Privacy Policy

We at Arida Health (“we,” “us,” or “our”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our site, mobile application, telehealth platform, and related services (collectively, the “Services”).

Please read the Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy applies to all users of the Services, including patients, caregivers, healthcare providers, and visitors to our website located at www.aridahealth.com.

1. INFORMATION WE COLLECT

We may collect several categories of personal information, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA) to the extent we function as a covered entity or business associate.

1.1 Information You Provide Directly

• Full name, date of birth, gender, and contact details (email address, phone number, mailing address).
• Account credentials including username and password.
• Health and medical information including diagnoses, prescriptions, treatment history, and insurance details.
• Billing and payment information, including credit card numbers processed through our payment processors.
• Communications with our support team, and survey responses.
• Documents, images, or files you upload in connection with your care.

1.2 Information Collected Automatically

• Device identifiers, IP address, browser type, and operating system.
• Log data including pages visited, timestamps, and referring URLs.
• Cookies, web beacons, and similar tracking technologies (see Section 7 for details).
• Geolocation data (with your consent where required by applicable law).
• Interaction data within the platform.

1.3 Information From Third Parties

• Healthcare providers who may participate in your care.
• Health information exchanges and electronic health record (EHR) systems with your authorization.
• Insurance companies and pharmacy benefit managers as necessary for care coordination.
• Identity verification and fraud prevention services.
• Analytics and advertising partners, subject to applicable law.

2. HOW WE USE YOUR INFORMATION

We use the personal information we collect for the following purposes:

2.1 Providing and Improving Our Services

• To create and manage your account and facilitate telehealth appointments.
• To coordinate care and communicate with your healthcare providers.
• To process payments and insurance claims.
• To improve the functionality, safety, and user experience of our Services.
• To develop new features, products, and services.

2.2 Communications

• To send appointment confirmations, reminders, and care instructions.
• To respond to your inquiries and provide customer support.
• To send administrative notices, security alerts, and policy updates.
• To send marketing communications where permitted by law and with your consent.

2.3 Legal, Safety, and Compliance

• To comply with applicable federal and state laws, including HIPAA, HITECH, and applicable state privacy laws.
• To enforce our Terms of Service and other agreements.
• To detect, prevent, and respond to fraud, security incidents, or illegal activity.
• To respond to lawful requests from courts, law enforcement, or government agencies.

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following limited circumstances:

3.1 Healthcare Operations and Treatment

We share PHI with treating physicians, specialists, pharmacies, laboratories, and other healthcare professionals involved in your care as permitted under HIPAA. We enter into Business Associate Agreements with vendors who process PHI on our behalf.

3.2 Service Providers

We engage third-party vendors to perform services on our behalf, such as cloud hosting, payment processing, analytics, email delivery, and customer support. These vendors are contractually obligated to protect your information and may only use it as directed by us.

3.3 Legal Requirements

We may disclose your information when required by law, court order, or government regulations, or when we believe disclosure is necessary to protect the rights, property, or safety of Arida Health, our users, or the public.

3.4 Business Transfers

If Arida Health is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.5 With Your Consent

We may share your information with third parties in other circumstances with your explicit written consent as required under HIPAA and applicable law.

4. PROTECTED HEALTH INFORMATION (PHI) AND HIPAA

To the extent Arida Health uses PHI, we do so in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Our Notice of Privacy Practices, which is a separate document, provides a more detailed explanation of your rights and our obligations with respect to PHI. A copy of our Notice of Privacy Practices is available upon request.

Your rights with respect to your PHI include the right to access, amend, and receive an accounting of disclosures of your health information, and to request restrictions on certain uses and disclosures.

5. DATA SECURITY

We implement industry-standard administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• AES-256 encryption for data at rest and TLS 1.2 for data in transit.
• Access controls based on the principle of least privilege.
• Multi-factor authentication for platform access.
• Regular security assessments, penetration testing, and vulnerability scanning.
• Employee training on HIPAA and information security practices.
• Incident response procedures in compliance with HIPAA Breach Notification Rule.

Despite these measures, no platform is completely impenetrable. In the event of a breach affecting your PHI, we will notify you and the appropriate regulatory authorities as required by applicable law, including HIPAA’s Breach Notification Rule.

6. DATA RETENTION

We retain personal information for as long as necessary to provide our Services, comply with legal obligations (including applicable state medical records retention laws, which may require retention for up to 10 years), resolve disputes, and enforce our agreements. When information is no longer necessary for these purposes, we will securely delete or de-identify it in accordance with our data retention schedule and applicable law.

7. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, web beacons, pixel tags, and similar technologies to operate and improve our Services, personalize your experience, and analyze usage. We use the following types of cookies:

• Strictly Necessary Cookies: Session management, security, and authentication. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings.
• Analysis Cookies: Help us understand how users interact with our Services (e.g., Google Analytics).
• Marketing Cookies: Used to deliver relevant advertisements tailored to your interests.

You can manage cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services. For California residents, please see California Privacy Rights below.

8. YOUR PRIVACY RIGHTS

8.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to access or obtain a copy of your personal information.
• Right to correct or update inaccurate information.
• Right to request deletion of your information, subject to legal exceptions.
• Right to opt out of certain data processing activities.
• Right to data portability where technically feasible.
• Right to withdraw consent, where processing is based on consent.

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include the right to know, delete, correct, and opt out of the sale or sharing of personal information. Note that data subject to HIPAA is generally exempt from CCPA. To exercise your California rights, please submit a verifiable consumer request using the contact information in Section 13.

8.3 Other U.S. State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws may have additional rights. Please contact us to exercise your rights under applicable state laws.

9. CHILDREN’S PRIVACY

Our Services are not directed to children under the age of 12. We do not knowingly collect personal information from children under 12 without verifiable parental consent. If you believe that your child has provided us with personal information, please contact us immediately at privacy@aridahealth.com and we will take steps to delete such information. For users between 13 and 18, parental consent may be required for certain services.

10. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Arida Health. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access. We are not responsible for the privacy practices of third-party platforms.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. When we make material changes, we will notify you by updating the Effective Date at the top of this document, posting a prominent notice within the Services, or sending you a direct communication. Your continued use of our Services after any updates constitutes your acknowledgment of the revised Privacy Policy.

12. TERMS OF USE & DISCLAIMERS

12.1 General Medical Disclaimer

The content provided on the Arida Health website, including text, graphics, images, and other materials, is for informational and educational purposes only and is not intended as a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified healthcare provider with any questions you may have regarding a medical condition or treatment, before undertaking a new healthcare regimen. Never disregard professional medical advice or delay in seeking it because of something you have read on this website.

12.2 No Doctor-Patient Relationship

Use of this website, reading our content, or contacting us via email or contact forms does not create a doctor-patient relationship between you and Dr. Avi Oul or Arida Health. A formal doctor-patient relationship is only established after a comprehensive clinical intake is completed, payment is secured, and a formal clinical consultation has taken place.

12.3 Telehealth & Jurisdiction

Medical services are provided via telehealth and are limited to patients located in states where the physician is licensed to practice medicine. Availability of services may vary based on location and applicable regulatory constraints. By using the Services, you represent that you are located in a jurisdiction where we are authorized to provide medical services.

12.4 Therapies, Compounding, and FDA Disclaimer

Arida Health utilizes a variety of evidence-based modalities, which may include the use of compounded medications, advanced cellular therapies, and targeted peptide protocols. Compounded medications are customized for individual patients and are not strictly FDA-approved. Furthermore, certain therapies, including some peptide protocols and hormone optimization, may be prescribed for off-label use based on clinical judgment and emerging medical research. These therapies are not intended to diagnose, treat, cure, or prevent any specific disease, and individual results may vary.

12.5 Medical Emergencies

Arida Health does not provide emergency medical services. If you think you may have a medical emergency, call 911 or go to the nearest emergency room immediately. Our Services are not designed for urgent or emergency care.

12.6 Individual Results May Vary

Any testimonials, clinical outcomes, or examples of patient results provided on this website are for illustrative purposes only. Every individual’s physiology and health history is unique. Expected results from hormone optimization, metabolic interventions, and longevity protocols will vary from person to person and no specific outcomes are guaranteed.

12.7 About Our Practice & Services

Arida Health is a premium concierge medical practice focused on proactive longevity and metabolic health optimization. Our practice is led by a board-certified Internal Medicine physician who provides highly individualized, one-on-one care grounded in comprehensive laboratory analysis and evidence-based medicine. We do not operate a high-volume telehealth platform, and our practice size is intentionally limited to ensure patients receive dedicated physician attention. All therapeutic recommendations made by Arida Health are rooted in peer-reviewed medical research. We do not follow anecdotal wellness trends. Our concierge membership model is designed for patients seeking a long-term collaborative health partnership rather than episodic care.

13. CONTACT US

If you have questions or comments regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

Arida Health, Inc.
Attn: Privacy Officer
Email: privacy@aridahealth.com
Phone: [Insert phone number]
Mailing Address: [Insert registered address, United States]

If you believe your HIPAA rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) at hhs.gov/ocr or by calling 1-800-368-1019. We will not retaliate against you for filing a complaint.