Privacy Policy - Health Fountain

Privacy Policy

Health Fountain (“Health Fountain,” “we,” “our,” or “us”) is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, process, and protect your information when you access or use our telehealth services, medical clinic services, health coaching, supplements, wellness programs, online courses, subscription services, analysis, education, consultation services, and physical and digital health and wellness products (collectively, the “Services”).

This Privacy Policy applies to users worldwide and is designed to comply with applicable data protection and privacy laws, including but not limited to:

  • The Health Insurance Portability and Accountability Act (HIPAA) (United States)
  • The General Data Protection Regulation (GDPR) (European Union)
  • The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • The Digital Personal Data Protection Act (DPDPA), India
  • Other applicable global data protection regulations

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to all individuals who access or use Health Fountain’s Services worldwide, including patients, clients, customers, subscribers, and website visitors.

Our Services are intended for individuals aged 18 years and older. We do not knowingly collect, solicit, or process personal information from individuals under the age of 18.

2. Information We Collect

We collect personal information and sensitive personal information necessary to provide our Services.

2.1 Personal Identification Information

  • Full name
  • Email address
  • Phone number
  • Mailing address
  • Date of birth

2.2 Health and Medical Information (Protected Health Information – PHI)

In connection with telehealth, medical clinic services, health coaching, consultations, wellness programs, and related Services, we may collect:

  • Medical history
  • Current health conditions
  • Symptoms
  • Diagnoses
  • Treatment information
  • Lab results
  • Prescription details
  • Health assessments
  • Consultation notes
  • Insurance information

This information may constitute Protected Health Information (PHI) under HIPAA and is handled accordingly.

2.3 Payment Information

We collect payment-related information when you purchase products or Services, including:

  • Billing details
  • Transaction records
  • Limited payment card information (processed securely through third-party processors such as Stripe and Razorpay)

Health Fountain does not store full payment card numbers.

2.4 Technical and Usage Information

We automatically collect certain information when you interact with our Services, including:

  • IP address
  • Browser type
  • Device information
  • Operating system
  • Usage data
  • Cookies and tracking technologies

2.5 Marketing and Communication Data

  • Marketing preferences
  • SMS consent
  • Email communication preferences
  • Interaction with advertisements

3. How We Collect Information

We collect information:

  • Directly from you during registration, consultation, purchase, subscription, or communication
  • Through appointment booking systems and telehealth platforms
  • Through CRM systems
  • Through analytics tools such as Google Analytics
  • Through advertising technologies such as Meta/Facebook Pixel
  • Through email marketing platforms
  • Through payment processors
  • Through cookies and automated tracking technologies

4. Legal Bases for Processing (GDPR Compliance)

Where GDPR applies, we process personal data under one or more of the following lawful bases:

  • Performance of a contract
  • Provision of medical care or health services
  • Compliance with legal obligations
  • Legitimate business interests
  • Public health interests
  • Explicit consent (where required for health data or marketing communications)

Sensitive health information is processed only where permitted under applicable law, including explicit consent or provision of healthcare services.

5. How We Use Your Information

We use personal and health information for the following purposes:

5.1 Providing Services

  • Deliver telehealth and medical services
  • Conduct health coaching and consultations
  • Provide wellness programs and courses
  • Fulfill product orders
  • Manage subscriptions
  • Conduct health analysis and educational services

5.2 Administrative Purposes

  • Appointment scheduling
  • Payment processing
  • Insurance verification
  • Customer support
  • Account administration
  • Service improvement

5.3 Compliance and Legal Obligations

  • HIPAA compliance
  • Regulatory reporting
  • Fraud prevention
  • Risk management
  • Legal defense

5.4 Marketing and Advertising

  • Sending promotional emails and SMS (where consent is provided)
  • Running paid advertising campaigns
  • Retargeting and remarketing
  • Analytics and campaign optimization

You may opt out of marketing communications where required by law.

6. HIPAA Notice Regarding Health Information

Where applicable, Health Fountain complies with HIPAA regulations regarding the protection of Protected Health Information (PHI).

We implement administrative, technical, and physical safeguards designed to:

  • Protect the confidentiality of PHI
  • Prevent unauthorized access
  • Ensure data integrity
  • Secure telehealth communications

Health information is disclosed only as permitted by HIPAA, including for treatment, payment, healthcare operations, or as otherwise required by law.

7. Sharing and Disclosure of Information

We do not sell personal data.

However, we may share personal information and health data with:

7.1 Service Providers

  • Payment processors (e.g., Stripe, Razorpay)
  • Telehealth platforms
  • Appointment booking systems
  • Email marketing platforms
  • CRM providers
  • Analytics providers
  • Advertising platforms

7.2 Partners and Affiliates

We may share information with trusted partners or affiliates for operational, service delivery, or business purposes consistent with this Privacy Policy.

7.3 Legal and Regulatory Authorities

We may disclose information when required by:

  • Law or court order
  • Regulatory requirements
  • Public health authorities
  • Law enforcement

7.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, information may be transferred as part of the transaction.

8. International Data Transfers

As we operate worldwide, personal data may be transferred across international borders. Where required, we implement appropriate safeguards such as:

  • Standard Contractual Clauses
  • Contractual data protection agreements
  • Compliance with adequacy decisions
  • Lawful transfer mechanisms under GDPR and DPDPA

9. Data Retention

We retain personal and health information:

  • Until deleted by you where deletion functionality is available
  • As required for ongoing provision of Services
  • As required by healthcare regulations
  • As required by tax, accounting, or legal obligations
  • As necessary for legitimate business purposes

Certain healthcare records may be retained for legally mandated periods under applicable medical regulations.

Users do not have account deletion rights.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Website functionality
  • Analytics (Google Analytics)
  • Advertising and retargeting (Meta/Facebook Pixel and similar tools)
  • Performance monitoring
  • User behavior analysis

We run paid advertising campaigns and use remarketing and retargeting technologies.

We do not currently provide cookie preference control tools.

11. Data Security

We implement reasonable and appropriate security measures designed to protect personal and health information, including:

  • Encryption of sensitive data
  • Secure data transmission
  • Access controls
  • Staff training
  • Vendor security assessments
  • Technical safeguards consistent with HIPAA requirements

However, no system can guarantee absolute security.

12. Your Rights

Depending on your jurisdiction, you may have rights including:

12.1 GDPR Rights (EU/EEA)

  • Right of access
  • Right to rectification
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent

12.2 CCPA/CPRA Rights (California)

  • Right to know
  • Right to correct
  • Right to limit use of sensitive personal information
  • Right to non-discrimination

12.3 DPDPA Rights (India)

  • Right to access
  • Right to correction
  • Right to grievance redressal
  • Right to withdraw consent

Where permitted by law, certain rights may be limited due to healthcare record retention requirements or legal obligations.

13. Third-Party Links and Platforms

Our Services may contain links to third-party websites or integrate third-party platforms. We are not responsible for the privacy practices of external entities.

14. Advertising and Analytics

We use:

  • Google Analytics
  • Meta/Facebook Pixel
  • Email marketing platforms
  • CRM systems

These third parties may collect information in accordance with their own privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal, regulatory, or operational changes. Updates become effective upon publication of the revised Privacy Policy.

Continued use of the Services constitutes acceptance of the updated Privacy Policy.

16. Contact and Complaints

If you believe your privacy rights have been violated, you may file a complaint with the appropriate data protection authority in your jurisdiction, including:

  • U.S. Department of Health and Human Services (for HIPAA matters)
  • EU Data Protection Authorities
  • California Privacy Protection Agency
  • Data Protection Board of India

17. Acceptance of This Policy

By accessing or using Health Fountain’s Services, you acknowledge and agree to the terms of this Privacy Policy.