Partner Summary (TL;DR)

• ✅ Screen 1: Always required (all users)
• ✅ Screen 2: Mandatory to show for all non-HIPAA users
• ❌ Screen 2: Never shown to HIPAA users
• ❌ Declining Screen 2 never blocks access
• 🗂️ Consent versions + timestamps must be stored
• 🗑️ Data retention & deletion differ between Production and Research contexts (see below)

Data Privacy & Consent Requirements

To comply with privacy regulations, Partners are required to obtain explicit consent from users before a first body scan is performed. This ensures compliance for both Prism Labs and its Partners with applicable regulations, including but not limited to:

• Washington’s My Health My Data Act (MHMDA)
• Illinois Biometric Information Privacy Act (BIPA)

Partner User Consent Screens

Two-Screen Requirement

As a Prism Labs Partner, you must integrate two consent screens (content requirements only — not look and feel) before a user completes their first body scan.

These screens serve distinct purposes:

1. Consent to Use the Service (required to proceed)
2. Consent to Improve the Service (optional for the user, but mandatory to show for all non-HIPAA users)

Both screens must be shown in sequence before a user can access the body-scanning flow, subject to the HIPAA rules described below.