Privacy Policy

Who We Are

Bold You Wellness LLC (“Bold You,” “we,” “our,” or “us”) is a Delaware limited liability company operating as a telehealth technology platform. We connect patients (“you”) with independent licensed healthcare providers and coordinate clinical care, pharmacy fulfillment, and wellness coaching services.

Bold You Wellness LLC is a Business Associate under HIPAA with respect to Protected Health Information handled on behalf of the independent healthcare providers in our network. We also operate as a covered entity in certain contexts. See Section 5 for more information about how we handle Protected Health Information.

Our principal place of business is in the United States. We currently serve patients in North Carolina, South Carolina, Florida, and Georgia.

Information We Collect

2.1 Information You Provide Directly

When you create an account, complete intake forms, or interact with our platform, we collect:

• Identity information: Full name, date of birth, biological sex, government-issued ID (for identity verification where required)
• Contact information: Email address, phone number, mailing address for medication delivery
• Health and medical information: Current weight, height, BMI, medical history, current medications, allergies, symptoms, goals, and responses to clinical intake questionnaires
• Payment information: Credit/debit card numbers, FSA/HSA card details (processed by our PCI-compliant payment processor; we do not store raw card numbers)
• Communications: Messages you send to providers, coaches, or support staff via our platform
• Account credentials: Username and encrypted password

2.2 Information Collected Automatically

When you use our website or mobile application, we automatically collect:

• IP address and approximate geolocation
• Device type, operating system, and browser information
• Pages visited, time spent, and navigation paths
• Referral URLs (how you arrived at our site)
• Session identifiers and authentication tokens

2.3 Information from Third Parties

We may receive information from:

• Clinical partners: Lab results, pharmacy records, and clinical notes from providers in our network
• Identity verification services: Identity confirmation data
• Payment processors: Transaction confirmation and fraud signals
• Analytics providers: Aggregated usage and performance data

How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing Clinical Services

• Routing your intake to an appropriate licensed provider in your state
• Facilitating provider review and prescription decisions
• Coordinating medication fulfillment through our pharmacy partners
• Scheduling and conducting care coaching sessions
• Sending medication delivery notifications and clinical reminders

3.2 Account and Subscription Management

• Creating and maintaining your patient account
• Processing subscription payments and renewals
• Communicating about your account, billing, and plan changes
• Responding to support inquiries

3.3 Safety and Compliance

• Preventing fraud, identity theft, and unauthorized access
• Complying with applicable laws and regulations, including HIPAA
• Responding to lawful legal process and government requests

3.4 Service Improvement

• Analyzing aggregate, de-identified usage patterns to improve our platform
• Conducting internal research on program effectiveness (using de-identified data only)
• Testing new features and optimizing patient experience

3.5 Communications

• Sending transactional communications about your program and account
• Sending clinical education and wellness content (with your consent)
• Sending promotional communications about new programs or features (you may opt out at any time)

When We Share Your Information

We do not sell your personal information to advertisers or data brokers. Ever.

We share your information only in the following circumstances:

4.1 Clinical Care Delivery

We share your health information with the independent licensed providers assigned to your care, our pharmacy partners fulfilling your prescriptions, and laboratory partners conducting ordered diagnostic tests. These disclosures are governed by HIPAA Business Associate Agreements and our Notice of Privacy Practices.

4.2 Service Providers

We share information with vendors who help us operate our platform, including payment processors, cloud infrastructure providers, identity verification services, and communication tools. All service providers are contractually required to protect your information and may only use it for the specific services they perform for us.

4.3 Legal Requirements

We may disclose your information when required by law, court order, or other legal process; when necessary to protect the safety of you or others; or in response to a request from a regulatory or law enforcement authority with jurisdiction.

4.4 Business Transfers

If Bold You Wellness is acquired, merged with, or transfers substantially all of its assets to another entity, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our platform prior to such a transfer.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Protected Health Information (PHI)

Certain information we collect constitutes Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). PHI includes any health information that identifies you or could be used to identify you.

Our handling of PHI is governed separately by our Notice of Privacy Practices (HIPAA Notice), which you can find at boldyouwellness.com/hipaa. The HIPAA Notice describes your rights with respect to PHI, including the right to access, amend, and request restrictions on use of your PHI.

In general, we use and disclose PHI only as permitted under HIPAA: for treatment, payment, and healthcare operations purposes; as required by law; or as otherwise permitted with your written authorization.

Cookies & Tracking Technologies

We use cookies and similar technologies (web beacons, pixel tags) to operate our platform, remember your preferences, analyze usage, and deliver relevant communications.

6.1 Types of Cookies We Use

• Essential cookies: Required for the platform to function (authentication, session management). Cannot be disabled.
• Analytics cookies: Help us understand how our platform is used (Google Analytics, anonymized). You may opt out via your browser settings or Google's opt-out tools.
• Preference cookies: Remember your settings and preferences.
• Marketing cookies: Used to measure the effectiveness of advertising campaigns. We do not use these cookies to display targeted ads based on your health information.

You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

Your Privacy Rights

Depending on your state of residence, you may have the following rights with respect to your personal information:

• Right to access: Request a copy of the personal information we hold about you
• Right to correct: Request correction of inaccurate personal information
• Right to delete: Request deletion of your personal information (subject to legal retention requirements and HIPAA obligations for health records)
• Right to opt out of marketing: Unsubscribe from promotional communications at any time
• Right to data portability: Receive your data in a machine-readable format
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your rights, contact us at privacy@boldyouwellness.com or via your patient portal. We will respond within 30 days.

For rights specific to your Protected Health Information, refer to our HIPAA Notice of Privacy Practices.

Data Security

We implement administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls limiting who can access patient information
• Multi-factor authentication for administrative access
• Regular security assessments and penetration testing
• HIPAA-compliant infrastructure and Business Associate Agreements with all vendors
• Employee training on data security and privacy practices

No security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you as required by applicable law, including HIPAA Breach Notification Rules.

Children's Privacy

Bold You Wellness services are intended for adults 18 years of age and older. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe we have collected information from a minor, please contact us immediately at privacy@boldyouwellness.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email and/or by posting a prominent notice on our platform at least 30 days before the changes take effect. The “Last Updated” date at the top of this policy reflects the date of the most recent revision.

Your continued use of our services after the effective date of an updated Privacy Policy constitutes your acceptance of the updated terms.

Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us: