Privacy Policy
Effective Date: August 2, 2021
Last Updated: April 8, 2026
AndHealth LLC (“AndHealth”, “we” or “us”) respects and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and disclose information about you when you access and use our website located at www.andhealth.com (the “Site”), the AndHealth mobile application (the “App”), or our services that include administrative and technology services, coaching services, supplement information, and technology or personal services (“AndHealth Services”), including the platform upon which telehealth services are provided by our affiliated medical practices, including without limitation AndHealth Providers, P.C. (“AndHealth Providers”) via the virtual clinic (the “Virtual Clinic”) (all, collectively, the “Services”). Generally, you can browse our Site without providing direct identifiers, such as your name. However, we automatically collect certain technical information during your visit. When it becomes necessary for us to collect your Personal Information to provide you with the Services, or when you choose to provide us with your Personal Information, this Privacy Policy describes how we collect, use, and disclose that information.
Your use of our Services is governed by this Privacy Policy and the Terms of Use. This Privacy Policy is incorporated into our Terms of Use, and unless we define a term in this Privacy Policy, all capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Use. Therefore, please make sure that you have read, understand, and agree to be legally bound by and comply with our Terms of Use prior to your use of our Services.
This Privacy Policy does not apply to the storage, use, and collection of protected health information (“PHI”), which is governed by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and therefore is covered by our Notice of Privacy Practices (the “NPP”). Any conflict between this Privacy Policy and the NPP with respect to such PHI shall be resolved in favor of the NPP.
Changes to this Privacy Policy
We may modify this Privacy Policy from time to time. If we make any substantial changes to how we collect, use, or share your Personal Information, we will notify you of those changes by posting on the Site, App, or through other appropriate communication channels. We will also update the “Last Updated” date at the top of this document to indicate when those changes become effective.
For all other changes, your continued access to or use of the Services after the revised Privacy Policy becomes effective constitutes your acknowledgment of the updated terms. If any changes are unacceptable to you, you may stop using our Services at any time.
Information We Collect
Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular consumer. The categories of Personal Information that we may collect about you include:
Information You Provide to Us
We collect Personal Information via the Site or the App, when you interact with us on the AndHealth platform, and when you submit information to us. This may include your first and last name, email address, physical address, phone number, birth date, gender, occupation, and information you provide during chat sessions. (Note: Clinical information submitted for medical treatment is Protected Health Information (PHI) and is governed by our Notice of Privacy Practices, not this Privacy Policy).
Information Collected Automatically (Log Data & Device Info)
When you interact with our Site or App, we automatically collect certain technical information. This includes your IP address, browser type, operating system, device identifier, device settings, and “Log Data” describing how you navigate and interact with our Services. We use this data to administer, secure, and improve the functionality of the Services. We do not treat this technical data as anonymous if it can be reasonably linked to you.
Cookies, Pixels, and Tracking Technology
We use cookies (small data files placed on your device) and similar tracking technologies, such as pixels, to understand traffic patterns, optimize our Site, and measure the effectiveness of our general marketing.
- Protection of Health Information: We design our systems to prevent advertising and marketing tracking technologies from operating within the Virtual Clinic, authenticated patient portals, or during clinical intake flows. We do not use third-party advertising cookies or tracking pixels in those environments.
- Your Choices: You can set your browser to refuse cookies or alert you when they are being sent. However, disabling all cookies may prevent you from accessing certain features of our Services.
Cookie Consent and Preferences
When you visit our public-facing Site, we utilize a consent management platform designed to block non-essential third-party cookies, pixels, and similar tracking technologies until you provide your explicit, affirmative consent to their use. You have the right to manage your tracking preferences and may withdraw your consent at any time by clicking the “Cookie Settings” link provided at the bottom of our Site.
Location Information
When you use our Site or App from your mobile device, we may collect and store information about your location by converting your IP address into a rough geolocation. If you grant explicit permission through your mobile device, we may also collect your precise GPS location. Under certain privacy laws, precise geolocation may be considered Sensitive Personal Information. We use this location information solely to personalize your experience and connect you with appropriate regional providers. You may disable precise location tracking at any time through your device settings.
Information from Our Partners
We may receive Personal Information from our partners, and, where applicable, your employer. This information may be provided in connection with one or more business purposes, including to make our Services available to you.
How We Use Your Information
We may use your Personal Information for various business and commercial purposes related to our operations and your use of the Services. (Please note: The use of your clinical information for medical treatment is governed separately by our Notice of Privacy Practices). For example, we may use your Personal Information to:
- Complete registrations, process payments, verify eligibility and benefits, and deliver the administrative and technology aspects of our Services.
- Respond to your inquiries, provide requested information, and notify you of important changes to the Services, Site, App, or our terms and policies.
- Communicate with you about our products, services, and features, subject to your communication preferences and opt-out rights.
- Provide, maintain, and improve our Services; analyze trends and user interactions to improve the design, functionality, and navigational structure of our platforms.
- Enhance and monitor the safety and security of our Services, including detecting, investigating, and preventing fraudulent, unauthorized, or illegal activities.
- Comply with applicable federal, state, and local laws, and enforce this Privacy Policy and our Terms of Use.
- Carry out any other purpose described to you at the time the information was collected or pursuant to your consent.
- Train and optimize our internal machine learning algorithms.
How We Share and Disclose Information
Your Personal Information is not shared outside of AndHealth without your permission, except as described below, nor do we sell your Personal Information.
Disclosures of Service Providers
We may engage third-party vendors, software providers, and contractors to help us administer and provide the Services. We only disclose your Personal Information to these service providers for the specific purpose of performing services on our behalf. They are contractually bound to security standards and are strictly prohibited from retaining, using, or disclosing your Personal Information for any other purpose.
Aggregated and De-Identified Data
We may disclose aggregated or de-identified information to third parties for industry research, quality improvement, or demographic analysis, or similar purposes. De-identified data will be maintained in a form that cannot reasonably identify you, except as necessary to confirm that our de-identification processes satisfy applicable legal requirements.
Disclosures in Connection with Business Transactions
If AndHealth is involved in a merger, acquisition, asset sale, or bankruptcy, your Personal Information may be transferred as a business asset to the acquiring entity. We will ensure that any acquiring entity is legally bound to honor the privacy commitments made in this Privacy Policy, or we will notify you and provide an opportunity to opt-out before your data becomes subject to a materially different policy.
Disclosures for Legal Compliance and Protection
We may disclose your Personal Information to government agencies, law enforcement, or private parties only when we are legally required to do so, or when we determine it is strictly necessary to protect our legal rights. Specifically, we will disclose information: (i) to comply with a valid legal process (such as a subpoena, court order, or warrant); (ii) to enforce our Terms of Use; (iii) to protect the security of our Services; or (iv) to prevent an imminent, severe threat to the physical safety of any person.
Your Privacy Choices
Depending on your state of residence, you may have certain options regarding your Personal Information. AndHealth strives to offer meaningful choices, subject to legal and operational exceptions:
- Access: You may request a copy of the Personal Information we have collected about you. Much of this information can also be reviewed directly by logging into your account via the App or Site.
- Correction: You may request that we update or correct inaccurate or incomplete Personal Information. You can update your profile information within the App or contact us for assistance.
- Deletion: You may request that we delete your Personal Information. Please note that we may be legally required or permitted to retain certain data such as transaction records, security logs, or clinical data governed by HIPAA.
To make a request or ask questions, please contact us at [email protected] or through the support features in the App.
Opting Out of Communications
Assuming you have agreed to our Consent to Communications , we may periodically send you free newsletters and e-mails that directly promote our Services. You may opt out of promotional communications at any time. We do need to send you certain communications regarding Services, and you will not be able to opt-out of those communications, such as account updates, billing information, appointment reminders, and notices regarding changes to our Terms of Use or Privacy Policy. For detailed instructions on how to opt-out of promotional communications or to manage your communication preferences, see our Consent to Communications.
Data Security
We take the protection of your Personal Information seriously. AndHealth implements commercially reasonable physical, technical, and administrative safeguards designed to protect your Personal Information from unauthorized access, use, or disclosure. For example, we use industry-standard encryption protocols (such as TLS) to secure data transmissions across our Site and App. (Note: Protected Health Information is subject to additional safeguards as required by the HIPAA Security Rule).
While we strive to protect your Personal Information, no system is completely secure. We urge you to take active steps to protect your Personal Information and your account, such as using a long, unique passphrase (15 characters or more), enable multi-factor authentication where available, and log out after using shared or public devices. Global Privacy Control and Opt-Out Preference Signals
If you access our public Site using a browser or extension with Global Privacy Control or Do Not Track enabled, our systems will automatically recognize this signal and opt you out of the use of third-party cookies for targeted advertising or analytics on our public-facing pages.
Children and Privacy
Our Services are intended for adults aged 18 and older. We do not target our Services to children, nor do we knowingly collect Personal Information from anyone under the age of 18 without verifiable parental consent.
- We strictly comply with the Children’s Online Privacy Protection Act. We do not knowingly collect Personal Information from children under the age of 13.
- We do not knowingly sell or share the Personal Information of consumers under the age of 16.
If you are a parent or legal guardian and believe that your child has provided us with Personal Information without your consent, please contact us immediately at [email protected]. If we become aware that we have inadvertently collected Personal Information from a minor without legally valid consent, we will take immediate steps to securely delete that information.
Links to Unaffiliated Third-Party Sites
Our Services may contain links to external websites or applications that are owned and operated by unaffiliated third parties (for example, links to external educational resources or news articles).
Please be aware that this Privacy Policy does not apply to external websites. We do not control, and are not responsible for, the content, privacy policies, or security practices of these unaffiliated third parties. When you click a link to an external site, you are leaving AndHealth’s secure environment. To protect your information, we strongly encourage you to review the privacy policies of any third-party website before providing them with your Personal Information.
Data Storage and United States Processing
AndHealth is based in the United States, and our Services are intended strictly for users located within the United States.
All Personal Information and Protected Health Information (PHI) collected by AndHealth is stored and processed on secure servers located within the United States.
If you choose to access our Services while temporarily traveling outside of the United States, please be aware that any information you transmit will be transferred to, processed, and stored within the United States. By accessing the Services, you consent to the transfer and processing of your information in the United States, which may have different data protection laws than the country from which you are accessing the platform.
State-Specific Privacy Notices
California and Indiana Residents
If you are a resident of California (under the CCPA/CPRA) or Indiana (under the ICDPA), state law grants you specific rights regarding your Personal Information. These include the Right to Know, Right to Access, Right to Delete, Right to Correct, and the Right to Opt-Out of targeted advertising or the sharing or selling of your data.
California “Shine the Light” Law
Under California Civil Code Sections 1798.83-1798.84, California residents may ask for a notice identifying the categories of Personal Information we share with third parties for their direct marketing purposes. To request a copy of this notice, please submit a written request to the privacy address listed below.
California Consumer Affairs Notice
Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: If you have a question or complaint regarding the Services, please contact us at [email protected] or the address below. California residents may also reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
We have outlined how to exercise these options in the Your Privacy Choices section above. AndHealth does not sell Personal Information as defined by these state laws.
California Invasion of Privacy Act (CIPA) Notice and Consent Under the California Invasion of Privacy Act (CIPA), California residents have specific protections regarding the recording and interception of communications. To ensure your choices are respected, our public-facing Site utilizes a consent management platform designed to block non-essential third-party cookies, pixels, and tracking technologies until you explicitly provide your affirmative consent. Once you have opted in, and when you interact with features on our Site or App such as customer support chat, search bars, or digital forms, we and our authorized third-party service providers may monitor, record, and capture those interactions in real time to provide support, optimize our Site functionality, and ensure quality of service. By providing your explicit consent and utilizing these features, you affirmatively agree to the monitoring, recording, and routing of these communications to our authorized service providers.
Residents of Other U.S. States
An increasing number of U.S. states (including but not limited to Colorado, Connecticut, Virginia, Texas, and Oregon) have enacted comprehensive privacy laws granting residents similar rights to access, delete, and correct their data. AndHealth strives to offer these meaningful choices to all of our users across the United States, regardless of whether your specific state mandates it. You may exercise these options by contacting us at [email protected] or through support features in the App.
Questions or Contacting Us
If you have any questions, concerns, or complaints about this Privacy Policy, our data collection practices, or if you wish to exercise your privacy rights, please contact our privacy team at:
AndHealth LLC
Attn: Privacy Officer
2 Miranova Pl, 5th Floor
Columbus, OH 43215
Telephone: 614-321-9743
Email: [email protected]
(Please Note: The privacy email address is monitored strictly for privacy and compliance inquiries. For general questions about your account, billing, or technical support for the App, please contact [email protected])