Privacy Policy

Last updated: 25 February 2026. Effective for: Visitors, clients, patients, and users of delaeMD’s website and services in California.

Introduction

delaeMD is an executive health and longevity medicine provider operating in California. This Privacy Policy explains what personal information and protected health information (PHI) we collect, how we use and share it, the rights you have under California privacy law and federal health privacy law, and how to contact us. By using our website or receiving our Services you consent to the practices described below.

Information We Collect

Categories of information we collect

Contact and identity data: name, email, phone, mailing address, date of birth.
Health and clinical data: medical history, diagnoses, medications, lab and imaging results, genetic and biometric data, clinician notes, and other PHI necessary to provide care.
Payment and billing data: payment method, billing address, insurance information when provided.
Technical and usage data: IP address, device identifiers, cookies, analytics, and log data from our website and patient portal.
Communications: messages, appointment notes, and other communications between you and our care team.

How we obtain information We collect information you provide directly, information generated during clinical care and testing, and technical data collected automatically when you use our website or portal.

How We Use and Share Information

Primary uses

Provide clinical care and coordinate services including scheduling, diagnostics, referrals, and treatment planning.
Billing and payment processing.
Platform operation and improvement including analytics, quality assurance, and patient experience.
Research and quality improvement using de‑identified or aggregated data where permitted.

Sharing with third parties We share information as necessary to deliver Services, including with labs, imaging centers, pharmacies, billing processors, and specialist consultants. We may also share information with service providers who host or maintain our platform. We require business associates and vendors to protect PHI consistent with applicable law.

Legal and safety disclosures We may disclose information to comply with legal obligations, respond to lawful requests, prevent harm, or as otherwise permitted or required by law.

HIPAA and health privacy delaeMD is a health care provider and operates as a HIPAA covered entity and business associate relationships apply to many of our partners. As such, PHI is protected under the HIPAA Privacy Rule and we maintain a Notice of Privacy Practices describing how PHI may be used and disclosed and the rights patients have under HIPAA. Model notices and guidance for covered health care providers are available from the U.S. Department of Health and Human Services.

Your Right and Choices

California privacy rights If you are a California resident, you have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA), including the right to: know what personal information we collect and how we use it; request deletion of personal information subject to certain exceptions; request correction of inaccurate personal information; opt out of the sale or sharing of personal information; and limit use and disclosure of sensitive personal information. The CPRA expanded protections for sensitive personal information, which includes health information and genetic data. More information about these rights and business obligations is available from the California Attorney General and CPRA resources.

How to exercise your rights To exercise your rights under California law or HIPAA, contact us using the contact details below. We will verify your identity before responding and will respond within the timeframes required by law. Certain requests may be limited by legal exceptions (for example, records we must retain for clinical or legal reasons).

Access to medical records You may request access to your medical records, request copies, or request amendments to your PHI. Requests will be handled in accordance with HIPAA and applicable California law. Model Notice of Privacy Practices templates and guidance can help explain patient rights under HIPAA.

Opt out of marketing and sale/sharing We do not sell personal information for third‑party advertising purposes. If we ever engage in activities that constitute a “sale” or “sharing” under California law, we will provide a clear opt‑out mechanism.

Security Data Retention and International Transfers

Security measures We implement administrative, technical, and physical safeguards designed to protect personal information and PHI against unauthorized access, disclosure, alteration, and destruction. No system is completely secure; we cannot guarantee absolute security.

Data retention We retain personal information and PHI as long as necessary to provide Services, comply with legal and regulatory obligations, resolve disputes, and enforce agreements. Retention periods are determined by clinical, legal, and business needs.

International transfers If information is transferred or accessed outside the United States by service providers, we will take steps to ensure appropriate protections are in place consistent with applicable law.

Contact Information Complaints and Updates

Contact us For privacy requests, questions, or complaints, contact: delaeMD Privacy Office Email: [email protected]

Complaints If you believe your privacy rights have been violated, you may file a complaint with us and, where applicable, with the U.S. Department of Health and Human Services Office for Civil Rights for HIPAA matters or the California Privacy Protection Agency for CPRA/CCPA matters. Model notices and enforcement guidance are available from HHS and California authorities.

Changes to this Privacy Policy We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be posted on our website with an updated effective date.