NuBalance Health

Comprehensive Consumer Health Data Privacy Policy

HIPAA-Compliant | Effective Date: January 4, 2025

Contact: info@nubalance.health | 678-313-5106

NuBalance Health LLC

NuBalance Health LLC (“NuBalance Health,” “we,” “our,” or “us”) is a health and wellness provider committed to respecting the privacy and security of your protected health information (PHI) and consumer health data (CHD). This Consumer Health Data Privacy Policy (“Policy”) outlines how we collect, use, disclose, and protect your information when you engage with our services. It also explains your rights under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and applicable state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA) and Washington’s My Health My Data Act (MHMDA)

This Policy applies to all data NuBalance Health handles in the course of delivering healthcare services, including telehealth, in-clinic consultations, hormone replacement therapy, weight loss programs, diagnostic lab orders, and more.

2. Definitions

Protected Health Information (PHI): Individually identifiable health information maintained or transmitted in any form or medium by a covered entity or business associate.

Consumer Health Data (CHD): Any personal data that is linked or reasonably linkable to an individual and identifies the individual’s past, present, or future physical or mental health status, as defined by applicable state law.

HIPAA Covered Entity: NuBalance Health is a covered entity under HIPAA, which means we must follow all applicable HIPAA Privacy, Security, and Breach Notification Rules.

Business Associate: A person or organization that performs functions or activities on behalf of, or provides services to, a covered entity that involve access to PHI.

3. Scope of This Policy

This Policy governs how NuBalance Health:

  • Collects, uses, stores, and discloses PHI and CHD.

  • Protects your privacy through organizational, administrative, and technical safeguards.

  • Provides you with rights over your data.

  • Complies with HIPAA, HITECH, and other consumer data privacy regulations.

This Policy applies to all employees, contractors, vendors, and healthcare professionals operating under or on behalf of NuBalance Health.

3.1. Policy

Information We Collect About You and How It’s Collected

A Information About You and Your Health Care Treatment and Payment.
We collect several types of information from and about users of our Platform, including:

1 Information by which you may be personally identified, such as name, mailing address, email address, telephone number and account information, postal address, gender, occupation, billing and collection information that you provide to us, information related to your eligibility, or any other information collected on the Platform that is defined as personally identifiable information under applicable law (“Personal Information”).

2 Health-related information, such as clinical history, treatment records, and any other communications exchanged in emails, texts, chats, or calls between you and us. This information will be handled in compliance with HIPAA and other applicable health privacy regulations.

3 Information about your Internet connection, the equipment you use to access our Platform, and usage details.

4 Information about you, such as whether you are a current user, your product interests, location or demographics, or information related to your inquiry or request.

B Information We Share with Third Parties.
We collect this information:

1 Directly from you when you provide it to us.

2 Automatically as you navigate through the Platform (e.g., usage details, IP address, and information collected through cookies, web beacons, and other tracking technologies).

3 From third-parties, including physicians, medical professionals, pharmacies, and partners such as Meta, Google Analytics, Google Ads. We may also receive information about you from your social media accounts if you use those accounts to sign-in to your account with us.

C Information You Give to Us.
The information we collect on or through our Platform may include:

1 Information that we collect when you browse our website or download one of our mobile apps. Even without creating an account, we still may collect from you some of the information described in this Section II: INFORMATION WE COLLECT ABOUT YOU AND HOW IT IS COLLECTED.

2 Information that you provide on our Platform, including information provided when you sign in or register for an account on the Platform or for services provided by one of our affiliates, or through communications with you through the Platform or as a result of any healthcare services.

3 Information to process or respond to your inquiries related to requests for treatment, payment, customer service; and when you provide feedback on our Platform, including payment processing information that includes billing information, such as a name, address, email address, and payment card information. When you provide or update your payment processing information, we transmit the payment via an encrypted connection to a third-party credit card processor.  Adonis does not collect or store your full credit card details.

4 Records and copies of your correspondence (including email addresses) if you contact us, such as when you report an issue with our Platform or other services.

5 Information that you provide for display or posting on the Platform, including information provided in social media and/or testimonials. If you provide a testimonial, your first name will be posted along with the testimonial. Please remember that testimonials are located in the public areas of our Platform. Do not provide information for display or posting on the Platform that you would not want others to save or share. Your search queries on the Platform. As with many other websites and applications, as you navigate through and interact with our Platform, we may use automatic data tracking technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  1. Details of your visits to our Platform, including traffic data, location data, logs, language, date and time of access, frequency, and other communication data and the resources that you access and use on the Platform.

  2. Information about your computer and Internet connection, including your IP address, operating system, host domain, and browser type.

  3. Details of referring websites (URL). We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). The information we collect automatically includes statistical data and may also include Personal Information. We may also maintain it or associate it with Personal Information you provide to us or that we collect in other ways or receive from third parties. It helps us to improve our Platform and to deliver a better and more personalized service, including by enabling us to:

  • Estimate how individuals access and use our Platform;

  • Store information about your preferences;

  • Speed up your searches; and

  • Recognize you when you return to our Platform.

As with many other websites and applications, our Platform may use “cookies” or other data tracking technologies (collectively “cookies”) to help us deliver content specific to your interests, to process your requests, and/or to analyze your visiting patterns.

We may collect the following types of information about your visit including:

1 The domain from which you access the Internet;  

2 IP address; operating system and information about the device or browser used when visiting the Platform;

3 Date and time of your visit;

4 Content you visited;

5 General location; and

6 Website (such as google.com) and website referral source (such as email notice or social media site) that connected you to the Platform.

Our Platform uses two types of cookies: single-session (temporary) and multi-session (persistent). 

  • Temporary cookies last only as long as your web browser is open, and are used for technical purposes such as enabling better navigation through our Platform. Once you close your browser, the cookie disappears. 

  • Persistent cookies are stored on your computer for longer periods and are used for purposes including tracking the number of unique visitors to our Platform and information such as the number of views a page gets, how much time a user spends on a page, and other pertinent web statistics. 

We will not use cookies on their own, by themselves, and will not be used by Adonis to disclose your individual identity. Cookies help identify your browser to our servers when you use the Platform. We also use different types of first- and third-party cookies on the Platform. For example, we use cookies to track user trends and patterns. This helps us better understand and improve areas of the Platform that our users find valuable. Additionally, we use cookies to personalize content and ads, to provide social media features and to analyze our traffic. This is information we receive about you if you use any of the other websites we operate or other services we provide. We sometimes work with third parties and they sometimes provide information about you. We obtain information from such third-parties with whom we work to provide you with certain services (including, for example, sub-contractors, analytics providers, advertising networks, and search information providers, or third parties who share your information to provide health care services to you, such as a medical provider including your information when they message or communicate with other medical providers. In addition, we may use third-party providers to serve or track interactions on other websites. We may combine information we receive from other sources with information you give to us and information we collect about you. Depending on the types of information received, we will use the information received from other sources or the combined information for the purposes described below.

How We Use Your Information

We may use information collected about you, including Personal Information, in the following ways:

  • To complete any registration or other transactions or actions you request online, such as payment processing, including determining eligibility, use, and other benefits.

  • For treatment, payment, or healthcare operational purposes.

  • To communicate with you about our healthcare services and information, products, and services that you request from us (which may include telephone, voicemail, email, SMS/text messages, or notifications within the Platform).

  • To contact you if you receive healthcare services resulting from your use of the Platform.

  • To administer your account, including processing your payments and fulfilling your orders if you receive healthcare services, including treatment, resulting from your use of the Platform.

  • To operate the Platform and perform any services associated with the Platform, including providing you with technical support and to improve the Platform and our products and services.

  • To provide you with information that you have requested or to respond to your inquiries.

  • To create de-identified information that cannot be used to personally identify you, such as aggregate statistics relating to the use of our service.

  • To measure or understand the effectiveness of communications (including advertising) that we send to you and others, and to deliver relevant communications to you and to provide you with communications from Adonis, surveys, newsletters, and other information.

  • To better understand our audience.

  • To enhance the safety and security or performance of our products and services. This includes verifying your identity, implementing safeguards to protect personal and health-related data, and preventing or detecting fraud or other unauthorized or illegal activities.

  • To design, develop, and communicate with you about our features, products, and services, or, subject to any consents or authorizations that are required by applicable law, those of our subsidiaries, affiliates, and parent companies and any of their related businesses and those of our third-party partners.

  • To notify you about changes to our services or the Platform.

  • To enforce this Privacy Policy and any other terms that you have agreed to, including to protect the rights, property, or safety of us or any other person, or the copyright-protected content of the Platform.

  • For any purpose where you have given your consent (where legally required).

  • To comply with applicable federal, state, and other laws and regulations.

disclose Personal Information

We may disclose Personal Information that we collect, or you provide as described in this Privacy Policy as below:

  • For treatment, payment, or healthcare operations purposes.

  • To anyone authorized under this Privacy Policy or pursuant to any other consent or authorization that you may provide.

  • To service providers that assist us in the maintenance, improvement, and optimization of our Platform, such as service providers that help us run and maintain the technology and security infrastructure that support our Platform or that provide services such as email delivery, auditing, and similar services, in accordance with applicable privacy laws and security standards.

  • To medical providers, including without limitation, physicians, healthcare facilities and organizations, pharmacies, and laboratories that provide any services to you, including medical providers with whom you communicate and/or medical providers who review your information in providing healthcare services to you. You acknowledge and agree that when medical providers provide services to you, the medical providers and all personnel of their professional entities may see any information you provide.

  • To our affiliates and their employees, including for the purpose of posting information or notifications about healthcare services in your account.

  • To fulfill the purpose for which you provide it. For example, if you sign up for certain services, we may share your information in order to provide those services.

  • To third-party credit card processors via an encrypted connection so that they can process any payments by you.

  • To any third-parties we believe necessary or appropriate to comply with applicable laws.

  • To entities that assist us with marketing and advertising.

  • For any other purpose disclosed by us when you provide the information or with your consent.

  • If we are under a duty to disclose or share your Personal Information in order to comply with applicable law.

  • If we are under a duty to disclose or share your Personal Information to comply with any legal obligation, or in order to enforce or apply our Terms of Service and other agreements; or to protect the rights, property, or safety of Adonis, our customers or others. This may include exchanging information with other companies and organizations for the purposes of fraud protection and identity verification to prevent unauthorized access to health-related information.

  • With respect to de-identified information, for any purpose without restriction.

  • In the event of a sale, merger, consolidation, change in control, transfer of substantial assets, reorganization, or liquidation, we may transfer, sell, or assign to third-parties information concerning your relationship with us, including, without limitation, Personal Information that you provide and other information concerning your relationship with us.

4. Our Legal Responsibilities

4.1. Duty to Protect

NuBalance Health is legally obligated under HIPAA and applicable state law to:

  • Maintain the privacy and security of your PHI and CHD.

  • Provide you with this notice of our legal duties and privacy practices.

  • Follow the terms of this Policy.

  • Notify you in the event of a breach of your unsecured PHI.

  • Implement appropriate physical, technical, and administrative safeguards to ensure data confidentiality, integrity, and availability.

4.2. Compliance Standards

We follow the standards set forth by:

  • HIPAA Privacy Rule

  • HIPAA Security Rule

  • HIPAA Breach Notification Rule

  • HITECH Act

  • State consumer health privacy laws (e.g., MHMDA, CPRA)

  • Federal Trade Commission (FTC) guidance on consumer health data

5. Information We Collect

5.1. Directly from You

We collect the following when you access our services:

  • Full name, address, contact details

  • Medical history and treatment information

  • Hormonal, metabolic, or reproductive data

  • Billing, payment, and insurance information

  • Login credentials and communications

5.2. Automatically

We collect data via cookies, analytics tools, or platform integrations:

  • IP address, device type, browser, and location

  • Session logs and interaction data on our websites or mobile apps

5.3. From Third Parties

We may collect information from:

  • Referral clinics and laboratories

  • Insurance payers

  • Telehealth platforms

  • Partner pharmacies

  • Public databases (when legally allowed)

6. How We Use Your Data

NuBalance Health uses PHI and CHD for the following:

6.1. Treatment

  • To diagnose your condition

  • To provide medication or peptide therapy

  • To coordinate with other providers

6.2. Payment

  • To bill your insurer or third-party payer

  • To process copayments and financial transactions

6.3. Healthcare Operations

  • Quality improvement, training, and audits

  • Internal analytics for program effectiveness

  • Credentialing and peer review of clinicians6.4. Communication

  • Appointment confirmations and reminders

  • Lab result delivery

  • Program follow-ups via email, SMS, or video call

6.5. Legal and Regulatory Compliance

  • To fulfill public health reporting obligations

  • To respond to subpoenas or court orders

  • To comply with audits or investigations

7. Disclosures Permitted Without Authorization

NuBalance Health may disclose your PHI/CHD without your written authorization in these situations:

  • To Public Health Authorities (e.g., CDC, FDA)

  • For Judicial or Administrative Proceedings

  • To Coroners or Medical Examiners

  • For Organ Donation

  • To Prevent or Lessen Serious Threats to Health or Safety

  • To Law Enforcement (when permitted under HIPAA)

All such disclosures are documented and limited to the minimum necessary data.

8. Disclosures That Require Your Authorization

NuBalance Health will obtain your written authorization before disclosing PHI/CHD:

  • For marketing purposes

  • For sale of health data

  • For research (unless de-identified)

  • For disclosure to non-affiliated third parties not directly involved in your care

You may revoke any previously signed authorization at any time in writing.

9. Your Rights

You have specific legal rights regarding your health data:

9.1. Right to Access

You may request a copy of your health records in paper or electronic form.

9.2. Right to Amend

If you believe your records are incorrect, you can request a correction.

9.3. Right to Restrict Disclosure

You may ask us not to share certain information with specific parties, such as insurance companies.

9.4. Right to Confidential Communications

You may ask us to contact you in a specific way (e.g., private phone line or mailing address).

9.5. Right to Accounting of Disclosures

You may request a list of who has accessed your data over the past six years (excluding treatment, payment, and operations).

9.6. Right to File a Complaint

You may file a complaint with NuBalance Health or the U.S. Department of Health and Human Services (HHS) if you believe your rights were violated.

10. Data Protection Measures

10.1. Administrative Safeguards

  • HIPAA training for all staff

  • Privacy Officer oversight

  • Policies for minimum necessary use

10.2. Technical Safeguards

  • Data encryption in transit and at rest

  • Multi-factor authentication

  • Secure cloud hosting and firewall protection

10.3. Physical Safeguard

  • Restricted facility access

  • Secure disposal of printed PHI

  • Locked file storage and camera monitoring

11. Retention and Destruction

We retain PHI and CHD as long as necessary to fulfill the purpose of collection or to comply with state/federal retention rules. When no longer needed, data is securely destroyed:

  • Electronic data is purged or wiped using certified tools.

  • Paper documents are shredded or incinerated.

12. Consumer Health Data-Specific Provisions

In accordance with emerging state CHD laws (e.g., WA MHMDA, CA CPRA), we extend these additional rights:

  • Right to Know What CHD is Collected and Why

  • Right to Withdraw Consent for Collection or Sharing

  • Right to Request Deletion of CHD

  • Right to Data Portability

We do not sell your CHD and do not share it for third-party advertising purposes.

13. Breach Notification Policy

In the event of a data breach involving your PHI or CHD:

  • We will notify you via email, mail, or phone within 60 days.

  • The notification will include what data was involved, what we are doing to mitigate the risk, and how you can protect yourself.

  • We will report the breach to HHS as required by law.

14. Children’s Privacy

We do not knowingly collect or use health information from children under age 13 without verified parental consent. If we learn that data from a child has been collected improperly, we will delete it immediately.

15. Changes to This Policy

We may update this Policy periodically to reflect changes in law, practice, or technology. The updated version will be posted on our website with a new effective date. Continued use of our services after such changes constitutes acceptance.

16. Questions or Complaints

If you have questions or concerns about this Policy or wish to exercise your rights, contact:

NuBalance Health Privacy Officer

info@nubalance.health

678-313-5106

If you believe your rights under HIPAA or state law were violated, you may also file a complaint with:

U.S. Department of Health and Human Services

Office for Civil Rights

https://www.hhs.gov/hipaa/filing-a-complaint/

Logo resembling an element from the periodic table, with black background and white border, displaying 'Nu' in large white letters, and 'Nubalance Health' written below.