Protecting Your Health Data and Personal Information

Personal Information

We collect personal information that you provide directly to us, including:

• Name, email address, phone number, date of birth

• Mailing address and billing information

• Account credentials and security preferences

• Communication preferences and settings

• Gender, age, ethnicity, and genetic background

• Geographic location and time zone

• Family health history and genetic information

• Raw genetic data from DNA testing (saliva samples processed through our laboratory partners)

• Genetic variants and SNP (Single Nucleotide Polymorphism) analysis

• Genetic risk assessments and health predispositions

• Pharmacogenomic information for medication responses

• Hereditary health factors and family genetic patterns

• Biomarker analysis from blood, urine, and hair samples

• Nutritional deficiency assessments

• Hormonal profiles and metabolic markers

• Inflammatory indicators and immune system markers

• Toxic exposure levels and heavy metal analysis

• Comprehensive health questionnaires and symptom tracking

• Medical history and current health conditions

• Medication and supplement usage

• Lifestyle factors (diet, exercise, sleep, stress levels)

• Environmental exposure assessments

• Progress tracking and health outcome measurements

• Intervention response data and effectiveness metrics

• Wearable device data (if connected with your consent)

• Health goals and optimization targets

• Device information (type, operating system, browser)

• IP address, location data, and connection information

• Log files and usage patterns on our platforms

• Platform feature utilization and engagement metrics

• Search queries and content interactions

• Clinical workflow and consultation records

• Provider-patient communication records (when using healthcare professionals)

• Appointment scheduling and care coordination data

• Insurance and billing information

• Questions asked to our AI health coaching system

• Responses provided and recommendations followed

• Success metrics and outcome tracking data

• Algorithm learning data and pattern recognition results

• Customer support interactions and inquiries

• Feedback, reviews, and testimonials

• Marketing communications preferences

• Community forum posts and interactions (if applicable)

• Process raw genetic data to identify health-relevant variants

• Generate personalized genetic reports and risk assessments

• Create genetic-based health optimization protocols

• Provide pharmacogenomic insights for medication selection

• Analyze laboratory results in context of genetic profile

• Generate personalized nutrition and supplement protocols

• Create lifestyle and environmental optimization strategies

• Provide AI-powered health coaching and guidance

• Track progress and adjust recommendations based on outcomes

• Facilitate communication with healthcare providers through Healthie EHR

• Coordinate laboratory testing through Rupa Health and DNAlife partnerships

• Support provider-patient consultations with comprehensive data

• Generate medical-grade reports for licensed healthcare professionals

• Improve AI algorithms through machine learning and pattern recognition

• Refine recommendation accuracy based on user outcomes

• Develop predictive models for health optimization

• Enhance genetic-biomarker correlation algorithms

• Monitor service quality and user experience

• Identify and resolve technical issues

• Validate accuracy of genetic and laboratory data

• Ensure proper functioning of integrations and partnerships

• Deliver personalized health education materials

• Share relevant research and scientific insights

• Provide platform tutorials and optimization guidance

• Send progress updates and milestone notifications

• Comply with HIPAA, GDPR, and other applicable privacy laws

• Maintain required records for healthcare services

• Support regulatory reporting requirements (when legally required)

• Protect against fraud and unauthorized access

• Transactional messages (order confirmations, shipping updates, appointment reminders)

• Informational messages (health tips, wellness guidance)

• Promotional messages (special offers, new products - optional)

• We do NOT share, sell, rent, or trade your mobile phone number with any third parties or affiliates

• We do NOT share your SMS opt-in data with any third parties or affiliates

• Your mobile information is stored securely and used only for the purposes you consented to

• You may opt-out at any time by replying STOP to any message

• Your mobile phone number

• Opt-in timestamp and consent status

• Message delivery status

• Your responses to our messages (such as HELP or STOP commands)

• To send you the SMS messages you requested

• To comply with legal requirements and mobile carrier regulations

• To improve our messaging services and user experience

• To maintain opt-out and preference records

Your phone number is stored securely in our systems and with our SMS service provider (RingCentral). RingCentral is bound by strict privacy agreements and does not use your data for any purpose other than delivering our messages to you. We implement industry-standard security measures to protect your mobile information.

We do not share, sell, rent, or trade your mobile opt-in data with any third parties or affiliate organizations. Your phone number and SMS preferences are kept confidential and used solely for YouHeal.com communications.

• Share comprehensive health data with providers you designate through Healthie EHR

• Facilitate consultations and care coordination

• Provide medical-grade reports for clinical decision-making

• Support ongoing healthcare management and monitoring

• Share genetic and health information with family members you authorize

• Provide access to health reports for designated caregivers

• Support family health planning and genetic counseling needs

• Connect with fitness trackers, health apps, or wearable devices you choose

• Share relevant health metrics with integrated platforms

• Support comprehensive health ecosystem management

• Rupa Health: Laboratory test coordination and results processing

• DNAlife: Genetic testing services and DNA analysis

• Additional certified laboratories: For comprehensive biomarker testing and analysis

• Microsoft Azure: Cloud hosting, data processing, and AI/ML services for genetic analysis

• Azure security services: Data encryption, access control, and threat protection

• Azure AI and machine learning: For genetic correlation algorithms and health optimization

• Healthie: HIPAA-compliant EHR system for provider-patient communications and clinical workflow

• Healthcare provider partners: Licensed professionals accessing YouHeal platform for patient care

• Payment processors for billing and subscription management

• Customer support platforms for service delivery

• Marketing and analytics services (with anonymized data only)

• Court orders, subpoenas, or other legal processes

• Compliance with federal, state, or local laws

• Regulatory reporting requirements for healthcare services

• Law enforcement requests when legally mandated

• Prevention of serious threats to health or public safety

• Reporting of communicable diseases (when required by law)

• FDA adverse event reporting (when applicable)

• Public health surveillance (with anonymized data)

• Quality assurance and improvement activities

• Fraud prevention and detection

• Business continuity and disaster recovery

• Professional liability and risk management

Our platform processes your genetic information using proprietary algorithms and Microsoft Azure AI services to:

• Identify health-relevant genetic variants and SNPs

• Assess functional impact of genetic variations

• Calculate genetic risk scores for various health conditions

• Analyze pharmacogenomic responses to medications

• Correlate genetic data with laboratory biomarkers

• Identify personalized health optimization opportunities

• Predict responses to nutritional and lifestyle interventions

• Generate precision medicine recommendations

We use advanced analytics to integrate multiple data streams:

• Combine genetic, laboratory, and lifestyle data

• Analyze environmental factors and toxic exposures

• Correlate symptoms with underlying biological patterns

• Track intervention outcomes and effectiveness

• Forecast health trajectories based on current data

• Identify early warning signs of potential health issues

• Optimize intervention timing and sequencing

• Personalize long-term health strategies

Your data helps improve our platform through:

• Machine learning from aggregated, de-identified data

• Improved accuracy of health recommendations

• Better prediction of intervention outcomes

• Enhanced genetic-phenotype correlations

• Validation of genetic and laboratory results

• Monitoring of recommendation effectiveness

• Identification of data quality issues

• Continuous platform optimization

• Encryption: AES-256 encryption for data at rest using Azure Storage Service Encryption

• Transit Protection: TLS 1.3 encryption for all data transmission

• Key Management: Azure Key Vault for secure encryption key rotation and management

• Access Controls: Azure Active Directory with multi-factor authentication

• Monitoring: Azure Security Center for continuous threat detection and response

• Firewall Protection: Azure Network Security Groups and Web Application Firewall

• DDoS Protection: Azure DDoS Protection Standard for availability assurance

• Network Isolation: Virtual private networks and secure network segmentation

• Intrusion Detection: Automated threat detection and incident response systems

• Geographic Redundancy: Multi-region data replication through Azure

• Point-in-Time Recovery: Automated backup systems with configurable retention

• Disaster Recovery: Comprehensive business continuity planning

• Data Integrity: Continuous validation and corruption detection

• Role-Based Access Control: Minimum necessary access principles through Azure RBAC

• Privileged Identity Management: Time-limited administrative access with approval workflows

• Regular Access Reviews: Quarterly audits of user permissions and system access

• Employee Background Checks: Comprehensive screening for all personnel handling PHI

• HIPAA Training: Regular privacy and security training for all employees

• Security Awareness: Ongoing education about data protection best practices

• Incident Response Training: Emergency response procedures and breach protocols

• Compliance Monitoring: Regular audits and assessments of privacy practices

• Microsoft Azure Facilities: SOC 1, SOC 2, and ISO 27001 certified data centers

• Physical Access Controls: Biometric authentication and 24/7 security monitoring

• Environmental Controls: Climate control, fire suppression, and power redundancy

• Equipment Security: Secure destruction of decommissioned hardware

• Device Management: Endpoint protection and mobile device management

• Remote Access: Secure VPN connections with multi-factor authentication

• Data Loss Prevention: Automated detection and prevention of data exfiltration

• Clean Desk Policy: Physical security requirements for workstations and documents

• Request copies of all personal and health information we maintain

• Receive data in machine-readable format for portability

• Access genetic raw data files and analysis results

• View complete history of data sharing and disclosures

• Download comprehensive health reports and genetic analysis

• Export data for use with other healthcare providers or platforms

• Receive structured data files compatible with other health systems

• Obtain copies of all laboratory results and biomarker data

• Request corrections to personal information and health records

• Update medical history, medication lists, and health conditions

• Amend genetic interpretations based on new scientific evidence

• Correct billing information and account details

• Add missing health information or family history

• Include additional environmental exposure data

• Supplement with new laboratory results or test findings

• Update lifestyle factors and health goals

• Choose which healthcare providers can access your information

• Control sharing with family members and caregivers

• Manage connections to third-party health applications

• Set preferences for research and platform improvement participation

• Opt out of marketing communications while maintaining service communications

• Choose frequency and format of health reports and updates

• Control educational content delivery preferences

• Manage notification settings for platform features

• Pause or suspend services while retaining data

• Restrict processing for specific purposes

• Limit data use for AI improvement and analytics

• Control visibility of data to healthcare providers

• Request complete deletion of account and all associated data

• Selective deletion of specific health records or genetic data

• Removal from marketing lists and research databases

• Secure destruction of physical samples and materials

• Most personal data deleted within 30 days of request

• Genetic data and laboratory results deleted within 60 days

• Legally required records maintained according to applicable laws

• Backup systems purged within 90 days of deletion request

• Some anonymized data may be retained for research and platform improvement

• Legal and regulatory records maintained as required by law

• Financial records retained according to business requirements

• Security logs maintained for fraud prevention and system integrity

For users in the European Union, we provide additional protections:

• Consent: Explicit consent for genetic analysis and health optimization services

• Contract Performance: Processing necessary for service delivery and account management

• Legitimate Interests: Platform improvement and fraud prevention (with privacy impact assessments)

• Legal Obligation: Compliance with healthcare regulations and reporting requirements

• Right to be Forgotten: Complete data deletion upon request

• Data Portability: Machine-readable export of all personal data

• Processing Restriction: Ability to limit data use for specific purposes

• Object to Processing: Opt-out of data use for marketing and analytics

• Standard Contractual Clauses (SCCs) for international data transfers

• Adequacy decisions for transfers to countries with adequate protection

• Additional safeguards for genetic data transfers

• Regular review of transfer mechanisms and protections

• Consent requirements for collection, use, and disclosure

• Data breach notification to privacy commissioners

• Individual access and correction rights

• Safeguarding requirements for sensitive health information

• Australian Privacy Principles compliance for health information

• Notifiable data breach scheme participation

• Consent requirements for genetic information handling

• Cross-border disclosure restrictions and safeguards

• Consumer rights to know about personal information collection and use

• Right to delete personal information and opt-out of sale

• Non-discrimination for exercising privacy rights

• Specific protections for sensitive personal information including genetic data

These cookies are necessary for the platform to function:

• Maintain secure login sessions

• Enable two-factor authentication

• Prevent unauthorized access

• Session security and timeout management

• Remember user preferences and settings

• Maintain shopping cart and service selections

• Enable platform features and customization

• Store temporary data during platform use

With your consent, we use cookies to understand platform usage:

• Track platform performance and load times

• Identify technical issues and user experience problems

• Monitor service availability and reliability

• Optimize platform speed and functionality

• Understand which features are most valuable to users

• Identify content and educational materials preferences

• Analyze user journey and engagement patterns

• Improve platform design and user experience

With your explicit consent:

• Show relevant health education content

• Personalize marketing messages based on health interests

• Track effectiveness of marketing campaigns

• Provide targeted information about new services and features

• Enable sharing of educational content (with user initiation)

• Integrate with social platforms for community features

• Track social media engagement with our content

• Facilitate social login options (if available)

You can control cookies through:

• Block all cookies or specific cookie categories

• Delete existing cookies and browsing data

• Set preferences for third-party cookies

• Configure automatic cookie deletion

• Opt out of non-essential cookies through our preference center

• Manage analytics and marketing cookie preferences

• Update cookie consent at any time

• Receive notifications about cookie policy changes

• All health and genetic data retained while account is active

• Regular data updates and additions incorporated

• Historical data maintained for trend analysis and health tracking

• Laboratory results and reports preserved indefinitely during active use

• Personal choice to retain data for potential future reactivation (up to 7 years)

• Complete data deletion option available upon account closure

• Genetic data and laboratory results can be exported before deletion

• De-identification option for research contribution while removing personal identifiers

• Medical records retained as required by applicable healthcare laws

• Laboratory results maintained according to CLIA requirements

• Financial records preserved for tax and business purposes

• Security logs maintained for fraud prevention and investigation

• Only collect data necessary for stated health optimization purposes

• Avoid collecting sensitive information not relevant to services

• Regular review of data collection practices and necessity

• User control over optional data sharing and collection

• Data used only for purposes disclosed in this privacy policy

• New uses require explicit consent or privacy policy update

• Research use limited to de-identified or aggregated data

• Commercial use restrictions for genetic and health information

• Regular review and deletion of outdated or unnecessary data

• Automated deletion of temporary files and processing data

• Archival of historical data with reduced access controls

• Secure destruction of physical documents and storage media

YouHeal services are designed for adults aged 18 and older:

• Users must be 18+ to create accounts and provide genetic samples

• Parental consent required for users under 18 in jurisdictions where permitted

• Age verification procedures for account registration

• Special protections for any family genetic information involving minors

• Parental/guardian consent required for genetic testing of minors

• Limited genetic analysis focused on immediate health needs

• Delayed reporting of adult-onset conditions until age of majority

• Special counseling and support for pediatric genetic findings

• Parents may provide family history information including minor children

• Limited collection of pediatric health information for family medical history

• Strong access controls for any information about minor family members

• Automatic deletion of minor-related data when no longer necessary

When applicable, we comply with the Children's Online Privacy Protection Act:

• Verifiable parental consent for any data collection from children under 13

• Clear disclosure of data collection, use, and sharing practices

• Parental rights to review, delete, and control child's information

• Prohibition on conditioning services on unnecessary data collection from children

We may use de-identified health and genetic data for research purposes:

• Advancing understanding of genetic variants and health outcomes

• Developing improved health optimization algorithms

• Contributing to scientific knowledge about precision medicine

• Supporting population health research and epidemiological studies

• Removal of all direct personal identifiers

• Statistical disclosure limitation techniques

• Expert determination of re-identification risk

• Ongoing monitoring for potential re-identification risks

• Institutional Review Board (IRB) oversight when applicable

• Publication of research results in aggregate form only

• No commercial exploitation of individual genetic information

• Commitment to research that benefits public health

You can opt out of research participation:

• Exclude your data from all research activities

• Maintain full service functionality without research participation

• Easy opt-out process through account settings

• No penalties or service limitations for research non-participation

• Choose specific research areas or purposes

• Limit data use to certain types of studies

• Participate in research with additional consent requirements

• Regular review and update of research preferences

In the event of business changes:

• Potential buyers must demonstrate adequate privacy and security protections

• Legal review of data protection capabilities and compliance

• Assessment of buyer's intended use of health and genetic data

• User notification of potential business transfer

• 30-day advance notice to users of any business transfer

• Opportunity for users to delete data before transfer

• Contractual requirements for buyer to honor existing privacy commitments

• Regulatory approval where required for health data transfers

• Continued compliance with this privacy policy until updated

• Maintenance of existing security measures and access controls

• User notification of any privacy policy changes post-transfer

• Continued support for user privacy rights and data deletion requests

If we discontinue services:

• Minimum 90-day notice of service discontinuation

• Clear instructions for data export and download

• Information about alternative service providers

• Assistance with data transfer to other platforms

• Extended period for data export and download

• Secure deletion of all data after export period expires

• No transfer of data to third parties without explicit consent

• Destruction certificates available upon request

Dr. Vandenberg M.D.
YouHeal Privacy Officer

Email: legal@youheal.com

Phone: PHONE

Mail: YouHeal Privacy Department

[Physical Address]

For questions about this privacy policy or our data practices:

Email: legal@youheal.com

Phone: PHONE

Mail: Monday-Friday, 8 AM - 8 PM EST

To exercise your privacy rights:

Email: legal@youheal.com

Phone: PHONE

Online Portal: [link]

We encourage you to contact us first with any privacy concerns. We will investigate promptly and respond within 30 days.

You also have the right to file complaints with regulatory authorities:

• HHS Office for Civil Rights (for HIPAA violations)

• FTC Consumer Protection (for general privacy concerns)

• State Attorneys General (for state privacy law violations)

• Local Data Protection Authority in your EU member state

• European Data Protection Board for cross-border issues

• Canada: Provincial Privacy Commissioners or federal Privacy Commissioner

• Australia: Office of the Australian Information Commissioner

• Other jurisdictions: Local data protection or privacy authorities

We will notify you of privacy policy changes:

• 30-day advance email notice to registered users

• Prominent website notice of policy changes

• In-platform notifications when you next log in

• Option to object to changes or delete account before implementation

• Updated "Last Modified" date on privacy policy

• Annual summary of changes in user communications

• Maintenance of archived versions for reference

• Continued availability of previous policy versions

• Continued use of services after policy changes constitutes acceptance

• Option to delete account if you disagree with changes

• No retroactive changes to genetic data use without explicit consent

• Grandfather provisions for existing users when appropriate

• Current version always available at youheal.com/privacy

• Archived versions maintained for regulatory and legal purposes

• Change log available showing evolution of privacy practices

• Annual privacy policy review and update process

Effective Date: August 7, 2025

Last Updated: August 7, 2025

Policy Version: 1.0