Gift Function
About
How it works
What we test
FAQ
MRI & CT scans
Pricing
Employers
Contact us

Scans were always essential. Now they’re accessible, too.

Learn more
Login

Consumer Health Data Privacy Policy

Last Updated: August 1, 2025

This Consumer Health Data Privacy Policy (“Consumer Health Data Privacy Policy”) describes how Function Health, Inc. and its corporate affiliates (collectively, “Function,” “we,” “us” or “our”) process consumer health data as applicable US state laws may define that term (“Consumer Health Data”), that we collect through our digital or online properties or services that link to this Consumer Health Data Privacy Policy (including as applicable, our website, mobile application, and social media pages) as well as our marketing activities, and other activities described in this Consumer Health Data Privacy Policy (collectively, the “Service”). This Consumer Health Data Privacy Policy applies to the extent required by applicable US state laws. 

This Consumer Health Data Privacy Policy supplements our general Privacy Policy. In the event of a conflict between our Privacy Policy and the Consumer Health Data Privacy Policy, the Consumer Health Data Privacy Policy applies to the extent that it is consistent with applicable US state law.

This Consumer Health Data Privacy Policy does not apply to Consumer Health Data that we process on behalf of our enterprise customers while providing Function services to them. For example, to the extent that we receive your Consumer Health Data from your employer related to your eligibility for our Service, our use of that Consumer Health Data may be governed by our agreements (including, as applicable, a business associate agreement) with the relevant enterprise customer. If you have questions regarding your Consumer Health Data that we process on behalf of an enterprise customer, please direct your questions to the relevant enterprise customer. 

Consumer Health Data we collect:

Consumer Health Data you may provide to us through the Service or otherwise includes:

  • Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, and phone number.
  • Demographic data, such as your city, state, country of residence, postal code, age, date of birth, gender or gender identity, racial or ethnic identity, and sexual orientation.
  • Account data, such as the username and password that you may set to establish an online account on the Service, date of birth, biographical details, photograph or picture, links to your profiles on social networks, preferences, information about your participation in our promotions or surveys, and any other information that you add to your account profile.  
  • Service-eligibility data, if you are accessing the Service as part of an enterprise customer-provided benefit, you may provide us with relevant information such as your employer or other enterprise customer name, eligibility data, and relevant enterprise customer identification number.
  • Health-related data, such as mental or physical history, conditions and diagnoses, treatments, medications, medical images, biomarkers, lab samples, lab results, clinical notes, and other physical or mental health information. This may include personal information that you provide directly to us when you complete electronic forms designed for you to self-report your physical or mental health status, upload medical records, or link a wearable or Internet of Things device to our Services.
  • Genetic data, certain of the lab tests available through the Service may produce data that relates to inherited characteristics.
  • Audiovisual recording data, such as video and audio recordings of you.
  • Transactional data, such as information relating to or needed to complete your orders on or through the Service, including order numbers and transaction history.
  • Communications data based on our exchanges with you, including when you contact us through the Service, chat features, social media, or otherwise. 
  • Relationship data, such as familial or other relationship to third parties whose personal information you may provide to us.
  • Payment data needed to complete transactions, including payment card information or bank account number.
  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • User-generated content data, such as photos, images, music, videos, comments, questions, messages, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
  • Other data not specifically listed here, which we will use as described in this Consumer Health Data Privacy Policy or as otherwise disclosed at the time of collection.

Consumer Health Data we collect automatically. When you use our services, we collect some information through certain technical tracking technologies that may be considered Consumer Health Data. For example:

  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Precise geolocation data, when you authorize our mobile application to access your device’s location.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
  • Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails. 

Consumer Health Data we obtain from third-party sources. We also obtain the types of Consumer Health Data described above from third parties. These third-party sources may include, for example:

  • Corporate affiliates. We may obtain your Consumer Health Data from our corporate affiliates (including Ezra AI, Inc. and Ezra Health of Florida, PLLC).
  • Lab and Provider Partners, including third party healthcare services providers, laboratory services providers, and other providers of medical and medical-adjacent services.
  • Our enterprise customers, such as employers, gyms and other entities that may provide us with your personal information.
  • Linked third-party services, such as Google or other third-party service that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.
  • Linked third-party devices, such as wearable or Internet of Things devices that you link to your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service. This may include your device’s health app information historical data related to your use of the wearable device.
  • Third parties that you designate such as lab providers with whom we do not have a contractual relationship.
  • Service providers. Third parties that collect or provide Consumer Health Data in connection with work they do on our behalf.

Consumer Health Data we may create, infer or generate. We may create, infer or generate Consumer Health Data from other data we collect, including using automated means to generate information about your likely preferences or other characteristics. We may create aggregated, de-identified, and/or anonymized information from Consumer Health Data by removing certain data components (such as your name, email address, or linkable tracking ID) that makes the data identifiable, or through aggregation, obfuscation or other means. For example, we may de-identify any information and data provided and/or generated in connection with your use of our Services (including without limitation your health-related data), in compliance with applicable law. Except as required or permitted by applicable law, we will not attempt to re-identify any data that has been aggregated, de-identified, and/or anonymized. Subject to applicable law, our use of such aggregated, de-identified, and/or anonymized information is not Consumer Health Data.

How we use your Consumer Health Data

We use Consumer Health Data for purposes described in this Consumer Health Data Privacy Policy or as otherwise disclosed to you. For example, we use Consumer Health Data for the following purposes: 

Purpose of Use Categories of Consumer Health Data
Service delivery and operations: providing the Service, enabling security features of the Service, establishing and maintaining your user profile on the Service, communicating with you about the Service, providing support for the Service and responding to your requests/questions/feedback. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
Service personalization: understanding your needs and interests, personalizing your experience with the Service and our Service-related communications, remembering your selections and preferences as you navigate webpages. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
Insights and development: for insights (including research) and development purposes, including to analyze and improve the Service and our business and to develop new products and services. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
Direct marketing: communicating with you about services, upcoming events, and other information. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
Promotions and contests: to administer promotions and contests and to communicate with you about any such promotions or contests in which you participate. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
Service improvement and analytics: analyzing your usage of the Service, improving the Service, improving the rest of our business, helping us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and developing new products and services. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
Compliance and protection: complying with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities; protecting our, your or others' rights, privacy, safety or property; auditing our internal processes for compliance with legal and contractual requirements or our internal policies; enforcing the terms and conditions that govern the Service; preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
Data sharing in the context of corporate events: in the context of actual or prospective corporate events. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.
To create aggregated, de-identified and/or anonymized data: We may create aggregated, de-identified and/or anonymized data from your Consumer Health Data and other individuals whose Consumer Health Data we collect. We make Consumer Health Data into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service, promote our business, and for research purposes. Contact data, demographic data, account data, service-eligibility data, health-related data, genetic data, audiovisual recording data, transactional data, communications data, relationship data, payment data, marketing data, user-generated content data, device data, precise geolocation data, online activity data, communications interaction data.

How we share your Consumer Health Data

We may “share” (as the applicable law may define that term) Consumer Health Data with your consent or as we determine necessary to complete your transactions, provide the Service to you, or as otherwise permitted or required by law. For example, we may share your Consumer Health Data to: 

Corporate affiliates. We may share your Consumer Health Data with our corporate affiliates (including Ezra AI, Inc. and Ezra Health of Florida, PLLC).

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy.

Research partners. We may share Consumer Health Data with research partners to conduct research.

Lab and Provider Partners. We will share your Consumer Health Data with healthcare services providers, laboratory services providers, and other providers of medical and medical-adjacent services.

Linked third-party services or devices. If you log into the Service with a third-party service such as Google, or choose to link a wearable or Internet of Things device to your Service account, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy or other relevant terms and the settings associated with your account with the third-party service.

Legal and law enforcement. We will access, share, and preserve Consumer Health Data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies. We will also share Consumer Health Data if we believe it is necessary to protect our customers and/or the rights or property of ourselves or others.

For more information on how we may otherwise disclose your Consumer Health Data, please view the How we may share your personal information section in our Privacy Policy.

Your Consumer Health Data choices 

You may have certain rights to your Consumer Health Data under applicable law. Any of the rights discussed below may be subject to certain limitations (for example, a monetary charge).  If you wish to exercise these rights, please email us at privacy@functionhealth.com

Withdraw consent. To the extent we rely upon your consent for either our collection or sharing of your Consumer Health Data, you have the right to withdraw such consent from any future collection or sharing. 

Access and confirm. You have the right to ask us to confirm whether we have collected, shared or sold your Consumer Health Data. Further, you have the right to access (in other words, request a copy of) the Consumer Health Data that we have collected, shared or sold. You also have a right to access a list of all “third parties” (as applicable law may define that term) and affiliates with whom we have shared or sold your Consumer Health Data and receive certain corresponding information.

Correction. You have the right to ask us to correct inaccuracies in your Consumer Health Data.

Deletion. You have the right to ask us to delete your Consumer Health Data. 

Appeal. You have the right to appeal our denying a right you have attempted to exercise. We will provide details on how to appeal our denial in connection with such action. 

To exercise your rights above and make a Consumer Health Data rights request, please email us at privacy@functionhealth.com.  We may need to verify your identity in order to process your request. To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes. 

Declining to provide information. We need to collect Consumer Health Data to provide certain services. If you do not provide the information we identify as required or mandatory or if you request that any required Consumer Health Data be deleted or withdraw your consent for future collection or sharing of any required Consumer Health Data, we may not be able to provide those services.

Linked third-party platforms. If you log into the Service with a third-party service such as Google, or choose to link a wearable or Internet of Things device to your Service account, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from such third-party platform, that choice will not apply to information that we have already received from that third party.

Changes to this Consumer Health Data Privacy Policy 

We reserve the right to modify this Consumer Health Data Privacy Policy at any time. If we make material changes to this Consumer Health Data Privacy Policy, we will notify you by updating the date of this Consumer Health Data Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Consumer Health Data Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Consumer Health Data Privacy Policy indicates your acknowledging that the modified Consumer Health Data Privacy Policy applies to your interactions with the Service and our business.

How to contact us

Email: privacy@functionhealth.com