Effective Date: Jan 1, 2025

Healife – Wellness & Functional Care (“we,” “our,” or “us”) is committed to protecting the privacy of your personal information and protected health information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://www.thehealife.com (the “Website”), engage with our online services, or communicate with us virtually.

IMPORTANT NOTICE: This practice may be subject to the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. Protected health information is subject to additional protections beyond this Privacy Policy, as outlined in our Notice of Privacy Practices provided separately.

By accessing or using our Website and services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Website or services.

1. Information We Collect

We collect various types of information from and about users of our Website and services, including:

a. Personal Information You Provide to Us Directly:

This includes information you voluntarily provide when you:

  • Book a consultation or discovery call (e.g., name, email address, phone number, preferred contact method)
  • Fill out contact forms or inquiry forms (e.g., name, email address, message, reason for inquiry)
  • Subscribe to our newsletter or other communications (e.g., email address, communication preferences)
  • Participate in surveys or provide feedback (e.g., health preferences, demographics, service satisfaction)
  • Create an account on our patient portal (e.g., username, password, security questions)
  • Engage in virtual consultations (e.g., comprehensive health history, current medical conditions, symptoms, lifestyle details, dietary habits, supplement usage, previous treatments, family medical history, mental health information, reproductive health information)
  • Make payments for services (billing information processed through secure third-party processors)

Protected Health Information (PHI): Health-related information collected during consultations is considered protected health information under HIPAA and is subject to additional privacy protections. This sensitive health information is collected and stored securely within HIPAA-compliant systems, separate from general website data.

The types of personal information collected may include, but are not limited to: full name, email address, phone number, physical address, date of birth, gender identity, emergency contact information, insurance information (if applicable), health concerns, medical history, current medications and supplements, lifestyle information, biometric data (if collected), genetic information (if applicable), mental health status, and payment information.

b. Automatically Collected Information (Usage Data):

When you access and use the Website, we may automatically collect certain information about your equipment, browsing actions, and patterns, including:

  • Technical Information: IP address, browser type and version, operating system, device identifiers, screen resolution, time zone setting
  • Usage Information: Referring and exit pages, pages visited, time and date of visit, time spent on pages, clickstream data, navigation patterns, download errors, length of visits to certain pages
  • Device Information: Type of device used (mobile, tablet, desktop), device model, operating system version, mobile network information
  • Location Information: General geographic location based on IP address (city/state level, not precise location)

c. Information from Third Parties:

We may receive information about you from third-party services that integrate with our Website, such as:

  • Online Booking Platforms: Appointment scheduling information, calendar integration data
  • Payment Processors: Transaction confirmation, billing status (we do not receive full payment card details)
  • Analytics Providers: Aggregated and anonymized data about user behavior and website performance
  • Telehealth Platforms: Session data, technical performance metrics (subject to Business Associate Agreements)
  • Professional Referral Sources: Referral information when you are referred by another healthcare provider (with appropriate consents)

2. How We Use Your Information

We use the information we collect for various purposes, including:

Primary Purposes:

  • To Provide and Maintain Our Services: Schedule and conduct virtual consultations, provide personalized health programs, deliver educational content, maintain continuity of care, generate treatment plans
  • To Communicate with You: Respond to inquiries, send appointment reminders and confirmations, provide test results and health information, send newsletters and educational content (with consent), deliver important service updates and policy changes
  • For Treatment Coordination: Coordinate care with other healthcare providers (with your explicit consent), manage referrals, share information necessary for your healthcare treatment

Secondary Purposes:

  • To Improve Our Website and Services: Analyze usage trends, troubleshoot technical issues, understand user preferences, enhance functionality and content, develop new services and features
  • For Personalization: Tailor your experience on our Website, customize health recommendations, personalize communications based on your preferences
  • For Marketing and Promotional Purposes: Send information about our services, health tips, promotions, or events that may be of interest (you can opt-out at any time)
  • For Security and Fraud Prevention: Detect, prevent, and address technical issues, fraud, unauthorized access, or other illegal activities
  • For Quality Assurance: Monitor service quality, conduct patient satisfaction surveys, perform clinical quality improvement activities
  • To Comply with Legal Obligations: Meet legal, regulatory, ethical, and professional requirements, respond to legal requests, ensure compliance with healthcare regulations

Special Categories of Data:

Health information, genetic information, biometric data, and mental health information are processed only for legitimate healthcare purposes, treatment provision, legal compliance, and with appropriate safeguards in place.

3. Legal Basis for Processing (for International Users)

For users subject to GDPR or similar regulations, our legal basis for processing includes:

  • Consent: Where you have provided explicit consent for specific processing activities
  • Contract Performance: Processing necessary to provide healthcare services you’ve requested
  • Legal Obligation: Compliance with healthcare regulations, reporting requirements, and legal obligations
  • Vital Interests: In emergency situations where processing is necessary to protect life or health
  • Legitimate Interests: For service improvement, security, and marketing (where not overridden by your rights)

4. How We Share Your Information

We do not sell, rent, or trade your personal information or protected health information. We may share your information in the following circumstances:

With Your Explicit Consent:

  • Referring you to another healthcare specialist or provider
  • Sharing information with family members or caregivers you designate
  • Including your information in research studies (with separate research consent)

Service Providers and Business Associates:

We may share information with trusted third-party service providers who perform functions on our behalf under signed Business Associate Agreements (where required by HIPAA):

  • Technology Providers: Website hosting and maintenance, cloud storage services, cybersecurity services
  • Healthcare Technology: Online booking and patient management platforms, secure patient portals, telehealth platforms, electronic health record systems
  • Payment Processing: Stripe, PayPal, or other payment processors (we do not store full credit card details)
  • Communication Services: Email marketing platforms, appointment reminder systems, secure messaging services
  • Analytics and Improvement: Website analytics (e.g., Google Analytics with privacy controls), user experience research platforms
  • IT Support: Technical support, data backup services, system maintenance
  • Quality Assurance: Customer service platforms, survey tools, feedback systems

All service providers are contractually obligated to protect your information and are prohibited from using it for any purpose other than providing services to us. Healthcare-related service providers sign HIPAA Business Associate Agreements where required by law.

Legal Requirements and Public Interest:

  • Legal Compliance: When required by law, court order, subpoena, or government agency request
  • Public Health: For public health activities, disease surveillance, or health oversight activities as required by law
  • Emergency Situations: To prevent serious harm to you or others, or in medical emergencies
  • Law Enforcement: When required by law enforcement agencies for legitimate investigations

Business Transfers:

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

Protection of Rights:

To enforce our Terms & Conditions, protect our rights, privacy, safety, or property, or that of our users or the public, prevent fraud or abuse.

5. International Data Transfers

If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States. By using our services, you consent to the transfer of information to the U.S. and the processing of that information as described in this Privacy Policy.

For users in the European Economic Area (EEA), United Kingdom, or other regions with data localization requirements, we implement appropriate safeguards such as Standard Contractual Clauses or adequacy decisions where available.

6. Data Security

We implement comprehensive security measures designed to protect your personal information and protected health information from unauthorized access, use, alteration, and disclosure:

Technical Safeguards:

  • Encryption: Data encrypted during transmission (SSL/TLS 1.2 or higher) and at rest using industry-standard encryption
  • Access Controls: Multi-factor authentication, role-based access controls, regular access reviews
  • System Security: Firewalls, intrusion detection systems, regular security updates and patches
  • Secure Infrastructure: HIPAA-compliant hosting environments, redundant data centers, regular backups

Administrative Safeguards:

  • Staff Training: Regular privacy and security training for all personnel
  • Access Management: Minimum necessary access principles, regular access audits
  • Incident Response: Comprehensive data breach response procedures
  • Business Associate Management: Proper vetting and contracts with all third-party providers

Physical Safeguards:

  • Facility Security: Secure facilities with access controls, surveillance systems
  • Equipment Controls: Secure disposal of equipment, workstation security protocols
  • Media Protection: Secure handling and disposal of storage media

Regular Security Assessments:

We conduct regular security risk assessments, vulnerability testing, and compliance audits to ensure our security measures remain effective.

Important Security Notice: No method of transmission over the Internet or method of electronic storage is 100% secure. While we implement industry-standard security measures and comply with applicable healthcare privacy laws, we cannot guarantee absolute security. We will notify you of any data breaches as required by applicable law.

7. Data Retention

We retain your personal information and protected health information as follows:

  • Active Patient Records: Maintained for the duration of our professional relationship plus the period required by applicable law and professional standards (typically 7-10 years after last service date)
  • Marketing Communications: Until you unsubscribe or request deletion
  • Website Analytics: Typically 1-2 years, anonymized where possible
  • Financial Records: As required by tax and accounting regulations (typically 7 years)
  • Legal Documentation: As required by law or until legal matters are resolved

We securely dispose of information when retention periods expire, unless continued retention is required by law or for legitimate business purposes.

8. Your Privacy Rights

Depending on your location and applicable data protection laws (e.g., GDPR, CCPA, HIPAA), you may have the following rights regarding your personal information:

General Privacy Rights:

  • Right to Access: Request copies of your personal data and information about how it’s processed
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain conditions
  • Right to Restrict Processing: Request limitation of processing under certain circumstances
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Data Portability: Request transfer of your data to another organization in a structured format
  • Right to Withdraw Consent: Withdraw consent for processing activities (where consent is the legal basis)

HIPAA Rights (for Protected Health Information):

  • Right to Access: Inspect and obtain copies of your protected health information
  • Right to Request Amendments: Request corrections to your health information
  • Right to an Accounting of Disclosures: Receive a list of certain disclosures of your health information
  • Right to Request Restrictions: Request limitations on use and disclosure of your health information
  • Right to Request Confidential Communications: Request communications through alternative means or locations
  • Right to File a Complaint: File complaints with us or with the Department of Health and Human Services

How to Exercise Your Rights:

To exercise any of these rights, please contact us at:

  • Email: [email protected]
  • Subject Line: “Privacy Rights Request”
  • Include: Your name, contact information, specific request, and verification of identity

We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR requests, 30 days for HIPAA requests).

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Website:

Types of Cookies We Use:

  • Essential Cookies: Required for basic website functionality, security, and user authentication
  • Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics with privacy controls)
  • Functional Cookies: Remember your preferences and improve your experience
  • Marketing Cookies: Used for personalized advertising and marketing communications (with consent)

Third-Party Cookies:

We may allow certain third-party cookies for analytics, advertising, and social media integration. These are subject to the privacy policies of the respective third parties.

Your Cookie Choices:

  • Browser settings can be configured to refuse all cookies or alert you when cookies are being sent
  • You can delete existing cookies through your browser settings
  • Some website functionality may be limited if cookies are disabled
  • You can opt out of analytics cookies through our cookie consent manager

Other Tracking Technologies:

We may also use web beacons, pixels, and similar technologies for analytics and communication purposes.

10. Third-Party Links and Services

Our Website may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Social Media Integration:

If our Website includes social media features, these features may collect information about your IP address and page visits, and may set cookies. Social media features are governed by the privacy policies of the respective social media companies.

11. Children’s Privacy

Our Website and services are not intended for individuals under the age of 18. We do not knowingly collect personally identifiable information from minors under 18.

Special Protections for Minors:

  • If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately
  • If we become aware that we have collected personal information from a child under 18 without proper parental consent, we will take steps to delete that information promptly
  • For minors aged 13-17 receiving healthcare services (where legally permitted), additional consent and confidentiality protections may apply under applicable laws

12. State-Specific Privacy Rights

California Residents (CCPA/CPRA):

California residents have additional rights including:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information

Other State Rights:

Residents of other states may have additional privacy rights under applicable state laws. Please contact us to learn about rights specific to your location.

13. Telehealth-Specific Privacy Considerations

For virtual consultations and telehealth services:

Platform Security:

  • We use HIPAA-compliant telehealth platforms with end-to-end encryption
  • Video and audio communications are secured during transmission
  • Session recordings (if any) are stored securely and deleted according to our retention policy

Your Responsibilities:

  • Ensure you’re in a private location during virtual consultations
  • Use secure internet connections (avoid public Wi-Fi)
  • Verify the identity of healthcare providers before sharing sensitive information
  • Report any technical issues or security concerns immediately

Technical Requirements:

  • Updated browsers and operating systems for optimal security
  • Stable internet connection for uninterrupted service
  • Compatible devices meeting minimum security requirements

14. Data Breach Notification

In the event of a data breach involving your personal information:

Our Response:

  • We will investigate and contain the breach promptly
  • Affected individuals will be notified as required by applicable law
  • Regulatory authorities will be notified within required timeframes
  • We will provide information about the breach, potential impact, and steps being taken

Your Actions:

  • Monitor accounts and statements for suspicious activity
  • Follow any specific recommendations provided in breach notifications
  • Contact us with questions or concerns about potential breaches

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes:

  • Material changes will be prominently posted on our Website
  • You may receive email notification of significant changes (if you’ve provided an email address)
  • The “Effective Date” at the top will be updated to reflect the date of the latest revision
  • Continued use of our services after changes constitutes acceptance of the updated policy

Your Options:

If you disagree with changes to this Privacy Policy, you may discontinue use of our services or contact us to discuss your concerns.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Primary Contact:

Privacy Officer Contact:

Mailing Address: [Insert physical address of main office/practice location]

Phone: [Insert phone number if available for privacy inquiries]

Response Time:

We will respond to your inquiry within 30 days (or as required by applicable law).

Complaints:

If you believe we have violated your privacy rights, you may file a complaint with:

  • Our Privacy Officer at the contact information above
  • The Department of Health and Human Services (for HIPAA-related complaints)
  • Your state’s attorney general or consumer protection agency
  • Relevant data protection authorities (for international users)

This Privacy Policy was last updated on June 24, 2025, and is effective immediately for all users of our Website and services.