Privacy Policy

This Privacy Policy explains how Lifespan Logic, Inc. (“Lifespan Logic,” “we,” “us,” or “our”) collects, uses, protects, and shares personal information when you visit lifespanlogic.com or use the Lifespan Logic patient app and services (collectively, the “Service”).

Health information you provide as part of receiving care from a Lifespan Logic-affiliated clinician is protected health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). Our use and disclosure of PHI is governed by the Notice of Privacy Practices. This Privacy Policy governs the rest of the personal information we handle.

1. Information we collect

1.1 Information you provide

• Account information: name, email, password, date of birth, biological sex, state of residence, and phone number.
• Health information: intake responses, symptom history, current medications, allergies, lab results you upload, biomarker measurements, and any messages you send to your clinician.
• Identity and payment: government ID images and verification metadata (collected by our identity-verification vendor), payment-card information (collected by our payment processor; we do not store full card numbers), and billing address.

1.2 Information we collect automatically

• Device and usage: IP address, device type, browser, operating system, pages viewed, and timestamps. We use this to keep the Service secure and to fix bugs.
• Cookies: a session cookie (hl_session) keeps you signed in. We do not place advertising or social-media-tracking cookies on the patient app.

1.3 Information from others

• From your clinician: clinical notes and the visit decision made on your behalf.
• From the pharmacy: shipment status and prescription fulfillment details.
• From your lab (with your authorization): lab results attached to your record.

2. How we use information

• To provide care: route your visit to a licensed clinician, fulfill prescriptions, and message you about your treatment.
• To operate the Service: authenticate you, prevent fraud, and improve reliability.
• To meet legal obligations: tax, audit, and HIPAA-required recordkeeping.
• To send transactional messages (visit updates, refill reminders, account-security notices). Marketing messages require separate opt-in consent.

3. What we do not do

• We do not sell health information. Period.
• We do not run advertising or analytics pixels (Meta, Google, TikTok, X) inside the patient app. The marketing site uses limited analytics with no health-condition or treatment data attached.
• We do not share your information with employers, insurers (except as necessary to bill, with your authorization), or data brokers.

4. Who we share information with

We share the minimum information necessary with the following categories of recipients, each bound by a Business Associate Agreement (BAA) or equivalent contract where applicable:

• Licensed clinicians who provide your care.
• Pharmacies that fulfill your prescriptions.
• Identity verification, payment processing, e-prescribing, secure messaging (SMS/email), and cloud-hosting vendors.
• Government authorities when required by law (subpoena, court order) or when we reasonably believe disclosure is necessary to protect life or prevent serious harm.
• An acquirer in connection with a merger or sale, subject to the same protections in this Policy.

5. Your rights

• Access: request a copy of the personal information we have about you.
• Correction: ask us to correct inaccurate information.
• Deletion: ask us to delete your information. Some records (e.g., prescription records) must be retained to comply with healthcare law.
• Portability: receive a machine-readable copy of the information you provided.
• Opt out of non-essential communications at any time.

Submit requests at app.lifespanlogic.com/account/privacy/data-request or email privacy@lifespanlogic.com.

6. State-specific rights

• California (CCPA / CPRA): right to know, delete, correct, limit, and opt out of sale or sharing. We do not sell or share personal information. Do Not Sell or Share My Personal Information.
• Washington (My Health My Data Act): separate consent for processing of consumer health data and a one-click revocation at /account/privacy/revoke-consent.
• Texas, Connecticut, Nevada, Colorado, Virginia, Utah, Oregon: additional health-data consumer rights apply; submit requests as above.

7. How we protect information

• PHI is encrypted at rest with envelope encryption (Cloud KMS).
• Transport is encrypted with TLS 1.2+ everywhere.
• Access is logged and audited; clinician access is limited to patients in their care.
• Vendors handling PHI are under signed BAAs.
• We notify affected users and authorities of any breach as required by HIPAA and state law.

8. Retention

We keep your information for as long as your account is active and for retention periods required by healthcare law (typically 7 years for medical records; longer in some states for minors). After expiration, information is deleted or de-identified.

9. Children

The Service is for adults 18 and older. We do not knowingly collect personal information from children under 18. If we learn we have, we will delete it.

10. International users

The Service is intended for residents of the United States. If you access it from outside the U.S., your information will be transferred to and processed in the U.S.

11. Changes

We will post material changes on this page and notify account holders by email at least 30 days before they take effect.

12. Contact

Lifespan Logic, Inc.  ·  Privacy Officer  ·  privacy@lifespanlogic.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa/filing-a-complaint.