Effective Date: [Effective Date]

Privacy Policy

This Privacy Policy explains how Hey Commerce LLC ("Hey Commerce," "we," "us," or "our"), the company behind PreMD ("PreMD," the "Service"), collects, uses, shares, and protects information about you when you use our website and Service. Your privacy is central to what PreMD does, and we want you to understand exactly how your information is handled.

A note on health information. PreMD is a preparation tool, not a healthcare provider. We are not a HIPAA "covered entity," and using PreMD does not create a doctor–patient relationship. While we are not legally governed by HIPAA, we have chosen to apply HIPAA-aligned safeguards and privacy practices to the health-related information you share with us, because we believe that information deserves that level of care. PreMD does not diagnose, treat, or prescribe. Always consult a qualified healthcare provider for medical advice. See our Terms of Service.

Contents

  1. Information we collect
  2. How we use your information
  3. Health information
  4. How we share information
  5. We do not sell your data
  6. Cookies, pixels & advertising
  7. Data retention & deletion
  8. How we protect your information
  9. Your privacy rights
  10. California privacy rights (CCPA/CPRA)
  11. EU/UK rights (GDPR)
  12. Children's privacy
  13. International data transfers
  14. Changes to this policy
  15. Contact us

1. Information we collect

We collect information in three ways: information you give us, information collected automatically, and information from third parties.

Information you provide

  • Account information — such as your name, email address, and password when you create an account.
  • Health-related inputs — the symptoms, concerns, questions, and other descriptions you enter, and any documents you choose to upload (such as bloodwork or prior reports). You decide what to share; you are never required to upload documents.
  • Payment information — when you subscribe, our third-party payment processor collects your payment details. We do not store full payment card numbers on our systems.
  • Communications — information you provide when you contact support or correspond with us.

Information collected automatically

  • Usage and device data — such as IP address, browser type, device identifiers, pages viewed, and interactions with the Service.
  • Cookies and similar technologies — see Cookies, pixels & advertising below.

Information from third parties

We may receive limited information from advertising and analytics partners (for example, that you arrived from a particular ad) and from our service providers, consistent with their own privacy policies and your choices.

2. How we use your information

We use information to:

  • Provide, operate, and improve the Service — including generating your personalized preparation reports and follow-up responses.
  • Create and manage your account and process your subscription.
  • Respond to your requests and provide customer support.
  • Send you service-related communications, and, where permitted, marketing communications you can opt out of.
  • Maintain the security and integrity of the Service and prevent fraud or abuse.
  • Comply with legal obligations and enforce our Terms of Service.
  • Measure and improve our advertising — using non-health information only, as described in Cookies, pixels & advertising.

3. Health information

The health-related information you enter is used to provide the Service to you — to generate your preparation reports and to answer your follow-up questions. We treat this information with heightened care:

  • We apply HIPAA-aligned administrative, technical, and physical safeguards to health-related information, even though we are not a HIPAA covered entity.
  • We do not use your health information for advertising, and we do not share your health information with advertising partners or data brokers.
  • We do not sell your health information.
  • We use the limited service providers necessary to operate the Service (for example, secure hosting and the AI processing that generates your report). These providers are bound by confidentiality and data-protection obligations and may only use the information to provide services to us.

4. How we share information

We share information only in these limited circumstances:

  • Service providers / processors — vendors who perform services on our behalf (hosting, AI processing, payment processing, analytics, email, customer support), under contracts that restrict their use of the information.
  • Advertising and analytics partners — limited, non-health information used to measure and improve advertising, as described in Cookies, pixels & advertising.
  • Legal and safety — when we believe disclosure is required by law, regulation, legal process, or to protect the rights, safety, or property of you, us, or others.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
  • With your direction or consent — when you ask us to share information or otherwise consent.

5. We do not sell your data

We do not sell your personal information for money, and we do not share your health information with anyone for their own marketing. Where applicable privacy laws define "sale" or "sharing" broadly to include certain advertising-related cookie activity, you can exercise choices as described in Cookies, pixels & advertising and California privacy rights.

6. Cookies, pixels & advertising

We and our partners use cookies, pixels, software development kits (SDKs), and similar technologies to operate the Service, remember your preferences, measure performance, and understand how our advertising performs.

This includes advertising and analytics tools provided by third parties such as Meta (Facebook/Instagram) and similar platforms. These tools may set cookies and collect information such as your device and usage data and the actions you take on our site (for example, visiting a page or starting a subscription) so that we can measure and improve our ads.

Important: We do not share the health information you enter into PreMD — your symptoms, concerns, uploaded documents, or reports — with Meta or any other advertising partner, and we do not use that health information to target ads to you. Advertising measurement uses non-health information such as general site activity and conversion events.

Your choices

  • You can manage cookies through your browser settings and, where offered, through our cookie banner or preferences tool.
  • You can opt out of interest-based advertising through industry tools such as the Digital Advertising Alliance (optout.aboutads.info) and the Network Advertising Initiative (optout.networkadvertising.org).
  • You can adjust ad-personalization settings within platforms like Meta directly in your account settings on those platforms.
  • Many browsers offer a "Do Not Track" or Global Privacy Control (GPC) signal; where required by law, we honor recognized opt-out preference signals.

7. Data retention & deletion

We retain your information for as long as your account is active or as needed to provide the Service, and afterward only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

You are always in control. You can review or permanently delete your records at any time, for any reason, from within your account or by contacting us at support@getpremd.com. When you delete your records, we delete them from our active systems; residual copies may remain in routine backups for a limited period before being overwritten.

8. How we protect your information

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit and at rest, access controls, and ongoing security practices aligned with HIPAA standards. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you and the relevant authorities as required by law.

9. Your privacy rights

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your information.
  • Obtain a portable copy of your information.
  • Opt out of certain sharing or targeted advertising.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at support@getpremd.com. We will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

10. California privacy rights (CCPA/CPRA)

If you are a California resident, you have the rights described above, including the right to know what personal information we collect and how we use it, the right to delete, the right to correct, and the right to opt out of the "sale" or "sharing" of personal information as those terms are defined under California law. We do not sell your personal information for money. To the extent certain advertising cookie activity is considered "sharing" under California law, you may opt out using the methods in Cookies, pixels & advertising or by contacting us. You may also designate an authorized agent to make a request on your behalf. We honor the Global Privacy Control (GPC) signal as a valid opt-out where required.

11. EU/UK rights (GDPR)

If you are in the European Economic Area or the United Kingdom, Hey Commerce LLC acts as the controller of your personal data. We process your data on the legal bases of performing our contract with you (providing the Service), your consent (for example, for certain cookies and marketing, and for processing health-related data you choose to provide), our legitimate interests (such as securing and improving the Service), and compliance with legal obligations. Health-related data is treated as a special category of data and is processed only with your explicit consent or as otherwise permitted by law. You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact us at support@getpremd.com.

12. Children's privacy

PreMD is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at support@getpremd.com and we will take steps to delete it.

13. International data transfers

We are based in the United States and process information there. If you access the Service from outside the United States, you understand your information may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" above and, where appropriate, provide additional notice. Your continued use of the Service after an update means you accept the revised Policy.

15. Contact us

If you have questions or requests regarding this Privacy Policy or your information, contact us at:

Hey Commerce LLC
[Mailing Address — to be added]
Email: support@getpremd.com