Privacy Policy

Last updated: April 26, 2026

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Business, for the purpose of CCPA/CPRA, refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of the processing of Consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California.

CCPA and/or CPRA refers to the California Consumer Privacy Act (the “CCPA”) as amended by the California Privacy Rights Act of 2020 (the “CPRA”).

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Body Symmetry MD, 73360 Highway 111 #1, Palm Desert, CA 92260.

Consumer, for the purpose of the CCPA/CPRA, means a natural person who is a California resident.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country refers to: California, United States

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

HIPAA means the Health Insurance Portability and Accountability Act of 1996, as amended.

Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company.

SMS means short message service, including text and multimedia messages sent to and from mobile phone numbers.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.

Website refers to Body Symmetry MD, accessible from https://www.bodysymmetrymdpd.com and https://go.bodysymmetrymdpd.com

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Important Note Regarding Health Information and HIPAA

Body Symmetry MD maintains two separate but complementary privacy documents that work together to protect Your information:

1. This Privacy Policy governs information collected through Our website, marketing channels, web forms, SMS opt-ins, email marketing, advertising tracking, and analytics. This includes information You submit through Our marketing forms (such as Your name, email, phone number, and general interest in Our services) before You become a patient.

2. Our Notice of Privacy Practices (“HIPAA Notice”) governs Protected Health Information (“PHI”) collected during a clinical or treatment relationship — including information shared during clinical visits, consultations, telehealth appointments, lab work, prescriptions, billing, and through Our patient portal. The HIPAA Notice describes how Your medical information may be used and disclosed, Your rights regarding Your PHI, and Our responsibilities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Our HIPAA Notice of Privacy Practices is provided to You at the time You become a patient, is available upon request by contacting Us at [email protected], and is published on Our website. The Effective Date of Our current HIPAA Notice is March 1, 2026.

Information You submit through Our marketing forms is not considered PHI under HIPAA unless and until it is associated with treatment, payment, or healthcare operations through Our clinical practice. Once You become a patient, information collected during treatment, payment, or healthcare operations is governed by HIPAA and Our HIPAA Notice rather than by this Privacy Policy.

In the event of any conflict between this Privacy Policy and Our HIPAA Notice of Privacy Practices regarding the handling of PHI, the HIPAA Notice of Privacy Practices controls.

You may contact Our Privacy Officer regarding HIPAA-related concerns at [email protected].

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

Email address

First name and last name

Phone number (mobile and/or landline)

Address, State, Province, ZIP/Postal code, City

Date of birth (where required for service eligibility)

General information about Your areas of interest in Our services (e.g., hormone optimization, men’s health)

Usage Data

We do not knowingly request, and do not require You to submit, sensitive medical history, diagnoses, prescription information, or other Protected Health Information through Our marketing forms. Such information should only be shared during a clinical consultation or through Our secure patient channels.

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of Our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

We use both Session and Persistent Cookies for the following purposes:

Necessary / Essential Cookies - Type: Session Cookies - Administered by: Us - Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features.

Cookies Policy / Notice Acceptance Cookies - Type: Persistent Cookies - Administered by: Us - Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies - Type: Persistent Cookies - Administered by: Us - Purpose: These Cookies allow Us to remember choices You make when You use the Website.

Tracking and Performance Cookies - Type: Persistent Cookies - Administered by: Third-Parties - Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website.

We do not use cookies, pixels, or tracking technologies on pages where Protected Health Information is collected (such as patient portals or telehealth appointments). Tracking technologies described in this Privacy Policy are limited to Our marketing pages and forms.

SMS / Text Messaging Communications

When You provide Your mobile phone number and check the SMS consent box on Our website, You opt in to receive transactional text messages from Body Symmetry MD. These messages may include:

Appointment confirmations and reminders

Telehealth appointment scheduling and updates

Lab result availability notifications (without disclosing results in the message itself)

Prescription pickup or delivery notifications

Post-visit follow-up communications tied to an existing patient relationship or inquiry

Other service-related updates

SMS messages will not contain specific clinical results, diagnoses, prescription details, or other Protected Health Information. Notifications regarding clinical matters will direct You to Our secure patient portal or instruct You to call Our office.

Message frequency varies. Message and data rates may apply. Reply HELP for help or STOP to opt out at any time.

Mobile information, phone numbers, and SMS consent will not be shared with or sold to third parties or affiliates for marketing or promotional purposes under any circumstances. Phone numbers may only be shared with Our subcontracted SMS messaging platform strictly for the purpose of delivering the messages You have opted in to receive. This information sharing is limited to message delivery and explicitly excludes any marketing, promotional, or third-party use.

This restriction on SMS information takes precedence over any other provision in this Privacy Policy. Opting out of SMS messages will not affect Your ability to receive care from Body Symmetry MD through other communication channels such as phone, email, or Our patient portal.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain Our Service, including to monitor the usage of Our Service.

To manage Your inquiries and consultation requests: to respond to inquiries about Our services, schedule consultations, and route You to the appropriate provider or coordinator.

For the performance of a contract: the development, compliance and undertaking of any contract with Us.

To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication regarding updates or informative communications related to Our services, when necessary or reasonable.

To provide You with information about Our services, special offers, and general updates about Our practice, where You have not opted out of receiving such information. This excludes SMS marketing communications, which are governed by the SMS / Text Messaging Communications section above.

To manage Your requests: To attend and manage Your requests to Us.

To deliver targeted advertising to You: We may use Your information to develop and display content and advertising (and work with third-party vendors who do so) tailored to Your interests and/or location and to measure its effectiveness. This excludes mobile phone numbers, SMS consent information, and any Protected Health Information.

For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.

For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of Our promotional campaigns and to evaluate and improve Our Service.

We may share Your personal information in the following limited situations:

With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of Our Service, to advertise on third party websites to You after You visited Our Service, and to contact You. Service Providers are contractually required to protect Your information and use it only for the purposes We direct.

For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.

With Your consent: We may disclose Your personal information for any other purpose with Your consent.

We do not share Your personal information with affiliates, business partners, or other third parties for their own marketing or promotional purposes. Mobile phone numbers and SMS consent information are subject to the additional restrictions described in the SMS / Text Messaging Communications section above. Protected Health Information is governed by Our Notice of Privacy Practices and is not shared with marketing or advertising vendors under any circumstances.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with Our legal obligations (including HIPAA and applicable state medical record retention laws), resolve disputes, and enforce Our legal agreements and policies.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. This information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You. You may contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when We have a legal obligation or lawful basis to do so, including medical record retention requirements under HIPAA and California law.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation

Protect and defend the rights or property of the Company

Prevent or investigate possible wrongdoing in connection with the Service

Protect the personal safety of Users of the Service or the public

Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. Protected Health Information is subject to additional safeguards required by HIPAA and described in Our Notice of Privacy Practices.

Detailed Information on the Processing of Your Personal Data

Analytics

We may use third-party Service providers to monitor and analyze the use of Our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. For more information on the privacy practices of Google, please visit: https://policies.google.com/privacy

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

Lead Connector

Their Privacy Policy can be viewed at https://www.gohighlevel.com/privacy-policy

Call Tracking

We use call tracking services to record, analyze, and attribute inbound phone calls made to phone numbers displayed on Our marketing pages. When You call a phone number on Our marketing pages, the call may be recorded and the following information may be collected: Your phone number, the date and time of the call, the duration of the call, the source that referred You, and the content of the call (audio recording and/or transcript).

Call recordings and transcripts are used for quality assurance, training, customer service, lead attribution, and improving Our marketing. Call data is shared only with Our call tracking provider and is not shared with third parties for marketing or promotional purposes. Calls made through Our patient portal or for clinical telehealth appointments are NOT recorded by call tracking services and are governed by Our Notice of Privacy Practices.

CallRail

CallRail is a call tracking and analytics service provided by CallRail, Inc. CallRail’s Privacy Policy can be viewed at https://www.callrail.com/privacy/

Session Recording and Heatmap Analytics

We use session recording and heatmap analytics tools to understand how visitors interact with Our marketing pages. These tools may record Your interactions on the marketing portion of Our Service, including mouse movements, clicks, scrolls, page views, and form interactions. This information is used to identify usability issues, improve the Service, and analyze how visitors use Our pages.

Sensitive form fields (such as password fields and payment fields) are masked from recordings. Session recording and heatmap analytics are NOT used on patient portal pages, telehealth pages, or any pages where Protected Health Information is entered or displayed.

Crazy Egg

Crazy Egg provides session recording, heatmap, and visitor behavior analytics. Crazy Egg’s Privacy Policy can be viewed at https://www.crazyegg.com/privacy

Behavioral Remarketing and Advertising

The Company uses remarketing services to advertise to You after You accessed or visited Our marketing pages. We and Our third-party vendors use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use Our marketing pages so that We can improve Our Service and serve You advertisements that are likely to be of more interest to You.

These third-party vendors collect, store, use, process and transfer information about Your activity on Our marketing pages in accordance with their Privacy Policies and to enable Us to:

Measure and analyze traffic and browsing activity on Our marketing pages

Show advertisements for Our services to You on third-party websites or apps

Match Our website visitors to physical mailing addresses for direct mail retargeting

Measure and analyze the performance of Our advertising campaigns

Behavioral remarketing and advertising vendors do not collect or receive Protected Health Information from Us. Information shared with these vendors is limited to non-clinical browsing and engagement data from Our marketing pages.

You can use the following third-party tools to decline the collection and use of information for the purpose of serving You interest-based advertising:

The NAI’s opt-out platform: http://www.networkadvertising.org/choices/

The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

You may opt-out of all personalized advertising by enabling privacy features on Your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android).

We may share information, such as hashed email addresses (if available) or other online identifiers collected on Our marketing pages with these third-party vendors. Mobile phone numbers, SMS consent information, and any Protected Health Information are excluded from any sharing with these advertising and remarketing vendors.

The third-party vendors We use are:

Google Ads

Google Ads remarketing service is provided by Google Inc. You can opt out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting: http://www.google.com/settings/ads

Microsoft Advertising

Microsoft Advertising remarketing service is provided by Microsoft Inc. You can opt out by following their instructions: https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads

Meta (Facebook / Instagram)

Meta remarketing service is provided by Meta Platforms, Inc. You can opt out by following these instructions: https://www.facebook.com/help/568137493302217

Choozle

Choozle is a programmatic display advertising platform. For more information and to opt out, visit: https://choozle.com/privacy

Modern Postcard

Modern Postcard provides direct mail retargeting services. To opt out, contact Us at [email protected] or visit https://www.modernpostcard.com.

CCPA/CPRA Privacy Notice (California Privacy Rights)

This privacy notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.

Note on Health Information: Medical information regulated by HIPAA and the California Confidentiality of Medical Information Act (CMIA) is excluded from CCPA/CPRA’s scope. The categories below describe non-clinical information collected through Our marketing channels.

Categories of Personal Information Collected

Category A: Identifiers. Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address. Collected: Yes.

Category B: Personal information categories listed in the California Customer Records statute. Examples: A name, address, telephone number. Collected: Yes.

Category C: Protected classification characteristics under California or federal law. Examples: Age, sex (including gender), medical condition. Collected: Limited — date of birth and general areas of service interest may be collected to determine service eligibility. Specific medical conditions are not collected through marketing channels.

Category D: Commercial information. Collected: No.

Category E: Biometric information. Collected: No.

Category F: Internet or other similar network activity. Examples: Interaction with Our Service or advertisement. Collected: Yes.

Category G: Geolocation data. Collected: No.

Category H: Sensory data. Collected: No.

Category I: Professional or employment-related information. Collected: No.

Category J: Non-public education information. Collected: No.

Category K: Inferences drawn from other personal information. Collected: No.

Category L: Sensitive personal information. Collected: No.

Under CCPA/CPRA, personal information does not include:

Publicly available information from government records

Deidentified or aggregated consumer information

Information excluded from the CCPA/CPRA’s scope, including health or medical information covered by HIPAA and the California Confidentiality of Medical Information Act (CMIA), and clinical trial data

Personal information covered by certain sector-specific privacy laws including FCRA, GLBA, FIPA, and the Driver’s Privacy Protection Act of 1994

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

Directly from You. From the forms You complete on Our marketing pages.

Indirectly from You. From observing Your activity on Our marketing pages.

Automatically from You. Through cookies on Our marketing pages.

From Service Providers. From third-party vendors that help Us operate Our marketing channels.

Use of Personal Information

We may use or disclose personal information We collect for “business purposes” or “commercial purposes” as defined under the CCPA/CPRA, including:

To respond to inquiries and schedule consultations

To provide support and respond to questions about Our services

To respond to law enforcement requests and as required by applicable law

For internal administrative and auditing purposes

To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity

Disclosure of Personal Information

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:

Category A: Identifiers

Category B: Personal information categories listed in the California Customer Records statute

Category F: Internet or other similar network activity

Share of Personal Information

We may share, and have shared in the last twelve (12) months, Your personal information identified in the above categories with:

Service Providers (analytics, advertising, CRM, and SMS messaging platforms)

Third party vendors authorized by You

We do not share personal information with affiliates or business partners for their own marketing or promotional purposes.

Mobile phone numbers, SMS consent information, and Protected Health Information are NOT included in any sharing described above.

Sale of Personal Information

We do not sell Your personal information for monetary consideration.

The CCPA/CPRA defines “sell” and “sale” broadly to include disclosing or making available personal information to third parties in exchange for any valuable consideration, which may include certain advertising and analytics arrangements. Under this broad definition, Our use of cookies and online identifiers with advertising and analytics partners (such as Google Ads, Microsoft Advertising, Meta, and Choozle) for interest-based advertising may be deemed a “sale” or “sharing” of personal information under CCPA/CPRA. You have the right to opt out of these arrangements.

Mobile phone numbers, SMS opt-in records, SMS consent information, and Protected Health Information are never sold, rented, transferred, disclosed, or otherwise shared with any third party for any purpose other than message delivery by Our SMS messaging platform or treatment as governed by HIPAA.

Sale of Personal Information of Minors Under 16 Years of Age

We do not knowingly collect personal information from minors under the age of 16 through Our marketing channels. We do not sell, rent, transfer, or share the personal information of any individual We know to be under 16 years of age.

Your Rights under the CCPA/CPRA

If You are a resident of California, You have the following rights:

The right to notice

The right to know/access

The right to opt out of the sale or sharing of Personal Data

The right to correct Personal Data

The right to limit use and disclosure of sensitive Personal Data

The right to delete Personal Data

The right not to be discriminated against

Exercising Your CCPA/CPRA Data Protection Rights

To exercise any of Your rights under the CCPA/CPRA, You can contact Us:

By email: [email protected]

By phone number: (760) 565-1193

Do Not Sell or Share My Personal Information

To opt out:

Use the privacy preferences/cookie controls (if available) on Our Service to manage Your tracking consent.

Use the industry opt-out platforms below: The NAI’s opt-out platform: http://www.networkadvertising.org/choices/ The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

Use device-level settings on mobile devices.

Contact Us directly at [email protected].

Mobile phone numbers, SMS consent information, and Protected Health Information are never sold or shared regardless of any opt-out election.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

Your California Privacy Rights (California’s Shine the Light law)

We do not share personal information with third parties for their direct marketing purposes.

Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. We are not responsible for the privacy practices or content of those websites.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email: [email protected]

By phone number: (760) 565-1193

By mail: Body Symmetry MD, 73360 Highway 111 #1, Palm Desert, CA 92260