Privacy Policy

Pregnant woman reading a privacy policy on her cell phone.

Alchemical Transformations Health Services, P.C.

Last Updated: May 04, 2025

INTRODUCTION

Welcome to Alchemical Transformations Health Services, P.C. ("ATHS” "we," "us," or "our"). This Privacy Policy outlines how we collect, use, store, and disclose personal information obtained from individuals ("users" or "you") who access, interact with, or utilize the features, functionalities, services, content, and offerings provided through our official website, applications, subdomains, telemedicine platforms, and affiliated systems (collectively, the "Platform").

At Alchemical Transformations Health Services, we are deeply committed to respecting your privacy and safeguarding your personal information. This Privacy Policy explains the types of data we collect, why we collect it, how we protect it, and your rights regarding the handling of your information, all in compliance with applicable privacy laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related federal and state laws.

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with the practices described, please refrain from accessing or using the Platform.

We take the confidentiality and security of your personal health information (PHI) seriously. Our practices are designed to maintain the highest levels of privacy and integrity, ensuring that your information is used only for the purposes outlined herein. For more details about how we handle PHI specifically in the context of telehealth services, please review our HIPAA Notice of Privacy Practices.

We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices, legal obligations, or regulatory requirements. Any updates will be effective upon posting the revised Privacy Policy on our Platform. We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, and protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us using the information provided in the Contact Us section below.

By continuing to use our Platform, you signify your acceptance of this Privacy Policy, including any updates or modifications, and consent to the collection, use, storage, and disclosure of your information as described herein and in accordance with applicable laws and regulations.

TYPES OF DATA WE COLLECT

To provide you with high-quality telemedicine services and ensure a seamless experience on our Platform, we collect various types of information, including personal, health-related, and technical data. The types of data we collect include, but are not limited to, the following:

  • Personal Identifiable Information (PII): We collect information that can identify you as an individual, including:
    • Full name
    • Date of birth
    • Sex
    • Home address
    • Phone number(s)
    • Email address
    • Emergency contact information (e.g., name, relationship, and contact details)
  • Health Information (Protected Health Information or PHI): In compliance with the Health Insurance Portability and Accountability Act (HIPAA), we collect sensitive health-related information necessary for diagnosis, treatment, and care coordination. This information is securely stored and transmitted in compliance with HIPAA and other applicable laws. This may include:
    • Medical history, conditions, and diagnoses
    • Medications and prescriptions
    • Laboratory and diagnostic test results
    • Progress notes and treatment plans
    • Symptoms, allergies, and immunization records
  • Financial Information: We collect information necessary to process payments for our services, including:
    • Credit or debit card details (processed securely via third-party payment processors)
    • Transaction history, including payment amounts, dates, and billing details
  • Technical Information: We collect limited technical data related to your interactions with our Platform to ensure its functionality and security. This may include:
    • Device type, operating system, and browser type
    • Internet Protocol (IP) address
    • Time and date of access
    • Pages viewed and interaction data
    • Error logs or technical issues encountered

HOW WE COLLECT DATA

We collect data through various methods to deliver secure and effective telemedicine services while ensuring compliance with applicable laws. Below is an overview of our data collection practices:

  • Direct Collection from You: We collect information directly from you when you interact with our services. This includes completing forms through secure platforms like Jotform, providing details during telemedicine consultations, and signing documents such as our Telehealth Informed Consent Form. You may also share information when communicating with us via email, phone, or text, and when making payments through third-party processors.
  • Automated Collection: Some technical data is collected automatically to ensure the functionality and security of our Platform. This may include details such as your device type, IP address, and system logs like access times and durations. While we do not use cookies for behavioral tracking, limited technical data essential for maintaining our services may be collected.
  • Third-Party Sources: We may receive information from trusted third parties to support your care and services. For example, telemedicine platforms like Elation Passport and Spruce Health may share relevant data with us. Pharmacies and payment processors provide details for fulfilling prescriptions and processing transactions, and Managed Service Providers (MSPs) may have incidental access to technical data while securing our systems.
  • Information Provided During Telemedicine Visits: During telemedicine consultations, you may voluntarily share additional details about your health. This can include your medical history, current symptoms, and treatment preferences, which are collected to support accurate diagnosis and care.
  • Optional Surveys and Feedback: We may collect information through optional surveys or feedback forms, which help us improve our telemedicine services and better understand your needs.
  • Consent and Transparency: We prioritize transparency in our data collection processes. Your data is collected only with your explicit or implicit consent, or as required by law. All collected information is handled securely, in compliance with HIPAA regulations, and with appropriate safeguards to ensure confidentiality and integrity.

For any questions or concerns about how your data is collected, please refer to the Contact Us section.

HOW WE USE DATA

To Provide Telemedicine Services: We use your personal and health information to facilitate all aspects of your telemedicine care. This includes collecting and reviewing your medical history, assessing your current symptoms, and conducting virtual consultations to deliver accurate diagnoses and personalized treatment plans. Your data enables us to prescribe medications, recommend diagnostic tests, and coordinate care with pharmacies and other healthcare providers as necessary. By securely integrating your data into telemedicine platforms such as Elation Passport, we ensure that your healthcare needs are met with precision and efficiency.

To Process Payments and Manage Transactions: Financial data, such as credit card information, is used to process payments for the services you receive, including telemedicine consultations, prescribed medications, and diagnostic tests. Payments are managed through secure third-party platforms, which adhere to industry-standard security protocols to safeguard your financial details. Additionally, we maintain detailed transaction records for compliance with legal and tax obligations and to resolve any billing inquiries or disputes that may arise.

To Enhance and Maintain Our Platform: Technical data collected from your interactions with our Platform helps us ensure its functionality, reliability, and security. This includes monitoring for unauthorized access, optimizing system performance, and addressing any technical issues that could disrupt your experience. For example, we may analyze usage patterns to improve navigation, troubleshoot compatibility issues with different devices, or implement updates that enhance security features. These efforts are critical for delivering a seamless and secure telemedicine experience.

To Communicate with You: Your contact information is essential for maintaining clear and timely communication with you. We use it to send appointment confirmations, reminders, and follow-ups, as well as to share test results and address any inquiries you may have. In addition, with your consent, we may send occasional promotional or educational materials, such as information about new services, healthcare tips, or special offers. These communications are designed to keep you informed and engaged in your healthcare journey.

To Comply with Legal and Regulatory Obligations: We are required by law to handle your personal and health information in compliance with regulations such as HIPAA. This includes maintaining detailed medical records, ensuring that your data is stored securely, and providing you with access to your records upon request. In the event of a data breach, we are obligated to notify you and the appropriate authorities in accordance with federal and state laws. Compliance with these obligations ensures that your rights as a patient are protected at all times.

To Coordinate with Third Parties: We may share limited information with third parties to facilitate your care and services. For example, pharmacies may receive prescription details to fulfill your orders, and telemedicine platforms like Elation Passport may store and manage your medical records. Payment processors handle your financial transactions securely, while Managed Service Providers (MSPs) may have incidental access to technical data while maintaining the integrity of our systems. In every case, we ensure that these third parties adhere to strict privacy and security standards.

To Improve Our Services: We use aggregated and deidentified data from surveys, feedback forms, and user interactions to evaluate and enhance our services. By analyzing trends and user preferences, we can identify areas for improvement, optimize our telemedicine offerings, and ensure that we are meeting the evolving needs of our patients. This data-driven approach enables us to deliver better healthcare outcomes and a more satisfying user experience.

To Protect Against Fraud and Unauthorized Access: Protecting your information from unauthorized access or misuse is a top priority. We use your data to implement and monitor security protocols that safeguard against fraud, hacking attempts, and other malicious activities. This includes encryption of sensitive information, regular security audits, and monitoring of unusual activity on our Platform. These measures ensure that your data remains secure and your trust in our services is maintained.

With Your Explicit Consent: If we wish to use your information for purposes beyond those listed here, such as participation in research studies or external marketing campaigns, we will first obtain your explicit consent. This ensures that you have complete control over how your information is used and shared.

NO SALE OF DATA

We uphold the highest standards of data privacy and are committed to protecting the personal information of our users. In line with this commitment, we firmly assert that we do not engage in the sale of any user's personal data. This stance is a core element of our privacy practices and reflects our dedication to maintaining the trust and confidence of our users.

For clarity, the term "sale" of data, as used in this Privacy Policy, refers to exchanging, transferring, or otherwise making available of a user's personal data to third parties for monetary or other valuable consideration. We understand the importance of this distinction and assure our users that their personal data will not be treated as a commodity in any business transactions.

It is important to note that this Privacy Policy does not preclude us from sharing data in ways that do not constitute a "sale" as defined above. This includes sharing information with service providers who assist us in operating our Platform, conducting our business, or serving our users, so long as these parties agree to keep this information confidential and use it solely for the purposes we have directed. Moreover, we may disclose personal data when legally required to do so, to comply with a subpoena, bankruptcy proceedings, or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We prioritize transparency in all our data practices and aim to provide our users with control over their personal data. In line with this, we ensure that users are informed about the types of data we collect, the purposes for which we collect it, and the circumstances under which it might be shared, as detailed in other sections of this Privacy Policy.

This No Sale of Data policy is subject to regular review and may be updated to reflect changes in our practices or legal obligations. Any updates will be communicated through revisions to our Privacy Policy, and we encourage users to review this policy periodically to stay informed about how we protect their personal information.

LAWFUL BASIS FOR COLLECTION

We collect and process your information to provide the telemedicine services you request. This includes obtaining your medical history, addressing your health concerns, and delivering personalized care. Collecting this data is necessary for fulfilling our contractual obligations to you as a patient.

We are required to collect and maintain certain information to comply with laws governing healthcare providers. This includes retaining medical records, processing payments in accordance with financial regulations, and adhering to HIPAA guidelines for the secure handling of protected health information (PHI).

In many cases, we collect and use your data with your explicit consent. For example, you provide consent when signing the Telehealth Informed Consent Form, agreeing to participate in telemedicine consultations, or opting in to receive marketing communications. You may withdraw your consent at any time by contacting us, except where processing is required by law.

We process certain types of information to improve our services and ensure the security of our Platform. This includes analyzing user interactions to optimize the functionality of our systems, troubleshooting technical issues, and protecting against fraud or unauthorized access. These activities are essential to maintaining the quality and reliability of our telemedicine services.

When you engage with us to receive telemedicine services, we collect and process your information as necessary to fulfill the terms of our agreement. This includes providing care, managing payments, and coordinating with third parties such as pharmacies and diagnostic labs to deliver the services you have requested.

In rare cases, we may process your information to protect your vital interests or the vital interests of others. For example, this may occur during an emergency where sharing your information with emergency medical personnel is necessary to prevent serious harm.

HOW WE SHARE DATA

We share your health information with healthcare professionals involved in your care, including primary care practitioners, specialists, and other members of your care team. This may include sharing your medical history, test results, and treatment plans to ensure coordinated and effective care.

To fulfill medication prescriptions, we share the necessary details with third-party pharmacies. This ensures that you receive your prescribed medications accurately and promptly.

We use secure third-party payment processors to manage financial transactions. These processors handle your payment details in compliance with industry standards, and we share only the information required to process and document your payments.

Your health information may be stored and managed on platforms such as Elation or Spruce Health, which facilitate your care. These platforms are HIPAA-compliant and governed by strict security and privacy standards.

Our IT and security providers may have incidental access to technical data while maintaining the integrity of our systems. These MSPs are bound by confidentiality agreements and Business Associate Agreements (BAAs) to ensure compliance with HIPAA regulations.

We may disclose your information to government agencies or regulatory bodies as required by law. This includes reporting communicable diseases, responding to regulatory audits, and complying with legal requests such as subpoenas or court orders.

In cases of medical emergencies, we may share your information with emergency personnel to protect your health or safety. This may include providing critical details to ensure timely and appropriate care.

If you authorize specific individuals, such as family members or legal representatives, to access your information, we will share the necessary data with them as directed. You can modify or revoke such authorizations at any time.

We may share limited data with service providers who assist with operational tasks such as accounting (e.g., QuickBooks) or marketing support. These providers are contractually obligated to protect your data and use it only for the purposes specified in their agreements with us.

ATHS is affiliated with Alchemical Transformations Management Group, LLC (“ATMGMT”), where ATMGMT provides management and administrative services to ATHS. Clinical services are rendered by ATHS. Administrative, technology, billing, and support services are provided by ATMGMT, a management services organization (“MSO”). The MSO is not a healthcare provider and does not control clinical decision making. The MSO is bound by confidentiality agreements and BAAs to ensure compliance with HIPAA regulations. The ATHS “Terms and Conditions” govern your use of the services provided by ATMGMT. Please read the “Terms and Conditions” carefully.

We may share information to comply with applicable laws, regulations, or legal processes. This includes responding to law enforcement requests, reporting abuse or neglect, or cooperating with investigations into public health matters.

In circumstances where your information is shared for purposes beyond those listed here, such as for research or marketing activities, we will obtain your explicit consent beforehand.

We do not sell your personal or health information to third parties. Additionally, we take steps to minimize data sharing by disclosing only the information necessary for the specific purpose.

If you have questions or concerns about how your data is shared, please contact us using the information provided in the Contact Us section.

LEGAL COMPLIANCE

As a healthcare provider, we strictly comply with the Health Insurance Portability and Accountability Act (HIPAA), which establishes national standards for protecting the privacy and security of Protected Health Information (PHI). This includes:

  • Implementing physical, administrative, and technical safeguards to protect your PHI.
  • Requiring Business Associate Agreements (BAAs) with third parties who may have access to your information to ensure compliance with HIPAA regulations.
  • Providing you with access to your PHI upon request and notifying you of any breaches in accordance with HIPAA’s breach notification rules.

In addition to HIPAA, we comply with state-specific privacy laws that may impose additional requirements for handling your personal and health information. These laws ensure that your data is processed and stored in accordance with the highest standards of confidentiality.

To safeguard your financial data, we ensure that all payment transactions conducted through third-party processors adhere to PCI DSS, which sets stringent security standards for processing and storing payment card information.

We may be required by law to disclose certain information to public health authorities for purposes such as controlling infectious diseases, reporting adverse events related to medications or medical devices, or addressing other public health concerns. These disclosures are made in compliance with federal, state, and local regulations.

We comply with subpoenas, court orders, and other legal requests when disclosure is required by law. Before disclosing any information, we review such requests to ensure they are lawful and adhere to applicable privacy standards.

In the event of a data breach involving your personal or health information, we are required by law to notify affected individuals and relevant authorities promptly. Our breach notification process complies with federal and state laws, including HIPAA, to minimize potential harm and provide you with guidance on protecting your information.

We comply with regulations governing marketing and communications, including obtaining your explicit consent before sending promotional materials or using your data for marketing purposes. You may opt out of such communications at any time.

We respect your rights as a user, including your right to:

  • Access and obtain a copy of your medical records.
  • Request corrections to your PHI if it is incomplete or inaccurate.
  • Restrict the use or disclosure of your information in certain circumstances.
  • Receive a detailed accounting of disclosures made for purposes other than treatment, payment, or healthcare operations.

DATA SECURITY

We prioritize the security of your personal and health information and employ robust measures to protect it from unauthorized access, disclosure, alteration, or destruction. Below, we detail the safeguards and protocols we have in place to ensure the confidentiality, integrity, and availability of your data:

  • Encryption: We use industry standard encryption protocols to secure data both in transit and at rest. All communications involving sensitive information, including telemedicine consultations, data entry via Jotform, and payment transactions, are encrypted using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) technology. This ensures that your data is protected against interception during transmission.
  • Access Controls: Access to your data is strictly limited to authorized personnel and third parties who require it to perform their job functions. All team members and partners with access to sensitive data are required to follow stringent access control policies, including:
    • Use of unique user IDs and strong passwords.
    • Two-factor authentication for accessing secure systems.
    • Role-based access, ensuring that only those with a legitimate need can view specific information.
  • Data Storage Security: Your data is securely stored on HIPAA-compliant platforms, including Elation Passport, Spruce Health, Google Workspace, and our electronic health record (EHR) system. These platforms implement advanced security measures, such as data encryption, firewalls, and intrusion detection systems, to protect your information.
  • Third-Party Security: We partner with trusted third-party vendors, such as Managed Service Providers (MSPs) and payment processors to provide essential services. Each third-party vendor is thoroughly vetted and required to sign a Business Associate Agreement (BAA) to ensure compliance with HIPAA and other relevant security standards.
  • System Monitoring and Audits: We continuously monitor our systems for unusual activity, unauthorized access attempts, and potential vulnerabilities. Regular security audits and risk assessments are conducted to identify and address any weaknesses in our infrastructure or processes.

In the event of a data breach, we have a comprehensive breach response plan in place to minimize harm and comply with applicable laws. Our response includes:

  • Immediate containment of the breach to prevent further unauthorized access.
  • Notification of affected individuals within the timeframes required by HIPAA and state laws.
  • Reporting the breach to the appropriate regulatory authorities.
  • Implementing corrective measures to prevent future incidents.

To further ensure data security, we encourage you to take proactive steps, such as:

  • Using secure devices and networks to access our Platform.
  • Keeping your login credentials confidential and avoiding sharing them with others.
  • Reporting any suspicious activity or potential security issues to us immediately.

We regularly update our security practices to align with evolving industry standards, emerging threats, and new regulatory requirements. By staying proactive, we ensure that your data remains protected at all times.

DATA RETENTION

We retain your personal and health information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Below, we detail our data retention practices and the steps we take to manage your data responsibly:

  • Medical Records: Your medical records, including any protected health information (PHI), are retained for a minimum of seven (7) years, as required by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws. This retention period ensures continuity of care and compliance with legal obligations.
  • Financial Records: Records related to payment transactions, such as invoices and receipts, are retained for a minimum of seven (7) years to comply with tax and financial reporting requirements.
  • Communications: Emails, text messages, and other correspondence related to your care are retained for six (6) years or longer if required for legal or compliance purposes.
  • Technical Data: Log files and system-generated technical data are retained for a limited time to ensure the security and functionality of our systems. Retention periods for technical data typically range from 90 days to one year unless extended for investigative or compliance purposes.

All retained data is stored securely on HIPAA-compliant platforms, such as Elation Passport, Google Workspace, and our electronic health record (EHR) system. These platforms utilize encryption, access controls, and other advanced security measures to protect your information.

We adhere to the principle of data minimization, ensuring that only the data necessary for providing services, complying with legal requirements, or fulfilling legitimate business needs is retained. Any unnecessary or outdated data is securely deleted or anonymized.

When data is no longer required, we delete or dispose of it securely to prevent unauthorized access or disclosure. This includes:

  • Electronic Data: Permanently deleting files from our systems and ensuring they cannot be recovered.
  • Physical Records: Shredding or securely disposing of paper documents containing sensitive information.

You have the right to request information about how long your data is retained or to request the deletion of specific data, subject to applicable legal and regulatory requirements. To make such a request, please contact us using the details provided in the Contact Us section.

Our data retention policies are reviewed periodically to ensure compliance with evolving legal, regulatory, and business requirements. Updates to these policies will be reflected in this Privacy Policy and communicated to you as needed.

CHILDREN’S PRIVACY

Our Platform is committed to protecting the privacy of children. Consistent with the Children's Online Privacy Protection Act (COPPA) and other applicable laws and regulations, we do not knowingly collect, use, or disclose personal information from children under the age of 18.

  • Age Restriction: Our services are not directed to children under the specified age. We do not knowingly engage in transactions or communications with children under this age. Our Terms and Conditions prohibit users under this age from accessing our Platform and services.
  • Parental Consent and Involvement: If we learn that we have collected personal information from a child under the specified age without parental consent, we will take steps to delete the information as soon as possible. We strongly encourage parents and guardians to take an active role in their children’s online activities and to inform us if they believe their child has provided personal information to us without their consent.
  • Information Collection Practices Regarding Children: In the rare event that we collect personal information from children under the specified age with parental consent, such information will be used solely for the purpose for which it was collected, and in accordance with this Privacy Policy.
  • Access and Deletion Requests by Parents or Guardians: Parents or guardians who believe their child under the specified age has submitted personal information to our Platform can contact us to request access to, or correction or deletion of their child’s personal data.
  • Commitment to Data Security: We understand the importance of safeguarding children’s privacy and security online. We implement stringent security measures to protect children's personal information and comply with relevant legal requirements pertaining to data protection and privacy.
  • Updates to our Children’s Privacy Policy: This policy may be updated periodically to reflect changes in our practices or legal requirements. We encourage parents and guardians to review this policy regularly.
  • Reporting Concerns: We take concerns about children's privacy seriously. If you have any questions or concerns about our Children's Privacy Policy or our practices concerning children’s personal data, please contact us using the information provided in the Contact Us section.

USER RIGHTS

We are committed to ensuring that you have control over your personal and health information. In accordance with applicable laws, including HIPAA and state-specific privacy regulations, you have certain rights regarding your data. This section outlines the rights you have as a user and how you can exercise them.

Right to Access and Obtain Copies of Your Data: You have the right to request access to your personal and health information that we maintain. To request access to your data, please contact us at privacy@alchemicalhealthtx.com. We will provide you with a copy of the requested data within the timeframe required by law and may charge a reasonable fee for copying and mailing costs, where applicable. This includes:

  • Your medical records, including diagnoses, treatment plans, prescriptions, and test results.
  • Any communications related to your care, such as appointment records and progress notes.
  • Financial information related to your payments and transactions.

If you believe any of the information that we hold about you is inaccurate or incomplete, you have the right to request corrections or updates. To do so, you may submit a request to amend your medical records or any other personal information. We will review the request and respond in accordance with applicable legal requirements. If we deny your request, we will provide an explanation in writing, and you may appeal the decision. For any amendments or updates, please contact us at privacy@alchemicalhealthtx.com.

You have the right to request that we delete your personal and health information, subject to certain legal exceptions. We may not be able to honor your request for deletion if the data is necessary for:

  • The provision of healthcare services.
  • Compliance with legal obligations, such as medical record retention or billing requirements.
  • Resolving disputes or protecting against fraud.

You have the right to request restrictions on how we use or disclose your personal and health information. This may include limiting the types of data we process or the parties with whom we share it. If you wish to restrict processing, please contact us at privacy@alchemicalhealthtx.com, and we will evaluate your request. In certain circumstances, you may also object to the processing of your data if you believe that our use of your data does not align with your preferences or legal rights. You may also object to the processing of your data for marketing purposes at any time.

You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another provider or service. To make this request, please contact us, and we will provide your data in the appropriate format within a reasonable period.

If we are processing your personal or health data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, please contact us at privacy@alchemicalhealthtx.com. This includes consent for:

  • Receiving marketing communications.
  • Participating in telemedicine services.

You have the right to opt-out of receiving marketing or promotional materials from us at any time. If you no longer wish to receive marketing emails or communications, you can unsubscribe using the link provided in those communications or contact us directly at privacy@alchemicalhealthtx.com to request that we cease sending you such materials.

In the event of a data breach affecting your personal or health information, we will notify you as required by law. You have the right to be informed of any breach that may compromise your data and the actions we are taking to mitigate the impact. If you believe that your data has been compromised, please contact us immediately at privacy@alchemicalhealthtx.com, and we will assist you with any necessary steps.

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with a regulatory authority. You can contact us directly at privacy@alchemicalhealthtx.com to lodge a complaint. Additionally, if you are not satisfied with our response, you may file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, or the relevant state authorities.

If you prefer to receive communications in a particular manner or at a specific location (e.g., only by email or phone), you can request that we accommodate your preferences. We will make reasonable efforts to honor your request. Please contact us at privacy@alchemicalhealthtx.com to make such a request.

Certain rights may be subject to limitations based on applicable law. For example, we may not be able to delete your data if retention is required for legal or regulatory reasons, or we may be required to retain your medical records for a certain period. In such cases, we will provide an explanation and adhere to legal requirements.

To exercise any of the rights outlined above, please submit a request to us via email at privacy@alchemicalhealthtx.com or use the contact information provided in the Contact Us section. We will process your request as soon as possible and in accordance with the applicable legal timelines.

THIRD-PARTY LINKS

Our Platform may contain links to third-party websites or services that are not operated or controlled by us. These third-party links are provided for your convenience and reference only. Please note that we have no control over the content, policies, or practices of these third-party websites or services.

By clicking on these third-party links, you acknowledge and agree that we are not responsible for the privacy practices or the content of such websites or services. This Privacy Policy applies solely to the information collected by our Platform. We encourage you to read the privacy policies of any third-party websites you visit to understand their data collection, use, and disclosure practices.

While we strive to include only reputable and trusted third-party links on our Platform, we cannot guarantee the accuracy, completeness, or quality of the information, products, or services provided on these external sites. The inclusion of any third-party link on our Platform does not imply our endorsement, sponsorship, or recommendation of the linked website or its content.

Please be aware that when you leave our Platform and access a third-party website, your interactions and any information you provide are subject to the terms and policies of that website. We encourage you to exercise caution and review the privacy policies of any website you visit.

THIRD PARTY SERVICES

We work with various third-party services to facilitate our telemedicine offerings, process payments, manage data securely, and provide you with a seamless experience. Below is a detailed overview of the third-party services we use, how they interact with your data, and the safeguards in place to ensure your privacy:

  • Telemedicine Platforms: We use platforms like Elation Passport and Spruce Health to manage your medical records, facilitate virtual consultations, and coordinate your care. These platforms are HIPAA-compliant and adhere to strict privacy and security standards. By using these services, you may also be subject to their individual terms and privacy policies, which require your consent.
  • Payment Processors: We use third-party payment processors such as North American Bancard to securely process payments for telemedicine consultations, medications, and diagnostic tests. These services handle your financial information in compliance with the Payment Card Industry Data Security Standards (PCI DSS) to ensure your transactions are protected. While we do not store your credit card details, payment processors may retain them for transaction verification and compliance purposes.
  • Data Storage and Security Providers: Your data is securely stored on Google Workspace, which we use for managing email communications and other business operations. Google Workspace complies with HIPAA and provides encryption and advanced security measures to protect your data. We also partner with Managed Service Providers (MSPs) to secure our systems and devices. While MSPs may have incidental access to technical data during maintenance or support, they are bound by Business Associate Agreements (BAAs) to ensure compliance with HIPAA regulations.
  • Pharmacies: To fulfill prescription orders, we share necessary details with third-party pharmacies. This includes your name, contact information, and prescription details. These pharmacies are required to handle your information in compliance with applicable privacy laws.
  • Accounting and Financial Tools: We use QuickBooks and North American Bancard to manage financial records and track transactions. Financial data, such as payment amounts and transaction details, may be processed through this system to maintain accurate financial reporting and compliance with tax regulations.
  • Marketing and Advertising Services: We may work with platforms such as Google Analytics to understand user engagement and improve our services. If LegitScript certification is obtained for advertising purposes, minimal data may be collected to ensure compliance with advertising standards. These services are implemented with a privacy conscious approach, and only non-identifiable data may be collected for analytics purposes.
  • Jotform: We use Jotform to securely collect information you provide, such as your medical history, emergency contacts, and consent forms. Jotform is HIPAA-compliant and employs encryption and other safeguards to protect your submitted data.

Third-Party Providers’ Terms and Policies: When interacting with third-party services, such as telemedicine platforms, payment processors, or marketing providers, you may be subject to their terms and conditions, as well as their privacy policies. We encourage you to review these documents to understand how these providers handle your information.

HOW TO EXERCISE YOUR RIGHTS

To exercise any of your rights, you are invited to submit a formal request via email to our designated Privacy Rights email address, which is privacy@alchemicalhealthtx.com. This dedicated channel ensures that your inquiries are handled promptly and efficiently by our Privacy Compliance team.

Upon receipt of your request, we may need to verify your identity to protect your data from unauthorized access. This verification may require you to provide additional information, such as a copy of a government-issued identification or answering security questions related to your account.

We are committed to responding to your request within the time frame required by applicable law, typically within one month of receiving a verifiable request. If we require more time, we will inform you of the reason and extension period in writing.

If you have questions about the type of personal data that we hold about you or the ways in which we use it, our Privacy Compliance team is available to provide the necessary clarifications. We strive to ensure you have full understanding and control over your personal data.

You will not be required to pay a fee to access your personal data or to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

There may be situations where we are legally permitted or required to deny your request or where exceptions to your rights apply. If we cannot comply with your request, we will explain the reasons to you.

Our commitment to your privacy does not end with the submission of a request. We will continue to provide you with assistance and support as you exercise your rights and will ensure ongoing compliance with all data protection laws and regulations.

DO NOT TRACK SIGNALS

Our Platform currently does not respond to "Do Not Track" (DNT) signals from web browsers. DNT is a privacy preference that you can set in your web browser to indicate your preference regarding the tracking of your online activities.

While many web browsers support the DNT feature, there is no standard interpretation or industry consensus regarding the meaning of DNT signals. As a result, our Platform does not currently recognize or respond to DNT signals.

Please note that even if you have enabled the DNT feature in your web browser, certain third-party services integrated into our Platform may still collect and track your online activities in accordance with their own privacy policies. We encourage you to review the privacy policies of these third-party services for more information on their tracking practices.

MODIFICATION

We reserve the right to modify or update this Privacy Policy at any time. Any changes we make will be effective immediately upon posting the revised Privacy Policy on our Platform. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

By continuing to use our Platform after any changes to this Privacy Policy, you acknowledge and agree to the updated terms. It is your responsibility to review this Privacy Policy periodically and ensure that you are aware of any modifications. If you disagree with any changes, you should discontinue your use of our Platform and contact us if you would like to request the deletion of your personal information.

Please note that any provision of this Privacy Policy that imposes an obligation on you or grants us a right will survive the termination or expiration of this Privacy Policy or your use of our Platform.

CONTACT US

We value open communication with our users and welcome any questions, concerns, or feedback regarding this Privacy Policy or our data handling practices. Our dedicated team is committed to addressing your inquiries and providing timely and clear responses. Please find below the various channels through which you can reach us:

  • Email Communication: For direct and convenient communication, you can email us at privacy@alchemicalhealthtx.com. We aim to respond to all email inquiries within 48 hours during business days.
  • Accessibility: We are committed to ensuring that our communication channels are accessible to all our users, including those with disabilities. If you require any special accommodations, please let us know, and we will do our best to assist you.
  • Language Support: Our customer service team is capable of handling inquiries in multiple languages. If you require assistance in a language other than English, please indicate this in your communication, and we will endeavor to accommodate your needs.

We are dedicated to providing a prompt response to all inquiries. If your issue requires more in-depth investigation, we will keep you informed about the status of your query and provide a timeframe for resolution.