Trust & Compliance
HelixDX operates under healthcare-grade compliance from day one. Here's exactly how we handle data, payments, and lab oversight.
Every order placed on HelixDX is processed by our exclusive lab partner — CLIA-certified, CAP-accredited, and licensed to accept samples from all 50 US states, including New York's additional licensing requirements. Lab partner identity is disclosed to approved merchants under NDA.
Lab testing requires physician authorization in most states. HelixDX provides a turnkey 50-state physician network through our telehealth partner. Every test order is reviewed and authorized by a licensed physician in the patient's state — at no additional cost to you or your customer.
All PHI is stored in HIPAA-compliant infrastructure with encryption at rest (AES-256) and in transit (TLS 1.3). HelixDX operates as a Business Associate of every merchant, with a signed BAA covering data handling, breach notification, and access controls.
Payments run under Aspire Payments LLC, a registered payment processor with relationships with Paysafe and Worldpay. Every order is processed under healthcare-appropriate merchant category coding. Aspire is the merchant of record — HelixDX absorbs the operational complexity of payments, including fraud prevention, chargebacks, and PCI compliance.
Customer data captured on your storefront is yours. You can export it at any time. HelixDX is contractually prohibited from marketing to your customers or sharing data with other merchants. Customers grant data access to you (the merchant) at checkout, with explicit consent.
Every kit listing and storefront copy is reviewed by our compliance team before launch — and randomly audited after. Marketing claims that cross the FDA line ('diagnose,' 'treat,' 'cure') are flagged before they ever reach customers. This protects you, your customers, and our shared infrastructure.
HelixDX undergoes annual SOC 2 Type II audit, HIPAA risk assessment, and PCI DSS review. Audit summary reports are available to Pro and Enterprise merchants under NDA.
The full contract is short, plain English, and worth ten minutes of your time.