top of page

Privacy Policy


Magnolia Point is committed to protecting your personal private health information. We abide by all required Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Nondiscrimination Act (GINA) practices. This document summarizes the permitted uses and disclosures of patient protected health information (“PHI”) as permitted by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule” or the “HIPAA Privacy Rule”), as amended by the Health Information Technology for Economic and Clinical Health Act, which is at Section 13400, et seq. of the American Recovery and Reinvestment Act of 2009, 42 U.S.C. § 17921, et seq., (the “HITECH Act”) and any regulations promulgated thereunder, including the HIPAA omnibus final rule (the “HIPAA Final Rule”).

Privacy Policy Statement

This Privacy Statement applies to all websites owned and operated by Magnolia Point, Inc. (“Magnolia Point”), including, and any other websites, pages, features, or content we own or operate, and to Magnolia Point products and any related services (collectively, the “Services”). Our Privacy Statement is designed to help you better understand how we collect, use, store, process, and transfer your information when using our Services.

By using our Services, you acknowledge all of the policies and procedures described in the foregoing documents. If you do not agree with or you are not comfortable with any aspect of this Privacy Statement, you should immediately discontinue use of our Services.

The Magnolia Point recognizes the need to protect the privacy of PHI in order to facilitate the effective delivery of health care. These Privacy Policies and Procedures are designed and intended to ensure[1] the Magnolia Point’s compliance with the Privacy Rule. The Magnolia Point adopts these Policies and Procedures to protect the PHI that it creates and maintains from unauthorized use, disclosure, or access, and to maintain the confidentiality and integrity of that PHI. These Policies and Procedures also ensure that individuals have rights related to their PHI. Through the Magnolia Point’s Notice of Privacy Practices ("Privacy Policy") individuals are informed of the Magnolia Point’s legal duties and these Policies and Procedures, as well as their individual rights with respect to their PHI.

Key Definitions

“Protected Health Information” is information that (1) identifies (or could be reasonably used to identify) an individual, (2) is created or received by a HIPAA covered entity (a health care provider, health plan or health care clearinghouse) and (3) relates to the past, present or future physical or mental health of the individual, the provision of health care to the individual, or the past, present or future payment for the provision of health care to the individual.

A “Business Associate” is a person or entity, other than a member of a covered entity’s workforce, that creates, receives, maintains or transmits PHI on behalf of a covered entity for a function or activity regulated by HIPAA. The HIPAA Final Rule expands the definition of “business associate” to include subcontractors to a business associate that create, receive, maintain or transmit PHI on behalf of a business associate. Business associate functions or activities on behalf of a covered entity include claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management and repricing.

These Policies and Procedures will be amended and/or supplemented as necessary and appropriate to comply with changes in the law or regulations or other interpretation of the Magnolia Point’s privacy-related obligations, or to reflect changes related to the Magnolia Point. The Magnolia Point will document and implement changes to these Policies and Procedures whenever there is a change in the law, regulations or interpretation of the Magnolia Point’s privacy obligations and/or a material change to the uses or disclosures of PHI or other privacy practices that necessitate a change in these Policies and Procedures. If a change requires revisions to the Privacy Notice, the Magnolia Point will not implement the change before the effective date of the revised Privacy Notice unless the Privacy Officer deems it necessary to apply the change to PHI that the Magnolia Point created or received before this effective date.

These Policies and Procedures are effective as of June 1, 2023.

[1] The term “ensure,” as used throughout these Policies and Procedures, is not meant to guarantee compliance with the Privacy Rule. Rather, “ensure” shall mean that the Privacy Officer, Business Associates and others, as applicable, will use their best efforts to comply with the Privacy Rule.

Information We Collect

We generally collect the following information:

  • Information we receive when you use our Services. We collect Web-Behavior Information via cookies and other similar tracking technologies when you use and access our Services.

  • Information you share directly with us. We collect and process your information when you or your healthcare provider place an order for one of our products or services, create an account, complete research surveys, or contact Customer Service. This information can generally be categorized as Registration Information, Self-Reported Information, and/or User Content, as defined in our full Privacy Statement.

  • Information from our DNA testing services. With your consent, we extract your DNA from your buccal swab (cheek swab) and analyze it to produce your Genetic Information in order to provide you or your doctor with the results for the ordered product.

How We Use Information

We generally process Personal Information for the following reasons:

  • To provide our Services. We process Personal Information in order to provide our Service, which includes processing payments, shipping kits to you or your doctors, creating customer accounts and authenticating logins, analyzing buccal swab samples and DNA, and delivering results.

  • To analyze and improve our Services. We constantly work to improve and provide new reports, tools, and Services. We may also need to fix software bugs or issues, analyze use of our website to improve the customer experience or assess our marketing campaigns.

  • For Magnolia Point Research. Magnolia Point researchers can include your de-identified Genetic Information and Self-Reported Information in a large pool of customer data for analyses aimed at making scientific discoveries so we can continue to help improve patient outcomes.

  • For Interest-based Advertising, with the ability to opt out. We use third parties such as network advertisers to serve advertisements on third-party websites or other media (e.g., social networking platforms). This enables us and these third parties to target advertisements to you for products and services in which you might be interested. Users in the United States may opt out of many third-party ad networks.

Control Your Choices

Magnolia Point gives you the ability to share information in a variety of ways. You choose:

  • To store or discard your buccal sample after it has been analyzed.

  • When and with whom you share your information, including health care professionals.

Access to Your Information

Your Personal Information may be shared in the following ways:

  • With our service providers, as necessary for them to provide their services to us.

  • With research collaborators, only if you have given your explicit consent.

  • With third party advertising networks, as necessary for them to accurately target you with advertising based on your interests.

Magnolia Point will not sell, lease, or rent your identifiable individual-level information to any third party without your explicit consent. Magnolia Point will not sell, lease, or rent your Magnolia Point Mental Health Map de-identified individual-level information to any third party without your explicit consent.

  • We do not share identifiable customer data with any public databases.

  • We will not provide any person’s genetic data to an employer.

  • We will not provide information to law enforcement or regulatory authorities unless required by law to comply with a valid court order, subpoena, or search warrant for genetic or Personal Information.

How We Secure Information

Magnolia Point implements reasonable and appropriate measures and systems to ensure confidentiality, integrity, and availability of Magnolia Point data, in compliance with applicable laws. In particular, the connections to and from our website where we collect and exchange data are encrypted using Transport Layer Security (TLS) technology.

Risks and Considerations

There may be some consequences of using Magnolia Point Services that you haven’t considered.

  • You may discover things about yourself that may be upsetting or cause anxiety and that you may not have the ability to control or change.

  • In the event of a data breach it is possible that your data could be associated with your identity, which could be used against your interests.



Changes to the Privacy Statement

This Privacy Statement may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display an effective date on the policy in the upper right corner of this Privacy Statement so that it will be easier for you to know when there has been a change.

Whenever this Privacy Statement is changed in a material way, a notice will be posted as part of this Privacy Statement and on our website for 30 days. After 30 days, the changes will become effective. In addition, all customers will receive an email with notification of the changes prior to the change becoming effective. Magnolia Point may provide additional “just-in-time” disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify Magnolia Point’s privacy practices or may provide you with additional choices about how Magnolia Point processes your Personal Information.


Contact Information

If you have questions about this Privacy Statement, or wish to submit a complaint, please email Magnolia Point’s Privacy Officer at, or send a letter to:

Magnolia Point Privacy Officer
16427 N Scottsdale Rd. Suite 410
Scottsdale, AZ 85254

bottom of page