Privacy Policy

Effective Date: October 15, 2025

1. INTRODUCTION AND SCOPE

1.1 About EasyHealth

EasyHealth, Inc. and its affiliated entities and clients, including EasyHealth Medical Solutions P.C. and Medigence Health, P.C. and their related professional corporations (collectively "EasyHealth," "we," "our," or "us") provide healthcare services, including clinical services delivered by healthcare providers (“Providers”) with the EasyHealth professional medical corporations (collectively, the "Services").

Our principal office is located at:

EasyHealth, Inc.

8605 Santa Monica Blvd PMB38903

West Hollywood, CA 90069

Email: privacy@joineasyhealth.com

Phone: 1-877-880-4693

1.2 Purpose of This Privacy Notice

This Privacy Notice describes how we collect, use, disclose, and protect your personal information when you:

  • Visit our websites at www.joinEasyHealth.com, www.easyhealth.com and www.medigencehealth.com (the “Websites”)
  • Use our online tools, portals, and mobile applications
  • Interact with us through email, phone, or other communications
  • Receive our health care services and interact with the Providers
  • Otherwise engage with our Services

1.3 Two Types of Information Covered

This Privacy Notice covers two distinct categories of information, each subject to different legal frameworks:

A. General Personal Information: Information collected from website visitors and users that is not Protected Health Information. This information is subject to state consumer privacy laws (including the California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, and other applicable state laws) and general data protection principles.

B. Protected Health Information (PHI): Individually identifiable health information created, received, maintained, or transmitted by us in connection with providing healthcare services. PHI is subject to the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations, which generally preempt state privacy laws with respect to health information.

This Privacy Notice integrates both frameworks to provide you with comprehensive information about our privacy practices.

1.4 Agreement to Terms

Your access to and use of our Services are subject to our Terms of Service. By using our Services or providing us with your information, you acknowledge that you have read and understood this Privacy Notice.

2. INFORMATION WE COLLECT

2.1 Personal Information from Website Visitors

When you visit our website or interact with our Services, we may collect the following categories of personal information:

A. Identifiers and Contact Information

  • Full name
  • Email address
  • Mailing address
  • Phone number
  • IP address
  • Device identifiers
  • Online identifiers and cookies

B. Demographic Information

  • Age or date of birth
  • Gender
  • State of residence
  • Zip code

C. Commercial Information

  • Products or services purchased, obtained, or considered
  • Purchasing or consuming histories or tendencies
  • Clinical services needs and preferences

D. Internet or Network Activity

  • Browsing history on our website
  • Search history within our site
  • Information regarding your interaction with our website, applications, or advertisements
  • Pages visited, links clicked, time spent on pages
  • Referring website or source

E. Geolocation Data

  • General location information derived from IP address
  • Precise geolocation (only if you grant permission through your device)

F. Professional or Employment Information

  • Employer name
  • Job title
  • Work contact information
  • Employment status (for insurance eligibility purposes)

G. Inferences

  • Profiles reflecting preferences, characteristics, behavior, and attitudes
  • Predictions about clinical services needs and interests

2.2 Protected Health Information (PHI)

When you enroll in our Services or our professional medical corporation and its Providers provide you with health care services, we collect PHI as defined by HIPAA, including:

A. Health Insurance Information

  • Current and prior health plan details
  • Insurance identification numbers
  • Coverage information and eligibility data
  • Premium payment information
  • Claims information

B. Health Information

  • Medical history
  • Current health conditions and diagnoses
  • Medications and prescriptions
  • Treatment information
  • Health risk assessments
  • Information about healthcare providers

C. Identifiers in Connection with Health Information

  • Social Security number
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Any other unique identifying number, characteristic, or code linked to health information

D.  Communication Records

  • Records of our communications with you regarding your healthcare services
  • Correspondence with healthcare Providers and insurers on your behalf

2.3 Sensitive Personal Information

We may collect the following categories of sensitive personal information:

  • Social Security number, driver's license, state identification card, or passport number
  • Account log-in credentials, financial account information, debit card, or credit card number in combination with required security or access code
  • Precise geolocation (only with your permission)
  • Health information (as described in Section 2.2 above)

We limit our use of sensitive personal information to purposes permitted by law, including providing the services you request, ensuring security and integrity, and complying with legal obligations.

2.4 Information We Do Not Collect

We do not knowingly collect personal information from children under the age of 13 through our website. Our Services are intended for adults age 18 and over. See Section 12 for our Children's Privacy Policy.

3. HOW WE COLLECT INFORMATION

We collect information through the following methods:

3.1 Directly From You

  • When you complete forms on our website (contact forms, quote requests, enrollment applications)
  • When you create an account or user profile
  • When you communicate with our customer service agents by phone, email, or chat
  • When you receive healthcare services from the Providers
  • When you subscribe to our newsletters or marketing communications
  • When you participate in surveys, contests, or promotions
  • When you provide feedback or contact customer support

3.2 Automatically Through Technology

  • Cookies, web beacons, pixels, and similar tracking technologies (see Section 4)
  • Server logs that automatically record information when you visit our website
  • Analytics tools that track website usage and performance
  • Mobile device identifiers and mobile analytics

3.3 From Third-Party Sources

We may receive information about you from:

  • Healthcare Providers: Medical information and treatment records (with your authorization)
  • Health Insurance Companies and Plans: Coverage information, claims data, and eligibility information
  • Pharmacy Benefit Managers: Prescription information
  • Your Authorized Representatives or Family Members: Information they provide on your behalf
  • Government Agencies: Eligibility information for government programs (Medicare, Medicaid)
  • Health Information Exchanges: Electronic health information (with appropriate authorization as required)
  • Publicly Available Sources: Information from public records and databases

3.4 From Business Partners and Service Providers

  • Technology vendors who provide website hosting, data storage, and IT services
  • Marketing and advertising partners
  • Analytics providers

4. COOKIES AND TRACKING TECHNOLOGIES

4.1 What Are Cookies and Tracking Technologies?

Cookies are small text files stored on your device that help websites remember your preferences and track your activity. We also use related technologies including:

  • Web Beacons (Pixels): Tiny graphics embedded in web pages or emails that allow us to know whether you've viewed certain content
  • Local Storage: Technology that allows websites to store data locally on your device
  • Session Storage: Temporary storage that expires when you close your browser
  • SDKs and APIs: Software development kits and application programming interfaces that collect usage data from mobile applications

4.2 Types of Cookies We Use

A. Strictly Necessary Cookies

These cookies are essential for our website to function properly and enable you to access secure areas and use our services. These cookies do not collect information that could be used for marketing purposes.

Examples:

  • Authentication cookies that keep you logged in
  • Security cookies that detect authentication abuse
  • Load balancing cookies that distribute traffic across servers

You cannot opt out of strictly necessary cookies, as they are required for the website to function.

B. Functional Cookies

These cookies remember your preferences and choices to provide enhanced, personalized features.

Examples:

  • Language preferences
  • Region or location preferences
  • Accessibility settings
  • Previously entered form information

C. Analytics and Performance Cookies

These cookies help us understand how visitors use our website so we can improve its functionality and your experience.

Examples:

  • Google Analytics cookies that track page views, session duration, and bounce rates
  • Heatmap tools that show where users click and scroll
  • A/B testing tools that help us optimize website design

D. Advertising and Targeting Cookies

These cookies are used to deliver advertisements that are relevant to you and your interests. They also help us measure the effectiveness of advertising campaigns.

Examples:

  • Cookies that remember you've visited our website and share this information with advertising platforms
  • Cookies that track which ads you've seen and clicked
  • Cookies that build a profile of your interests based on your browsing behavior

We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or expired).

4.3 Third-Party Cookies and Tracking

Our website uses third-party cookies and tracking technologies provided by:

A. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to help us understand how visitors use our website. Google Analytics uses cookies to collect information about your use of our website, including:

  • IP address (anonymized)
  • Browser type and version
  • Pages visited and time spent on pages
  • Referring website or source
  • Device type and operating system

This information is transmitted to and stored by Google on servers in the United States. We have implemented:

  • IP anonymization to mask the last octet of your IP address
  • Google's data processing terms to help protect your privacy
  • Restrictions on Google's ability to use the data for their own purposes

You can learn more about Google's privacy practices at https://policies.google.com/privacy.

You can opt out of Google Analytics by downloading and installing the Google Analytics Opt-out Browser

Add-on, available at https://tools.google.com/dlpage/gaoptout.

B. Advertising Networks

We may use third-party advertising networks to display ads on our website and other websites you visit. These networks may use cookies and similar technologies to:

  • Deliver ads based on your interests (interest-based advertising)
  • Measure ad performance and effectiveness
  • Prevent you from seeing the same ad repeatedly

Examples of advertising partners we may work with include:

  • Google Ads
  • Facebook/Meta Pixel
  • LinkedIn Insight Tag
  • Microsoft Advertising

C. Social Media Plugins

Our website may include social media features and plugins (such as LinkedIn, Facebook, and Twitter buttons) that allow you to interact with social networks. These features may collect your IP address, the page you are visiting on our site, and may set a cookie to enable the feature to function properly.

Social media features and plugins are hosted by the respective social media companies and are governed by their privacy policies. We recommend you review the privacy policies of any social media platforms you use.

IMPORTANT: Please be cautious about sharing health-related information on social media, as such information may not be protected by HIPAA once disclosed to social media platforms.

4.4 IMPORTANT NOTICE: Tracking Technologies and PHI

Some tracking technologies on our website are provided by third parties (such as Google Analytics). When you visit our website, certain information may be collected by these third-party tools, including your IP address, pages visited, and how you interact with our site.

We configure these tools to avoid collecting PHI to the extent possible. However, if you:

  • Access authenticated areas of our website (such as a patient portal)
  • Visit pages that may indicate specific health conditions or treatment interests
  • Submit forms containing health information

This information could potentially be considered PHI under HIPAA.

Our Safeguards:

  • We have implemented technical safeguards to prevent PHI from being transmitted to third-party tracking tools
  • We have entered into business associate agreements with third-party tracking technology providers where required under HIPAA
  • We use data minimization techniques to limit the information collected
  • We anonymize or pseudonymize data where possible

4.5 Your Choices Regarding Cookies and Tracking

You have several options to control or limit how we and our third-party partners collect and use information through tracking technologies:

A. Browser Settings

Most web browsers automatically accept cookies, but you can modify your browser settings to:

  • Decline all cookies
  • Accept only certain types of cookies
  • Receive an alert when cookies are being sent
  • Delete cookies after each browsing session

Please consult your browser's help documentation for specific instructions:

  • Chrome: https://support.google.com/chrome/answer/95647
  • Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
  • Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

B. Opt-Out Tools and Preference Centers

  • Network Advertising Initiative (NAI): Opt out of interest-based advertising from NAI member companies at www.networkadvertising.org/choices
  • Digital Advertising Alliance (DAA): Opt out of interest-based advertising from DAA member companies at www.aboutads.info/choices
  • Google Ads Settings: Control the ads you see from Google at www.google.com/settings/ads
  • Facebook Ad Preferences: Control the ads you see on Facebook at www.facebook.com/ads/preferences

C. Mobile Device Settings

On mobile devices, you can:

  • iOS: Go to Settings > Privacy > Advertising > Limit Ad Tracking
  • Android: Go to Settings > Google > Ads > Opt out of Ads Personalization

D. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that lets you tell websites you do not want to have your online activities tracked. Currently, there is no industry standard for how to respond to DNT signals. At this time, our website does not respond to DNT signals, but you can use the other opt-out methods described above.

E. Global Privacy Control (GPC)

We recognize Global Privacy Control (GPC) signals as a valid request to opt out of the sale or sharing of personal information for users in states that require recognition of such signals.

Important Note: If you disable or block cookies, some features of our website may not function properly, and you may not be able to access certain secure areas or services. Disabling cookies will not prevent you from receiving our healthcare services, but it may affect your ability to use our online tools and portals.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

5. HOW WE USE YOUR INFORMATION

5.1 Uses of General Personal Information

We use personal information collected from website visitors and users for the following purposes:

A. To Provide and Improve Our Services

  • Provide you or your members with healthcare services
  • Create and manage your account
  • Provide customer support and respond to your inquiries
  • Personalize your experience on our website
  • Improve our website functionality and user experience
  • Develop new products and services

B. For Marketing and Communications

  • Send you newsletters, promotional materials, and information about our services
  • Provide you with information about healthcare services that may interest you
  • Conduct market research and surveys
  • Display targeted advertisements on our website and third-party websites
  • Measure the effectiveness of our marketing campaigns

C. For Business Operations

  • Process payments and transactions
  • Detect, prevent, and respond to fraud, security incidents, and other malicious or illegal activity
  • Comply with legal obligations and enforce our Terms of Service
  • Conduct audits, data analysis, and research
  • Train our staff and improve our business processes

D. For Analytics and Research

  • Analyze website usage and trends
  • Understand user preferences and behavior
  • Conduct statistical analysis and research
  • Create de-identified or aggregated data for business purposes

5.2 Uses of Protected Health Information (PHI)

We use and disclose PHI only for the purposes identified in this Privacy Notice and as permitted or required by law. We will not use or disclose your PHI for any other purpose without your written authorization.

A. Treatment

We may use and disclose your PHI to coordinate your healthcare services, including:

  • Providing you with healthcare services
  • Sharing your health information with insurance companies to faciliate your care
  • Coordinating with healthcare providers to ensure continuity of care
  • Providing information about treatment alternatives or health-related benefits

B. Payment

We may use and disclose your PHI to obtain payment for services we provide to you or to assist with payment activities, including:

  • Billing your health plan for our services
  • Determining your eligibility for insurance coverage
  • Collecting payment for services rendered
  • Coordinating benefits with multiple insurance plans

C. Healthcare Operations

We may use and disclose your PHI for our healthcare operations, which include business activities necessary to run our organization and ensure quality care, including:

  • Quality assessment and improvement activities
  • Training our staff, including the Providers
  • Business planning and development
  • Conducting compliance audits and reviews
  • Customer service activities related to your healthcare services
  • Case management and care coordination
  • Reviewing the qualifications of healthcare professionals

D. Marketing and Communications (Health-Related)

We may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you, such as:

  • Information about additional healthcare services
  • Wellness programs and preventive care services
  • Disease management programs
  • Health education materials

We will not use or disclose your PHI for marketing purposes that involve direct or indirect payment from a third party without your written authorization, except as permitted by law.

5.3 Use of Sensitive Personal Information

We limit our use of sensitive personal information to the following purposes:

  • Performing services or providing goods reasonably expected by an average consumer
  • Ensuring security and integrity
  • Short-term, transient use
  • Performing services on behalf of the business
  • Verifying or maintaining the quality or safety of our services
  • Purposes that do not infer characteristics about you

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you beyond what is necessary to provide our services.

6. HOW WE SHARE YOUR INFORMATION

6.1 Sharing of General Personal Information

We may share your personal information with the following categories of third parties:

A. Service Providers and Business Associates

We share personal information with third-party service providers who perform services on our behalf, including:

  • Technology Service Providers: Website hosting, cloud storage, data backup, IT support, cybersecurity services
  • Payment Processors: Companies that process credit card and other payment transactions
  • Marketing and Advertising Partners: Email service providers, marketing automation platforms, advertising networks
  • Analytics Providers: Companies that help us analyze website usage and user behavior
  • Customer Support Tools: Live chat providers, help desk software, CRM systems
  • Professional Services: Legal, accounting, auditing, and consulting firms

These service providers are contractually obligated to use your personal information only for the purposes of providing services to us and to protect the confidentiality and security of your information.

B. Insurance Companies and Health Plans

We share your information with insurance companies and health plans to:

  • Determine eligibility
  • Coordinate benefits and coverage
  • Handle claims and appeals

C. Healthcare Providers and Related Entities

To provide you with clinical services, we may share information with:

  • Providers and other healthcare professional involved in your care
  • Pharmacy benefit managers
  • Health information exchanges
  • Care coordination teams

D. Business Partners

We may share information with business partners who jointly offer services with us or who help us market our services, subject to contractual confidentiality obligations.

E. Affiliates and Subsidiaries

We may share information with our affiliated entities and subsidiaries for business purposes, including providing services to you and improving our collective offerings.

F. Legal and Regulatory Authorities

We may disclose information to:

  • Law enforcement agencies in response to lawful requests
  • Government agencies as required by law
  • Courts and legal counsel in connection with legal proceedings
  • Regulatory authorities for compliance and oversight purposes

G. Business Transfers

In the event of a merger, acquisition, sale of assets, bankruptcy, or other corporate transaction, we may transfer your information to the successor entity. The successor entity will be bound by the terms of this Privacy Notice unless you receive a new notice.

H. With Your Consent

We may share your information with other third parties when you provide your consent or direct us to do so.

6.2 Sharing of Protected Health Information (PHI)

In addition to the uses described in Section 5.2, we may share your PHI in the following circumstances:

A. Business Associates

We may disclose your PHI to third-party service providers (called "business associates" under HIPAA) who perform services on our behalf. We enter into written agreements (called business associate agreements) with these service providers requiring them to appropriately safeguard your PHI.

Business associates may include:

  • Technology service providers (website hosting, data storage, IT support)
  • Payment processors
  • Insurance carriers and third-party administrators
  • Legal, accounting, and consulting services
  • Marketing and communication service providers (for health-related communications)
  • Analytics and quality improvement vendors

B. As Required by Law

We will disclose your PHI when required to do so by federal, state, or local law, including:

  • Public Health Activities: Disclosures to public health authorities for disease prevention, reporting, and surveillance; reporting adverse events or product defects; notifying persons of exposure to communicable diseases
  • Health Oversight Activities: Disclosures to health oversight agencies for audits, investigations, inspections, licensure, and disciplinary actions
  • Legal Proceedings: Disclosures in response to a court order, subpoena, discovery request, or other lawful process (after verifying reasonable efforts to notify you or obtain a protective order)
  • Law Enforcement: Disclosures to law enforcement officials for law enforcement purposes, including identifying or locating suspects, fugitives, material witnesses, or missing persons; reporting crimes; responding to lawful requests
  • Coroners, Medical Examiners, and Funeral Directors: Disclosures as necessary to carry out their duties
  • Organ and Tissue Donation: Disclosures to organ procurement organizations for donation and transplant purposes
  • Research: Disclosures for research purposes when approved by an institutional review board or privacy board with appropriate privacy protections
  • To Avert a Serious Threat: Disclosures when necessary to prevent a serious threat to health or safety
  • Specialized Government Functions: Disclosures for military and veterans' activities, national security and intelligence activities, protective services, correctional institutions, and other law enforcement custodial situations
  • Workers' Compensation: Disclosures as authorized by workers' compensation laws

C. Business Transfers

We may disclose your PHI to a successor entity in connection with a merger, consolidation, sale of assets, or other corporate reorganization. The successor entity will be bound by the terms of this Notice unless you receive a new notice.

D. With Your Authorization

For uses and disclosures beyond treatment, payment, healthcare operations, and the other purposes described in this Notice, we will obtain your written authorization. This includes:

  • Most marketing communications that involve payment from a third party
  • Sale of PHI (we do not sell PHI)
  • Psychotherapy notes (if applicable)
  • Other uses and disclosures not described in this Notice

You may revoke your authorization at any time by submitting a written revocation to our Privacy Officer. The revocation will not affect any uses or disclosures we made in reliance on your authorization before we received your revocation.

6.3 De-identified and Aggregated Information

We may use and disclose information that has been de-identified in accordance with HIPAA standards or aggregated in a manner that does not identify you personally. De-identified and aggregated information is not considered personal information or PHI and is not subject to the restrictions in this Privacy Notice. We may use and disclose such information for any lawful purpose, including:

  • Research and analytics
  • Public health reporting
  • Business intelligence and market analysis
  • Product development and improvement

7. SALE AND SHARING OF PERSONAL INFORMATION

7.1 Sale of Personal Information

We do not sell your personal information.

7.2 Sharing for Cross-Context Behavioral Advertising

We may share personal information with third-party advertising partners for cross-context behavioral advertising (also known as targeted advertising or interest-based advertising). This involves using information about your activity across different websites and services to show you ads tailored to your interests.

Categories of Personal Information Shared for Targeted Advertising:

  • Identifiers (IP address, device identifiers, cookies)
  • Internet or network activity
  • Geolocation data
  • Inferences about preferences and interests


We do not share your PHI with any third-party, except as required to provide healthcare services to you in compliance with applicable federal and state laws.

7.3 Your Right to Opt Out

You have the right to opt out of any sharing of your personal information for cross-context behavioral advertising

How to Opt Out:

  • Enable Global Privacy Control (GPC): We recognize GPC signals as valid opt-out requests
  • Contact Us: Email privacy@joineasyhealth.com or call 1-877-880-4693
  • Use Third-Party Opt-Out Tools:
    • Network Advertising Initiative: www.networkadvertising.org/choices
    • Digital Advertising Alliance: www.aboutads.info/choices

Once you opt out, we will not share your personal information unless you later provide authorization to do so.

Note: Opting out of targeted advertising does not mean you will stop seeing ads. You will still see advertisements, but they will be less relevant to your interests.

7.4 Financial Incentives

We do not currently offer any financial incentives or price or service differences in exchange for the retention, sale, or sharing of your personal information. If we do so in the future, we will provide you with notice and obtain your opt-in consent as required by law.

8. YOUR PRIVACY RIGHTS AND CHOICES

8.1 Rights for All Users

Regardless of where you live, you have the following rights regarding your personal information:

A. Right to Access

You have the right to request access to the personal information we have collected about you.

B. Right to Correction

You have the right to request that we correct inaccurate personal information we maintain about you.

C. Right to Deletion

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.

D. Right to Opt Out of Marketing Communications

You have the right to opt out of receiving marketing emails from us by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting us at privacy@joineasyhealth.com
  • Calling us at 1-877-880-4693

E. Right to Opt Out of Targeted Advertising

You have the right to opt out of targeted advertising as described in Section 7.3.

F. Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights, including by:

  • Denying you goods or services
  • Charging different prices or rates for goods or services
  • Providing a different level or quality of goods or services
  • Suggesting that you will receive a different price, rate, level, or quality of goods or services

8.2 Additional Rights for California Residents

If you are a California resident, you have additional rights under the California Privacy Rights Act (CPRA):

A. Right to Know

You have the right to request that we disclose:

  • The categories of personal information we collected about you
  • The categories of sources from which we collected personal information
  • Our business or commercial purpose for collecting, selling, or sharing personal information
  • The categories of third parties to whom we disclose personal information
  • The specific pieces of personal information we collected about you

B. Right to Delete

You have the right to request deletion of personal information we collected from you, subject to certain exceptions (such as when we need the information to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech rights).

C. Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

D. Right to Opt Out of Sale/Sharing

You have the right to opt out of the sale of your personal information and the sharing of your personal information for cross-context behavioral advertising, as described in Section 7.3.

E. Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of your sensitive personal information to purposes permitted by law. However, we already limit our use of sensitive personal information to permitted purposes as described in Section 5.3.

F. Right to Data Portability

When you exercise your right to know, you have the right to receive your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another entity without hindrance.

G. Right to Non-Discrimination

We will not discriminate against you for exercising your CPRA rights.

H. Authorized Agents

You may designate an authorized agent to make requests on your behalf. To designate an authorized agent, you must provide the agent with written permission to act on your behalf, and we may require you to verify your identity directly with us.

I. Shine the Light Law

California's "Shine the Light" law (Civil Code Section § 1798.83) permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your consent.

8.3 Additional Rights for Residents of Other States

If you are a resident of Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have similar rights to those described above for California residents, including:

  • Right to access personal information
  • Right to correct inaccurate personal information
  • Right to delete personal information
  • Right to data portability
  • Right to opt out of targeted advertising
  • Right to opt out of the sale of personal information
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

The specific rights available to you depend on your state of residence and the applicability of state privacy laws.

8.4 HIPAA Rights for Protected Health Information

If you are a patient or client receiving healthcare services from us, you have the following rights under HIPAA regarding your Protected Health Information:

A. Right to Access and Inspect Your PHI

You have the right to inspect and obtain a copy of your PHI that we maintain in a designated record set (such as enrollment records, billing records, and other records used to make decisions about you).

How to Request: Submit a written request to our Privacy Officer at the address listed in Section 16.

Response Time: We will respond to your request within 30 days.

Fees: If you request copies of your PHI, we may charge a reasonable fee for copying, mailing, and supplies.

Denials: In certain limited circumstances, we may deny your request, and we will provide you with a written explanation if we do so.

B. Right to Request an Amendment

If you believe that information in your records is incorrect or incomplete, you have the right to request that we amend your PHI.

How to Request: Submit a written request to our Privacy Officer that includes the reason for your request.

Response Time: We will respond within 60 days.

Denials: We may deny your request if:

  • The PHI was not created by us
  • The PHI is not part of the records we maintain
  • The PHI is not available for inspection
  • The PHI is accurate and complete

If we deny your request, we will provide you with a written explanation, and you may submit a statement of disagreement.

C. Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations, or to restrict disclosures to family members or others involved in your care.

Special Rule: If you pay for a service or item out-of-pocket in full and you request that we not disclose PHI related to that service or item to your health plan for payment or healthcare operations purposes, we must honor that request unless disclosure is required by law.

How to Request: Submit a written request to our Privacy Officer that describes the restriction you are requesting and to whom you want the restriction to apply.

Note: We are not required to agree to your request except in the special circumstance described above.

D. Right to Request Confidential Communications

You have the right to request that we communicate with you about your PHI in a certain way or at a certain location.

Examples:

  • Request that we contact you only at work
  • Request that we contact you only by mail (not by phone)
  • Request that we send communications to an alternative address

How to Request: Submit a written request to our Privacy Officer specifying how or where you wish to be contacted.

Accommodation: We will accommodate all reasonable requests.

E. Right to an Accounting of Disclosures

You have the right to request an accounting of certain disclosures of your PHI that we have made.

What's Included: The accounting will include disclosures for purposes other than treatment, payment, or healthcare operations.

What's Not Included: The accounting will not include:

  • Disclosures made for treatment, payment, or healthcare operations
  • Disclosures made to you
  • Disclosures made pursuant to your authorization
  • Disclosures for national security purposes
  • Certain other disclosures permitted by law

How to Request: Submit a written request to our Privacy Officer. Your request must specify the time period for the accounting, which may not be longer than six years and may not include dates before April 14, 2003.

Fees: The first accounting you request within a 12-month period will be free; we may charge a reasonable fee for additional accountings within that 12-month period.

F. Right to a Paper Copy of This Notice

You have the right to receive a paper copy of this Privacy Notice at any time, even if you have agreed to receive it electronically.

How to Request: Contact our Privacy Officer or visit our Websites.

G. Right to Notification of a Breach

You have the right to be notified in the event of a breach of your unsecured PHI. We will notify you promptly if such a breach occurs.

H. Right to Choose Someone to Act for You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI.

Verification: We will verify that the person has this authority and can act for you before we take any action.

8.5 How to Exercise Your Rights

To exercise any of the rights described above:

1. Submit a Request:

  • Email: Send a request to privacy@joineasyhealth.com
  • Phone: Call us at 1-877-880-4693
  • Mail: Write to us at: Privacy Officer,  EasyHealth, Inc., 8605 Santa Monica Blvd PMB38903, West Hollywood, CA 90069

2. Verify Your Identity:

To protect your privacy and security, we will verify your identity before processing your request. We may ask you to:

  • Provide identifying information (name, email address, phone number)
  • Answer security questions
  • Provide a copy of a government-issued ID (for sensitive requests)

3. Specify Your Request:

Please clearly describe the request you are making and the information or action you are seeking.

4. Authorized Agents:

If you are using an authorized agent to make a request on your behalf, the agent must provide:

  • Written authorization from you
  • Proof of their identity
  • Verification that they are authorized to act on your behalf

5. Response Time:

  • General Privacy Requests: We will respond within 45 days (with a possible 45-day extension if needed)
  • HIPAA Requests: We will respond within 30 days for access requests and 60 days for amendment requests

6. No Fee:

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why and provide a cost estimate before completing your request.

9. HIPAA NOTICE OF PRIVACY PRACTICES

This section provides additional information about how we use and disclose Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

9.1 What is Protected Health Information (PHI)?

Protected Health Information ("PHI") is individually identifiable health information that we create, receive, maintain, or transmit in any form (electronic, paper, or oral). PHI includes information about your:

  • Past, present, or future physical or mental health or condition
  • Provision of health care to you
  • Payment for your health care

PHI includes obvious identifiers such as your name, address, date of birth, and Social Security number, as well as less obvious identifiers such as your medical record number, health plan beneficiary number, and any other unique identifying number, characteristic, or code.

9.2 Our Commitment to Protecting Your PHI

We are required by law to:

  • Maintain the privacy and security of your PHI
  • Provide you with this notice of our legal duties and privacy practices
  • Follow the terms of the notice currently in effect
  • Notify you if we are unable to agree to a requested restriction
  • Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations

9.3 Uses and Disclosures of PHI Without Your Authorization

As described in Sections 5.2 and 6.2, we may use and disclose your PHI without your authorization for:

  • Treatment: Coordinating your healthcare services and insurance coverage
  • Payment: Billing and payment activities related to healthcare services
  • Healthcare Operations: Quality improvement, training, business planning, and other operational activities
  • As Required by Law: Public health, health oversight, legal proceedings, law enforcement, and other legally mandated disclosures
  • Business Associates: Service providers who assist us in providing healthcare services

9.4 Uses and Disclosures Requiring Your Authorization

For uses and disclosures beyond treatment, payment, healthcare operations, and the other purposes described in this Notice, we will obtain your written authorization. This includes:

  • Marketing: Most marketing communications that involve payment from a third party (we will not use or disclose your PHI for such marketing without your authorization)
  • Sale of PHI: We do not sell PHI and will not do so without your authorization
  • Mental Health Notes: If applicable, we will not use or disclose mental health notes without your authorization (except for limited purposes permitted by law)
  • Other Uses: Any other use or disclosure not described in this Notice

Your Right to Revoke Authorization:

You may revoke your authorization at any time by submitting a written revocation to our Privacy Officer. The revocation will not affect any uses or disclosures we made in reliance on your authorization before we received your revocation.

9.5 Special Protections for Certain Types of Information

A. Substance Use Disorder (SUD) Records

If we receive or maintain records from a substance use disorder treatment program that is subject to 42 CFR Part 2 ("Part 2 records"), those records are protected by special federal confidentiality rules.

Use and Disclosure of Part 2 Records:

  • With your written consent, we may use and disclose Part 2 records for treatment, payment, and healthcare operations
  • Part 2 records cannot be used or disclosed in any civil, criminal, administrative, or legislative proceeding against you unless you provide specific written consent or a court issues an appropriate order
  • We have entered into agreements with our business associates who may receive Part 2 records, requiring them to comply with Part 2 confidentiality requirements

If you have questions about Part 2 protections or wish to provide or revoke consent for the use or disclosure of Part 2 records, please contact our Privacy Officer.

B. Reproductive Health Information

We will not disclose your PHI for the purpose of conducting a criminal, civil, or administrative investigation into any person for the act of seeking, obtaining, providing, or facilitating lawful reproductive health care.  For certain requests for PHI related to reproductive health care (such as requests from law enforcement or health oversight agencies), we are required to obtain a signed attestation from the requestor confirming that the information will not be used for a prohibited purpose. We will not disclose your PHI in response to such requests unless we receive the required attestation or the disclosure is otherwise required by law.

C. Mental Health Information

Mental health information may be subject to additional state law protections. We will comply with applicable state laws regarding the use and disclosure of mental health information.

D. HIV/AIDS Information

HIV/AIDS-related information may be subject to additional state law protections. We will comply with applicable state laws regarding the use and disclosure of HIV/AIDS information.

E. Genetic Information

We will not use or disclose genetic information for underwriting purposes as prohibited by the Genetic Information Nondiscrimination Act (GINA) and other applicable laws.

9.6 Minors and Personal Representatives

Minors:

Our services are generally intended for adults age 18 and over. When we provide services to minors (individuals under age 18), we follow applicable state and federal laws regarding parental access to minors' PHI.

In most cases, a parent or legal guardian is the personal representative of a minor child and may exercise the child's rights under this Notice. However, in certain circumstances (such as when a minor consents to care and consent of a parent is not required under applicable law, or when a court has granted the minor authority to consent), the minor may exercise his or her own rights.

We will disclose a minor's PHI to parents or guardians consistent with applicable law.

Personal Representatives:

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will verify that the person has this authority and can act for you before we take any action.

If you are a parent or legal guardian and have questions about your rights to access your minor child's PHI, or if you need to designate or revoke a personal representative, please contact our Privacy Officer at privacy@joineasyhealth.com.

9.7 Changes to This HIPAA Notice

We reserve the right to change this Notice and to make the revised or changed Notice effective for PHI we already have about you as well as any information we receive in the future. We will post a copy of the current Notice on our Websites. The Notice will contain the effective date on the first page.

9.8 Complaints About Our Privacy Practices

If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

To file a complaint with us, contact:

Privacy Officer

EasyHealth, Inc.

8605 Santa Monica Blvd PMB38903

West Hollywood, CA 90069

Email: privacy@joineasyhealth.com

Phone: 1-877-880-4693

To file a complaint with the federal government, contact:

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

10. DATA SECURITY

10.1 Our Security Measures

We are committed to protecting the security of your personal information and PHI. We have implemented comprehensive physical, technical, and administrative safeguards designed to protect your information from unauthorized access, use, disclosure, alteration, and destruction.

A. Physical Safeguards

  • Secure facilities with restricted access and visitor controls
  • Secure storage of paper records in locked cabinets and rooms
  • Policies for the secure disposal of physical records (shredding, destruction)
  • Workstation security measures to prevent unauthorized viewing
  • Device and media controls for the movement and disposal of electronic devices

B. Technical Safeguards

  • Encryption of data in transit (using TLS/SSL protocols) and at rest
  • Secure authentication mechanisms, including multi-factor authentication for sensitive systems
  • Access controls that limit access to information based on user roles and responsibilities
  • Audit logs that track access to and use of information systems
  • Firewalls, intrusion detection systems, and anti-malware software
  • Regular security updates and patches for software and systems
  • Secure backup and disaster recovery procedures
  • Network segmentation to isolate sensitive data

C. Administrative Safeguards

  • Comprehensive privacy and security policies and procedures
  • Regular risk assessments to identify and address vulnerabilities
  • Workforce training on privacy and security requirements
  • Background checks for employees with access to sensitive information
  • Sanctions policy for employees who violate privacy and security policies
  • Incident response plan for security breaches and privacy incidents
  • Business associate agreements with third-party service providers
  • Regular audits and monitoring of compliance with privacy and security requirements

10.2 Your Role in Protecting Your Information

We encourage you to help us protect your information by:

  • Keeping Login Credentials Confidential: Do not share your username, password, or other authentication credentials with anyone
  • Using Strong Passwords: Create strong, unique passwords for your accounts and change them regularly
  • Logging Out: Log out of secure portals and applications when you are finished using them
  • Being Cautious with Email: Do not send sensitive health information via unsecured email; use our secure portal for sensitive communications
  • Monitoring Your Accounts: Regularly review your account activity and report any suspicious activity immediately
  • Updating Contact Information: Keep your contact information current so we can reach you about important security matters
  • Being Wary of Phishing: Be cautious of emails, texts, or calls requesting personal information; we will never ask you to provide sensitive information via unsecured channels

10.3 Limitations of Security

Despite our efforts to protect your information, no security measures are perfect or impenetrable. We cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to protect your personal information as well.

10.4 Breach Notification

In the event of a breach of your unsecured personal information or PHI, we will notify you as required by applicable law. Notification will include:

  • A description of what happened
  • The types of information involved
  • Steps you can take to protect yourself
  • What we are doing to investigate and respond to the breach
  • Contact information for further assistance

If you suspect that your information has been used or disclosed improperly, please contact our Privacy Officer immediately at privacy@joineasyhealth.com or 1-877-880-4693.

11. DATA RETENTION

11.1 How Long We Retain Information

We retain your personal information and PHI for as long as necessary to:

  • Provide you with the services you requested
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Fulfill the purposes described in this Privacy Notice

Our retention periods are based on:

  • Federal and state legal requirements (including HIPAA, state insurance regulations, and tax laws)
  • Regulatory requirements for healthcare records
  • Statute of limitations periods for legal claims
  • Legitimate business needs

11.2 Specific Retention Periods

A. Protected Health Information

We retain PHI for at least six (6) years from the date of creation or the date when it was last in effect, whichever is later, as required by HIPAA. Some state laws may require longer retention periods, and we comply with the longer period when applicable.

B. Medical Records

We retain medical records and related documents for at least seven (7) years after the service date or the end of the business relationship, or longer as required by federal and state regulations or contractual requirements.

C. Website Activity and Analytics Data

We retain website activity data and analytics information for up to twenty-six (26) months, or as configured in our analytics tools.

D. Marketing Communications

We retain records of marketing communications and your preferences (such as opt-out requests) indefinitely to ensure we honor your choices.

E. Account Information

We retain account information for active accounts for as long as your account remains active, and for a reasonable period thereafter to allow for account reactivation or to comply with legal obligations.

11.3 Secure Disposal

When information is no longer needed and the retention period has expired, we securely dispose of it using methods designed to prevent unauthorized access, including:

  • Paper Records: Shredding or destroying paper records using cross-cut shredders or professional destruction services
  • Electronic Media: Securely wiping or destroying electronic media using data destruction software or physical destruction methods
  • Certified Vendors: Using certified vendors for disposal services when appropriate, with contractual obligations to protect information during disposal

11.4 Exceptions to Deletion

Even after you request deletion of your information, we may retain certain information:

  • To comply with legal obligations (such as tax, accounting, or regulatory requirements)
  • To resolve disputes or enforce our agreements
  • To detect and prevent fraud or security incidents
  • For internal purposes such as auditing, analysis, and research
  • As otherwise permitted or required by law

When we retain information for these purposes, we will maintain it in a secure manner and limit access to those with a legitimate need.

12. CHILDREN'S PRIVACY

12.1 Age Restrictions

Our website is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 through our website.

If you are under 13 years of age, please do not use our website or provide any personal information to us except to the Providers as necessary to receive healthcare services. If you are a parent or guardian and believe that your child under 13 has provided personal information to us, please contact us immediately at privacy@joineasyhealth.com, and we will take steps to delete such information.

12.2 Services for Minors Ages 13-17

Our Services are generally intended for adults age 18 and over. In some cases, the Providers may provide healthcare services to minors ages 13-17 with parental or guardian consent.

When the Providers provide services to minors ages 13-17:

  • We require verifiable parental or guardian consent before collecting personal information
  • We comply with applicable state and federal laws regarding parental access to minors' information
  • Parents or guardians may exercise rights on behalf of the minor as described in Section 9.6

12.3 Parental Rights

If you are a parent or guardian of a minor who has provided information to us, you have the right to:

  • Review the information we have collected from your child
  • Request that we delete your child's information
  • Refuse to allow further collection or use of your child's information
  • Exercise privacy rights on behalf of your child

To exercise these rights, please contact our Privacy Officer at privacy@joineasyhealth.com or 1-877-880-4693.

13. INTERNATIONAL DATA TRANSFERS

13.1 United States Operations

EasyHealth is located in the United States, and our services are intended for individuals in the United States. Your personal information and PHI are collected, processed, and stored on servers located in the United States in accordance with U.S. federal and state privacy and security laws, including HIPAA.

13.2 Transfers Outside Your Country

If you are located outside the United States and choose to use our provide information to us, please be aware that:

  • Your information will be transferred to and processed in the United States
  • Data protection laws in the United States may differ from those in your country
  • Your information will be subject to U.S. laws, including laws that may allow government access to your information in certain circumstances

By using our Services or providing information to us, you consent to the transfer of your information to the United States.  You also consent to the transfer of your information to our contractors located outside the United States.

13.3 European Economic Area (EEA) and United Kingdom

Our Services are not directed to individuals in the European Economic Area (EEA) or United Kingdom. If you are located in the EEA or UK, please do not use our Services or provide personal information to us.

If we become aware that we have collected personal information from an individual in the EEA or UK, we will take steps to delete such information or obtain appropriate consent and implement appropriate safeguards.

14. THIRD-PARTY LINKS AND SERVICES

14.1 Links to Third-Party Websites

Our website may contain links to third-party websites, applications, and services that are not owned or controlled by us. This Privacy Notice does not apply to those third-party websites or services.

We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

14.2 Third-Party Services and Integrations

We may integrate third-party services into our website or Services, such as:

  • Social media platforms (Facebook, LinkedIn, Twitter)
  • Payment processors
  • Customer support tools (live chat, help desk)
  • Analytics and advertising services

When you interact with these third-party services, they may collect information about you directly. Their collection and use of information is governed by their own privacy policies, not this Privacy Notice.

14.3 Social Media

We maintain pages and accounts on social media platforms such as Facebook, LinkedIn, and Twitter. When you interact with us on social media:

  • The social media platform may collect information about you
  • Your interactions may be visible to other users of the platform
  • The platform's privacy policy governs their collection and use of your information

Please be cautious about sharing health-related information on social media, as such information may not be protected by HIPAA once disclosed to social media platforms.

15. CHANGES TO THIS PRIVACY NOTICE

15.1 Right to Modify

We reserve the right to modify this Privacy Notice at any time to reflect changes in our practices, technology, legal requirements, or other factors.

15.2 Notice of Changes

When we make changes to this Privacy Notice:

  • We will update the "Last Updated" date at the top of this Notice
  • We will post the revised Notice on our Websites
  • For material changes, we may provide additional notice, such as:
    • Sending an email to the address associated with your account
    • Posting a prominent notice on our website
    • Providing notice through our Services

15.3 Effective Date of Changes

For General Personal Information:

Changes to this Privacy Notice will be effective immediately upon posting for new users. For existing users, changes will be effective 30 days after posting, unless we provide a different effective date.

For Protected Health Information (PHI):

Changes to the HIPAA Notice of Privacy Practices (Section 9) will be effective for all PHI we maintain, including PHI we created or received before the effective date of the revised Notice, as permitted by HIPAA.

15.4 Your Continued Use

Your continued use of our Services after the effective date of changes to this Privacy Notice constitutes your acceptance of the revised Notice. If you do not agree to the revised Notice, you should discontinue use of our Services.

15.5 Prior Versions

We will maintain prior versions of this Privacy Notice in our records. You may request a copy of a prior version by contacting our Privacy Officer.

16. CONTACT INFORMATION

16.1 Privacy Officer

If you have questions about this Privacy Notice, our privacy practices, or if you wish to exercise any of your rights, please contact our Privacy Officer:

Privacy Officer

EasyHealth, Inc.

8605 Santa Monica Blvd PMB38903

West Hollywood, CA 90069

Email: privacy@joineasyhealth.com

Phone: 1-877-880-4693

16.2 General Inquiries

For general questions about our Services (not related to privacy), you may contact:

Customer Support

Email: support@joineasyhealth.com

Phone: 1-877-880-4693

Website: www.joinEasyHealth.com or www.easyhealth.com

16.3 Response Time

We will respond to your privacy inquiries and requests as promptly as possible, and within the timeframes required by applicable law:

  • General privacy inquiries: Within 10 business days
  • Consumer rights requests (access, deletion, correction): Within 45 days (with possible 45-day extension)
  • HIPAA rights requests: Within 30 days for access requests, 60 days for amendment requests

17. STATE-SPECIFIC DISCLOSURES

17.1 California Residents

A. California Privacy Rights Act (CPRA) Disclosures

This Privacy Notice includes all disclosures required by the California Privacy Rights Act (CPRA). If applicable, California residents may have the rights described in Section 8.2.

B. Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California residents:

Category
Examples
Collected
Sources
Business Purpose
Disclosed to Third Parties
Identifiers
Name, email, address, phone, IP address, device ID
Yes
Directly from you, automatically, third parties
Provide services, marketing, analytics
Service providers, insurance companies, business partners
Personal information under Cal. Civ. Code § 1798.80(e)
Name, address, SSN, insurance policy number, financial  account information
Yes
Directly from you, third parties
Provide services, payment processing
Service providers, insurance companies, payment processors
Protected classifications
Age, gender, race, ethnicity (for medical purposes only)
Yes
Directly from you
Provide services, comply with legal obligations
Service providers, insurance companies
Commercial information
Products/services purchased, purchasing history
Yes
Directly from you, automatically
Provide services, marketing
Service providers, insurance companies
Internet/network activity
Browsing history, search history, interactions with website
Yes
Automatically
Analytics, improve services, marketing
Service providers, analytics providers, advertising  networks
Geolocation data
General location from IP address
Yes
Automatically
Provide services, analytics
Service providers, analytics providers
Professional/employment information
Employer, job title, employment status
Yes
Directly from you
Provide services
Service providers, insurance companies
Inferences
Preferences, characteristics, behavior
Yes
Derived from other information
Marketing, personalization
Service providers, advertising networks
Sensitive personal information
SSN, health information, account credentials
Yes
Directly from you, third parties
Provide services, security
Service providers, insurance companies, healthcare  providers

C. Sale and Sharing of Personal Information

As described in Section 7, we may "sell" or "share" certain categories of personal information as those terms are defined under California law. California residents may have the right to opt out as described in Section 7.3.

D. Retention Periods

We retain personal information for the periods described in Section 11, or as required by California law.

E. Shine the Light Law

California Civil Code Section § 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your consent.

F. California Consumer Privacy Act (CCPA) Metrics

We will publish annual metrics regarding consumer rights requests if required by the CPRA on our Websites.

17.2 Virginia Residents

If applicable, Virginia residents may have the rights described in Section 8.3 under the Virginia Consumer Data Protection Act (VCDPA), including:

  • Right to access personal data
  • Right to correct inaccuracies in personal data
  • Right to delete personal data
  • Right to obtain a copy of personal data (data portability)
  • Right to opt out of targeted advertising
  • Right to opt out of the sale of personal data
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise these rights, please contact us as described in Section 8.5.

If you have concerns about the results of a consumer rights request, you may appeal by contacting our Privacy Officer at privacy@joineasyhealth.com. If you remain unsatisfied, you may contact the Virginia Attorney General at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint.

17.3 Colorado Residents

If applicable, Colorado residents may have the rights described in Section 8.3 under the Colorado Privacy Act (CPA), including:

  • Right to access personal data
  • Right to correct inaccuracies in personal data
  • Right to delete personal data
  • Right to obtain a copy of personal data (data portability)
  • Right to opt out of targeted advertising
  • Right to opt out of the sale of personal data
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise these rights, please contact us as described in Section 8.5.

If you have concerns about the results of a consumer rights request, you may appeal by contacting our Privacy Officer at privacy@joineasyhealth.com. If you remain unsatisfied, you may contact the Colorado Attorney General at https://coag.gov/file-complaint/.

17.4 Connecticut Residents

If applicable, Connecticut residents may have the rights described in Section 8.3 under the Connecticut Data Privacy Act (CTDPA), including:

  • Right to access personal data
  • Right to correct inaccuracies in personal data
  • Right to delete personal data
  • Right to obtain a copy of personal data (data portability)
  • Right to opt out of targeted advertising
  • Right to opt out of the sale of personal data
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise these rights, please contact us as described in Section 8.5.

If you have concerns about the results of a consumer rights request, you may appeal by contacting our Privacy Officer at privacy@joineasyhealth.com. If you remain unsatisfied, you may contact the Connecticut Attorney General at https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page.

17.5 Utah Residents

If applicable, Utah residents may have the rights described in Section 8.3 under the Utah Consumer Privacy Act (UCPA), including:

  • Right to access personal data
  • Right to delete personal data
  • Right to obtain a copy of personal data (data portability)
  • Right to opt out of targeted advertising
  • Right to opt out of the sale of personal data

To exercise these rights, please contact us as described in Section 8.5.

17.6 Nevada Residents

If applicable, Nevada residents may have the right to opt out of the sale of certain covered information under Nevada Revised Statutes Chapter 603A. We do not currently sell covered information as defined by Nevada law. If you are a Nevada resident and would like to submit an opt-out request, please contact us at privacy@joineasyhealth.com.

17.7 Other States

If you are a resident of a state with comprehensive privacy legislation not listed above, you may have similar rights to those described in Section 8.3. Please contact us at privacy@joineasyhealth.com to inquire about your rights under your state's privacy laws.

18. QUALITY AND ACCURACY OF YOUR INFORMATION

18.1 Our Commitment to Accuracy

We strive to maintain accurate and complete personal information and PHI. Accurate information is essential for us to provide you with quality services and comply with legal requirements.

18.2 Your Responsibilities

You can help us maintain accurate information by:

  • Providing Accurate Information: Provide accurate and complete information when you enroll in services, complete forms, or communicate with us
  • Updating Your Information: Promptly notify us of any changes to your contact information, health insurance coverage, employment status, or other relevant information
  • Reviewing Your Records: Periodically review your account information and records for accuracy
  • Requesting Corrections: If you identify errors or inaccuracies, exercise your right to request corrections as described in Section 8
  • Responding Promptly: Respond to our requests for information or clarification in a timely manner

18.3 How to Update Your Information

To update your information:

  • Online: Log in to your account and update your profile information
  • Email: Send updated information to privacy@joineasyhealth.com
  • Phone: Call us at 1-877-880-4693
  • Mail: Write to us at the address in Section 16

18.4 Requesting Corrections

If you believe any information in your records is inaccurate or incomplete, please exercise your right to request corrections as described in Section 8.1 (for general personal information) or Section 8.4 (for PHI).

19. MONITORING AND ENFORCEMENT

19.1 Our Commitment to Compliance

We are committed to complying with this Privacy Notice and with applicable privacy and security laws, including HIPAA, state consumer privacy laws, and other regulations.

19.2 Compliance Monitoring

We monitor compliance through:

  • Risk Assessments: Regular privacy and security risk assessments to identify and address vulnerabilities
  • Workforce Training: Comprehensive training for all workforce members on privacy and security requirements
  • Access Audits: Regular auditing of access to and use of personal information and PHI
  • Incident Investigation: Prompt investigation of reported privacy incidents and complaints
  • Policy Reviews: Periodic review and update of privacy and security policies and procedures
  • Third-Party Audits: Engagement of independent auditors to assess our privacy and security practices

19.3 Sanctions for Violations

We have a sanctions policy for workforce members who violate our privacy and security policies. Sanctions may include:

  • Retraining and corrective action
  • Suspension of access privileges
  • Disciplinary action up to and including termination of employment
  • Referral to law enforcement for criminal violations

19.4 Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint. We will not retaliate against you for filing a complaint.

To file a complaint with us:

Contact our Privacy Officer at:

  • Email: privacy@joineasyhealth.com
  • Phone: 1-877-880-4693
  • Mail: Privacy Officer, EasyHealth, Inc., 8605 Santa Monica Blvd PMB38903, West Hollywood, CA 90069

To file a complaint with government agencies:

  • HIPAA Complaints: U.S. Department of Health and Human Services, Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201, Phone: 1-877-696-6775, Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
  • California Privacy Complaints: California Attorney General's Office, Privacy Enforcement, 1300 I Street, Sacramento, CA 95814, Website: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
  • Other State Privacy Complaints: Contact your state attorney general's office (see Section 17 for specific state contact information)

20. ACKNOWLEDGMENT AND CONSENT

20.1 Acknowledgment

By using our Services, accessing our website, or providing information to us, you acknowledge that:

  • You have received, read, and understood this Privacy Notice
  • You understand how we collect, use, disclose, and protect your personal information and PHI
  • You understand your rights regarding your information
  • You understand how to exercise your rights and contact us with questions or concerns

20.2 Consent

By using our Services or providing information to us, you consent to:

  • The collection, use, and disclosure of your information as described in this Privacy Notice
  • The transfer of your information to the United States (if you are located outside the United States)
  • The use of cookies and tracking technologies as described in Section 4 (subject to your opt-out rights)

20.3 Withdrawal of Consent

Where we rely on your consent to process your information, you have the right to withdraw your consent at any time. However, withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

To withdraw consent, please contact our Privacy Officer at privacy@joineasyhealth.com.

20.4 Terms of Service

Your use of our Services is also governed by our Terms of Service, which are incorporated by reference into this Privacy Notice. In the event of a conflict between this Privacy Notice and the Terms of Service, this Privacy Notice shall control with respect to privacy matters.

21. EFFECTIVE DATE AND ACKNOWLEDGMENT

Effective Date: October 15, 2025

Last Updated: October 15, 2025

This Privacy Notice is effective as of the date listed above. By using our Services after this date, you acknowledge that you have received and reviewed this Privacy Notice.

APPENDIX A: DEFINITIONS

Business Associate: A person or entity that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of protected health information.

Covered Entity: A health plan, healthcare clearinghouse, or healthcare provider that transmits health information in electronic form in connection with certain transactions.

De-identified Information: Information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual.

Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Protected Health Information (PHI): Individually identifiable health information that is transmitted or maintained in any form or medium by a covered entity or business associate, excluding certain education and employment records.

Sale of Personal Information: Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to another business or third party for monetary or other valuable consideration.

Sensitive Personal Information: Personal information that reveals a consumer's social security number, driver's license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with required security or access code; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages; genetic data; biometric information; health information; or sex life or sexual orientation information.

Sharing of Personal Information: Sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information to a third party for cross-context behavioral advertising.

APPENDIX B: CONTACT INFORMATION FOR STATE ATTORNEYS GENERAL

California:

California Attorney General's Office

Privacy Enforcement

1300 I Street

Sacramento, CA 95814

Website: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company

Virginia:

Office of the Attorney General

Consumer Protection Section

202 North 9th Street

Richmond, VA 23219

Website: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint


Colorado:

Colorado Attorney General's Office

Consumer Protection Section

Ralph L. Carr Colorado Judicial Center

1300 Broadway, 7th Floor

Denver, CO 80203

Website: https://coag.gov/file-complaint/


Connecticut:

Office of the Attorney General

165 Capitol Avenue

Hartford, CT 06106

Website: https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page


Utah:

Utah Attorney General's Office

Consumer Protection Division

160 East 300 South

Salt Lake City, UT 84111

Website: https://attorneygeneral.utah.gov/contact/complaint-form/

For questions or concerns about this Privacy Notice, please contact:


Privacy Officer

EasyHealth, Inc.

8605 Santa Monica Blvd PMB38903
West Hollywood, CA 90069
Email: privacy@joineasyhealth.com
Phone: 1-877-880-4693
Website: www.joinEasyHealth.com or www.easyhealth.com

Health PlansMembersCliniciansAbout
ImpactCareersContacts
Privacy policyTerms of service

© 2025 Easy Health. Transforming healthcare delivery for America’s health plans.