Privacy Policy
Last updated: June 24, 2026
1. Introduction
Longevity Health Medical Group PA ("we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website, complete our intake forms, or receive telehealth services through our platform.
2. Information We Collect
We may collect the following categories of information:
- Name
- Email address
- Phone number
- Date of birth
- Health information submitted through forms, questionnaires, consultations, and telehealth visits (including medical history, medications, symptoms, weight, height, lab results, and other clinical details)
- Payment information (processed through our payment processor)
- Website usage information (pages viewed, time on site, referring URLs)
- Device and browser information (IP address, browser type, operating system)
3. How We Use Information
We use the information we collect to:
- Provide healthcare services, including telehealth consultations and prescriptions
- Determine eligibility for treatment
- Coordinate care with pharmacies and other providers
- Process payments for services
- Communicate with patients about appointments, treatment, and account matters
- Improve our services and website
- Comply with legal, regulatory, and professional obligations
4. HIPAA and Protected Health Information
Health information you provide to our affiliated medical practice may constitute Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations.
PHI is safeguarded using administrative, technical, and physical security measures designed to protect the confidentiality, integrity, and availability of your information. PHI is disclosed only as permitted or required by law, or with your written authorization.
5. Third-Party Service Providers
We work with trusted third-party service providers that help us deliver our services. These may include, but are not limited to:
- Healthie (electronic health record and patient management)
- Stripe (payment processing)
- Telehealth and communication platforms
These providers may process information on our behalf and are expected to maintain appropriate privacy and security protections, including Business Associate Agreements where required by HIPAA.
6. Cookies and Analytics
Our website may use:
- Cookies and similar tracking technologies
- Analytics tools (such as Google Analytics)
- Performance monitoring tools
These tools help us understand how visitors interact with our website and improve website functionality and user experience. You can control cookies through your browser settings.
7. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information and health information from unauthorized access, use, disclosure, alteration, or destruction. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Data Retention
Medical records are retained in accordance with a written retention policy that meets the most stringent requirement across the jurisdictions we serve.
Records are retained for a minimum of seven (7) years from the date of the last patient encounter for adult patients, and longer for minor patients as required by applicable state law.
Records are stored in Healthie, a HIPAA-compliant, US-hosted environment with encryption, access controls, and audit logging.
When a patient is no longer actively served, their record is not deleted. It is retained for the full retention period under the same administrative, technical, and physical safeguards applied to active patients, and the patient retains the right to access and obtain copies of their record throughout that period.
Protected Health Information (PHI) of inactive or former patients is not repurposed. It is excluded from marketing, re-engagement, and AI/LLM processing workflows and remains subject to the same privacy and security protections as active patient records.
Upon expiration of the applicable retention period, records are securely and permanently destroyed in a manner that renders PHI unreadable and unreconstructable, consistent with HIPAA disposal requirements (45 CFR 164.310(d)).
9. User Rights
Subject to applicable law, you may:
- Request access to the personal information we hold about you
- Request corrections to inaccurate or incomplete information
- Request copies of your medical records where permitted
- Withdraw consent where applicable
To exercise these rights, please contact us using the information below. We may need to verify your identity before fulfilling your request.
10. Contact Information
Questions or concerns regarding our privacy practices should be directed to:
Longevity Health Medical Group PA28 Geary Street, Suite 650 #1481
San Francisco, CA 94108