Contact Sales
Platform

The ODX Platform

Solutions For

The ODX Difference
Analytics

Blood Chemistry

Pricing
Explore

The Optimal DX Library

Blog & Podcast

Clinical Tools

About
Get Started
Watch a demo
Get Started

Watch a demo
particles-background-design

Privacy Policy

Last Updated January 14th, 2026

Optimal DX Inc. (“Optimal DX”) is committed to maintaining the security and privacy of personal information collected through this website, optimaldx.com (the “Website”), the Optimal DX Blood Chemistry Software Application (the “Software Application”, and collectively with the Website, the “Services”) [ and the Optimal DX patient portal, (the “Patient Portal”)]. This Privacy Policy discloses Optimal DX’s information collection and dissemination practices in connection with the Services and applies solely to the information that we collect through those means. This Privacy Policy does not address personal information that you provide to us other than in connection with the Services.

Certain information and/or personal information may be disclosed to third parties in connection with and as necessitated by our normal provision of Services. Additionally, information and/or personal information may be anonymized, aggregated, and used for various business and commercial purposes, but in no event in a matter that is linked to any personally identifiable information, or to profile any individual

How We Process Personal Information

Optimal DX processes personal information in accordance with applicable data protection laws. Depending on the context in which personal information is collected, processing may be based on one or more lawful bases, including the performance of a contract, compliance with legal obligations, legitimate business interests, or, where required by law, your consent.

Where processing is based on consent, you may withdraw your consent at any time by using the contact information provided in this Privacy Policy. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Your use of the Services is subject to this Privacy Policy, which describes how and why personal information is collected, used, and disclosed.

Data Security

Optimal DX understands that storing our data in a secure manner is essential. Optimal DX stores personally identifiable information (“PII”) and other data using industry-standard physical, technical, and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction, or modification. Please note, however, that while Optimal DX has endeavored to create a secure and reliable website for users, the confidentiality of any communication or material transmitted to/from the Website or via e-mail cannot be guaranteed. 

Where required by applicable law, Optimal DX will notify affected individuals and relevant authorities of a personal data breach without undue delay. Read our complete Data Security Policy.

Data Protection for EEA and UK Residents

Optimal DX processes personal data of individuals located in the European Economic Area (EEA) and the United Kingdom in accordance with the General Data Protection Regulation (GDPR) and UK GDPR, as applicable.

Additional information regarding lawful bases for processing, data subject rights, international data transfers, data retention, and applicable safeguards is provided in the GDPR and UK GDPR Addendum, which forms part of this Privacy Policy and applies specifically to EEA and UK residents.

GDPR AND UK GDPR ADDENDUM

(Effective for EEA and United Kingdom Residents)

This GDPR and UK GDPR Addendum (“Addendum”) supplements and forms part of the Optimal DX Privacy Policy. It applies solely to individuals located in the European Economic Area (“EEA”) and the United Kingdom (“UK”) whose personal data is processed by Optimal DX Inc (“Optimal DX,” “we,” “us,” or “our”) in connection with the Services.

Where there is a conflict between this Addendum and the main Privacy Policy, this Addendum shall control for EEA and UK data subjects.

1. Roles and Scope of Processing

For purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR:

  • Optimal DX acts primarily as a Data Processor when processing personal data and health-related data on behalf of its Customers (including healthcare practitioners and clinics).

  • Optimal DX acts as a Data Controller with respect to personal data collected directly through its Website, marketing activities, customer support, billing, and account administration.

Customers using the Software Application are responsible for determining the lawful basis for processing patient data and for complying with their obligations as Data Controllers under applicable data protection laws.

2. Lawful Bases for Processing

Optimal DX processes personal data of EEA and UK residents only where a lawful basis applies under Article 6 of the GDPR and UK GDPR, including:

  • Performance of a Contract: to provide access to and operate the Services, manage user accounts, process payments, and provide customer support.

  • Legitimate Interests: to ensure security, prevent fraud, improve Services, conduct internal analytics, and maintain business operations, provided such interests are not overridden by the rights of data subjects.

  • Consent: where required by law, including for certain marketing communications and optional features. Consent may be withdrawn at any time.

  • Legal Obligation: to comply with applicable legal, regulatory, tax, or accounting requirements.

Where health-related or special category data is processed on behalf of Customers, such processing is carried out solely under documented instructions from the Customer and subject to appropriate safeguards.

3. Data Subject Rights

EEA and UK residents have the following rights under GDPR and UK GDPR, subject to applicable limitations:

  • The right to access personal data held about them

  • The right to rectification of inaccurate or incomplete data

  • The right to erasure (“right to be forgotten”)

  • The right to restrict processing

  • The right to data portability

  • The right to object to processing based on legitimate interests

  • The right to withdraw consent at any time, where processing is based on consent

  • The right not to be subject to automated decision-making or profiling that produces legal or similarly significant effects

Requests to exercise these rights may be submitted using the contact details provided at the end of the Privacy Policy. We may require verification of identity before fulfilling requests.

Where Optimal DX acts as a Data Processor, we will forward requests to the relevant Customer and assist them as required under applicable law.

4. Data Retention

Optimal DX retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • The duration of an active customer or user account

  • Compliance with legal, accounting, or regulatory obligations

  • Resolution of disputes and enforcement of agreements

Retention periods may vary depending on the type of data and applicable legal requirements. When personal data is no longer required, it is securely deleted or anonymized in accordance with industry-standard practices.

5. International Data Transfers

Personal data of EEA and UK residents may be transferred to and processed in the United States and other jurisdictions that may not provide the same level of data protection as the EEA or UK.

Where such transfers occur, Optimal DX relies on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • UK International Data Transfer Addendum or International Data Transfer Agreement (IDTA), as applicable

  • Supplementary technical and organizational safeguards designed to protect personal data

Copies of relevant transfer safeguards may be requested using the contact information provided below.

6. EU and UK Representatives

Optimal DX is a company established in the United States. At this time, Optimal DX does not maintain an establishment in the European Economic Area (EEA) or the United Kingdom and does not actively target individuals in those jurisdictions.

Based on the nature, scope, and context of its processing activities, Optimal DX has determined that the appointment of a representative under Article 27 of the GDPR and UK GDPR is not currently required. If this assessment changes due to future expansion, targeting, or regulatory developments, Optimal DX will appoint an appropriate representative and update this Privacy Policy accordingly.

7. Supervisory Authorities

EEA and UK residents have the right to lodge a complaint with a supervisory authority if they believe their personal data has been processed unlawfully.

  • EEA residents may contact their local data protection authority.

  • UK residents may contact the Information Commissioner’s Office (ICO):
    https://ico.org.uk

We encourage individuals to contact us first so we may address concerns directly.

8. Contact Information

For questions regarding this Addendum or GDPR/UK GDPR compliance, please contact:

Optimal DX Inc
Attn: Data Protection Officer
184 Clear Creek Dr.
Ste 4
Ashland, OR 97520
United States
https://optimaldx.com/contact

Note on HIPAA Compliance

Optimal DX provides the web-based Software Application to customers who enter into an Optimal DX Service Agreement (“Customers”), who then authorize Software Application users, including physicians, physician assistants, nurse practitioners, and non-physician staff members (“Authorized Users”). Customers and Authorized Users are responsible for determining uses and disclosures of patient medical information maintained in the Software Application, in accordance with their legal and professional responsibilities as health care professionals and state and federal medical privacy laws, including the federal Health Insurance Portability and Accountability Act (“HIPAA”), and, as applicable, the GDPR. To the extent that Optimal DX receives or maintains patient medical information in the course of providing the Software Application, that information is secured, used, and disclosed only in accordance with Optimal DX’s legal obligations as a “business associate” under HIPAA.

Users Outside the United States

Optimal DX operates and stores all collected data in the United States. If you are located outside the U.S. and choose to submit or upload personal or patient data to our platform, you are responsible for ensuring that such activity complies with the laws and regulations of your jurisdiction, including any prohibitions or restrictions on transferring or storing health data outside your country.

Where personal or patient data is transferred outside the jurisdiction in which it was collected, including to the United States, such transfers are conducted pursuant to appropriate safeguards as required by applicable data protection laws, including Standard Contractual Clauses or equivalent mechanisms.

Information We Collect or Receive

When you utilize the Services, we may collect certain information directly from you that you provide to us, as well as, information that is automatically or passively collected from other sources, such as from your browser or device.

Personal Information Provided by You

Except as described in this Privacy Policy, Optimal DX only collects your PII through this Website when you choose to provide such information, such as when you use the “Contact Us” feature or submit a support ticket. PII can include your name, email address, and IP address. Optimal DX uses your PII to address your requests for information, products, or services. Optimal DX will not sell, rent, license, or trade your PII with third parties for their own direct marketing use unless we receive your express consent to do so. Unless you give us permission to do so, Optimal DX will not share your PII other than as specified in this Privacy Policy.

Automatically Collected Information and Anonymous Information

Each time a visitor comes to the Website, Optimal DX collects some information to improve the overall quality of the visitor’s online experience. An Internet Protocol (“IP”) address is a number that automatically identifies the computer/device you have used to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may disclose the server owned by your Internet Service Provider. Optimal DX may use IP addresses to conduct Website analyses and performance reviews and to administer the Website. When you access the Services, logs used to help us diagnose problems with our server, to administer the Website, and to otherwise provide our Services to you, may automatically collect standard weblog entries for each page served, including your IP address, page URL, browser type, and language, access times, referring website addresses, the information you search on the Website, date, and timestamps associated with Website access and usage, system configuration information, metadata concerning the files that you upload/download, and other interactions with the Website and/or Services. Some of our products may store data locally on your computer (preferences, connection settings, image metadata). Checking for updates to our Services also sends computer identifying information.

Other Information

Many electronic devices track real-time location-based information. Some files you share may are embedded with this location information. If you do not wish to share this information, do not upload those embedded files and/or turn off that feature on your device.

Purchases

When you make purchases on the Website, and at other times in your use of the Website, we make ask you to provide information that may personally identify you and/or allow us to contact you, such as your name and email address, user name, and password, billing address, credit card number, applications purchased, date of purchase, and information about your computer and software.

Access Credentials

When you sign in to your account to use the Services, we use certain tracking technologies, such as cookies, to store your sign-in information.

How We Use or Disclose Information

Operation of Services and our Business

The information you provide, in combination with other information collected, will be used to operate the Services, to improve the quality of our Services, and to provide you with a better experience.  Specifically, it may be used to (i) provide you with important information about the product or service that you are using, including critical updates, notifications, and product announcements; (ii) diagnose problems with the Services; (iii) provide and improve functionality and user-friendliness of our Services; and (iv) better understand your needs and interests, and personalize and improve your experience. Additionally, In the event Optimal DX sells or transfers some or all of its assets, the information it collects may be disclosed to, and your personally identifiable information may be among those assets transferred, subject to the terms of this Privacy Policy.

Communications with you

We may use your information for communications with you, such as sending confirmation emails, authenticating your purchases, and marketing our Services to you. We distribute e-mails via the email address you provide to us.  If you no longer wish to receive this newsletter from us, you may “unsubscribe” by following the instructions in the email. You may object to direct marketing at any time.

Security Compliance

We use the information to monitor and analyze the use of the Services, to reduce fraud, software piracy, and protect our users and customers, and verify a user name and administer your use of the Services.

Legal Compliance

Optimal DX may disclose information if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal processes. Optimal DX may also disclose information to law enforcement officers or others, in the good faith belief that such disclosure is reasonably necessary to: enforce our Terms of Use; or protect the rights, property, or personal safety of Optimal DX, its users, or the general public. We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.

Aggregated Data

Optimal DX collects aggregate queries for internal reporting and also counts, tracks, and aggregates the visitor’s activity into Optimal DX’s analysis of general traffic flow at the Website. To these ends, Optimal DX may merge information about you into aggregated group data. In some cases, Optimal DX may remove personal identifiers from PII and maintain it in aggregate form that may later be combined with other information to generate anonymous, aggregated statistical information. Such anonymous, group data may be shared on an aggregated basis with Optimal DX’s affiliates, business partners, service providers, and/or vendors; if it does so, Optimal DX will not disclose your PII.

Use of Anonymized Data in Third-Party Analytics
We may transmit anonymized data (i.e., data that no longer identifies an individual) to select third-party analytics and artificial intelligence services, such as ChatGPT or Claude, for the limited purpose of helping us improve our Services and gain statistical insights. This anonymized data cannot be used to identify any specific individual. Any aggregated, anonymized reports or analyses that we create do not include personal identifiers and do not allow the recipient or any other third party to determine individual identities.

Automated Decision-Making and Profiling

Optimal DX does not engage in automated decision-making, including profiling, that produces legal or similarly significant effects on individuals within the meaning of Article 22 of the GDPR and UK GDPR.

Any analytics, algorithms, scoring methodologies, or software-assisted assessments provided through the Services are designed to support licensed healthcare professionals and authorized users in their independent clinical review and decision-making. These tools do not replace professional judgment, do not make determinations about individuals without human involvement, and do not result in automated decisions affecting individuals’ legal rights or access to services.

Where anonymized or aggregated data is used for analytical, statistical, or service improvement purposes, such processing does not involve profiling of identifiable individuals.

Cookies and Tracking Technologies

Optimal DX uses cookies and similar tracking technologies to operate and improve the Services.

Essential Cookies

Certain cookies and similar technologies are strictly necessary for the operation, security, and functionality of the Services, including enabling account access, maintaining session state, and preventing fraud. These technologies do not require consent.

Non-Essential Cookies

We may also use non-essential cookies, including analytics and performance cookies, to better understand how users interact with the Services and to improve functionality and user experience. These cookies are used only where permitted by applicable law and, where required, only with your consent.

Managing Cookie Preferences

Where required by law, users located in the EEA or United Kingdom will be presented with a cookie notice or preference mechanism that allows them to accept or reject non-essential cookies. You may withdraw or modify your consent at any time using the cookie settings made available through the Services.

You may also configure your browser settings to block or delete cookies; however, disabling certain cookies may affect the functionality of the Services.

Third-Party Cookies

Some cookies may be placed by third-party service providers acting on our behalf, such as analytics providers. These third parties process data in accordance with their own privacy policies and applicable data protection laws.

Read our complete Cookie Policy.

Third-Party Service Providers, Referrals, and Links

Optimal DX works with third-party service providers to support the operation of the Services and our business. These providers process personal data only on our behalf and pursuant to contractual obligations that limit their use of such data to the services they provide to Optimal DX.

Where personal data of EEA or UK residents is transferred outside the EEA or the United Kingdom, including to the United States, such transfers are conducted pursuant to appropriate safeguards in accordance with GDPR and UK GDPR, including Standard Contractual Clauses approved by the European Commission and, where applicable, the UK International Data Transfer Addendum or International Data Transfer Agreement (IDTA).

Optimal DX’s primary service providers include:

  • Customer Service and Support: HubSpot, Inc., used for website contact forms, support ticket management, and customer communications.

  • Marketing: HubSpot, Inc., used for marketing communications and campaign management.

  • Payment Processing and Billing Management: Stripe, Inc., and ProfitWell (a product of Paddle or affiliated entities), used for payment processing, subscription management, and billing analytics.

  • Course Hosting and Delivery: Teachable, Inc., used for hosting and delivery of educational content.

  • Website Analytics: Google Analytics, used to analyze website usage and performance.

Each provider is contractually obligated to implement appropriate technical and organizational measures to protect personal data and to process such data in compliance with applicable data protection laws.

Children’s Privacy

The Services are not intended for use by children.

United States

Optimal DX does not knowingly collect personal information from children under the age of 13, consistent with the U.S. Children’s Online Privacy Protection Act (COPPA). If we become aware that personal information has been collected from a child under 13 without appropriate parental consent, we will take steps to delete such information.

European Economic Area (EEA)

For individuals located in the EEA, Optimal DX does not knowingly collect personal data from children under the age of 16 unless and until verifiable parental consent has been obtained, in accordance with the GDPR. Where we become aware that personal data has been collected from a child under 16 without such consent, we will take appropriate steps to delete the information.

United Kingdom

For individuals located in the United Kingdom, Optimal DX does not knowingly collect personal data from children under the age of 13 unless and until verifiable parental consent has been obtained, in accordance with UK GDPR.

If you believe that a child has provided personal data to Optimal DX in violation of this section, please contact us using the information provided in this Privacy Policy.

General Terms

Policy Updates

This Privacy Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve, or at any other time. We display a last updated date on this Privacy Policy so that it will be easier for you to know when there has been a change. If we make any change to this Privacy Policy regarding the use or disclosure of PII, we will provide advance notice on this Website. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.

Questions

If you have any questions about this Privacy Policy or about Optimal DX’s handling of your information, please contact us.

Owner and Data Controller

Optimal DX Inc
184 Clear Creek Dr
Ste 4
Ashland, OR 97520
United States
Attn:  Data Protection Officer

Owner contact: https://optimaldx.com/contact