CryptoSeal mark
TestLedger™
Documentation Platform, Powered by the CryptoSeal™ Engine
Privacy

Privacy Policy

How we collect, use, and protect your information

Effective Date: April 14, 2026

1. Introduction

TestLedger LLC, referred to as "TestLedger," "we," "us," or "our," provides documentation infrastructure software for non-DOT workplace drug testing programs.

This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use the TestLedger platform and related services, collectively referred to as the "Service."

By using the Service, you acknowledge and agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We may collect information you provide directly, including:

Account Information: name, email address, organization name, job title, and account credentials.

Billing Information: billing name and address, subscription details, and payment information processed by our third-party payment processor. TestLedger does not store full payment card numbers.

Workplace Drug Test Documentation Data: information entered into the Service by you or your organization, which may include test documentation details, specimen identifiers, operator or collector identifiers, timestamps, chain-of-custody records, evidence attachments, audit logs, and any additional data your organization chooses to enter. TestLedger does not independently verify or classify the nature of the data entered.

Communications: information provided through support requests, inquiries, or other communications.

2.2 Information Collected Automatically

When you use the Service, we may automatically collect: IP address, browser type and version, device type and operating system, access times, log files, and feature usage and interaction data.

This information is used for system administration, security monitoring, and service improvement.

2.3 Information from Third Parties

We may receive information from: payment processors, identity or authentication providers, single sign-on providers configured by your organization, and analytics service providers.

3. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Generate documentation records, audit trails, and cryptographic consistency review functionality
  • Authenticate users and manage accounts
  • Process subscription payments
  • Monitor and enhance system security
  • Detect fraud, abuse, or unauthorized access
  • Respond to support requests
  • Comply with legal obligations
  • Improve the Service using aggregated or de-identified analytics

We do not sell personal information.

4. How We Share Information

We may disclose information in the following circumstances:

4.1 Service Providers

We share information with vendors who assist in providing the Service, including cloud hosting, content delivery, authentication, payment processing, and analytics providers. Current providers may include Amazon Web Services, Amazon Cognito, Cloudflare, and Stripe, as well as additional service providers we engage from time to time. These vendors are contractually obligated to maintain confidentiality and appropriate security safeguards.

4.2 Within Your Organization

If you access the Service through an enterprise or multi-user account, administrators designated by your organization may access documentation records and usage data within that account.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, regulatory inquiry, or to protect the rights, safety, or property of TestLedger or others.

4.4 Business Transfers

Information may be transferred in connection with a merger, acquisition, restructuring, or sale of assets.

4.5 With Your Consent

We may disclose information when you direct or authorize us to do so.

5. Workplace Drug Test Record Confidentiality

5.1 Sensitivity of Documentation

Workplace drug testing documentation may be subject to confidentiality obligations under federal and state law. The Service includes role-based access controls, encryption, and audit logging to support secure documentation practices.

5.2 Your Responsibilities

You are solely responsible for:

  • Determining applicable confidentiality laws
  • Configuring access controls within the Service
  • Limiting access to authorized personnel
  • Complying with ADA requirements regarding medical information confidentiality
  • Complying with state-specific drug testing confidentiality statutes
  • Managing retention periods consistent with your legal obligations

TestLedger does not determine who is legally permitted to access drug testing documentation within your organization.

5.3 No Determination of Lawful Access or Use

TestLedger provides technical infrastructure for record management and access control.

TestLedger does not determine whether any employer, administrator, reviewer, or third party is legally permitted to access, use, disclose, or rely on any record.

All decisions regarding collection, disclosure, employment actions, and regulatory compliance are the sole responsibility of the customer organization.

6. Data Retention

Account Information: retained for the duration of your subscription and thereafter only as reasonably necessary for billing, audit, security, legal, and account-recovery purposes.

Documentation Records: retained according to your configured retention settings, active subscription status, export activity, legal hold requirements, and other criteria reasonably necessary to provide the Service.

Reference-State Records and System Metadata: retained for as long as reasonably necessary to maintain cryptographic consistency review workflows, supersession history, auditability, dispute response, and applicable legal obligations.

Usage Logs: retained for the period reasonably necessary for security monitoring, fraud prevention, troubleshooting, and service reliability.

Trial Accounts: retained for the limited lifecycle of the trial program and any short period thereafter reasonably necessary for fraud prevention, conversion support, audit, or system security purposes.

You are responsible for ensuring retention periods align with your regulatory requirements.

6.1 Retention Schedule After Account Termination

Upon termination or expiration of your subscription, the following retention periods apply:

  • Reference-State Records: Retained for 30 calendar days following termination (the "Export Window") to allow data export. After the Export Window, reference-state records may be permanently deleted.
  • Evidence Vault Files: Retained for 30 calendar days following termination, concurrent with the Export Window. After the Export Window, evidence files may be permanently deleted.
  • Audit Event Logs: Retained for 90 calendar days following termination for security, compliance, and dispute resolution purposes. After 90 days, audit logs may be permanently deleted.
  • BAA Execution Records: Retained for 90 calendar days following termination. After 90 days, BAA records may be permanently deleted unless a longer retention period is required by applicable law.
  • Team Member and Organization Data: Retained for 30 calendar days following termination. After the Export Window, team and organization configuration data may be permanently deleted.
  • Billing and Payment Records: Retained for as long as reasonably necessary to comply with tax, accounting, and legal obligations, which may extend beyond the Export Window.

TestLedger reserves the right to modify these retention periods with 30 days' notice. In all cases, TestLedger will provide reasonable notice before data deletion occurs.

6.2 Data Deletion Process

After the applicable retention period expires, TestLedger may initiate permanent deletion of customer data. Deletion is performed at the infrastructure level and is irreversible. Once deleted, data cannot be recovered by TestLedger or any third party.

Customer-Initiated Deletion: You may request early deletion of your organization's data by contacting TestLedger support at support@testledger.io. Upon receiving a verified deletion request from an authorized account administrator, TestLedger will process the deletion within 30 calendar days. Early deletion is permanent and cannot be reversed.

Scope of Deletion: Customer-initiated deletion encompasses reference-state records, evidence vault files, team member data, organization configuration, and BAA execution records. System-generated security logs and aggregate usage data that do not contain customer record content may be retained for legitimate operational purposes.

TestLedger strongly recommends exporting all reference-state records before requesting deletion. Once deletion is complete, TestLedger cannot provide copies of any deleted data.

7. Data Security

We implement commercially reasonable technical and organizational safeguards, including:

  • Encryption in transit using TLS
  • Encryption at rest
  • Access controls and authentication requirements
  • Tenant-based data isolation
  • Logging and monitoring
  • Incident response procedures

No system can guarantee absolute security. You acknowledge that electronic storage and transmission involve inherent risk.

We cannot guarantee uninterrupted availability, permanent retention, or that every security incident can be prevented. You are responsible for maintaining backups, independent export copies, and internal controls appropriate for your use of the Service.

8. Breach Notification

If we determine that a security incident affecting your personal information requires notice under applicable law, we will provide notice to affected users and, where required, applicable authorities, as promptly as practicable and without unreasonable delay, subject to measures necessary to determine the scope of the incident, comply with law-enforcement requests, and restore system security.

9. Protected Health Information

9.1 PHI Not Enabled by Default

The Service is not intended for processing Protected Health Information as defined by HIPAA unless Professional identity and evidence workflows have been enabled for your organization and any required Business Associate Agreement has been fully executed.

PHI functionality is disabled by default.

9.2 BAA Requirement

If you intend to enter PHI into the Service, or intend for TestLedger to create, receive, maintain, or transmit PHI on your behalf:

  • A fully executed Business Associate Agreement is required before any identity or evidence workflow is used where your use of the Service requires one
  • BAA availability is limited to the Professional plan and may be unavailable in other access modes
  • Basic workflows do not include identity fields or evidence attachments and may not be used for PHI entry
  • No feature description, sales material, demo, or security control should be interpreted as permission to upload PHI before these prerequisites are satisfied

Contact [email protected] to initiate a BAA request.

9.3 Customer Responsibility

TestLedger does not monitor, identify, or classify PHI within customer records. You are solely responsible for:

  • Determining whether data constitutes PHI
  • Determining whether a BAA is required for your workflow and executing it before PHI entry
  • Implementing required safeguards under HIPAA or other laws
  • Authorizing only lawful access, use, disclosure, and retention of submitted data

TestLedger provides technical safeguards designed to support secure handling of data where configured appropriately. TestLedger does not independently classify or verify whether data constitutes PHI.

10. Shared Responsibility Model

Data protection within the Service operates under a shared responsibility framework.

TestLedger Responsibilities: securing infrastructure, maintaining encryption controls, providing system-level access management capabilities, and maintaining internal security procedures.

Customer Responsibilities: configuring user permissions, classifying data, managing retention settings, training personnel, and ensuring compliance with workplace drug testing laws and privacy statutes.

11. Cookies and Tracking Technologies

We and our service providers may use cookies, local storage, log files, pixels, and similar technologies to authenticate users, maintain sessions, secure the Service, remember preferences, understand feature usage, and measure site performance.

You may be able to control certain cookies through browser settings or other tools, but disabling some technologies may affect functionality or security.

12. Your Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access personal information
  • Request correction
  • Request deletion, subject to legal retention requirements
  • Receive a portable copy of your data
  • Opt out of marketing communications

To exercise rights, contact [email protected].

Requests related to reference-state documentation records may be limited where retention is required by law or by the Service's recorded-reference-state architecture.

13. California Privacy Rights

California residents may have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including:

  • Right to know
  • Right to delete
  • Right to correct
  • Right to limit use of sensitive personal information
  • Right to non-discrimination

TestLedger does not sell personal information.

Employers remain responsible for their obligations under employment-related privacy laws.

14. International Data Transfers

The Service is hosted in the United States. By using the Service, you acknowledge that information may be processed and stored in the United States.

15. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from minors.

16. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the Service or by other appropriate means. Continued use constitutes acceptance of the updated policy.

17. Contact Information

TestLedger LLC
8447 Miramar Mall
San Diego, CA 92121

Privacy inquiries: [email protected]

BAA requests: [email protected]

General business or enterprise inquiries: