Effective Date: May 7, 2026
Last Updated: May 7, 2026
1. Introduction
MiRNA Scientific, Inc. ("MiRNA Scientific," "we," "us," or "our") respects your privacy and is committed to protecting Personal Information that we collect, receive, and process in connection with the miR Sentinel™ Prostate Cancer Test, the my.mirsentinel.com and www.mirsentinel.com websites, the patient portal, the miR Access™ Patient Assistance Program, and any other online or offline service or program we offer (collectively, the "Services"). This Privacy Policy describes how we collect, use, share, and safeguard Personal Information.
This Privacy Policy applies to all information we collect through the Services. It does not apply to the information practices of any third party that we do not own or control, including providers, laboratories, payers, or research partners that may interact with us, even if their services are accessible through links from our Services.
2. Scope and application
This Privacy Policy is intended to comply with United States federal and state privacy law applicable to the Services, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"); the Health Information Technology for Economic and Clinical Health Act ("HITECH"); the Genetic Information Nondiscrimination Act ("GINA"); the Federal Trade Commission's Health Breach Notification Rule ("HBNR"); the Children's Online Privacy Protection Act ("COPPA"); and the comprehensive consumer-privacy and consumer-health-data statutes enacted in California, Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, Montana, Tennessee, Iowa, Indiana, Delaware, New Hampshire, New Jersey, Kentucky, Maryland, Minnesota, Rhode Island, Washington, and Nevada (collectively, the "State Privacy Laws").
Where MiRNA Scientific provides clinical laboratory services to patients of healthcare providers and the information involved is Protected Health Information ("PHI") under HIPAA, that information is governed primarily by HIPAA and any applicable Business Associate Agreement, and not by this Privacy Policy. Section 10 (Protected Health Information (HIPAA)) below describes the relationship between this Privacy Policy and HIPAA. Where we receive your information from a healthcare provider, we treat that information consistent with HIPAA and the provider's Notice of Privacy Practices.
3. Definitions
In this Privacy Policy:
• "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• "Sensitive Personal Information" means any of the following: government identifiers (Social Security Number, driver's license, state ID, passport); financial-account information; precise geolocation; racial or ethnic origin; religious beliefs; union membership; the contents of mail, email, or text messages; Genetic Information; biometric information; Consumer Health Data; sexual orientation; immigration status; and information collected and analyzed for the purpose of identifying a specific individual.
• "Consumer Health Data" means Personal Information that is linked or reasonably linkable to an individual and that identifies the individual's past, present, or future physical or mental health status, including diagnoses, treatments, medications, conditions, gender-affirming care, reproductive or sexual health information, or precise location information that could reasonably indicate a consumer's attempt to acquire or receive health services. This definition is intended to align with the Washington My Health My Data Act, Nevada SB 370, and Connecticut Public Act 23-56.
• "Molecular Signature Data" means data generated by the miR Sentinel™ Prostate Cancer Test, including the underlying laboratory measurements of small non-coding RNA expression in urinary exosomes, the resulting molecular signature, and the risk classification. Molecular Signature Data reflects expression patterns at a point in time; it does not detect genotypes, mutations, chromosomal changes, or inherited variants, and is therefore not a "genetic test" or "genetic information" as those terms are defined under the Genetic Information Nondiscrimination Act of 2008 ("GINA"), the implementing HIPAA regulations at 45 CFR § 160.103, the California Genetic Information Privacy Act, or analogous state genetic-privacy statutes. Molecular Signature Data may, however, constitute "genetic data" within the broader meaning of California Civil Code § 1798.140(ae) (which sweeps in any data that results from the analysis of a biological sample and concerns genetic material, including RNA), and we therefore treat Molecular Signature Data as Sensitive Personal Information and as Consumer Health Data, with the heightened protections described in Section 9.
• "Genetic Information" means information about an individual's genetic tests, the genetic tests of family members, the manifestation of a disease or disorder in family members, or any request for or receipt of genetic services, all as defined in GINA at 42 U.S.C. § 2000ff(4), and any analysis of human DNA, RNA, chromosomes, proteins, or metabolites that detects genotypes, mutations, or chromosomal changes (a "genetic test" within the meaning of 42 U.S.C. § 2000ff(7)). The miR Sentinel™ Prostate Cancer Test is not a genetic test within this meaning and does not generate Genetic Information. This definition is retained because we may receive limited Genetic Information from a healthcare provider in the form of family medical history submitted with an order; any such information is protected as set forth in Section 9.
• "PHI" or "Protected Health Information" has the meaning given to it by HIPAA at 45 CFR § 160.103.
• "Services" has the meaning given in Section 1.
• "State Privacy Laws" has the meaning given in Section 2.
4. Information we collect
We collect information in the following categories. Not every category applies to every individual; the categories that apply to you depend on how you interact with the Services.
4.1 Identifiers
Name, postal address, email address, telephone number, account username and password, and unique identifiers such as patient identifiers and order numbers.
4.2 Health and clinical information
Information related to your health and the use of the miR Sentinel™ Prostate Cancer Test, including order information; specimen collection and shipping information; test results; clinical information provided by you or your healthcare provider in support of the test order or appeal of a coverage decision; PSA values, prostate biopsy history, and other risk-factor information when provided in support of clinical interpretation; and information you provide in connection with the miR Access Patient Assistance Program. Where this information is received from a healthcare provider, it is generally PHI and is governed primarily by HIPAA and any applicable Business Associate Agreement.
4.3 Molecular Signature Data (and limited Genetic Information)
The miR Sentinel™ Prostate Cancer Test analyzes the expression patterns of small non-coding RNA molecules (sncRNAs) extracted from a urine specimen. The resulting Molecular Signature Data — the underlying laboratory measurements, the molecular signature, and the risk classification — reflects biological state at a point in time and does not detect genotypes, mutations, chromosomal changes, or inherited variants. Molecular Signature Data is therefore not Genetic Information within the meaning of GINA, HIPAA, or California GIPA, and the test is not a "genetic test" within those statutory frameworks.
We nevertheless apply heightened protections to Molecular Signature Data, both because it is health-related and because California's CCPA "genetic data" definition (Cal. Civ. Code § 1798.140(ae)) is broader than GINA and may sweep in RNA-derived expression data. We treat Molecular Signature Data as Sensitive Personal Information for purposes of state comprehensive-privacy laws and as Consumer Health Data for purposes of the Washington My Health My Data Act, Nevada SB 370, and Connecticut Public Act 23-56. See Section 9 for the protections that apply.
Separately, where a healthcare provider submits family medical history with a test order, that family-history information may itself constitute Genetic Information within the GINA / HIPAA / GIPA meaning. Any such information is treated with the same heightened protections.
4.4 Financial and billing information
Insurance plan and policy information, claim and explanation-of-benefits information, household income information when provided in connection with miR Access eligibility, and limited credit card or banking information necessary to process patient payments. We do not store complete payment-card numbers; payment processing is performed by a service provider that is PCI-DSS compliant.
4.5 Information collected automatically
When you use the Services, we and our authorized service providers collect certain information automatically through cookies, pixels, software development kits, server logs, and similar technologies. This includes Internet Protocol (IP) address, device identifiers, browser type and version, operating system, referring and exit pages, the dates and times of your interactions with the Services, language preference, and approximate location derived from IP address. See Part D (Cookie & Tracking Technologies Notice) for additional detail.
4.6 Information from other sources
We may receive information from healthcare providers ordering the miR Sentinel™ Prostate Cancer Test on your behalf; from payers, claims clearinghouses, and benefit-administrators in connection with billing and reimbursement; from authorized agents acting on your behalf; from analytics, security, and identity-verification service providers; and, where permitted, from publicly available sources.
5. How we use information
We use information for the following purposes:
• To perform the miR Sentinel™ Prostate Cancer Test and return results to the ordering healthcare provider.
• To operate, maintain, and improve the Services.
• To process and respond to your inquiries, applications, orders, and requests.
• To bill third-party payers and administer the miR Access Patient Assistance Program.
• To provide customer support.
• To operate the patient portal and, when launched, the telemedicine ordering workflow (see Part I).
• To conduct internal research, quality assurance, analytical-method validation, and laboratory operations consistent with applicable law.
• To detect, investigate, and prevent fraud, abuse, and unauthorized activity.
• To comply with legal obligations, respond to lawful requests by public authorities, and enforce our Terms of Use and other agreements.
• Where you provide affirmative consent, for purposes you have specifically authorized.
We do not sell Molecular Signature Data, Consumer Health Data, Genetic Information, or PHI for monetary or other valuable consideration. We do not use any of those categories for cross-context behavioral advertising or for advertising of any kind to consumers, and we do not direct our service providers to do so on our behalf.
6. How we disclose information
We disclose information in the following categories of recipients, only as necessary for the purposes described in Section 5 and only consistent with applicable law:
• Healthcare providers who ordered the miR Sentinel™ Prostate Cancer Test or who are otherwise involved in the patient's care.
• Service providers and contractors who perform functions on our behalf, including hosting, security, analytics, payment processing, claims submission, customer support, and patient-assistance administration. Each such service provider is bound by a written contract limiting use of the information to the services provided to MiRNA Scientific.
• Payers, claims clearinghouses, and benefit administrators in connection with billing and reimbursement.
• Authorized agents acting on your behalf, where you have validly authorized us to do so.
• Public authorities, regulatory agencies, accreditation bodies, and courts, where we are required by law or by an agreement governing our laboratory operations or where we believe disclosure is reasonably necessary to protect our rights, your safety, or the safety of others.
• In connection with a corporate transaction such as a merger, acquisition, financing, reorganization, or sale of assets, subject to customary confidentiality protections.
• With your direction or affirmative consent, to such other recipients as you direct.
7. Sensitive Personal Information
We collect and process Sensitive Personal Information only for the purposes described in this Privacy Policy and only as reasonably necessary to provide the Services and the products and features you have requested. We apply heightened protections to Sensitive Personal Information, including access controls, encryption-at-rest and encryption-in-transit, vendor risk-management diligence, and minimum-necessary data handling.
Where required by State Privacy Laws, you have the right to limit our use of Sensitive Personal Information to the purposes specified by law. You may exercise that right as described in Section 19.
8. Consumer Health Data
We treat Consumer Health Data with the heightened protections required by the Washington My Health My Data Act, Nevada SB 370, and Connecticut Public Act 23-56, regardless of where you reside. Specifically:
• We collect, share, and sell Consumer Health Data only as described in this Privacy Policy and the separate Consumer Health Data Privacy Notice (Part B), and only as authorized by you or as permitted by applicable law.
• We do not sell Consumer Health Data.
• We obtain affirmative authorization where required for sharing Consumer Health Data outside the categories described in this Privacy Policy.
• We honor your right to confirm whether we are collecting, sharing, or selling your Consumer Health Data; to access; to withdraw consent; and to request deletion. See Section 19.
9. Molecular Signature Data and Genetic Information
9.1 Scope of this Section
This Section applies to (a) Molecular Signature Data generated by the miR Sentinel™ Prostate Cancer Test and (b) any Genetic Information that we receive from a healthcare provider (typically family medical history submitted with a test order). We treat both categories as a particularly sensitive class of Personal Information and apply the heightened protections set out below.
9.2 Important clarification regarding the test
The miR Sentinel™ Prostate Cancer Test analyzes expression patterns of small non-coding RNAs in urinary exosomes. It does not detect genotypes, mutations, chromosomal changes, or inherited variants. Accordingly, the test is not a "genetic test" within the meaning of the Genetic Information Nondiscrimination Act of 2008, the HIPAA implementing regulations at 45 CFR § 160.103, the California Genetic Information Privacy Act, or analogous state genetic-privacy statutes; and the test results, in themselves, do not constitute "genetic information" within those statutory frameworks. The test results may, however, constitute "genetic data" within the broader meaning of California Civil Code § 1798.140(ae) and may constitute "consumer health data" within the meaning of the Washington My Health My Data Act and analogous state statutes.
9.3 Voluntary heightened protections
Notwithstanding that the test is not a "genetic test" within the GINA framework, we voluntarily apply the following heightened protections to Molecular Signature Data, and we apply these same protections to any Genetic Information we receive from a healthcare provider:
• We collect Molecular Signature Data only when a healthcare provider has ordered the miR Sentinel™ Prostate Cancer Test on the patient's behalf, when the patient has consented to such collection, or when otherwise authorized by law.
• We use Molecular Signature Data only to perform and report the test, to operate and improve the test and the Services, and to conduct internal research, quality assurance, and analytical-method validation consistent with applicable law and the patient's consent.
• We do not sell Molecular Signature Data.
• We do not use or share Molecular Signature Data for marketing or advertising purposes, and we do not use it for cross-context behavioral advertising.
• We do not share Molecular Signature Data with health insurers (other than for permitted billing of the test), life insurers, disability insurers, long-term care insurers, or employers, except as expressly authorized by the individual or as required by law.
• We retain Molecular Signature Data only as long as reasonably necessary for the purposes described and consistent with applicable laboratory record-retention requirements.
• We apply the same protections to Genetic Information that we receive from a healthcare provider (for example, family medical history submitted with a test order).
9.4 No use for cross-context behavioral advertising; no sale
For the avoidance of doubt: we do not sell Molecular Signature Data, Genetic Information, Consumer Health Data, or PHI, and we do not share any of these categories for cross-context behavioral advertising or for any form of advertising to consumers.
10. Protected Health Information (HIPAA)
MiRNA Scientific operates a clinical laboratory under the Clinical Laboratory Improvement Amendments of 1988 ("CLIA") and is accredited by the College of American Pathologists ("CAP"). When we provide laboratory services in connection with a healthcare provider's order, we may act as a HIPAA-covered healthcare provider with respect to the test results and related PHI, or as a Business Associate of another HIPAA-covered entity. In either case, the relevant HIPAA Privacy and Security Rules govern our handling of that PHI, in addition to and rather than the provisions of this Privacy Policy that would otherwise apply.
If you would like a copy of MiRNA Scientific's Notice of Privacy Practices ("NPP"), please contact us using the contact information at the end of this Privacy Policy. Where you receive testing through telemedicine ordering offered through the Services (anticipated July 2026), the NPP applicable to that telemedicine relationship will be provided to you at the time of intake.
11. Online tracking technologies
Our Services use a limited set of cookies, pixels, software development kits, and similar technologies for the purposes of operating the site, supporting site security, measuring site performance, and improving user experience. We do not knowingly disclose, and we direct our service providers not to disclose, IP address, device identifiers, or other identifiers in combination with information that would reveal that you are seeking, considering, or receiving healthcare or laboratory services, to any third party that is not acting as a Business Associate or as a service provider subject to a written contract that complies with applicable law.
Detailed information about the categories of tracking technologies in use, the recipients of any data they collect, and your choices regarding those technologies is provided in Part D (Cookie & Tracking Technologies Notice). You may manage your preferences through the cookie-consent banner displayed on your first visit to the Services and at any time afterward through the cookie-preferences control accessible from every page.
12. Children's privacy
The Services are intended for use by adults. We do not knowingly collect Personal Information from children under the age of 16. If you believe we have collected information from a child under 16, please contact us at the address in Section 24 and we will take prompt steps to delete that information.
13. Data security
We maintain administrative, physical, and technical safeguards designed to protect Personal Information against unauthorized access, use, disclosure, alteration, and destruction. These safeguards include access controls, role-based authorization, encryption-at-rest and encryption-in-transit for sensitive categories of data, multi-factor authentication for administrative access, regular vulnerability assessment and patch management, vendor risk management, employee training, and an incident response capability. No information system can be guaranteed to be perfectly secure, and we cannot guarantee that information transmitted over the Internet will be free from unauthorized access by third parties.
14. Data retention
We retain Personal Information for as long as reasonably necessary to provide the Services, comply with applicable laboratory record-retention requirements (including those imposed by CLIA, state laboratory licensing authorities, and CAP accreditation standards), comply with our other legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by category of information and applicable legal requirements. Specific retention schedules are available on request through the contact in Section 24.
15. Third-party links and services
The Services may include links to third-party websites, services, and resources that are not owned or controlled by MiRNA Scientific. We are not responsible for the privacy or security practices of such third parties. We encourage you to review the privacy policy of any third-party site or service you visit.
16. International users
The Services are intended for use by individuals located in the United States and Puerto Rico. The miR Sentinel™ Prostate Cancer Test is currently commercially available in most U.S. states and Puerto Rico (and is not currently available in New York). If you access the Services from outside the United States or Puerto Rico, you do so on your own initiative and are responsible for compliance with local law. Information collected through the Services may be processed in the United States.
17. Your privacy rights — general
Depending on your state of residence, you may have the following rights with respect to Personal Information that we have collected about you:
• Right to know / right of access: the right to confirm whether we are processing your Personal Information, and to obtain a copy of, or information about, that Personal Information.
• Right to delete: the right to request deletion of Personal Information that we have collected from or about you, subject to applicable exceptions.
• Right to correct: the right to correct inaccurate Personal Information that we maintain about you.
• Right to data portability: the right to receive a copy of your Personal Information in a portable, readily usable format.
• Right to opt out of sale, sharing, or targeted advertising: the right to direct us not to sell or share your Personal Information, including for cross-context behavioral advertising.
• Right to limit the use of Sensitive Personal Information: the right to direct us to limit our use and disclosure of Sensitive Personal Information to the uses permitted by law.
• Right to non-discrimination: the right not to receive discriminatory treatment for the exercise of your privacy rights.
• Right to appeal: where applicable State Privacy Laws provide an appeal right with respect to a decision we make on your privacy-rights request, you may exercise that right as described in Section 21.
18. State-specific privacy rights and disclosures
This Section 18 supplements Section 17 with disclosures specific to certain U.S. states. To the extent of any conflict between Section 17 and this Section 18, this Section 18 controls for residents of the relevant state.
18.1 California
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"), provides you with the rights enumerated in Section 17, as well as the right to limit the use and disclosure of Sensitive Personal Information.
Categories of Personal Information collected, business purposes, sources, and recipients are described in Sections 4 through 6 above. We have not sold or shared Personal Information for cross-context behavioral advertising in the preceding 12 months.
California residents may exercise rights as described in Section 19. We will respond to verifiable consumer requests within 45 days, with one 45-day extension where reasonably necessary, in accordance with the CCPA.
California residents may also designate an authorized agent to make a request on their behalf, as described in Section 20.
18.2 Virginia
If you are a Virginia resident, the Virginia Consumer Data Protection Act provides you with the rights to access, correct, delete, obtain a portable copy of, and opt out of the processing of your Personal Information for purposes of targeted advertising, the sale of Personal Information, or profiling that produces legal or similarly significant effects. We will respond to a verifiable request within 45 days, subject to a 45-day extension where reasonably necessary.
18.3 Colorado
If you are a Colorado resident, the Colorado Privacy Act provides you with the same rights enumerated for Virginia in Section 18.2. We honor universal opt-out mechanisms (such as the Global Privacy Control) recognized by the Colorado Attorney General.
18.4 Connecticut
If you are a Connecticut resident, the Connecticut Data Privacy Act and Connecticut Public Act 23-56 (consumer health data) apply. The Consumer Health Data Privacy Notice in Part B describes our practices specifically with respect to Consumer Health Data.
18.5 Utah
If you are a Utah resident, the Utah Consumer Privacy Act provides you with the rights to access, delete, obtain a portable copy of, and opt out of certain processing of your Personal Information.
18.6 Texas
If you are a Texas resident, the Texas Data Privacy and Security Act provides you with substantially the rights described above for Virginia residents. As required by Texas law, MiRNA Scientific provides this notice that it may sell your sensitive personal data or biometric data only with your consent, although we do not in fact sell sensitive personal data or biometric data.
18.7 Washington (consumer health data)
If you are a Washington resident, the Washington My Health My Data Act applies. The Consumer Health Data Privacy Notice in Part B describes our practices specifically with respect to Consumer Health Data, including categories collected, sources, purposes, recipients, and your rights and how to exercise them.
18.8 Nevada (consumer health data)
If you are a Nevada resident, Nevada SB 370 applies. The Consumer Health Data Privacy Notice in Part B applies to Nevada residents, in addition to any other rights you may have under Nevada law.
18.9 Other states
Residents of Florida, Oregon, Montana, Tennessee, Iowa, Indiana, Delaware, New Hampshire, New Jersey, Kentucky, Maryland, Minnesota, and Rhode Island have rights substantially similar to those described above for Virginia, with effective dates as established by their respective statutes. We honor those rights consistent with applicable law.
19. How to exercise your rights
To exercise the rights described in Sections 17 and 18, you may:
• Submit a request through the privacy-rights request form available at mirnascientific.com/contact;
• Email us at privacy@mirnascientific.com; or
• Call us toll-free at 1-940-MIR-SENTINEL (+1-940-647-7368)
We will verify your identity using information reasonably related to the nature of your request and the sensitivity of the information involved. We may ask you to confirm your name, email address, telephone number, account information, or other identifiers; for requests involving Sensitive Personal Information, Molecular Signature Data, or Genetic Information, we may require additional verification, such as a signed declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request.
We will respond to verifiable requests within the time period required by applicable State Privacy Law, generally 45 days, with one 45-day extension where reasonably necessary. There is no charge for a privacy-rights request unless your requests are manifestly unfounded or excessive.
20. Authorized agents
You may designate an authorized agent to make a privacy-rights request on your behalf. The agent must provide proof of authorization, such as a written authorization signed by you or a power of attorney that complies with applicable state probate law. We will independently verify your identity and confirm with you that the agent is authorized to act on your behalf.
21. Appeals
If we deny your privacy-rights request, in whole or in part, you may appeal that decision by contacting us at privacy@mirnascientific.com with the subject line "Privacy Rights Appeal." We will respond to your appeal within the time period required by applicable State Privacy Law, generally 60 days. If we deny the appeal, we will provide you with information about how to contact your state attorney general or other applicable regulatory authority to submit a complaint.
22. Do Not Track and universal opt-out signals
Some browsers offer a "Do Not Track" signal. We do not currently respond to Do Not Track signals because there is no industry-standard interpretation of those signals. We do honor opt-out preference signals (such as the Global Privacy Control) where required by applicable State Privacy Law.
23. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" and "Last Updated" fields at the top of this Privacy Policy and post the updated Privacy Policy on the Services. Where the changes are material, we will provide additional notice as required by applicable law (for example, by email or by prominent notice on the Services). Your continued use of the Services after the updated Privacy Policy takes effect constitutes acceptance of the updated terms.
24. Contact us
If you have any questions or concerns about this Privacy Policy or our information practices, please contact us at:
MiRNA Scientific, Inc.
685 US-1 South STE 110
North Brunswick, NJ 08902
Email: privacy@mirnascientific.com
Telephone: 1-940-MIR-SENTINEL (+1-940-647-7368)
(For Washington / Nevada / Connecticut residents, and any other consumer who chooses to exercise rights under analogous law.)
Effective Date: May 7, 2026
1. Who we are
This Consumer Health Data Privacy Notice is provided by MiRNA Scientific, Inc. ("MiRNA Scientific"). It describes how we collect, use, share, and protect Consumer Health Data, in addition to and consistent with the protections described in our Master Privacy Policy.
2. Categories of Consumer Health Data we collect
We collect the following categories of Consumer Health Data when you use the Services:
• Order and prescription information for the miR Sentinel™ Prostate Cancer Test.
• Specimen collection, shipping, and laboratory data.
• Test results, including the molecular signature, the resulting risk classification, and any underlying laboratory-derived data.
• Clinical history information that you or your healthcare provider provides in support of the test order or in support of an appeal of a coverage decision.
• Information you provide in connection with the miR Access Patient Assistance Program, including household income information for eligibility purposes.
• Insurance and benefits information that allows us to bill payers and process claims.
• Account credentials and account-activity information for the patient portal.
• Communications between you and our customer service team regarding the test or your account.
3. Sources of Consumer Health Data
• Directly from you, including through forms, the patient portal, the customer-support team, and patient-assistance applications.
• From your healthcare provider, including order forms and clinical information submitted with the order.
• From payers, claims clearinghouses, and benefit-administrators in connection with billing.
• From authorized agents acting on your behalf.
• Generated by our laboratory in connection with performance of the test.
4. Purposes for which we collect, use, and share Consumer Health Data
• To perform the miR Sentinel™ Prostate Cancer Test and return results to your ordering healthcare provider.
• To bill third-party payers and administer the miR Access Patient Assistance Program.
• To provide customer support.
• To operate, maintain, secure, and improve the Services.
• To conduct laboratory operations, quality assurance, and analytical-method validation.
• To comply with applicable laboratory record-retention requirements and other legal obligations.
• Where you provide affirmative authorization, for any purpose specifically described in that authorization.
5. Categories of Consumer Health Data we share
We share each of the categories listed in Section 2, only with the categories of recipients listed in Section 6 and only for the purposes described in Section 4. We do not sell Consumer Health Data — including the Molecular Signature Data generated by the miR Sentinel™ Prostate Cancer Test — and we do not use Consumer Health Data for cross-context behavioral advertising or for any form of advertising to consumers. The miR Sentinel™ Prostate Cancer Test analyzes RNA expression patterns; it does not detect genotypes, mutations, or chromosomal changes, and is not a "genetic test" within the meaning of GINA, HIPAA, or the California Genetic Information Privacy Act.
6. Categories of recipients
• Healthcare providers who ordered the test or who are otherwise involved in your care.
• Service providers and contractors performing functions on our behalf (hosting, security, analytics, payment processing, claims submission, customer support, patient-assistance administration, telemedicine platform vendor).
• Payers, claims clearinghouses, and benefit administrators.
• Authorized agents acting on your behalf.
• Public authorities, regulatory agencies, accreditation bodies, and courts, where required by law.
• Acquirers and successor entities in connection with a corporate transaction, subject to customary confidentiality protections.
• With your direction or affirmative consent, to such other recipients as you may direct.
7. Your rights regarding Consumer Health Data
You have the following rights with respect to your Consumer Health Data:
• Right to confirm whether we are collecting, sharing, or selling your Consumer Health Data.
• Right to access your Consumer Health Data, including the categories of recipients with whom it has been shared.
• Right to withdraw consent at any time.
• Right to request deletion of your Consumer Health Data.
• Right to non-discrimination for exercising any of these rights.
• Right to appeal a denial of any of these requests, as described in Section 9.
8. Affirmative authorization
Where required by applicable law, we will obtain your affirmative authorization (sometimes called valid authorization) before collecting, sharing, or selling Consumer Health Data for purposes that go beyond providing you the Services. Any such authorization will: (a) be in writing or in an electronic format equivalent to writing; (b) be signed by you; (c) describe the categories of Consumer Health Data; (d) describe the purposes; (e) describe the categories of recipients; (f) provide an effective date and an expiration date; and (g) describe how you may withdraw the authorization. We will not condition the provision of the Services on your providing affirmative authorization for purposes beyond providing the Services.
9. How to exercise your rights and appeals
To exercise any of these rights, please contact us at privacy@mirnascientific.com, through our privacy-rights request form at mirnascientific.com/contact, or by mail at the address in Section 11. We will respond within the time period required by applicable law (generally 45 days, with one 45-day extension where reasonably necessary). If we deny your request, you may appeal as described in Section 21 of the Master Privacy Policy.
10. Children
We do not knowingly collect Consumer Health Data from individuals under the age of 13. We do not knowingly sell or share Consumer Health Data of individuals under the age of 16 without affirmative consent.
11. Contact
MiRNA Scientific, Inc.
685 US-1 South STE 110
North Brunswick, NJ 08902
Email: privacy@mirnascientific.com
Telephone: 1-940-MIR-SENTINEL (+1-940-647-7368)
This Notice at Collection is provided to California residents at or before the point at which Personal Information is collected, in compliance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
1. Categories of Personal Information collected
• Identifiers (name, address, email, phone, account ID, online identifiers).
• Customer records information (insurance and billing information, account credentials).
• Internet or other electronic network activity information (IP address, browsing history, interaction with the Services).
• Geolocation data (approximate, derived from IP address).
• Sensory data (limited to information you provide in customer-support communications).
• Professional or employment-related information (limited; only where you provide it).
• Inferences drawn from the categories above.
• Sensitive Personal Information (including Health Data, Consumer Health Data, Molecular Signature Data, and any Genetic Information received from a healthcare provider, as described in our Privacy Policy).
2. Purposes for which Personal Information will be used
To perform the miR Sentinel™ Prostate Cancer Test, return results, bill payers, administer the miR Access Patient Assistance Program, operate the patient portal, provide customer support, operate, maintain, and improve the Services, conduct internal research and quality assurance, comply with legal obligations, prevent fraud, and any other purpose described in our Privacy Policy.
3. Whether information is sold or shared
MiRNA Scientific does not sell or share Personal Information of California residents for cross-context behavioral advertising. We do not sell Sensitive Personal Information.
4. Length of time retained
We retain each category of Personal Information for the period reasonably necessary to fulfill the purposes described, comply with applicable laboratory record-retention and other legal obligations, resolve disputes, and enforce agreements. Specific retention schedules are available on request.
5. Link to full Privacy Policy
For the full description of our practices and your rights, see our Privacy Policy at https://my.mirsentinel.com/privacy
Effective Date: May 7, 2026
1. About this Notice
This Notice describes the cookies, pixels, software development kits, and similar tracking technologies that we use on our Services and your choices regarding those technologies. It supplements our Master Privacy Policy and applies to my.mirsentinel.com, www.mirsentinel.com, the patient portal, and any other digital service we operate.
2. What tracking technologies are
Cookies are small data files that a website places on your device to remember information about your visit. Pixels (also known as tracking pixels or web beacons) are small images or scripts that allow a website to track that a page has been viewed or an action taken. Software development kits and similar technologies allow us to integrate third-party functionality into the Services.
3. Categories of tracking technologies we use
We use the following categories of tracking technologies. Specific technologies in each category will be enumerated and identified by vendor in the cookie-consent banner that displays on your first visit and in the cookie-preferences control accessible from every page.
3.1 Strictly Necessary
Required to operate the Services and provide the products and features you request. Examples: session management, load balancing, security and fraud prevention, accessibility settings. These technologies are loaded by default and cannot be disabled.
3.2 Functional
Used to remember preferences and personalize your experience. Examples: language preference, region preference, font-size preference. These technologies load only with your consent.
3.3 Analytics
Used to understand how visitors interact with the Services so that we can improve them. Examples: aggregate page-view counts, aggregate session-duration metrics, aggregate device and browser information. We have configured analytics technologies to use IP-truncation and similar measures so that the data we receive is not reasonably linkable to an identified individual. These technologies load only with your consent.
3.4 Advertising
We do not use advertising or cross-context behavioral advertising tracking technologies on the Services. If we begin to use advertising technologies in the future, we will update this Notice and require your affirmative opt-in consent before any such technology loads on your device.
4. Specific technologies in use
The current inventory of cookies, pixels, and similar technologies in use on the Services is: Webflow, Google Analytics, Insightly, Zendesk.
5. Your choices
On your first visit to the Services and at any time afterward through the cookie-preferences control, you may:
• Accept all categories.
• Reject all non-Strictly-Necessary categories.
• Customize your preferences by category.
You may also manage cookies through your browser settings. Note that if you reject Strictly Necessary cookies, the Services may not function properly.
6. Health-related browsing protections
Consistent with the U.S. Department of Health and Human Services Office for Civil Rights' guidance on the use of online tracking technologies, we do not knowingly disclose, and we direct our service providers not to disclose, IP address, device identifiers, or other identifiers in combination with information that would reveal that you are seeking, considering, or receiving healthcare or laboratory services, to any third party that is not acting as a Business Associate or as a service provider subject to a written contract that complies with applicable law.
7. Universal opt-out signals
We honor universal opt-out preference signals (such as the Global Privacy Control) where required by applicable State Privacy Law.
8. Changes
We may update this Notice from time to time. The Effective Date at the top of this Notice indicates when it was last revised.
If you have any questions regarding this Privacy Policy, please contact us at:
Attn: Privacy Officer
MiRNA Scientific, Inc.
685 Route 1 South, Suite 110, North Brunswick, NJ, 08902
