Privacy Policy

Effective Date: May 5, 2025

Revive Vitality (“we,” “us,” or “our”) is dedicated to safeguarding your privacy. This Privacy Policy outlines how we collect, use, disclose, and protect your information, including Protected Health Information (PHI), in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), 10DLC SMS regulations, the CAN-SPAM Act, and other applicable federal and state laws. By using our services, you acknowledge and agree to the practices described in this policy.

1. Information We Collect

We collect information necessary to provide our weight loss programs and related services. This includes:

• Personal Information: Name, email address, phone number, mailing address, and payment details provided when you register for our services, sign up for our newsletter, or contact us.
• Protected Health Information (PHI): Medical history, weight loss goals, treatment details (e.g., use of medications like Semaglutide or Tirzepatide), and other health-related data you provide during consultations or program enrollment.
• Usage Data: IP address, browser type, pages visited, time spent on our website, and cookies used to enhance functionality, analyze performance, and personalize your experience.
• SMS Data: Phone numbers and explicit consent records for SMS communications, such as appointment reminders, program updates, or promotional messages.

We only collect information that is necessary for providing our services or required by law. You are responsible for ensuring the accuracy of the information you provide.

2. How We Use Your Information

We use your information to deliver and improve our services, including:

• Providing and managing weight loss programs, including prescribing and monitoring medications like Semaglutide or Tirzepatide.
• Communicating with you via email, SMS, or phone regarding your program, appointments, billing, or promotional offers.
• Analyzing website usage through tools like Google Analytics to improve functionality and user experience.
• Personalizing content and recommendations based on your preferences and health goals.
• Complying with legal obligations, including HIPAA, CCPA, GDPR, and 10DLC requirements.
• Preventing fraud, resolving disputes, and enforcing our terms of service.

We do not use your information for purposes other than those disclosed in this policy without your explicit consent.

3. How We Protect Your Information

We implement industry-standard security measures to protect your data, including:

• Encryption: PHI is encrypted during transmission (using TLS/SSL) and storage to prevent unauthorized access.
• Access Controls: Only authorized personnel with a legitimate need can access your information, and access is restricted through multi-factor authentication and role-based permissions.
• Regular Audits: We conduct periodic security assessments and HIPAA compliance audits to identify and address vulnerabilities.
• Business Associate Agreements (BAAs): All third-party vendors handling PHI (e.g., email marketing platforms like MailChimp or SMS providers) are bound by BAAs to ensure HIPAA compliance.
• Data Minimization: We collect and retain only the minimum amount of data necessary for our services.

While we take every reasonable precaution, no system is completely immune to security risks. In the unlikely event of a data breach, we will notify affected individuals as required by law.

4. Sharing Your Information

We may share your information in the following circumstances:

• Healthcare Providers: With your consent, we share PHI with licensed healthcare providers to coordinate your weight loss program or provide medical care.
• Third-Party Vendors: We engage trusted service providers (e.g., MailChimp for email marketing, SMS platforms, or cloud hosting services) to perform functions like sending communications or storing data. These vendors are contractually obligated to protect your information and comply with applicable laws.
• Legal Obligations: We may disclose your information to comply with court orders, subpoenas, or other legal requirements, or to protect our rights, property, or safety.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to equivalent privacy protections.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. We do not sell, rent, or trade your personal information or PHI to third parties for marketing purposes.

5. Your Rights

You have specific rights regarding your information under applicable laws, including HIPAA, CCPA, GDPR, and others:

• Access: Request a copy of your PHI or personal data we hold.
• Amendment: Request corrections to inaccurate or incomplete PHI.
• Deletion: Request deletion of your personal data, subject to legal retention obligations (e.g., medical records required by HIPAA).
• Opt-Out: Opt out of marketing communications by clicking “unsubscribe” in emails, replying “STOP” to SMS messages, or contacting us directly.
• Restriction: Request restrictions on how we use or disclose your PHI, though we may not always be able to comply due to medical or legal requirements.
• Data Portability: Request your personal data in a structured, machine-readable format (GDPR).
• Non-Discrimination: We will not discriminate against you for exercising your rights (e.g., by denying services or charging higher prices).

To exercise these rights, contact us at [email protected] or call (281) 241-9483 . We will respond within the timeframes required by law (e.g., 30 days for CCPA, 45 days for HIPAA). You may also file a complaint with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights or your state’s data protection authority.

Dispute Prevention: To avoid disputes, we encourage you to review your account and PHI regularly for accuracy. You acknowledge that providing false or incomplete information may affect your treatment or program outcomes, and you agree to notify us promptly of any changes to your information.

6. SMS Communications (10DLC Compliance)

By providing your phone number, you expressly consent to receive SMS messages from us regarding your weight loss program, appointment reminders, billing, or promotional offers. We comply with 10DLC regulations by:

• Obtaining your explicit opt-in consent before sending SMS messages.
• Providing clear opt-out instructions (e.g., reply “STOP” to unsubscribe).
• Maintaining records of your consent and opt-out requests.
• Using registered 10DLC numbers to ensure deliverability and compliance with carrier requirements.

You can opt out of SMS communications at any time by replying “STOP” to any message or contacting us directly. Message and data rates may apply. For full details, see our SMS Terms of Service.

7. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze website performance, and deliver personalized content. Cookies may include:

• Essential Cookies: Necessary for website functionality (e.g., maintaining your session).
• Analytics Cookies: Track usage patterns via tools like Google Analytics.
• Marketing Cookies: Enable personalized ads or content.

You can manage your cookie preferences through our cookie consent banner or browser settings. For more information, see our Cookie Policy.

8. Email Marketing (CAN-SPAM Compliance)

We send promotional and informational emails through platforms like MailChimp. To comply with the CAN-SPAM Act, we:

• Include a clear “unsubscribe” link in every marketing email.
• Honor opt-out requests promptly (within 10 business days).
• Provide our physical address: 1045 Gemini St, Houston, Texas 77058.

You can unsubscribe at any time by clicking the “unsubscribe” link or contacting us directly.

9. International Data Transfers (GDPR)

If you are located in the European Union or other regions covered by GDPR, your data may be transferred to and processed in the United States. We ensure GDPR compliance by:

• Implementing Standard Contractual Clauses (SCCs) with third parties.
• Maintaining robust security measures to protect your data.
• Providing you with clear rights to access, delete, or restrict your data.

For GDPR-related inquiries, contact our Data Protection Officer at [email protected].

10. Retention of Information

We retain your information only as long as necessary to fulfill the purposes outlined in this policy or as required by law. For example:

• PHI is retained for at least six years, as required by HIPAA.
• Personal information for marketing purposes is deleted upon your opt-out request, unless required for legal compliance.

Upon deletion, your data is securely destroyed or anonymized to prevent re-identification.

11. Dispute Resolution

We are committed to resolving any concerns promptly and fairly. If you have a dispute regarding your information or our services, please contact us at [email protected]. You agree to attempt to resolve disputes through good-faith communication before pursuing legal action. You also acknowledge that accurate and timely provision of your information is essential to avoid disputes related to treatment or billing.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or industry standards. We will notify you of material changes by:

• Posting the updated policy on our website.
• Sending an email to the address associated with your account.
• Displaying a prominent notice on our website.

Continued use of our services after such changes constitutes your acceptance of the updated policy.

13. Contact Us