Consumer Health Data Privacy Policy
Effective Date: April 26, 2026 | Last Updated: April 26, 2026
This Consumer Health Data Privacy Policy ("Policy") supplements our general Privacy Policy and is provided in compliance with the Washington My Health My Data Act (HB 1155), the Nevada Consumer Health Data Privacy Law (SB 370), and similar state consumer health data protection laws.
This Policy explains how Nuvari Health, LLC ("Nuvari," "we," "us," or "our") interacts with consumer health data and where the responsibility for that data sits.
The short version: Nuvari is a wellness storefront. Nuvari does not collect or store the bulk of what state laws define as "consumer health data" — including medical history, conditions, diagnoses, treatment information, prescription details, biometric data, or lab results. That information is collected and stored by our clinical services partner under their own HIPAA-compliant infrastructure. The limited consumer health data Nuvari does collect is described below.
1. What Is Consumer Health Data?
Consumer health data is personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. Under applicable state laws, this includes but is not limited to:
- Individual health conditions, treatment, diseases, or diagnoses
- Social, psychological, behavioral, and medical interventions
- Health-related surgeries or procedures
- Use or purchase of prescribed medications
- Bodily functions, vital signs, and biometric data
- Reproductive or sexual health information
- Gender-affirming care information
- Information about attempts to obtain health services or products
- Health data inferred or derived from non-health information
2. Consumer Health Data Nuvari Collects
The limited consumer-health-related information Nuvari itself collects is:
| Category | Examples | Source |
|---|
| Wellness goal interest | The protocol category you express interest in (e.g., weight management, longevity, sexual wellness) when joining the waitlist or starting a visit | Directly from you |
| Order metadata for health-related products | The fact that you have ordered a wellness protocol, order ID, status, shipment tracking | Your account activity |
| Health-adjacent communications | Customer support messages you send to Nuvari that may reference your wellness journey (e.g., questions about delivery of a protocol) | Directly from you |
| Inferred wellness interest | The fact that you visited a particular protocol page or searched a wellness term on our site | Automatically collected via cookies and analytics |
3. Consumer Health Data Nuvari Does NOT Collect
The following consumer health data is collected and stored exclusively by our clinical services partner — not by Nuvari:
- Medical history, conditions, and diagnoses
- Current and past medications
- Allergies and contraindications
- Health intake assessment answers
- Lab results and biometric measurements (height, weight, BMI, blood pressure, etc., when collected for clinical purposes)
- Prescription details and dosage information
- Clinical communications between you and your healthcare provider
- Treatment plans and ongoing clinical notes
To exercise any rights regarding this clinical-side consumer health data, contact our clinical services partner. We can help facilitate the introduction.
4. Purposes for Nuvari's Use of Consumer Health Data
Nuvari uses the limited consumer health data described in Section 2 only for the following purposes:
| Purpose | Description |
|---|
| Providing the storefront | To present relevant wellness protocols, process orders, and coordinate the handoff to our clinical services partner |
| Order and account management | To create and manage your account, fulfill orders, and provide customer support |
| Communications | To send order confirmations, shipping updates, and respond to support inquiries |
| Service improvement | To analyze aggregated, de-identified data to improve our website and services |
| Legal compliance | To comply with applicable laws, regulations, and legal obligations |
| Safety and fraud prevention | To detect and prevent fraud, abuse, and security threats |
Nuvari does not sell consumer health data. Nuvari does not use consumer health data for targeted advertising without your explicit, separate consent.
5. Third-Party Sharing
Nuvari shares the limited consumer health data it collects only with the following categories of third parties:
| Recipient | Purpose | Data Shared |
|---|
| Clinical Services Partner | To connect you with a licensed physician for the actual clinical visit, where the partner collects the full health intake directly from you | Identity and contact information needed for the handoff; protocol category of interest |
| Cloud Infrastructure and Analytics Providers | To host our website and understand aggregated usage | Account data, usage data; aggregated or de-identified where possible |
| Email and SMS Service Providers | To send transactional and marketing communications you have opted into | Name, contact info; no clinical information is included in messages |
| Shipping Carriers | To deliver orders | Name, address (no health information on packaging) |
| Legal and Regulatory Authorities | Compliance with laws, subpoenas, court orders | As required by the specific legal obligation |
All third parties with access to consumer health data are contractually required to maintain confidentiality and limit use of the data to the purposes for which it was disclosed.
6. Data Retention
Nuvari retains the consumer health data it collects only as long as necessary for the purposes described above:
| Data Category | Retention Period |
|---|
| Account and order data | Duration of your account, plus a reasonable period after deletion for legal and operational purposes |
| Order and transaction records | At least 7 years for tax and compliance purposes |
| Customer support communications | A reasonable period to maintain support history |
| Inferred wellness interest (cookies, analytics) | Up to 13 months, then deleted or de-identified |
Clinical-side consumer health data (medical records, prescriptions, etc.) is retained by our clinical services partner under their own retention policies and applicable medical record retention laws — not by Nuvari.
7. Your Rights
Under applicable state consumer health data privacy laws, you have the following rights with respect to the consumer health data Nuvari holds:
7.1 Right to Know / Access
You have the right to confirm whether we are collecting or sharing your consumer health data and to receive a list of categories of third parties with whom we have shared your data.
7.2 Right to Deletion
You have the right to request deletion of the consumer health data Nuvari holds. We will respond to verified requests within 45 days, with the right to extend by an additional 45 days where reasonably necessary, as permitted by applicable law. Some data may be retained where a legal exception applies (such as tax retention requirements).
7.3 Right to Withdraw Consent
Where we rely on your consent to collect or share consumer health data, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing performed before the withdrawal.
7.4 Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights under this Policy.
8. How to Exercise Your Rights
To exercise any of the rights described above, you may email us at privacy@nuvarihealth.com or submit a request through your account settings (when available). To protect your privacy, we will verify your identity before processing any request.
You may designate an authorized agent to submit requests on your behalf. We may require the authorized agent to provide proof of written authorization and may separately verify your identity.
9. Consent for Collection
Where required by applicable law, we obtain your consent before collecting consumer health data. You will not be required to create an account or share unnecessary consumer health data as a condition of receiving services that do not require it.
10. Geofencing
We do not use geofencing technology to collect consumer health data around healthcare facilities, counseling centers, or similar locations.
11. Security Measures
We protect the consumer health data we hold using industry-standard administrative, technical, and physical safeguards, including:
- TLS encryption for all data in transit
- Encryption at rest provided by our infrastructure providers
- Role-based access controls limiting employee access to data
- Periodic review of our security posture
- Incident response procedures
12. Changes to This Policy
We may update this Policy to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by email or through a prominent notice on our website.
13. Contact Us
If you have questions about this Consumer Health Data Privacy Policy or wish to exercise your rights, please contact us:
Nuvari Health, LLC
Email: privacy@nuvarihealth.com
Website: nuvarihealth.com
