Health by Design Medical Group

Last Updated: March 23, 2026

Health by Design Medical Group ("Health by Design," "we," "us," or "our") is committed to protecting your privacy and safeguarding your personal information.

This Privacy Policy ("Policy") applies to your use of our websites, digital platforms, and communication tools (collectively, the "Services"), as well as interactions with our employees, contractors, and authorized representatives.

This Policy explains how we collect, use, disclose, and protect your Personal Information. It applies to Personal Information processed in connection with our Services or communications with you.

Important: This Policy does not apply to Protected Health Information ("PHI"), which is governed by applicable healthcare privacy laws and our separate Notice of Privacy Practices. By using our Services, you agree to the terms of this Policy.

1. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised "Last Updated" date.

Your continued use of our Services after changes become effective constitutes your acceptance of the updated Policy.

2. Personal Information We Collect

"Personal Information" means any information that identifies, relates to, or could reasonably be linked to you.

A. Information You Provide

We may collect information you provide directly, including:

• Name, email address, phone number

• Address and date of birth

• Payment and billing information

• Information submitted through forms, surveys, or inquiries

• Communications with our team

B. Communications Data

When you contact us (via website, email, phone, or messaging), we may collect:

• Contact details

• Message content

• Purpose of inquiry

• Records of our response

C. Usage Data

We automatically collect certain data when you use our Services:

• IP address and device identifiers

• Browser type and operating system

• Pages visited and time spent

• Referring URLs

D. Mobile Device Information

If you access Services via mobile device, we may collect:

• Device type and operating system

• Unique device identifiers

• Usage behavior

We do not share mobile opt-in or consent data for marketing purposes.

E. Location Information

We may collect general location data based on IP address or, with permission, device location services to:

• Improve service relevance

• Provide region-specific offerings

F. Information from Partners

We may receive your information from:

• Employers or sponsoring organizations

• Business partners providing access to our Services

3. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience.

Types of Cookies We Use

• Strictly Necessary Cookies: Required for core functionality

• Performance Cookies: Help us understand usage and improve Services

• Third-Party Cookies: Provided by service providers (e.g., analytics tools)

How We Use Cookies

• Enable functionality

• Improve performance

• Personalize experience

• Support marketing and analytics

You can manage cookie preferences through your browser settings.

4. Analytics & Tracking

We may use analytics tools (such as Google Analytics) to collect:

• Device and browser data

• Pages visited and session duration

• Geographic region (general)

• Referral sources

This data helps us improve our Services and user experience.

5. How We Use Your Information

We use Personal Information to:

Provide Services

• Deliver healthcare-related services and support

• Verify identity

• Process transactions

Operate Our Business

• Maintain and improve Services

• Develop new features

• Conduct internal analytics

Communicate With You

• Respond to inquiries

• Provide customer support

• Send administrative updates

Marketing

• Share relevant updates and offerings

• Send newsletters (with opt-out options)

Security

• Detect and prevent fraud or misuse

• Protect systems and users

Legal Compliance

• Comply with applicable laws and regulations

6. Sharing of Information

We do not sell your Personal Information.

We may share information as follows:

Service Providers

With trusted vendors who support our operations (e.g., hosting, analytics, billing), under strict confidentiality obligations.

Business Clients

If Services are provided through your employer or organization, we may share necessary information to deliver those Services.

Legal Requirements

When required to:

• Comply with laws or legal processes

• Protect rights, safety, or property

• Prevent fraud or illegal activity

Business Transfers

In connection with mergers, acquisitions, or asset sales.

7. Data Security

We use administrative, technical, and physical safeguards to protect your information, including encryption where appropriate.

However, no system is completely secure. You are responsible for:

• Protecting your login credentials

• Using secure devices and networks

If you suspect unauthorized access, please contact us immediately.

8. Children's Privacy

Our Services are not intended for children under 18 without parental or guardian involvement.

Parents or guardians may:

• Provide information on behalf of a child

• Request access to or deletion of a child's data (subject to legal requirements)

9. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for their privacy practices.

We encourage you to review their policies before sharing information.

10. Social Media

If you interact with us on social media platforms:

• Information you share may be publicly visible

• Third-party platforms govern their own data practices

11. International Data Transfers

If you access our Services from outside your country of residence, your information may be processed in other jurisdictions, which may have different data protection laws.

12. Your Rights & Choices

Depending on your location, you may have rights to:

• Access your Personal Information

• Request corrections

• Request deletion

• Opt out of marketing communications

To exercise your rights, please contact us using the details below.

13. California Privacy Rights (If Applicable)

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal data is collected

• Right to request deletion

• Right to non-discrimination

We do not sell personal data as defined under CCPA.

14. Changes to This Policy

We may update this Policy periodically. Material changes will be communicated as required by law.

15. Contact Us

If you have any questions or requests regarding this Privacy Policy, please contact:

Health by Design Medical Group
Jerry Garcia – Chief Privacy Officer
Email: jerry.garcia@healthbydesign.com