Privacy Policy

1. Introduction

Daily Slim Down LLC ("Daily Slim Down", "we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard the information we obtain through the Daily Slim Downweb and mobile applications and related services (the "Platform"). It applies to information about prospective patients, patients, providers (in their personal capacity), website visitors, and other users.

Information you provide in the course of receiving healthcare from a provider through the Platform is also Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and is governed by our HIPAA Notice of Privacy Practices. Where the HIPAA Notice and this Privacy Policy address the same use of PHI, the HIPAA Notice controls.

2. Information We Collect

Information You Provide

• Account information: name, email address, phone number, password, date of birth, and shipping/billing address.
• Identity-verification information: government-issued ID, photo, and (where required) selfie verification.
• Health information: medical history, current conditions, medications, allergies, surgical history, height, weight, biometric measurements, lifestyle information, lab results, and pharmacy preferences.
• Insurance and payment information: payment-card details (tokenized by our PCI-DSS-compliant payment processor and not stored on our servers), HSA/FSA card information, and (where applicable) insurance details.
• Communications: messages you exchange with your provider, support, or our staff.

Information Collected Automatically

• Device & usage: device identifiers, IP address, browser type, operating system, mobile network information, app version, pages or screens viewed, features used, click events, referring URLs, and timestamps.
• Cookies & similar technologies: see Section 9.
• Approximate location: derived from IP address; precise location only if you grant permission on a mobile device.

Information from Third Parties

• Payment processors (transaction status);
• Pharmacy and lab partners (prescription, fulfillment, and lab-result data);
• Identity-verification vendors (verification results);
• Provider credentialing services (for provider users); and
• Marketing partners and referral sources, where you have consented.

We do not knowingly collect biometric identifiers or genetic information except as you voluntarily provide it as part of your clinical record.

3. How We Use Your Information

• Provide, maintain, and improve the Platform and your access to care;
• Connect you with licensed providers and partner pharmacies and facilitate treatment, payment, and healthcare operations as defined under HIPAA;
• Process payments, manage subscriptions, and send billing receipts;
• Send appointment reminders, refill notifications, and clinical messages (transactional);
• Operate AI-assisted features under provider oversight (see AI-Assisted Care Disclosure);
• Verify your identity, prevent fraud, and protect the safety and security of users and the Platform;
• Conduct internal analytics, research, and product development using de-identified or aggregated data;
• Comply with legal obligations, enforce our Terms, and respond to legal process; and
• Send promotional communications (with your consent and only where permitted by law).

4. Communication Preferences

We may send you transactional communications (required for service delivery), clinical communications from your provider or care team, security and account notifications, and — only with your separate opt-in — promotional communications.

You may opt out of promotional emails using the unsubscribe link in any such email or through your account preferences. SMS and voice communications are entirely optional and are governed by our Messaging & Calls Terms. Transactional and clinical email and in-portal messages cannot be disabled while your account remains active.

5. SMS, MMS & Voice (TCPA)

If you opt in, we (and service providers acting on our behalf) may send you text messages and place automated phone calls. Message frequency varies. Message and data rates may apply. Reply STOP to opt out or HELP for help.

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors that support our services (such as our SMS/voice transport provider, Twilio, under a signed Business Associate Agreement) is permitted solely to deliver messages and calls on our behalf. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

See our Messaging & Calls Terms for the complete disclosure, supported carriers, opt-out keywords, and TCPA-compliance details.

6. How We Share Information

Healthcare Providers & Care Team

We share your clinical information with the licensed providers and care-team staff treating you, and with covering or successor providers as needed for continuity of care.

Service Providers (Business Associates)

We share information with vendors that perform services on our behalf under written contracts requiring confidentiality and HIPAA-aligned safeguards, including:

• Cloud hosting and database providers (Google Cloud / Firebase);
• Payment processors;
• Pharmacy partners (including 503A and 503B pharmacies) for prescription fulfillment;
• Laboratory partners;
• Communications providers (email, SMS, voice — Twilio under a BAA);
• Identity-verification, fraud-prevention, and analytics providers; and
• Customer-support tooling.

Legal & Safety

We may disclose information when we reasonably believe disclosure is required by law, subpoena, court order, or other legal process; to comply with law-enforcement requests; to protect the rights, property, or safety of users or the public; or to investigate fraud or security incidents.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to applicable law and the terms of this Privacy Policy.

With Your Direction

We share information with other parties when you direct us to do so (for example, sharing records with another physician you designate).

We do not sell your personal information or PHI, and we do not share your personal information for cross-context behavioral advertising.

7. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information consistent with HIPAA and industry practice, including:

• Encryption of data in transit (TLS) and at rest;
• Role-based access controls and least-privilege provisioning;
• Multi-factor authentication for administrative access;
• Audit logging and security monitoring;
• Vendor risk assessments and signed Business Associate Agreements; and
• Workforce training on privacy and security.

No system is perfectly secure. We cannot guarantee that unauthorized parties will never defeat our safeguards. If we discover a breach affecting your unsecured PHI we will notify you as required by law.

8. Data Retention

We retain medical records and related communications for the minimum period required by applicable state and federal law (typically 6–10 years from the date of last service, longer for minors), and we retain account, billing, and transaction records as needed to comply with legal, tax, and audit obligations. De-identified or aggregated data may be retained indefinitely.

9. Cookies & Tracking Technologies

We use cookies, local storage, and similar technologies that are strictly necessary (for authentication, security, and core functionality), functional (to remember your preferences), and — only where you opt in — analytics (to understand product usage in de-identified form). We do not use third-party advertising cookies on patient pages and we do not share PHI with advertising networks.

You may control cookies through your browser settings. Some features of the Platform may not function correctly if cookies are disabled. We honor browser Do Not Track signals and Global Privacy Control (GPC) signals where required by law.

10. Your Privacy Rights

Depending on where you live, you may have the right to:

• Know / Access the categories and specific pieces of personal information we have collected about you;
• Correct inaccurate personal information;
• Delete personal information, subject to legal-retention exceptions (including medical-record-retention rules);
• Portability — receive a copy of your data in a portable format;
• Opt out of the sale or sharing of personal information for cross-context behavioral advertising (we do not sell or share for these purposes);
• Limit the use of sensitive personal information;
• Withdraw consent for processing that relies on consent; and
• Non-discrimination — we will not discriminate against you for exercising these rights.

To exercise any of these rights, email [email protected] or use the privacy controls in your account settings. We will verify your request using information we already maintain about you. You may use an authorized agent (with written authorization) to submit a request on your behalf. We respond within the time periods required by applicable law (generally 45 days, extendable once by 45 days). You also have the right to appeal a denial.

For PHI, see your additional rights described in our HIPAA Notice of Privacy Practices.

11. State-Specific Disclosures

California (CCPA / CPRA). California residents have the rights described in Section 10. In the preceding 12 months we have collected the following categories of personal information: identifiers, commercial information, internet/network activity, geolocation (general), professional information (for providers), and sensitive personal information (account credentials, precise location only if granted, and health information). We retain this information as described in Section 8. We do not sell or share personal information for cross-context behavioral advertising and have not done so in the preceding 12 months.

Virginia, Colorado, Connecticut, Utah, Texas & other comprehensive-privacy states. Residents of these states have the rights described in Section 10 to the extent provided by their state law. To opt out of targeted advertising, sale of personal data, or profiling decisions with legal effect, email [email protected].

Washington & Nevada (consumer-health-data laws). Consumer-health data we process is described in Section 2 and is used as described in Section 3. We do not sell consumer-health data.

12. Children's Privacy

The Platform is intended for adults 18 and over. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where that is the operative threshold). If you believe a child has provided us with personal information, please contact [email protected] so we can delete it.

13. International Users

The Platform is operated from and hosted in the United States. By using the Platform, users located outside the United States understand that their information will be transferred to and processed in the United States. The Platform is not directed to or available to users in jurisdictions where its services are not lawful.

14. Third-Party Links & Services

The Platform may contain links to third-party websites or services we do not operate. This Privacy Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. Review the privacy notices of any third-party service you use.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-portal notification, and we will update the version number and effective date above. Your continued use of the Platform after the effective date constitutes acceptance.

16. Contact Us

Privacy questions or rights requests:
Entity: Daily Slim Down LLC
Privacy Officer: [email protected]
Support: [email protected]
Mailing address available on request — please email [email protected]