Privacy Policy

Last updated · May 2026 · Operated by Zebra Diagnostics

This policy explains how Zebra Diagnostics ("we", "us") collects, uses, and protects information on the Reflection marketing site at https://reflection.example. The Reflection application itself handles health data under a separate, stricter policy referenced from your account settings.

What we collect

• Email address, when you join the waitlist or open a record.
• UTM and referrer parameters, to understand which campaigns brought you here.
• Coarse location (country) and browser/device info, derived from your IP and User-Agent. We do not store precise geolocation.
• Payment metadata (subscription status, billing period, last-4 of card) via Stripe. We never see or store full card numbers.
• Anonymous product analytics, captured in a cookieless mode by default.

What we do not collect on this site

Health records, lab values, biometric data, or any clinical information. Those live only inside the Reflection application and are governed by a separate policy.

How we use it

• To send the email you asked for (waitlist updates, transactional notices).
• To process subscriptions and refunds (via Stripe).
• To understand which marketing surfaces are working.
• To respond to your support and privacy requests.

We do not sell, share, or use your data for advertising or to train AI models.

Service providers

We rely on a small set of vendors. Each has its own privacy policy:

• Stripe, Inc. — payments
• Loops Inc. — transactional and marketing email
• Vercel Inc. — hosting
• Neon Inc. — database
• Cloudflare, Inc. — security (Turnstile)
• PostHog, Inc. — anonymous product analytics
• Sentry — error reporting

Cookies and tracking

We do not set tracking or advertising cookies on this site. PostHog runs in a memory-only, identified-only mode (no persistent ID). If we add retargeting pixels in the future for paid acquisition, we'll disclose them here and you'll see a consent banner.

Your rights

You may request access, correction, export, or deletion of your data at any time, regardless of where you live. Email privacy@zebradx.ai or use our delete-on-request endpoint linked from your account. We respond within 30 days.

If you are in the EU/UK, California, Colorado, Connecticut, Utah, or Virginia, you have additional statutory rights — including the right to opt out of "sale" or "sharing" (we do neither), the right to limit the use of sensitive data, and the right to lodge a complaint with your data protection authority. We honor all of these.

Children

Reflection is not directed at people under 18. We do not knowingly collect data from anyone under 18.

Data retention and storage

Data is stored on US-based infrastructure (Vercel and Neon, US East region). For users in the EU/UK, transfers rely on Standard Contractual Clauses. Account data is kept until you delete your account; backups are retained for up to 30 days after deletion.

Changes to this policy

We will update this page when our practices change and bump the "Last updated" date above. Material changes will be announced by email to active subscribers.

Contact

Zebra Diagnostics
1111 S Governors Ave, STE 23781, Dover, DE 19904, US
privacy@zebradx.ai

← Back to home