Privacy Policy

Vitäal Health ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our telehealth services.

Personal Information You Provide

We collect information you provide directly to us, including:

• Contact Information: Name, email address, phone number, shipping address
• Account Information: Username, password, account preferences
• Payment Information: Credit card details, billing address (processed securely through our payment processor)
• Medical History: Health information you provide in your medical questionnaire
• Communication Data: Messages you send to customer support or your healthcare provider

Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Information: Pages visited, time spent on pages, links clicked, referring website
• Location Information: General geographic location based on IP address
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies (see Section 9 for details)

Information from Third Parties

We may receive information about you from third-party sources, including:

• Identity Verification Services: Government-issued ID information to verify your identity for regulatory compliance
• Healthcare Providers: Licensed physicians who evaluate your consultation through our platform and share medical information
• Pharmacies: Prescription and fulfillment information from partner pharmacies
• Payment Processors: Transaction and payment verification information
• Marketing Partners: Information from advertising networks and analytics providers to improve our services
• Data Enrichment Services: Demographic and contact information to enhance our records

We combine this information with the data we collect directly from you to provide better services, verify your identity, and comply with legal requirements.

We use the information we collect for the following purposes:

To Provide Our Services

• Process and fulfill your subscription orders
• Facilitate consultations with licensed healthcare providers
• Coordinate prescription fulfillment with our pharmacy partner
• Process payments and prevent fraud
• Send order confirmations, shipping updates, and service notifications
• Provide customer support

To Improve Our Services

• Analyze website usage and user behavior
• Conduct research and analytics
• Develop new features and services
• Test and optimize our platform

To Communicate With You

• Send administrative information and service updates
• Respond to your inquiries and requests
• Send marketing communications (with your consent, where required)
• Request feedback and reviews

For Legal and Safety Purposes

• Comply with legal obligations and regulatory requirements
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service
• Prevent fraud and abuse
• Respond to legal requests from authorities

We do not sell your personal information. We share your information only in the following circumstances:

Healthcare Providers

We share your medical questionnaire and relevant health information with licensed physicians who evaluate your consultation. These providers operate independently and are subject to their own HIPAA obligations and privacy practices.

Pharmacy Partners

If you receive a prescription, we share necessary information (name, prescription details, shipping address) with our pharmacy partner to fulfill your medication order. Our pharmacy partner maintains its own privacy practices and HIPAA compliance.

Service Providers

We share information with trusted third-party service providers who perform services on our behalf. These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Specific Service Provider Categories:

• Analytics Providers: Google Analytics, Mixpanel, and similar services that help us understand website usage and user behavior
• Payment Processors: Stripe, PayPal, and other payment processing services
• Shipping Partners: USPS, UPS, FedEx, and pharmacy fulfillment partners
• Customer Support Tools: Help desk software and customer relationship management (CRM) systems
• Marketing and Advertising Partners: Facebook Pixel, Google Ads, email marketing platforms
• Cloud Infrastructure: Amazon Web Services (AWS), Microsoft Azure, and other hosting providers
• Communication Services: Email delivery services, SMS providers, and telehealth technology platforms

Advertising and Analytics Partners

We share certain information with advertising networks and analytics providers to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. This may include:

• Advertising platforms (Google Ads, Meta/Facebook Ads) - for retargeting and lookalike audience creation
• Analytics providers (Google Analytics) - to understand how visitors use our website
• Marketing technology platforms - to manage and optimize our advertising campaigns

The information shared may include identifiers (such as hashed email addresses, device IDs, IP addresses), browsing behavior, and inferences about preferences. Under California law, this sharing may constitute a "sale" or "sharing" of personal information, and you have the right to opt out by contacting us at privacy@vitaalhealth.com.

Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government investigations).

With Your Consent

We may share your information for any other purpose with your consent.

Depending on where you live, you may have certain rights regarding your personal information:

General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Opt-Out: Unsubscribe from marketing communications at any time
• Account Closure: Request closure of your account

State-Specific Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and share
• Right to delete personal information, subject to certain exceptions for legal compliance, fraud prevention, and security purposes
• Right to opt-out of the "sale" or "sharing" of personal information (note: we do not sell personal information)
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your rights

Sensitive Personal Information: We collect and use sensitive personal information (including health information and precise geolocation) only for purposes permitted by California law, such as providing our services and preventing fraud.

Texas Residents (TDPSA)

If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA):

• Right to Access: Confirm whether we are processing your personal data and access such personal data
• Right to Correction: Correct inaccuracies in your personal data
• Right to Deletion: Delete personal information you have provided to us
• Right to Data Portability: Obtain a copy of your personal data in a portable format
• Right to Opt Out: Opt out of targeted advertising, sale of personal data, and profiling

Nevada Residents

Nevada residents have the right to opt out of the sale of certain covered information. We do not sell your personal information as defined under Nevada law.

Washington State Residents (My Health My Data Act)

If you are a Washington resident, your consumer health data is protected under the My Health My Data Act. We collect and use consumer health data only for permitted purposes and do not sell or share it for targeted advertising.

To exercise your privacy rights, contact us at privacy@vitaalhealth.com or mail:

Vitäal Health LLC
26023 Jefferson Avenue, Ste: D
Murrieta, CA 92562

Understanding HIPAA

Vitäal Health LLC is not a healthcare provider and is not a covered entity under HIPAA. HIPAA protections apply to the independent healthcare providers and pharmacies you interact with through our platform. These providers have their own Notice of Privacy Practices that govern how they handle your protected health information (PHI).

Protected Health Information (PHI): When you complete a medical questionnaire and consult with a licensed physician through our platform, that information becomes Protected Health Information (PHI) under HIPAA. This PHI is controlled by the healthcare provider and pharmacy, not by Vitäal Health.

Our Voluntary Security Commitments

Even though we are not required to be HIPAA compliant as a platform, we voluntarily implement security measures that meet or exceed HIPAA standards:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Business Associate Agreements with all service providers who may access health-related information
• Regular security audits and risk assessments
• Employee confidentiality agreements and security training
• Strict access controls on a need-to-know basis
• Incident response and breach notification procedures

We implement appropriate technical and organizational security measures to protect your personal information, including:

Encryption Standards

• Encryption in Transit: TLS 1.3 for all data transmitted to/from our servers
• Encryption at Rest: AES-256 encryption for all stored data in our databases
• End-to-end encryption for sensitive health information

Access Controls

• Multi-factor authentication for administrative access
• Role-based access controls (need-to-know basis)
• Regular access audits and monitoring
• Automatic session timeouts

Security Practices

• Regular security assessments and penetration testing
• Employee confidentiality agreements and security training
• Incident response and breach notification procedures
• PCI DSS compliance for payment processing

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal obligations (e.g., tax records, regulatory requirements)
• Resolve disputes and enforce our agreements
• Fulfill the purposes described in this Privacy Policy

When we no longer need your information, we will securely delete or anonymize it. Medical records provided to healthcare providers and pharmacies are subject to their retention policies and applicable healthcare regulations.

We use cookies and similar tracking technologies to collect information about your browsing activities.

Types of Cookies We Use

• Essential Cookies: Required for website functionality (e.g., shopping cart, login sessions)
• Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics)
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness
• Preference Cookies: Remember your settings and preferences

Managing Cookies

Most web browsers allow you to control cookies through their settings. You can:

• Block all cookies
• Accept only first-party cookies
• Delete cookies after each session
• Receive notifications when cookies are set

Note that blocking or deleting cookies may affect website functionality and your user experience.

Our website may contain links to third-party websites, services, or applications. We are NOT responsible for the privacy practices of third-party websites. Before providing information to any third-party website, review their privacy policy.

Our services are intended for adults aged 18 and older. We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will delete such information.

Our services are provided from the United States and are intended for users in the United States. If you access our services from outside the U.S., you acknowledge that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

Some web browsers have a "Do Not Track" (DNT) feature. Currently, there is no industry standard for how to respond to DNT signals. At this time, our website does not respond to DNT signals or similar mechanisms.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top of this page
• Sending you an email notification (for significant changes)

Your continued use of our services after changes become effective constitutes your acceptance of the revised Privacy Policy.

For questions about this Privacy Policy or to exercise your privacy rights:

This section provides additional disclosures required under the Washington My Health My Data Act and Nevada SB 370, which provide enhanced protections for consumer health data. This section applies to residents of Washington and Nevada, but we extend these protections to all users of our services.

Definition of Consumer Health Data

Under Washington and Nevada law, "consumer health data" means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. This includes, but is not limited to:

• Individual health conditions, treatment, diseases, or diagnosis
• Social, psychological, behavioral, and medical history
• Health-related surgeries, procedures, or medications
• Use or purchase of prescribed medications or medical treatments
• Bodily functions, vital signs, symptoms, or measurements of health information
• Information that identifies a consumer seeking or obtaining health-related services

Categories of Consumer Health Data We Collect

Through our telehealth platform, we collect the following categories of consumer health data:

• Medical Questionnaire Responses: Health history, current medications, allergies, pre-existing conditions, and symptoms you provide during the consultation process
• Treatment Information: Details about prescriptions issued, treatment plans recommended by healthcare providers, and medication fulfillment status
• Health History: Past medical conditions, surgical history, family medical history, and lifestyle factors relevant to your care
• Healthcare Seeking Behavior: Information indicating that you are seeking telehealth services for erectile dysfunction treatment

Purposes for Collection and Use

We collect and use consumer health data for the following specific purposes:

• Telehealth Consultation Facilitation: To enable licensed physicians to evaluate your medical questionnaire, conduct consultations, and determine appropriate treatment options
• Prescription Coordination: To facilitate the transmission of prescriptions from healthcare providers to pharmacy partners and coordinate medication fulfillment
• Treatment Safety: To ensure prescribed medications are appropriate based on your health history and to identify potential contraindications or drug interactions
• Care Continuity: To maintain records of your treatment history for future consultations and to enable healthcare providers to make informed treatment decisions
• Legal Compliance: To comply with healthcare regulations, maintain required medical records, and respond to valid legal requests

Third Parties We Share Consumer Health Data With

We share consumer health data only with the following categories of third parties for the purposes indicated:

• Licensed Physicians: Independent healthcare providers who review your medical questionnaire and conduct telehealth consultations to evaluate treatment eligibility and issue prescriptions when medically appropriate
• Pharmacy Partners: Licensed pharmacies that receive prescription information, verify prescriptions, and fulfill medication orders for delivery to you
• Healthcare Technology Providers: Third-party platforms that facilitate secure telehealth consultations, electronic prescribing, and healthcare communication under strict data protection agreements
• Regulatory Authorities: Government agencies when required by law, including state pharmacy boards, the DEA, or in response to valid legal process

Your Consumer Health Data Rights

Under Washington and Nevada law, you have the following rights regarding your consumer health data:

• Right to Confirm Collection: You have the right to confirm whether we are collecting or sharing your consumer health data
• Right to Access: You have the right to access your consumer health data that we have collected, including a list of all third parties with whom we have shared your data
• Right to Withdraw Consent: You may withdraw your consent for the collection and sharing of consumer health data at any time. Note that withdrawal of consent may affect our ability to provide services to you
• Right to Deletion: You have the right to request deletion of your consumer health data, subject to certain exceptions for legal compliance, fraud prevention, and completion of transactions

How to Exercise Your Rights

To exercise any of your consumer health data rights, you may contact us through the following methods:

• Email: privacy@vitaalhealth.com (include "Consumer Health Data Request" in the subject line)
• Mail: Vitäal Health LLC, Attn: Privacy Officer, 26023 Jefferson Avenue, Ste: D, Murrieta, CA 92562

We will respond to verified requests within the timeframes required by applicable law (generally within 45 days for Washington residents and 60 days for Nevada residents). We may need to verify your identity before processing your request to protect your privacy and prevent unauthorized access to your health information.