Last updated June 8, 2026 · DropRail is a service of LabCMD, LLC (147 Kennicott Rd, Chehalis, WA 98532).
This Privacy Policy explains how LabCMD, LLC ("LabCMD", "we") handles information in connection with the DropRail website and service ("Service"). It concerns information about our customers and website visitors — not the consumer records our customers process, which are addressed separately below.
DropRail is designed so your consumers' personal information never leaves your systems. The DropRail agent runs in your environment and exchanges only one-way SHA-256/Base64 hashed identifiers (to match the State's deletion list) and per-request status codes with us. We do not receive, store, or have access to your consumers' plaintext personal information.
We use the information we collect to provide, secure, and improve the Service; to authenticate accounts; to process billing; to respond to support requests; to send service and, where permitted, marketing communications (you can opt out of marketing); and to comply with law.
We do not sell your personal information. We share information only with service providers that help us run DropRail, under contracts limiting their use, including: Stripe / Tender (payments), Microsoft 365 and our Beacon email system (transactional and support email), and our hosting and infrastructure providers. We may disclose information if required by law or to protect rights and safety.
We use a session cookie to keep you signed in. If you arrive from a tracked email link, a lightweight read-time beacon may record engagement (e.g., time on page) to measure our campaigns; it activates only for visitors who arrive via such a link. We do not use third-party advertising trackers.
We retain account and billing records for as long as your account is active and as needed for legal, tax, and security purposes, then delete or anonymize them. Your tamper-evident compliance audit logs are generated by the agent and stored in your environment under your control.
We apply reasonable administrative and technical safeguards, including encryption of stored credentials at rest, hashed passwords, transport encryption (HTTPS), and access controls. No method of transmission or storage is completely secure.
Depending on your jurisdiction (including under the California Consumer Privacy Act / CPRA), you may have rights to access, correct, delete, or port the personal information we hold about you, and to opt out of certain uses. To exercise these rights, contact [email protected]; we will verify and respond as required by law. We will not discriminate against you for exercising your rights.
The Service is a business tool not directed to children, and we do not knowingly collect personal information from anyone under 16.
We may update this Policy; we will post changes here with a new "last updated" date and, where appropriate, notify you by email.
LabCMD, LLC, 147 Kennicott Rd, Chehalis, WA 98532 · [email protected].
Questions? [email protected]. These terms are written in good faith for a business-to-business compliance tool and are not legal advice for your business; review your own obligations with counsel.