Legal & Compliance

Privacy Policy

How we collect, use, and protect your personal and health information.

Last updated: April 27, 2026

1. Information We Collect

We collect information necessary to provide safe, effective telehealth medical weight loss services. This includes:

We collect this information directly from you through intake forms, telehealth consultations, text communications, and website interactions.

2. How We Use Your Information

We use your information solely for the following purposes:

• ✓To provide telehealth medical weight loss and wellness services
• ✓To evaluate your eligibility for specific medications and treatments
• ✓To prescribe, compound, and ship medications to your Georgia address
• ✓To conduct follow-up consultations and monitor your progress
• ✓To communicate with you about appointments, shipments, and billing
• ✓To process payments and manage your subscription
• ✓To comply with legal and regulatory requirements
• ✓To maintain the security and integrity of our services

We do not sell, rent, or trade your personal or health information to third parties for marketing purposes.

3. How We Share Your Information

We share your information only when necessary to provide our services or as required by law:

All third parties with whom we share information are required to maintain the confidentiality and security of your data in accordance with HIPAA and applicable law.

4. HIPAA Compliance

As a healthcare provider, Haven Integrative Health is a Covered Entity under the Health Insurance Portability and Accountability Act (HIPAA). We are committed to protecting your Protected Health Information (PHI) in accordance with HIPAA regulations.

To exercise any of these rights, text us at 470-274-7571 or contact us during your next consultation. We will respond to all requests within 30 days as required by HIPAA.

5. Patient Portal Communications & Messaging

All clinical communications between you and Margaret — including messages sent through your patient portal, telehealth video sessions, and text messages related to your care — are considered Protected Health Information (PHI) under HIPAA.

6. Data Security

We implement appropriate technical, administrative, and physical safeguards to protect your information:

• ✓Encryption of data in transit (TLS/SSL) and at rest
• ✓Secure, HIPAA-compliant telehealth platforms
• ✓Access controls limiting who can view your information
• ✓Regular security audits and risk assessments
• ✓Staff training on privacy and security practices
• ✓Secure disposal of physical records when applicable

While we take reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience and analyze website traffic:

• •Essential cookies: Required for website functionality (e.g., maintaining your session)
• •Analytics cookies: Help us understand how visitors use our website so we can improve it
• •We do not use advertising or tracking cookies for third-party marketing

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

8. Data Retention

We retain your personal and health information for as long as necessary to provide our services and comply with legal obligations:

• •Medical records are retained for a minimum of 7 years from the date of last service (or longer if required by Georgia law)
• •Payment records are retained for 7 years for tax and accounting purposes
• •Inactive patient accounts are securely archived after 3 years of inactivity
• •When retention periods expire, records are securely destroyed using HIPAA-compliant methods

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal or health information from children. If we discover that we have inadvertently collected information from a minor, we will delete it immediately.

10. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• ✓Access: Request a copy of the personal information we hold about you
• ✓Correction: Request that we correct inaccurate or incomplete information
• ✓Deletion: Request that we delete your personal information (subject to legal retention requirements)
• ✓Restriction: Request that we limit how we use your information
• ✓Portability: Request a copy of your information in a portable format
• ✓Objection: Object to certain uses of your information

To exercise these rights, text us at 470-274-7571. We will verify your identity before processing any request and respond within the timeframe required by applicable law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will notify you via text or email. Your continued use of our services after changes constitutes acceptance of the revised policy.

12. Contact Information

If you have any questions about this Privacy Policy, your privacy rights, or our data practices, please contact us:

If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights or the Georgia Attorney General's Consumer Protection Division. We will not retaliate against you for filing a complaint.