Privacy Policy

Zenlo Labs is a service operated by Zenlo LLC ("Zenlo," "we," "us"), a California limited liability company (File No. B20260111586). Registered address: 2108 N St, Suite N, Sacramento, CA 95816. Zenlo Labs is a clinical decision support tool intended exclusively for use by licensed healthcare providers ("Providers"). It is not intended for direct use by patients.

This policy describes how we handle two categories of information: (a) account information about the Providers who use Zenlo Labs, and (b) patient health information that Providers upload to the service in the course of their clinical work.

When a Provider creates an account, we collect a name, email address, professional details the Provider chooses to enter, and authentication data. We use this to operate the service, authenticate access, and communicate about the service.

Providers may upload laboratory results and related clinical data ("Patient Data") that may include protected health information (PHI). With respect to this Patient Data:

• The Provider is the controller of the Patient Data and is responsible for having the appropriate authority and patient relationship to upload and process it.
• Zenlo acts as a service provider / business associate processing Patient Data on the Provider's behalf, solely to deliver the service.
• We do not use Patient Data to train AI models.
• We process Patient Data to generate clinical decision support outputs for the Provider.

Zenlo Labs uses a combination of deterministic logic and large language models to analyze uploaded laboratory data and produce decision-support outputs. Patient Data sent to our AI processing provider is handled under a Business Associate Agreement and a zero-data-retention configuration, meaning that provider does not retain Patient Data after processing and does not use it for model training.

We use a limited set of third-party service providers to host and operate the service (for example, cloud hosting, database, and AI processing providers). These subprocessors are bound by agreements requiring appropriate confidentiality and security, including Business Associate Agreements where they may handle PHI.

Provider account data is retained for the life of the account. Patient Data is retained to provide the service to the Provider and is deleted upon Provider request or account closure, subject to any retention the Provider is independently required to maintain as part of the medical record.

We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, and audit logging. No system is perfectly secure, and we cannot guarantee absolute security.

Providers may access, correct, or delete their account information. Requests concerning Patient Data should be directed to the Provider who controls that data. Depending on your jurisdiction (including under the California Consumer Privacy Act), you may have additional rights; contact us to exercise them.

Zenlo Labs is a professional tool for licensed healthcare providers and is not directed to or intended for use by children.

We may update this policy. Material changes will be reflected by an updated effective date.

Zenlo LLC, 2108 N St, Suite N, Sacramento, CA 95816. ds@zenlo.app