PRIVACY POLICY

This Privacy Policy (“Policy”) supplements Hemma Wellness Group LLC’s (“Hemma Wellness,” “we,” “us,” or “our”) Terms and Conditions. It describes how we collect, use, maintain, protect, and disclose your personal information when you use our website, digital platforms, and telehealth services (the “Services”).

This policy applies only to information we collect:
-Through the services.
-In communications, including email, text, chat, or other electronic messages, between you and the Services.

By “Personal Data or Personal Information,” we mean information that identifies you or can reasonably be used to identify you. Please read this Policy carefully. If you do not agree, you should not use our Services. By accessing or using our Services, you agree to this Policy. We may update this Policy periodically, and continued use of the Services indicates acceptance of those changes.

Please read this policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this privacy policy. This policy may change from time to time. Your continued use of the Services after we make changes as described here is deemed to be acceptance of those changes, so please check the policy periodically for updates. 
‍
1. Platform and Provider Portals
‍Hemma Wellness does not presently provide medical advice or operate a patient portal. Our role is to help you engage with independent medical groups and licensed clinicians who deliver care. If you qualify through initial questions on our site, you will be invited to schedule with a provider and complete intake on that provider’s own patient portal and related systems operated by the provider or its service providers. Those systems may display Hemma branding, but are operated by the provider or its service providers. Payment for clinical services, diagnosis or treatment, telehealth encounters, lab work, and prescription fulfillment take place through those provider operated systems and third party labs or pharmacies, not on Hemma’s website. Your relationship with the provider and your use of the provider’s systems are governed by the provider’s privacy notices and the provider’s service providers, not this policy.

2. Protected Health Information (PHI) and HIPAA
‍Some of the information you provide may be considered Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Hemma Wellness itself does not practice medicine or dispense medication. Instead, clinical services are provided by licensed U.S. telehealth providers.
-PHI is protected under HIPAA and our providers’ Notice of Privacy Practices (NPP).
-If there is any conflict between this Policy and our HIPAA obligations, HIPAA and the NPP will govern.
-Information that is not PHI may still be used and disclosed as described in this Policy.

Medical groups and their service providers may share limited personal information with Hemma Wellness to support your experience, such as appointment status, non clinical account data, fulfillment updates, and payment confirmations, and where permitted by law, limited clinical context necessary for operations. Any PHI handled by a provider or its business associates is subject to HIPAA and the provider’s Notice of Privacy Practices. To the extent there is any conflict between this policy and HIPAA obligations, HIPAA and the provider’s Notice of Privacy Practices control.

3. Children Under 18
‍Our Services are intended for adults aged 18 and older. We do not knowingly collect Personal Data from children under 18. If we learn that we have collected Personal Data from a child under 18, we will delete it.

If you are under 18, do not use or provide any information on our Services. If you believe we may have collected data from a minor, please contact us immediately at info@hemma-wellness.com.

4. Personal Data We Collect
‍We may collect the following categories of Personal Data:
-Identifiers: Name, postal/billing address, email address, phone number, date of birth.
-Payment Information: Credit or debit card numbers, HSA/FSA information, billing details (processed by secure third parties).
-Demographic Data: Gender, date of birth, and, where applicable, sensitive information such as race or ethnicity if voluntarily provided for care.
-Health Data (Sensitive Personal Data): Medical history, symptoms, diagnoses, medications, interests related to health, and data from your intake or telehealth use.
-Account Information: Usernames, login credentials, and communications with us.
-Device/Usage Data: IP address, browser type, operating system, device identifiers, cookies, pixels, and analytics data.
-User Contributions: Content you post, upload, or submit via the Services.
Inferences: Information we generate about you, such as potential interests or preferences.

5. How We Collect Personal Data
-Directly from You: When you interact with our Services: fill out forms, create an account, subscribe to a service, use telehealth intake, or contact us.
-Automatically: Through cookies, pixels, web beacons, and analytics when you interact with our website or platform. Using automatic collection technologies helps us improve our Servies and deliver a better and more personalized experience.
-From Partners: From telehealth providers, labs, pharmacies, or business partners that help us deliver services.
-From Transactions: Payment and order records when you purchase subscriptions or products.
‍
6. Automatic Data Collection Technologies
‍We and third parties use cookies, pixels, local storage, JavaScript and similar technologies to operate and improve the site, remember preferences, measure performance, personalize content, and deliver or measure advertising. Categories include necessary, performance, functionality, and targeting or advertising technologies. Third party tools may set their own cookies or identifiers and process data under their privacy policies. You can control cookies in your browser settings and learn more at www.allaboutcookies.org. Blocking all cookies may impact site functionality. At this time, we do not respond to browser do not track signals.

We use cookies, pixels, and similar tools to enhance your experience. This may include:
-Traffic data, location data, error logs, and usage patterns.
-Information about your device (IP address, operating system, browser).
-Tracking technologies such as:
--Cookies: Small files stored on your browser.
--Pixels: Transparent images embedded in emails or ads (e.g., Meta, Google).
--Analytics Tools: Google Analytics, Mixpanel, or similar services.

To the extent any of these automated technologies are considered a personal data sale, targeted advertising, or profiling, under applicable laws, depending on where you live, you may opt out from use of these automated technologies for such uses by emailing info@hemma-wellness.com.  Please note that some Services features may be unavailable as a result.

When you interact with the Services, there are third parties that may use automatic collection technologies to collect information about your or your device. These third parties may include:
-Advertisers, ad networks, and ad servers.
-Analytics companies.Your device manufacturer.
-Your internet or mobile service provider.
-OTHER CATEGORIES OF THIRD PARTIES

These third parties may use tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites, apps, platforms, and other online services. 

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

‍From Business Partners and Service Providers
‍We may receive personal data about you from other sources and combine that with information we collect directly from you. For example, we may obtain information about you from service providers that we engage to perform services on our behalf, such as email platform providers, content delivery services, payment processors, and promotion services, to name a few. We also may receive personal data from business partners that we engage to share consumer information with us, including your personal preferences and demographic information such as age, gender, and income level so that we can better provide you with a personalized experience. 

7. How We Use Personal Data
‍We may use your data to:
-Deliver the Services (telehealth, subscriptions, products).
-Process payments and manage accounts.
-Communicate with you about your care, account, or promotional offers (with opt-out rights).
-Enforce our contractual rights and comply with laws.
-Personalize your experience, track outcomes, and improve our Services.
-Conduct research, development, and product improvement.
-Protect against fraud, security threats, and misuse.

The usage information we collect, whether connected to your personal data or not, helps us improve our Services and deliver a better and more personalized experience by enabling us to:
-Estimate our audience sizes and usage patterns.
-Store information about your preferences, allowing us to customize the Services according to your individual needs and interests.
-Speed up your searches.
-Recognize you when you return to our Services.

8. Disclosure of Personal Data
‍We may share your Personal Data as follows:
-Clinical Partners: Licensed U.S. telehealth providers delivering care through Hemma’s intake system.
-Vendors & Service Providers: IT, hosting, payment processing, analytics, and marketing partners under confidentiality agreements.
-Affiliates & Subsidiaries: For operational or administrative purposes.
-Corporate Transactions: If Hemma is acquired, merged, or restructured.
-Legal & Regulatory: To comply with law, respond to government requests, or protect rights, property, or safety.
-With Consent: For purposes you authorize.

We may also disclose your personal data:
To enforce or apply our terms of use and other agreements, including for billing and collection purposes.

The categories of personal data we may disclose include:
-Account and contact information.Payment information.
-Account history, including information about your subscription, account, transactions, purchases, order history, or discounts.
-Demographic information.
-Location information, including general geographic location.
-Device information.Content and information you elect to provide to us.
-Images, voice recordings, and videos collected or stored in connection with the Services, if you have consented to such information collection.

We do not sell your Personal Data. However, some data sharing with advertisers or analytics providers may be considered a “sale” or “sharing” under certain state laws.

9. Choices About Data Use
‍This section describes mechanisms you can use to control certain uses and disclosures of your information and rights you may have under state law, depending on where you live.

‍Advertising, marketing, cookies, and other tracking technologies choices:
-Emails: You may unsubscribe from promotional emails at any time by clicking the “unsubscribe” link or contacting us at info@hemma-wellness.com.
-Cookies/Tracking: Adjust browser settings or use opt-out tools at www.aboutads.info or www.networkadvertising.org. You can choose whether or not to allow the Services to collect information through other tracking technologies by emailing info@hemma-wellness.com. If you disable or refuse cookies or similar tracking files, some Services features may be inaccessible or not function properly. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the online services you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our Services may not respond to all browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in this policy.
-Targeted Ads: You can opt out of interest-based advertising by contacting info@hemma-wellness.com, but you may still see non-targeted ads.
-Do Not Track: At this time, we do not honor browser “Do Not Track” signals.
-You can choose whether or not to allow the Services to collect information through other tracking technologies by emailing info@hemma-wellness.com. If you disable or refuse cookies or similar tracking files, some Services features may be inaccessible or not function properly. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the online services you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our Services may not respond to all browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in this policy.

10. Your Rights
‍Depending on where you live, you may have rights under U.S. state laws related to your personal data (including California CCPA/CPRA, Colorado, Connecticut, Texas, Utah, Virginia, Washington, and Nevada):
-Access and request a copy of your data.Request correction of inaccurate data.
-Request deletion of data (subject to legal/medical retention rules).
-Opt out of sales/sharing of Personal Data.
-Limit use of sensitive Personal Data.
-Appeal a denied request.To exercise these rights, contact us at info@hemma-wellness.com. We may need to verify your identity before processing a request.

11. Data Retention
‍We retain personal information for as long as reasonably needed to provide the services you request, meet legal and regulatory retention periods, resolve disputes, and enforce agreements. When no longer needed, we delete, destroy, or de identify the information. 

12. Marketing, direct mail, and advertising choices
‍With your consent where required, we may send marketing emails or deliver ads we think are relevant. We may work with partners that use cookies and other identifiers to match to postal addresses and send direct mail on our behalf. Hemma does not receive the underlying matched personal data and our partners are contractually restricted from selling that information. You can opt out of marketing emails using the unsubscribe link, request removal from direct mail programs by contacting us at info@hemma-wellness.com, and manage ad preferences at the Digital Advertising Alliance and the Network Advertising Initiative.

13. SMS communications and cart reminders
‍If you provide a mobile number and opt in (after providing express consent), we may send SMS messages including appointment updates, account alerts, and marketing messages. Message frequency varies. Message and data rates may apply. You can opt out at any time by replying STOP. We may use cookies or pixels to detect when a cart or sign up flow was started but not completed and, with your consent where required, send reminder SMS or emails. We store phone numbers and related data as long as needed for the purposes described or as required by law and we share them only with service providers that support our messaging programs.

14. Security
‍We use commercially reasonable physical, technical, and administrative safeguards to protect your Personal Data from accidental loss or destruction and from unauthorized access, use alteration, and disclosure, including encryption of data in transit and at rest where appropriate. However, no system is 100% secure, and transmission of information via the internet is at your own risk.  In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of personal data is at your own risk. The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access. 

15. Supplement for Washington and Nevada
‍This Consumer Health Data Privacy Notice supplements our Privacy Policy and applies to personal data defined as consumer health data under Washington’s My Health My Data Act and Nevada’s Consumer Health Data Privacy Law. Depending on how you interact with Hemma, examples may include information about conditions, symptoms, treatment interests, medications, reproductive or sexual health information, and data that identifies your attempt to seek health services.
‍
Sources include information you provide, information collected automatically, limited information from medical groups as described above, and other third party sources. Purposes include delivering and improving our services, advertising and marketing with your consent where required, and addressing legal obligations. We may share consumer health data with the categories described in our Privacy Policy, including medical groups, vendors, affiliates, legal authorities when required, and in connection with corporate transactions. Subject to exceptions, you may have rights to confirm, access, delete, and withdraw consent for collection or sharing of consumer health data. To exercise these rights or appeal a denial, contact us at legal@hemma-wellness.com. Washington residents can also contact the Washington Attorney General and Nevada residents can contact the Nevada Attorney General.

16. Changes to this Policy
‍We may update this Policy from time to time. Material changes will be posted on our website with a revised “Last Updated” date. We encourage you to review this Policy periodically.

17. Contact Us
‍For questions or requests related to this Policy, please contact:
‍Hemma Wellness Group LLC
16220 N Scottsdale RdScottsdale, AZ 85254
info@hemma-wellness.com