Privacy Policy

Tested Clear LLC ("TestedClear," "we," "us," or "our") operates the TestedClear platform, a sexual health verification service that allows individuals to obtain and share verified credentials based on laboratory-confirmed STI test results. Our principal place of business is 10940 South Parker Road, Parker, Colorado 80134 (Douglas County). Privacy Officer: Rob Vido, rob@testedclear.com. Data Protection Contact: privacy@testedclear.com.

Required information: Your US phone number, used solely for authentication via one-time SMS code. We do not require your name, email address, or government-issued ID. Optional information you may choose to provide: First name, email address, ZIP code, age range, and responses to our testing frequency quiz. Providing this information is entirely voluntary and has no effect on your account, credential, or badge. Health credential data: When you obtain a verified credential through a partner clinic or laboratory, we receive and store: the panel of tests administered, whether results were clear, the date tested, and the name of the issuing provider. We store a cryptographic hash of your result summary — not your raw laboratory results. Technical data: IP address (for security and rate-limiting, retained up to 30 days), credential view counts, and device type. Payment data (premium accounts and clinic partners): Handled directly by Stripe. We receive only the last four digits of your card, the card brand, billing ZIP, and a Stripe customer ID. We never see or store full card numbers.

TestedClear's role under HIPAA: TestedClear operates as a Business Associate under HIPAA when working with covered entity clinic partners. We handle protected health information (PHI) only under executed Business Associate Agreements (BAAs). In our direct relationship with consumer users, TestedClear is not a HIPAA covered entity. However, we voluntarily apply HIPAA-equivalent standards — including the Privacy Rule, Security Rule, and Breach Notification Rule — to all health-related data we handle. We also comply with the FTC Health Breach Notification Rule (see Section 10). Your raw test results are never stored on TestedClear systems. We store only: the panel of tests administered, whether results were clear, the date tested, and the issuing provider name. This data is stored in a cryptographic hash ledger — each credential is SHA-256 hashed at issuance and written to an append-only audit record that cannot be altered after the fact. Notice of Privacy Practices: Our full Notice of Privacy Practices, describing how PHI is used and disclosed when we act as a Business Associate, is available at testedclear.com/npp. You may request a printed copy at no charge by emailing privacy@testedclear.com.

TestedClear operates an opt-in public health research program. If you choose to participate during signup or in your account settings, we may share anonymous, de-identified data with public health agencies, academic researchers, and organizations such as the Colorado Department of Public Health and Environment (CDPHE). What this means in practice: Your name, phone number, email address, and all personal identifiers are NEVER included in any data shared with third parties. Data is aggregated with a minimum of 50 other individuals before sharing. This means no individual can be identified from the shared data under any circumstances. We share only population-level trends — for example: "68% of users in the Denver metro area test quarterly" or "testing frequency increased 12% in Q1 2026 among 25-34 year olds in Colorado." No individual records are ever shared. Participation is entirely voluntary. You can opt in or opt out at any time in your account Settings. Opting out has zero effect on your account, badge, or any features of the platform. When you consent, we record: the date and time of your consent. We do not share this consent record with third parties. This program complies with HIPAA Safe Harbor de-identification standards (45 CFR § 164.514(b)) and Colorado state privacy law.

TestedClear sends SMS text messages to the phone number you provide during account creation. By creating an account and entering your phone number, you consent to receive the following types of SMS messages: • Verification codes (one-time passwords for account access) • Badge notifications (when your verified credential is issued or updated) • Retest reminders (periodic reminders based on your personalized testing schedule) • Appointment confirmations (if you book a return visit through TestedClear) Message frequency varies based on your account activity and testing schedule. Message and data rates may apply depending on your mobile carrier and plan. To opt out of SMS messages at any time, reply STOP to any message from TestedClear. You will receive a confirmation that you have been unsubscribed. To opt back in, reply START. For help, reply HELP or contact us at privacy@testedclear.com. Opting out of SMS will disable account access via phone OTP. You may still access your account via email recovery. We do not share your phone number with third parties for marketing purposes. Your phone number is used solely for authentication and the communications described above. See Section 7 for full data sharing details.

We use your phone number solely to authenticate your identity and send SMS messages you have consented to (Section 5). We use your optional profile information (name, email, ZIP, age range) to personalize your dashboard experience, send badge confirmation emails if you provided an email address, and — only if you have opted into the research program — include your anonymous, de-identified demographic data in aggregate public health reports. We use your credential data to generate and display your verification badge and shareable links. We use technical data (IP address, device type) for security, fraud prevention, and rate limiting. We never sell your personal data. We never share your personal data with advertising networks. We never use your health information for targeted advertising of any kind.

We share data only with: Laboratories (Quest Diagnostics, LabCorp) — to verify your results with your explicit authorization when you submit an accession number. Clinic partners — under executed HIPAA BAAs, only the data necessary to issue your credential. Public health agencies and researchers — only anonymous, aggregated, de-identified data as described in Section 4, and only from users who have opted in. Sub-processors (infrastructure and service providers) — see Section 8 for the complete list, what data each receives, and where they process it. All sub-processors are bound by Data Processing Agreements or, where PHI may be involved, Business Associate Agreements. Law enforcement — only when required by valid legal process (subpoena, court order). We will notify you of any such request to the extent permitted by law. We do not provide health information to law enforcement except in response to a valid court order specifically authorizing such disclosure. Successors — if TestedClear is acquired, merged, or reorganized, your data may transfer to the successor entity, but any such entity will be bound by privacy commitments equivalent to those in this Policy. We will notify you at least 30 days before any such transfer. We do not share data for any other purpose.

TestedClear uses the following sub-processors to operate the platform. Each processes limited data for specific purposes under contractual privacy and security obligations. We review this list whenever we add, remove, or materially change a sub-processor. (See table below.) All sub-processors handling PHI (Supabase, Vercel, Twilio, Resend, AWS) are bound by a Business Associate Agreement. Stripe never receives health information. Sentry and Google Analytics are configured to scrub personally identifying information and never receive health data. We will update this list and notify users of material changes at least 14 days before any new sub-processor begins processing personal data. To request the current list in writing or to object to the addition of a specific sub-processor, contact privacy@testedclear.com.

Colorado residents have the following rights under the Colorado Consumer Privacy Act: Right to access: Request a copy of the personal data we hold about you. Right to correct: Request correction of inaccurate personal data. Right to delete: Request deletion of your personal data. Right to data portability: Receive your data in a portable format. Right to opt out of targeted advertising: We do not conduct targeted advertising. Right to opt out of sale of personal data: We do not sell personal data. Right to opt out of profiling: We do not engage in profiling for decisions that produce legal or significant effects. To exercise any of these rights, contact privacy@testedclear.com. We will respond within 45 days as required by Colorado law. You may appeal a denial of your request by replying to our response email; appeals are handled by our Privacy Officer. Authorized agents: You may designate an authorized agent to make CPA requests on your behalf. We will verify the authorization before processing the request. California residents: California residents have similar rights under the CCPA/CPRA. We treat all US residents equivalently and honor the same rights regardless of state of residence.

FTC Health Breach Notification Rule: TestedClear complies with the FTC Health Breach Notification Rule (16 CFR Part 318). In the event of a breach of unsecured personal health records, we will notify affected individuals within 60 calendar days of discovery, and notify the FTC and relevant media outlets as required by law. HIPAA breach notification: For PHI handled under a BAA, TestedClear will notify the covered entity clinic partner within 5 business days of discovery, to allow timely Patient notification under HIPAA (45 CFR § 164.410). State breach notification: We comply with Colorado's data breach notification law (C.R.S. § 6-1-716) and equivalent laws in other US states. We will notify affected residents as required by the applicable state law. Our full health breach response policy is available at testedclear.com/health-data.

Account data is retained for as long as your account is active. Upon account deletion, all personal identifiers are removed within 30 days. Credential records in the audit ledger are retained for 7 years as required by applicable law, but are permanently dissociated from your personal information upon account deletion (only the hash and metadata remain, with no link to you). Technical logs (IP addresses, request logs) are retained for up to 30 days for security and fraud prevention, then automatically purged. Payment and transaction records are retained for 7 years for tax and regulatory compliance, as required by IRS and state law. Anonymous, aggregated public health data that has already been shared under Section 4 cannot be recalled or deleted because it contains no personal information and cannot be traced back to any individual.

All data in transit is encrypted using TLS 1.3. Data at rest uses AES-256 encryption. Credential records are stored in a tamper-evident ledger that cryptographically verifies record integrity — any attempt to modify a past record is detectable. Administrative access to production systems is restricted to authorized personnel, protected by multi-factor authentication, and logged for audit purposes. Database-level row-level security policies prevent cross-account data access. Automatic session timeout after 4 minutes 20 seconds of inactivity protects PHI on shared devices. Security incidents are investigated and documented in our internal incident response process. We encourage responsible disclosure of security issues to security@testedclear.com.

We use two categories of cookies and similar technologies: Essential cookies (always active): Required for authentication, session management, and CSRF protection. These cannot be disabled because the site cannot function without them. No tracking. Analytics cookies (opt-in only): Google Analytics, loaded only after you affirmatively consent via our cookie banner. IP addresses are anonymized before being transmitted. No data is sold or shared for advertising. We do not use: advertising cookies, third-party tracking pixels, cross-site tracking, marketing cookies, social media pixels, or fingerprinting. You can accept, reject, or customize cookie preferences from the banner shown on first visit, or anytime via the "Manage cookies" link in the footer. Your preferences are saved locally on your device.

TestedClear is strictly an 18+ platform. We do not knowingly collect information from anyone under 18 years of age. If we discover a minor has created an account, we will immediately delete all associated data and terminate the account. If you believe a minor has created an account on TestedClear, please contact privacy@testedclear.com.

TestedClear is designed for and operated in the United States. All data is stored and processed in the United States. If you access the platform from outside the US, your data will be transferred to and processed in the US. By using TestedClear from outside the US, you consent to this transfer. We do not currently support EU/UK GDPR rights because the platform is not marketed to or intended for residents of those jurisdictions.

We will notify you of material changes to this Privacy Policy by email (if you have provided one) or by prominent notice on the platform at least 14 days before changes take effect. The effective date at the top of this page reflects the most recent update. You can review prior versions by contacting privacy@testedclear.com.

Privacy inquiries and data rights requests: privacy@testedclear.com Data deletion requests: privacy@testedclear.com Security incidents: security@testedclear.com Legal notices: legal@testedclear.com Privacy Officer: Rob Vido Mailing address: Tested Clear LLC · 10940 South Parker Road · Parker, CO 80134 We aim to respond within 5 business days to all inquiries and within 45 days for formal data rights requests.