Privacy Policy

Effective Date: November, 2025

Last Updated: November, 2025


SampleSync HcF (“Company,” “we,” “us,” or “our”) values your privacy and is committed to protecting your information. This Privacy Policy describes how we collect, use, share, and safeguard personal and client data when you use our website, products, and services (collectively, the “Service”). 

By using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use. 


1. Scope and Applicability 

This Privacy Policy applies to all users of our Service globally. 

Our platform provides secure, cloud-based data management tools for laboratory sample tracking, storage, and analysis. The Service is designed for business and institutional use and is not intended to process or store Protected Health Information (PHI) or personally identifiable medical data as defined under HIPAA, GDPR, or similar regulations. 

We act as a data controller for information we collect directly from users and as a data processor for data uploaded by clients through their accounts. 


2. Information We Collect 

We collect only the information necessary to provide and improve the Service. 


2.1 Information You Provide 

When you create an account, subscribe, or contact us, we may collect: 

  • Account Details: Name, organization, business email, username, and password. 
  • Billing and Payment Data: Payment information handled securely through our payment providers (e.g., WooCommerce Payments, Stripe, PayPal). We do not store full credit card numbers. 
  • Communications: Information you provide when contacting support or submitting forms. 
  • Marketing Preferences: Your choices regarding newsletters or product updates. 


2.2 Automatically Collected Information 


When you use our website or Service, we may automatically collect: 

  • Device and Technical Data: IP address, browser type, operating system, and device identifiers. 
  • Usage Data: Date/time of access, pages viewed, features used, and general performance metrics. 
  • Cookies and Tracking Technologies: Used for authentication, analytics, and improving functionality. 

You can manage cookie preferences through your browser or our Cookie Settings tool. 


2.3 Client Data 

You may upload laboratory or sample-related data (“Client Data”) to the platform. 

  • You retain full ownership of all Client Data. 
  • We process it solely to provide and support the Service. 
  • You are responsible for ensuring Client Data does not include PHI or sensitive personal information unless otherwise agreed in writing under a separate data processing agreement. 

3. How We Use Information 


We use the information we collect to: 

  • Operate, maintain, and improve the Service; 
  • Manage user accounts and subscriptions; 
  • Process payments and transactions; 
  • Provide customer support; 
  • Communicate updates, security notices, or administrative information; 
  • Analyze trends and usage to improve functionality; 
  • Enforce our Terms and comply with applicable law. 

We do not sell or rent your personal information. 


4. Legal Bases for Processing 

We process personal information under the following legal bases: 

  • Contractual Necessity: To provide the Service and fulfill obligations to you. 
  • Legitimate Interests: To enhance and secure our platform, prevent fraud, and improve offerings. 
  • Consent: For marketing emails, non-essential cookies, or where required by law. 
  • Legal Obligation: To comply with applicable regulatory requirements. 

5. How We Share Information 

We share information only as needed to deliver our Service or comply with legal requirements: 

  • Service Providers: With trusted partners for hosting, analytics, payments, and customer support (bound by strict confidentiality and data protection obligations). 
  • Legal and Regulatory Authorities: If required by law, court order, or government request. 
  • Corporate Transactions: In the event of a merger, acquisition, or sale of assets, with appropriate safeguards. 
  • With Your Consent: When you explicitly authorize sharing for a specific purpose. 

We do not disclose Client Data for marketing or advertising purposes. 


6. International Data Transfers 

We operate globally, and data may be stored and processed in jurisdictions where we or our partners operate (including the U.S., EEA, UK, Canada, Australia, and Asia-Pacific). 

When transferring data internationally, we use appropriate safeguards, such as: 

  • Standard Contractual Clauses (SCCs) approved by the European Commission; 
  • UK Addendum to SCCs for UK users;; and 
  • Adequacy decisions for countries with equivalent privacy protections. 

7. Data Retention 

We retain personal and Client Data only for as long as necessary to: 

  • Provide and maintain the Service; 
  • Comply with legal and contractual obligations; 
  • Resolve disputes; and 
  • Enforce agreements. 

After termination, Client Data will be retained for 30 days to allow export, then permanently deleted unless otherwise required by law. 


8. Data Security 


We employ administrative, technical, and physical safeguards to protect data against unauthorized access, alteration, disclosure, or destruction, including: 

  • Data encryption in transit and at rest; 
  • Multi-factor authentication; 
  • Role-based access controls; 
  • Secure hosting in certified data centers (e.g., ISO 27001, SOC 2). 

No system is fully secure. Therefore, ; you are solely responsible for protecting your credentials and devices. 


9. Your Rights 


Depending on your jurisdiction, you may have the following rights: 

Region Rights 
EU/EEA/UK (GDPR) Access, correction, deletion, restriction, portability, objection, and withdrawal of consent. 
California (CCPA/CPRA) Right to know, delete, correct, and opt out of sale/share of personal data; right to non-discrimination. 
Canada (PIPEDA) Access, correction, and withdrawal of consent. 
Australia/New Zealand Access, correction, and complaint handling rights. 

You may exercise these rights by contacting us at [email protected]. We will verify your identity before processing requests. 

EU/EEA and UK users may lodge file complaints with their national data protection authority. 


10. Cookies and Tracking Technologies 

We use cookies and similar technologies to enhance your experience. 


10.1 Types of Cookies 

  • Essential Cookies: Required for login, authentication, and core functionality. 
  • Analytics Cookies: Help us understand usage and improve performance. 
  • Preference Cookies: Store language or regional settings. 
  • Marketing Cookies: Used only with consent, to manage communications and advertising relevance. 

10.2 Managing Cookies 

You can modify cookie preferences via your browser or our Cookie Settings banner. 

Disabling cookies may impact Service functionality. 


11. Data Processing Addendum (DPA) 

For clients in the EU/EEA, UK, or other jurisdictions requiring data protection agreements, SampleSync HcF offers a Data Processing Addendum incorporating the EU Standard Contractual Clauses and UK Addendum. 


This DPA governs our role as a processor of Client Data. 

To request a copy, please contact [email protected]

12. Children’s Privacy 

Our Service is not directed to individuals persons under 18. We do not knowingly collect personal data from minors. If we learn that such information has been collected, we will delete it promptly.

13. Changes to This Policy 

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Updates will be posted with a new “Effective Date.” 

 Significant changes will be communicated via email or in-app notification. Continued use after updates constitutes acceptance of the revised Policy. 


14. Contact Us 

If you have any questions, complaints, or requests regarding this Privacy Policy or our data protection practices, please contact: 


SampleSync HcF 


Email: [email protected]

Address:
105 W 86 St 
Suite 551
New York, NY 10024