Privacy Policy
This policy explains how Zebra Diagnostics (d/b/a Libby Health) ("we", "us") collects and uses information across the Libby marketing site at https://libby.health. The public marketing site is for learning about Libby, joining the waitlist, subscribing to updates, starting checkout, and submitting privacy requests. It is not a place to upload health records.
What we collect on this site
- Email address, when you join the waitlist, subscribe to updates, start checkout, or submit a privacy request.
- UTM and referrer parameters, to understand which campaigns, links, or pages brought you here.
- Coarse location such as country and basic request metadata such as browser or device information, when provided by our hosting platform or your browser.
- Payment metadata through Stripe if you start or manage a subscription. We do not receive or store full card numbers.
- Product analytics events, such as page views, CTA clicks, FAQ toggles, newsletter submissions, and waitlist submissions.
What we do not collect on this site
Do not submit lab reports, medical records, diagnoses, symptoms, medication histories, biometric data, or other clinical information through the public marketing site. If we offer product features that handle health records, those product flows should provide their own in-app notices and must be reviewed before stronger public claims are made here.
How we use site information
- To send the email or update you asked for.
- To create or manage subscription checkout through Stripe.
- To understand which marketing pages, campaigns, and CTAs work.
- To respond to privacy, support, and security requests.
- To prevent abuse, rate-limit forms, and debug the service.
We do not sell personal information collected on this site. We do not use site submissions to train AI models.
Analytics and attribution
We use PostHog for product analytics. The public site configures PostHog with memory persistence, no autocapture, no session recording, and identified profiles only when an explicit identification flow occurs. Forms also preserve UTM fields so we can understand source quality.
Do not put sensitive health information, names, emails, symptoms, diagnoses, medications, or other private details into UTM parameters.
Service providers
We rely on a small set of vendors to operate the site:
- Stripe, Inc. - payments and subscription checkout.
- Loops Inc. - transactional and marketing email.
- Vercel Inc. - hosting.
- Neon Inc. - database hosting for site signups and request logs.
- Cloudflare, Inc. - Turnstile abuse protection.
- PostHog, Inc. - product analytics.
- Sentry - error reporting when configured.
Each vendor processes information under its own privacy terms and our configuration or contract with that vendor.
AI and health-record features
Libby may offer product features that organize health records or prepare context for AI-assisted conversations. Because health records are sensitive, we do not use this marketing-site policy to make unverified claims about app PHI encryption, AI-provider retention, model training, connector permissions, HIPAA compliance, or Business Associate Agreement availability. Those details must be confirmed against the production app and approved before being treated as public commitments.
If you are evaluating Libby for regulated health data, covered-entity use, business-associate use, or a workflow involving third-party AI assistants, contact us before uploading data or relying on any specific compliance representation.
Cookies and tracking
We do not intentionally set advertising cookies on the public marketing site. If we add retargeting pixels or advertising cookies in the future, we will update this policy and add any required consent flow before using them.
Your choices and requests
You can request access, correction, export, or deletion of information collected through this site by emailing privacy@zebradx.ai or by using our privacy request flow where available. The current privacy request endpoint records the request for operator follow-up; fulfillment may require manual review and vendor follow-up.
We aim to respond to privacy requests within 30 days unless a shorter legal deadline applies. Some deletion or backup-retention timelines may depend on the systems and vendors involved.
Children
Libby is not directed to anyone under 18. We do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us and we will review and delete it where appropriate.
Data retention
We keep marketing-site records only as long as needed for the purposes described above, including operating the site, honoring requests, maintaining subscriptions or email preferences, debugging, analytics, fraud prevention, and legal obligations. Vendor systems may maintain their own logs, backups, and retention schedules.
Changes to this policy
We will update this page when our practices change and bump the "Last updated" date above. Material changes will be announced by email when appropriate.
Contact
Zebra Diagnostics (d/b/a Libby Health)
1111 S Governors Ave, STE 23781, Dover, DE 19904, US
privacy@zebradx.ai
Also see our Terms of Service and Security page.