to you. We also may receive information from the insurance carriers whose policies pay for your testing and care. This information typically includes: 

  • Sensitive data, including family medical history, genetic testing results, medical records, genetic counseling records, treatment plans, and clinical trial participation records
  • Insurance information, including insurance policy and other coverage information

Information Passively Collected from Consumers. We also collect personal information passively through our Site, such as via cookies and other tracking technologies. This information may include: 

  • Device and/or browser information, including your IP address, mobile advertising IDs and other unique identifiers, operating system, connection speed, bandwidth, browser type, web page requests, cookie information, other hardware and software attributes
  • Usage activity and viewing preferences
  • Commercial information, including Services you may be interested in 
  • Location data, including device location 
  • Inferences drawn from any of the information listed above to create a profile about you reflecting your preferences, characteristics, behavior, and attitudes

For more information on our use of cookies and other tracking technologies, please see Section 4 “Cookies and Similar Technologies” of this Privacy Policy below.

In addition, when you request Services from the Laboratories, Practices or Providers through the Site, you may be asked to provide personal and sensitive information to the Laboratories, Practices or Providers. The information you provide to a Laboratory, Practice or Provider through the Site or in connection with the Services may be protected under applicable federal and state laws applicable to health information, including but not limited to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its implementing regulations, as may be amended from time to time (collectively, “HIPAA”). If you have any questions about the Laboratories’, Providers’ or Practices’ use of your personal information, please contact privacy@kadance.com or visit the privacy policy section on the website of the applicable Laboratory, Provider or Practice: steadymd.com; kailosgenetics.com; galenusrx.com; or proteanbiodx.com. We are not involved in and have no control over how such Laboratories, Providers and Practices use your personal information and protected health information (“PHI”).

4. COOKIES AND SIMILAR TECHNOLOGIES 

Like most website operators, we use cookies and similar technologies, local shared objects (or any other successor tracker technology), Software Development Kits, and pixel tags that automatically receive and track certain data about how you and other visitors interact with our Sites. These cookies and other tracking technologies have various purposes. Some of them help our Site function properly, while others help us analyze consumers’ use of our Site, market our Services, and provide consumers with information that is most likely to appeal to them.

“Cookies” are small text files that are stored on your browser or device by websites, mobile apps, online media and advertisements. There are different types of cookies. Cookies served by the entity that operates the website or app you are visiting or using are called “first party cookies” (so cookies served by us while you are using our Site are first party cookies). Cookies served by companies that are not operating the website or app you are visiting or using are called “third party cookies” (so, we may use a website analytics provider to set a cookie on your computer via our Site while you visit our Site, and that would be a third party cookie). Cookies may also endure for different periods of time. “Session Cookies” last only as long as your browser or app is open. These are deleted automatically once you close your browser or app. Other cookies are “persistent cookies” meaning that they survive after your browser or app is closed (for example, they may recognize your computer when you re-open our online services). Depending on your Internet browser, you may be able to change your settings to block and/or erase cookies from your device. You can check your browser instructions to learn more about these functions. Please note that if you block or reject cookies and similar technologies on our Services, functionality of the Services may be limited.

“Local shared objects” (also called Flash cookies or HTML5 cookies) and any other successor technology refers generally to the collection of cookie-like data stored on a browser or computer by web sites, ads, or third parties.

“Pixel tags” (also called beacons or pixels) are small blocks of code installed on (or called by) a web page, app or advertisement which can retrieve certain information about your device and browser, including device type, operating system, browser type and version, website visited, time of visit, referring website, IP address, and other similar information (including the small text file (the cookie) that uniquely identifies the device). Pixels provide the means by which third parties can set and read browser cookies from a domain that they do not themselves operate and collect information about visitors to that domain, typically with the permission of the domain owner. 

“Software Development Kits” (also called SDKs) function like pixels and cookies, but operate in the mobile app context where pixels and cookies cannot always function. The primary app developer can install pieces of code (the SDK) from partners in the app, thereby allowing such partners to collect certain information about user interaction with the app, information about the user device and network information.

5. HOW WE MAY USE PERSONAL INFORMATION

We may collect, process, and disclose the personal information listed in Section 3 of this Policy in order to:

  • Verify your identity and your location;
  • Provide or arrange for Services to be provided to you;
  • Provide information about our Services to you;
  • Fulfill your requests;
  • Manage your account;
  • Communicate with you;
  • Assist the Laboratories, and Practices and Providers in their fulfillment of the Services they provide to you;
  • Provide you with research opportunities;
  • Provide support and training;
  • Develop, test or improve the Site and Services, including its features;
  • Facilitate marketing activities and/or promotions;
  • Analyze behaviors on the Site and of the Services (e.g., evaluating site usage patterns, assessing throughput);
  • Protect or enforce our rights, title, and interest;
  • Comply with applicable law, regulation, legal process, or other government authority;
  • Administer, monitor, and secure our information technology systems, websites, applications, databases, and devices, including detecting and preventing against security incidents and fraudulent activity; and
  • For any additional purposes for which you provided consent for at the time we collected your personal information.

We may also combine personal information we collected from you and from other sources to help us improve our Services. 

Further, we may de-identify personal information and analyze that data for statistical or any other purposes permitted by law. When we do so, we take reasonable measures to ensure that the information cannot be associated with an individual, and we will not attempt to reidentify the information, except for the purpose of determining whether our deidentification processes satisfy applicable legal requirements. After it has been deidentified, the information is no longer personal information and is not subject to this Privacy Policy.

To the extent we are acting as a business associate under HIPAA and the personal information described in section 3 of this Policy constitutes PHI under HIPAA when maintained by us, we will collect, use, and disclose that information only as permitted under HIPAA. 

6. WHOM WE DISCLOSE PERSONAL INFORMATION TO

We may disclose the personal information described in Section 3 of this Privacy Policy as follows: 

  • Our Vendors. We may disclose your personal information to our third party service providers (“Vendors”) that provide services to us to enable us to provide the Site and Services, such as the hosting of the Site, IT services and infrastructure, customer service, email delivery, marketing and analytics services, contact and mail list removal services, legal and financial advisory services, auditing services and other similar services.
  • Laboratories, Providers, and Practices. We may disclose your personal information to Laboratories, Providers, and Practices to enable them to provide services to you via the Services.
  • Third parties for marketing and analytics purposes. We may disclose your personal information to third parties, such as third-party analytics providers and advertising networks, for marketing and analytics purposes. 
  • Third parties at your direction or consent. We may disclose your personal information to any other third parties at your direction or with your consent.  Any information or content that you voluntarily disclose for posting in public areas of our Sites, such as comments or social media posts, will also become available to the public. 
  • Safety and legal compliance. We may disclose your personal information if we believe that such disclosure is necessary to comply with applicable laws, regulations, legal processes, or requests by public authorities (e.g., law enforcement, tax authorities, etc.); to protect you, us, or other users’ rights or property; to protect safety and security in connection with our Site or Services; or to comply with or enforce our terms, agreements, or policies. 
  • Change of control. We may disclose your personal information as part of a purchase, transfer, or sale of the Site, Services or the company (for example, a corporate restructuring, merger or consolidation with, or sale of substantially all of our assets to a third party). In this situation, we will seek assurances that the successor entity or purchaser will process personal information collected by us in accordance with this Policy. 

We also may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.

To the extent we are acting as a business associate under HIPAA and the personal information described in section 3 of this Policy constitutes PHI under HIPAA when maintained by us, we will disclose that information only as permitted by HIPAA. 

7. SOCIAL MEDIA PLUGINS

The Site may use social media plugins (e.g., the Facebook “Like” button, “Share to Twitter” button) to enable you to easily share information with others. When you visit the Site, the operator of the social plugin can place a cookie on your computer, enabling that operator to recognize individuals who have previously visited the Site. If you are logged into the social media website (e.g., Facebook, Twitter, LinkedIn) while browsing on the Site, the social plugins allow that social media website to receive information that you have visited the Site. The social plugins also allow the social media website to share information about your activities on our Site with other users of their social media website. For example, Facebook Social Plugins allows Facebook to show your Likes and comments on our pages to your Facebook friends. Facebook Social Plugins also allow you to see your friends’ Facebook activity on our Services. For more information about social plugins from other social media websites you should refer to those sites’ privacy and data sharing statements.

8. HOW LONG DO WE RETAIN PERSONAL INFORMATION?

Kadance may retain your information for the period reasonably necessary to provide our Services to you, resolve disputes or enforce its agreements, and/or to comply with applicable laws and regulations. Kadance may dispose or delete such information at any time, except as set forth in any agreement you enter into with Kadance, or as required by law.

In the event we retain and use personal information for purposes not covered by the original notice, we will provide you with additional notice.

9. APPLICABILITY OF HIPAA

As described in our Terms of Service, Kadance does not engage in the practice of medicine or other licensed profession and is not a health care provider or a “covered entity” as defined by HIPAA. The Laboratories, Practices and their Providers each may be considered a “covered entity” under HIPAA. In general, the Laboratories, Practices and their Providers will share PHI with Kadance only as specifically authorized by you pursuant to a HIPAA-compliant authorization (“Authorization”). Genetic information is PHI, as defined by HIPAA. As further described in the Authorization, once such information is shared with Kadance it is no longer protected by HIPAA. However, Kadance will use your information only as described in this Privacy Policy. Kadance may, in some cases, also be a “business associate” of a Laboratory, Practice or Provider. If Kadance is deemed a “business associate,” we will be subject to additional obligations with respect to your “protected health information,” as defined under HIPAA (“PHI”), or other state laws. Your PHI will be used and disclosed only in accordance with such applicable laws and regulations.

10. APPLICABILITY OF GINA

The Genetic Testing Nondiscrimination Act of 2008 (“GINA”) protects individuals from discrimination based on their genetic information with respect to both: (a) obtaining and maintaining health insurance (Title I), and (b) employment (Title II). More specifically, GINA prohibits health insurers from using genetic information to determine if someone is eligible for insurance or to make coverage, underwriting or premium-setting decisions. Health insurers also cannot make individuals or their family members undergo genetic testing or provide genetic information. Similarly, GINA prohibits employers from requiring or requesting genetic information and/or genetic tests as a condition of employment.
Please note, GINA’s health insurance protections do not extend to life insurance, long-term care insurance or disability insurance, although some states have laws that extend additional protections again genetic discrimination in these lines of insurance. GINA’S employment protection do not apply to the military or employers with fewer than 15 employees.

While Kadance offers access to genetic testing and counseling through the Site, Kadance will not share any genetic testing information with any third party except as set forth in this Privacy Policy or as specifically authorized by you.

11. SECURITY

We implement reasonable procedural and technological security measures, consistent with industry practice to promote the confidentiality, integrity, and availability of personal information. Such measures are reasonably designed to protect your personal information from loss, unauthorized access, disclosure, alteration or destruction. We may use encryption, password protection, secure socket layers, internal restrictions and other security measures to help prevent unauthorized access to your personal information. However, while the security of your personal information is of the utmost importance to us, we cannot fully guarantee the security of any information you choose to disclose online. Thus, you provide your information to us at your own risk.

12. ADDITIONAL DISCLOSURES FOR RESIDENTS OF CERTAIN US STATES

Disclosure for California Residents If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by certain members of Kadance to third parties for the third parties’ direct marking purposes. To make such a request, please send an email to privacy@kadance.com with the title “Shine the Light”.

Disclosures for Texas and Nebraska Consumers

This section provides additional disclosures applicable only to residents of U.S. states with comprehensive privacy laws that apply to Kadance, including the Texas Data Privacy and Security Act and the Nebraska Data Privacy Act (“U.S. State Privacy Laws”). The disclosures in this section do not apply to consumers who reside in states with state privacy laws that do not apply to us. 

  • Data Subject Rights. Residents in states with U.S. State Privacy Laws that apply to Kadance have the following rights with respect to the processing of their personal information, subject to certain exemptions:
    • Confirm. You have the right to confirm whether Kadance is processing your personal information and to request access to your personal information.
    • Correct. You have the right to request that we correct inaccuracies in the personal information we maintain about you. 
    • Delete. You have the right to request that we delete the personal information we maintain about you. 
    • Data Portability. You have the right to request access to the personal data we have collected about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the personal information to another entity without hindrance. You may not exercise this right more than two times in a calendar year. 
    • Opt Out. You have the right to opt out of (1) sales of your personal information, (2) the processing of your personal information for purposes of targeted advertising, and (3) profiling of your personal information in furtherance of decisions that produce legal or similarly significant effects, and to revoke their consent to certain types of processing activities. 
  • Exercising Data Subject Rights & Authorized Agents. To exercise a data subject right applicable to you, you can email us at privacy@kadance.com or by clicking here. You may also authorize an agent to make data subject requests on your behalf. In such instances, authorized agents may use the same methods as you to submit the requests on your behalf. To verify your identity and protect your personal information, we may ask the requestor to provide information that will enable us to verify your identity in order to comply with your data subject request, such as asking your agent to provide proof of signed permission from you, or ask you to confirm with us directly that you provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.
  • Appeals. If we deny your request, residents in states with U.S. State Privacy Laws that apply to Kadance may appeal our decision by contacting us at us at privacy@kadance.com or by clicking here. If you submit an appeal, please enclose or otherwise specifically reference your initial request so that we may appropriately assess and respond to your appeal. We will process appeals in accordance with applicable law.
  • Sales and Targeted Advertising. NOTICE: we may sell your sensitive personal information, but only for the limited purposes described in this section. U.S. State Privacy Laws define “sale” broadly to mean the exchange of personal information for anything of value, not just money. Based on that definition, we “sell” and process for targeted advertising personal information collected via cookies and other tracking technologies, such as IP addresses and browsing data, when we allow third parties to place certain types of cookies or other tracking technologies on our website for targeted advertising. In some contexts, this may include disclosure of health-related inferences about you, which may be considered sensitive personal information under U.S. Data Privacy Laws, to third party providers of cookies and other tracking technologies such as if you visit a healthcare-related page on our Websites. We do not otherwise “sell” other types of personal information or sensitive personal information we may collect about you. You have the right to opt out of the sale and processing for purposes of targeted advertising of your personal information. To opt out of such processing, you may contact us at privacy@kadance.com or by clicking here
  • Profiling. We do not process personal information for profiling in furtherance of legal or similarly significant effects.

For more information about our processing of consumer health data, please see our Consumer Health Data Privacy Policy.

13. DO NOT TRACK MECHANISMS

Because of the changing state of technology and indecision within the industry regarding the meaning of DNT signals, we currently do not make any guarantee that we will honor DNT signals.

14. LINKS TO THIRD-PARTY SITES

Our Site may contain links to other websites on the Internet. If you decide to use these links, you will leave our Site. We are not responsible for the privacy practices or the content of such third parties, and such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. Your use of these other linked websites is subject to the respective terms of use and privacy policies located on the linked websites.

15. CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at privacy@kadance.com.