Privacy Policy

Proveta is a technology platform and marketing brand. Medical services are provided by licensed physicians affiliated with Proveta Medical Group, P.C., an independent physician practice (the "Medical Group"). When you receive medical care through our platform, the Medical Group and its providers act as a "covered entity" under HIPAA and are the custodians of your protected health information ("PHI"). Their handling of your PHI is described in our Notice of Privacy Practices.

This Privacy Policy covers information that Proveta itself collects when you browse our website, create an account, or purchase a membership. Where a piece of information is both PHI and covered by this policy, the HIPAA Notice of Privacy Practices controls.

Information you give us

• Account information: name, email, phone number, password, date of birth.
• Contact and shipping information: mailing address, billing address.
• Payment information: processed securely through our third-party payment processor; we do not store full card numbers.
• Health and eligibility information you provide in the assessment: height, weight, medical history, current medications, allergies, and goals. This information is shared with the Medical Group for clinical review.
• Identity verification information: a photo of your government-issued ID and (where required) a selfie, for identity and safety purposes.
• Communications: messages you send to our care team or customer support, including attachments.

Information collected automatically

• Device and usage information: IP address, browser type, operating system, referring URL, pages viewed, time spent, and clickstream data.
• Cookies, pixels, and similar technologies: see our Cookie Policy for details.
• Approximate location: derived from your IP address.
• Session replay and error logging data, which may capture UI interactions and error traces on pages you visit.

Information from third parties

• Information from advertising partners about how you found us.
• Information from service providers (for example, shipping carriers providing delivery updates).
• Fraud-prevention signals from payment processors and identity-verification vendors.

• To create your account, deliver the Service, and support your care with the Medical Group.
• To process payments, renew your membership, and issue receipts.
• To ship medication, provide tracking, and respond to delivery issues.
• To communicate with you about your account, orders, care, and support.
• To send marketing and promotional communications (you can opt out at any time — see Section 7).
• To improve the Service, develop new features, and analyze usage.
• To detect, investigate, and prevent fraud, abuse, and security incidents.
• To comply with legal obligations, enforce our Terms, and protect our rights and the rights of others.

We do not sell your personal information for money. We share it only in the ways described below.

With the Medical Group and pharmacy partners

To provide medical care, we share your health and account information with the Medical Group and with the licensed pharmacies that fulfill your prescriptions. These parties are independently bound by HIPAA and their own privacy practices.

With service providers

We share information with vendors who help us operate the Service — including hosting (Vercel, Cloudflare), databases (Neon), payment processing, identity verification, email and SMS delivery, customer support, shipping carriers, analytics, and session replay and error logging. These vendors are contractually limited to using your information only for the services they provide to us and are required to implement reasonable security measures.

For legal and safety reasons

• To comply with a subpoena, court order, or other legal process.
• To respond to lawful requests by public authorities, including national security and law enforcement.
• To protect the rights, property, and safety of Proveta, our users, or others.
• To investigate and prevent fraud, illegal activity, or violations of our Terms.

In connection with a business transaction

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you and require the successor entity to honor this Privacy Policy.

We use cookies, web beacons, pixels, and similar technologies to recognize you, remember your preferences, analyze site traffic, and deliver relevant advertising. You can control cookies through your browser settings. Disabling cookies may affect Service functionality. See our Cookie Policy for a full list.

We implement administrative, physical, and technical safeguards designed to protect your information. These include encryption in transit (TLS) and at rest where feasible, role-based access controls, audit logging, and vendor security assessments. No system is perfectly secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact [email protected] immediately.

Marketing communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing message. You can opt out of marketing SMS by replying STOP to any marketing text. Transactional messages (account, order, care) will continue to be sent as long as you have an active account.

Account information

You can review and update certain account information by signing in to your member portal. To request deletion, contact [email protected]. We may retain information as required by law or for legitimate business purposes (for example, fraud prevention and medical record retention).

Do Not Track

Our website does not currently respond to Do Not Track browser signals because no common industry standard has been adopted.

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or another state with a comprehensive privacy law, you have the following rights, subject to verification and legal exceptions:

• The right to know what personal information we collect, use, disclose, and sell or share.
• The right to access a copy of your personal information.
• The right to correct inaccurate personal information.
• The right to request deletion of your personal information.
• The right to opt out of the sale or sharing of your personal information (we do not sell personal information for money).
• The right to opt out of targeted advertising.
• The right to limit the use and disclosure of sensitive personal information.
• The right to appeal a denial of your request.
• The right to not be discriminated against for exercising any of these rights.

To exercise any of these rights, email [email protected] with the subject line "Privacy Request". We will verify your identity before responding. You may designate an authorized agent to submit requests on your behalf in accordance with applicable law.

The Service is intended for adults 18 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations (including medical record retention requirements), resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymize it using commercially reasonable methods.

The Service is intended for users in the United States. Information is processed and stored in the United States. If you access the Service from outside the United States, you are responsible for compliance with local laws.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Your continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.

If you have questions or concerns about this Privacy Policy, contact us at [email protected] or at Proveta, Inc., [Street address], [City, State ZIP].