Aunyx Labs

HIPAA Notice of Privacy Practices

Effective April 17, 2026

This Notice of Privacy Practices is an initial draft we are publishing alongside the launch of aunyxlabs.com. We are actively working with counsel to finalize it. If you have questions, email us at hello@aunyxlabs.com.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our commitment

Aunyx Labs is required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to maintain the privacy of your Protected Health Information (“PHI”), to provide you with this Notice of our legal duties and privacy practices with respect to PHI, and to notify you in the event of a breach of unsecured PHI. We are required to abide by the terms of this Notice as currently in effect.

How we may use and disclose your PHI

We may use and disclose your PHI without your written authorization for the following purposes:

  • Treatment: To provide, coordinate, or manage your care. For example, your labs and intake information are shared with the licensed provider who reviews your results and builds your care plan, and with the phlebotomist and laboratory that collect and process your samples.
  • Payment: To bill and receive payment for the services you receive. For example, we share limited information with our payment processor (Stripe) to process your card transaction.
  • Healthcare operations: For activities like quality assessment, provider training, case review, and business planning, in each case using the minimum necessary PHI.
  • As required by law: When state or federal law requires us to disclose PHI, for example in response to a valid subpoena or court order, or in reporting communicable diseases or suspected abuse.
  • Public health and safety: To prevent a serious threat to health or safety, or to report to public health authorities as permitted or required by law.
  • Business associates: We may share PHI with contracted business associates (for example, our electronic health record vendor, hosting providers, and diagnostic labs). Each is bound by a written Business Associate Agreement requiring them to safeguard your PHI.

Uses that require your written authorization

Other uses and disclosures of your PHI that are not described above will be made only with your written authorization. This includes most uses and disclosures of psychotherapy notes, uses and disclosures for marketing purposes, and any sale of PHI. You may revoke any authorization you give at any time by writing to us at the address below. The revocation will not affect any disclosures we already made in reliance on your prior authorization.

Your rights under HIPAA

  • Access. You have the right to inspect and obtain a copy of your PHI held by us, subject to limited exceptions. We may charge a reasonable, cost-based fee for copies.
  • Amendment. You have the right to request that we amend PHI we hold if you believe it is inaccurate or incomplete. We may deny your request under certain circumstances.
  • Accounting of disclosures. You have the right to receive a list of certain disclosures of your PHI we have made in the six years prior to your request.
  • Restrictions. You have the right to request a restriction on how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree, but if we do, we will honor the restriction except in an emergency.
  • Confidential communications. You have the right to request that we communicate with you in a specific way or at a specific location (for example, by email rather than SMS).
  • Paper copy of this Notice. You have the right to obtain a paper copy of this Notice at any time, even if you have received it electronically.
  • Notification of breach. You have the right to be notified in the event of a breach of your unsecured PHI.

Changes to this Notice

We reserve the right to change this Notice and our privacy practices at any time. Any revised Notice will apply to PHI we already maintain and to PHI we create or receive in the future. A copy of our current Notice will always be posted at aunyxlabs.com/hipaa.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the US Department of Health and Human Services. You will not be retaliated against for filing a complaint.

To file a complaint with us, email hello@aunyxlabs.com with the subject line “Privacy Complaint.” Please include a brief description of the issue and your preferred method of contact. We will respond within 30 days.

You may also file a complaint in writing with the US Department of Health and Human Services, Office for Civil Rights, at hhs.gov/hipaa/filing-a-complaint.

Contact us

For questions about this Notice or to exercise any of your rights listed above, contact us at hello@aunyxlabs.com.