Privacy Policy

1. Introduction

NOW Optimal Network LLC (“NOW Optimal,” “we,” “us,” or “our”) operates the website nowoptimal.com (the “Website”) and the NOW Optimal mobile application (the “App,” available on Apple App Store and Google Play Store, bundle identifier: com.nowoptimal.patient), collectively referred to as the “Services.”

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information, including Protected Health Information (“PHI”), when you use our Services. We are committed to protecting your privacy and complying with all applicable laws, including the Health Insurance Portability and Accountability Act (“HIPAA”), the California Consumer Privacy Act (“CCPA”), and all requirements of the Apple App Store and Google Play Store.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

• Account & Registration Data: Name, email address, phone number, date of birth, and login credentials when you create an account.
• Health & Medical Information (PHI): Medical history, symptoms, lab results, prescriptions, treatment information, insurance details, and other health information you provide or that is generated through your care.
• Payment Information: Credit/debit card details, billing address, and transaction history processed through our secure payment processor (Stripe).
• Communications: Messages you send through our in-app chat, emails, phone calls, and telehealth consultations.
• Forms & Surveys: Intake forms, consent forms, health questionnaires, and satisfaction surveys.
• Journal & Metrics Data: Health journal entries, vitals tracking, and wellness metrics you voluntarily record.

2.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage Data: Pages viewed, features used, time spent, crash reports, and interaction patterns.
• Log Data: IP address, browser type, access times, and referring URLs.
• Cookies & Similar Technologies: We use cookies, web beacons, and similar technologies to improve functionality and analyze usage. See Section 8 for details.

2.3 Information From Third Parties

• Healthcare Providers: Clinical notes, lab results, and treatment records from our affiliated clinics (NOW Men’s Health, NOW Primary Care).
• EMR System (Healthie): Patient records, appointment information, and form responses managed through our electronic medical records system.
• Payment Processors: Transaction confirmations and billing status from Stripe.

2.4 Apple HealthKit & Google Health Connect Data

If you grant permission, the App may read health data from Apple HealthKit or Google Health Connect (e.g., steps, weight, heart rate, sleep data). This data is used exclusively to enhance your healthcare experience and is never used for advertising, marketing, data mining, or sold to third parties. HealthKit and Health Connect data is not stored in iCloud or any unsecured cloud service.

3. How We Use Your Information

• Healthcare Services: To provide, coordinate, and manage your medical care, including appointments, prescriptions, lab results, and telehealth consultations.
• Payment Processing: To process payments, manage billing, and handle insurance claims.
• AI-Powered Insights (JARVIS): To provide personalized health insights and recommendations to your care team using our proprietary AI system. Your data is processed securely and is not shared with external AI providers for training purposes.
• Communication: To send appointment reminders, lab results notifications, treatment updates, and respond to your inquiries.
• Service Improvement: To analyze usage patterns, diagnose technical issues, and improve our Services.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including HIPAA requirements.
• Safety & Security: To detect, prevent, and address fraud, security breaches, and other harmful activity.

We do NOT use your personal health data for advertising or marketing purposes. We do NOT sell your personal information to third parties.

4. How We Share Your Information

We may share your information only in the following circumstances:

• Healthcare Providers: With our affiliated clinics and providers involved in your care (NOW Men’s Health, NOW Primary Care).
• Business Associates: With HIPAA-compliant service providers who assist in delivering our Services, including:
  • Healthie (EMR platform)
  • Stripe (payment processing)
  • Amazon Web Services (secure cloud infrastructure)
  • Snowflake (secure data warehousing)
  All Business Associates are bound by Business Associate Agreements (BAAs) as required by HIPAA.
• Legal Requirements: When required by law, court order, or government regulation, including mandatory public health reporting.
• With Your Consent: When you provide explicit authorization for any other disclosure.
• Emergency Situations: To prevent or lessen a serious and imminent threat to health or safety.

We never sell your personal information or health data. We do not share health data with advertising networks, data brokers, or information resellers.

5. Data Security

We implement enterprise-grade security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Secure Infrastructure: Our systems are hosted on HIPAA-compliant AWS infrastructure with SOC 2 certification.
• Access Controls: Role-based access controls, multi-factor authentication, and regular access audits.
• Secure Storage: Credentials and tokens are stored using platform-native secure storage (iOS Keychain / Android Keystore via Expo SecureStore).
• Network Security: All API communications use HTTPS. No sensitive data is transmitted over unencrypted channels.
• Monitoring: Continuous security monitoring, intrusion detection, and automated threat response.

While we employ commercially reasonable security safeguards, no electronic transmission or storage method is 100% secure. We encourage you to use strong passwords and keep your login credentials confidential.

6. Data Retention & Deletion

We retain your personal information and health records in accordance with applicable laws and medical record retention requirements:

• Medical Records: Retained for a minimum of 6 years from the date of last treatment or as required by Arizona state law and HIPAA, whichever is longer.
• Account Data: Retained for the duration of your account and for 30 days after account closure.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).

Your Right to Delete: You may request deletion of your personal data by contacting us at privacy@nowoptimal.com. Note that we may be legally required to retain certain medical records even after a deletion request. We will inform you if any data cannot be deleted due to legal obligations.

7. Your Rights

7.1 HIPAA Rights

As a patient, you have the right to:

• Access and obtain a copy of your health records
• Request corrections to your health information
• Request restrictions on certain uses and disclosures
• Receive an accounting of disclosures of your PHI
• Request confidential communications
• Be notified of any breach of your unsecured PHI

For full details on your HIPAA rights, please see our HIPAA Notice of Privacy Practices.

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

• Right to know what personal information is collected and how it is used
• Right to delete personal information (subject to legal exceptions)
• Right to opt out of the sale or sharing of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights
• Right to correct inaccurate personal information

7.3 Arizona Residents

Arizona residents may have additional privacy rights under Arizona state law, including the right to access, correct, and delete personal information. Contact us to exercise these rights.

7.4 Google Play & Apple App Store Users

In addition to the rights above, mobile app users have the right to:

• Revoke any app permissions (camera, photo library, health data) at any time through device settings
• Request a complete export of your data in a portable format
• Request account and data deletion directly within the App or by contacting us
• Opt out of non-essential data collection

8. Cookies & Tracking Technologies

Our Website uses the following technologies:

• Essential Cookies: Required for basic site functionality (session management, security).
• Analytics: We may use privacy-respecting analytics to understand how visitors use our Website. We do not use third-party advertising trackers.

The App does not use advertising SDKs, tracking pixels, or third-party advertising identifiers. We do not participate in cross-app or cross-site tracking.

9. Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@nowoptimal.com, and we will promptly delete such information.

Our Services comply with the Children’s Online Privacy Protection Act (COPPA) and do not target or knowingly collect data from children under 13.

10. Third-Party Services

Our Services integrate with the following third-party platforms:

• Healthie — Electronic Medical Records (EMR) and patient management
• Stripe — Secure payment processing (PCI DSS compliant)
• Amazon Web Services (AWS) — HIPAA-compliant cloud infrastructure
• Snowflake — Secure health data warehousing and analytics
• Google Gemini AI — AI-powered health insights (no PHI used for model training)

Each third-party provider has its own privacy policy. We encourage you to review their policies. All third-party providers handling PHI are bound by Business Associate Agreements.

11. International Users

Our Services are based in the United States and intended for users located in the United States, primarily Arizona. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our Website and App, and by updating the “Last Updated” date at the top of this page. For significant changes affecting how we handle your PHI, we will provide additional notice via email or in-app notification. Your continued use of our Services after such changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us:

14. App Store Compliance Disclosures

Google Play Store

In accordance with Google Play’s Data Safety requirements, we disclose that the NOW Optimal app collects and processes the categories of data described in Section 2 above. Data is encrypted in transit, and you may request data deletion. The app does not share personal data with third parties for advertising purposes. This app is not a medical device and does not diagnose, treat, cure, or prevent any medical condition. Always consult a qualified healthcare professional for medical advice.

Apple App Store

In accordance with Apple’s App Store Review Guidelines, we confirm that: (a) health data collected through the App or HealthKit is not used for advertising or data mining; (b) health data is not sold to advertising platforms, data brokers, or information resellers; (c) health data is not stored in iCloud; (d) the App provides a clear mechanism for users to review and consent to data collection; and (e) all data handling complies with Apple’s Privacy Guidelines and applicable laws.