Legal

Privacy Policy

Effective Date: [Month XX, 2026]Last Updated: [Month XX, 2026]

This Privacy Policy explains how Restorative Balance Group, LLC d/b/a MyHormonz and its affiliates (collectively, "Company," "we," "us," "our") collect, use, disclose, and protect Personal Data in connection with your use of our services, including our mobile application and related websites (collectively, the "Services").

Please read this Privacy Policy together with any additional notices we may provide at the point of collection (for example, in-app disclosures when you upload laboratory hormone reports, log menstrual tracking entries, enter body measurements and composition information, or report on diet, sleep, or mood), so you understand how and why we use your Personal Data.

We keep this Privacy Policy under regular review and may update it from time to time. We will post updates in the Services and update the "Last Updated" date. Where required by law, we will provide additional notice.

1.Introduction and Who We Are

This Privacy Policy covers how we collect and process Personal Data obtained through your use of the Services or otherwise shared by you (e.g., contacting support).

1.1 The Services

The Services are a lifestyle-focused educational platform designed to help users understand hormone optimization concepts, including how hormone lab values may compare to reference ranges, and what research literature may suggest in general for similar demographic profiles.

Users may input or upload information (including photos/images of lab reports) to receive educational insights and content. Each time you upload a lab report, you must affirmatively acknowledge an in-app disclaimer before the upload will be processed.

DISCLAIMER: We are not a medical provider, and the Services are not medical care. Each time you upload a lab report, you will be required to acknowledge an in-app disclaimer confirming, in substance, that the information provided through the Services is for educational purposes only, is not medical advice, diagnosis, or treatment, and that you should seek the advice of a qualified healthcare professional.

1.2 Controller and Contact

For purposes of U.S. privacy laws, we act as the business/controller responsible for processing Personal Data.

Privacy Contact:

  • Email: privacy@company.com
  • Support: support@company.com
  • Mail: Company Address, Oregon, USA

This Policy applies to:

  • Individuals who create an account and use the app to input or upload information (including lab results and photos of lab reports);
  • Individuals who browse educational content; and
  • Individuals who contact us for support.

2.Personal Data We Collect

We collect information to provide the Services, secure the platform, and comply with legal obligations. The categories below describe the types of Personal Data we may process:

  • Account Data. Registration date, subscription status, plan type, account status, and related account administration information.
  • Contact Data. Email address; phone number (optional).
  • Device Data. Device identifiers (as permitted), device type, operating system, app version, language, time zone, and mobile network information.
  • IP Data. IP address and approximate location derived from IP address (not precise GPS unless you explicitly enable a feature requiring it).
  • Identity Data. First and last name (or nickname/username), gender, age range, and similar profile identifiers.
  • Marketing Data. Communication preferences and marketing opt-in/opt-out status.
  • Mode / Feature Data. Information about which features or "modes" you use.
  • Profile Data. Feedback, survey responses, and preferences you provide.

2.1 Sensitive Data / Consumer Health Data

Because the Services relate to hormone optimization and wellness, certain information you provide may be considered Sensitive Personal Information or Consumer Health Data under certain U.S. state laws. This may include:

  • Hormone lab values you input and images of lab reports you upload;
  • Height, weight, body mass index (BMI), waist circumference, symptoms, stress levels, mood status, wellness history, and hormone-related medications and supplements;
  • Lifestyle inputs you log (sleep, diet, mental well-being, and menstrual cycle tracking);
  • Notes/journal content you choose to store in the Services.

We treat this category with heightened protections. See Section 8 (US Consumer Health Data Notice).

2.2 Transaction Data

Purchases and payment-related metadata. Payment card numbers and billing details are collected and processed by our third-party payment processor. We do not store full payment card numbers or billing addresses.

2.3 Usage Data

Interactions with the Services (pages/screens viewed, features used, referral URLs, error logs, crash reports, performance data).

2.4 Cookies/SDKs

Cookies, SDKs, and similar technologies are used only on our informational website and not within the mobile application itself. See Section 3.2 for more detail.

Global Privacy Control: If you visit our informational website using a supported browser, you can use the Global Privacy Control ("GPC") to signal certain opt-out preferences for that browser.

Do Not Track: We do not currently employ a process for automatically responding to "Do Not Track" (DNT) signals. You may opt out of online behavioral ads at aboutads.info/choices.

3.How We Collect Personal Data

3.1 Information You Give Us

We collect Personal Data you provide when you:

  • Create an account and subscribe;
  • Enter or upload information (including lab values and lab report images);
  • Use features (e.g., lifestyle modules, symptom tracking);
  • Contact support, submit feedback, respond to surveys, or interact with us;
  • Connect an integration (e.g., Apple HealthKit or wearable devices) — we collect only the data you choose to share.

Where required by law, we request affirmative consent before processing certain Sensitive/Consumer Health Data. In particular, each time you upload a lab report, you must affirmatively acknowledge the in-app disclaimer before the upload will be processed.

3.2 Information We Automatically Collect

When you use the Services, we automatically collect certain Device Data including browser type, IP address, time zone, and cookies. We may use cookies, log files, web beacons, tags, and pixels to collect this information.

We use essential, functional, performance, and marketing cookies for the following purposes:

PurposeExplanation
ProcessesIntended to make the Services work in the way you expect.
Authentication, Security, and ComplianceIntended to prevent fraud, protect your data from unauthorized parties, and comply with legal requirements.
PreferencesIntended to remember information about how you prefer to interact with the Services.
AnalyticsIntended to help us understand how visitors use the Services in order to improve them.

3.3 Information We Receive from Service Providers

We may receive certain data from vendors that help us operate the Services, such as analytics and crash reporting providers, payment providers, and security and fraud-prevention vendors.

4.How We Use Personal Data

  • To enable and provide the Services — administer accounts, maintain functionality, and deliver educational insights.
  • Account administration — set up accounts, troubleshoot, send service-related notices, and provide in-app support.
  • Educational insights — display reference ranges and provide research-based context from inputs you provide. These outputs are for educational purposes only and are not medical advice.
  • Service quality and development — understand how users engage with the Services and improve features, using aggregation and de-identification where feasible.
  • Customer support — process Personal Data you provide in support communications.
  • Purchases and subscriptions — process subscriptions and purchases, including fraud prevention.
  • Marketing — if you opt in, send newsletters, product updates, promotions, and educational content. You can opt out at any time.
  • Targeted advertising — we do not use Consumer Health Data for targeted advertising.
  • Legal obligations — comply with applicable laws, respond to lawful requests, protect against fraud, and enforce our Terms.

5.How Long We Keep Personal Data

We retain Personal Data as long as necessary to fulfill the purposes described in this Privacy Policy, including providing the Services, complying with legal obligations, resolving disputes, and enforcing agreements.

CategoryRetention PeriodSold or Shared?
Account DataDuration of account plus a reasonable post-termination periodNo
Contact DataDuration of account; marketing contacts retained until opt-outNo
Device / IP DataDuration of accountCertain identifiers may be disclosed to analytics/advertising partners
Identity DataDuration of account plus a reasonable post-termination periodNo
Marketing DataUntil opt-out or account deletionNo
Mode / Feature DataDuration of accountNo
Profile DataDuration of accountNo
Sensitive Data / Consumer Health DataDuration of account; deleted upon request (subject to legal exceptions)No
Transaction DataAs required for tax, accounting, and dispute resolutionNo
Usage DataUp to 24 months from collectionCertain identifiers may be disclosed to analytics/advertising partners
Support CommunicationsUp to 36 months from resolutionNo
Security LogsUp to 12 months from collectionNo

6.Disclosures of Personal Data

6.1 Recipients

We may disclose Personal Data:

  • To service providers that help us operate the Services (hosting, security, analytics, customer support, payment processing);
  • To affiliates, including our parent entity Restorative Balance Group, LLC;
  • To a successor or acquiring entity in connection with a merger, acquisition, or other corporate transaction;
  • To third parties you direct us to share with (e.g., integrations you enable);
  • To comply with legal process;
  • To protect rights, safety, and security.

6.2 Legal Process and Government Requests

We will disclose personally identifying information in response to third-party requests only if required by valid legal process. Where legally permitted, we may seek to narrow requests, provide advance notice to you, and seek confidentiality protections.

6.3 Payment Service Providers

Payment information is handled by payment processors or app stores. We do not store full payment card numbers. Their processing is governed by their own privacy policies.

6.4 California Medical Privacy Rights

To the extent California's Confidentiality of Medical Information Act ("CMIA") applies, we do not disclose your medical information to third parties without your authorization unless permitted or required by the CMIA or other applicable law.

7.How We Protect Personal Data

We use reasonable administrative, technical, and organizational safeguards designed to protect Personal Data, including encryption in transit (TLS/HTTPS) and at rest, secure storage controls, access control and least-privilege practices, audit logging, security monitoring, vulnerability management, and employee training.

No system is 100% secure. Please use a strong password and protect your account credentials.

8.Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before sharing Personal Data.

9.Age Restriction

The Services are restricted to individuals 18 years of age or older. We do not knowingly collect Personal Data from anyone under 18. If you believe we may have collected information from a user under 18, please contact us at privacy@company.com.

10.Your Rights and Choices

10.1 General Rights

Depending on where you live, you may have rights to:

  • Request access to and information about your Personal Data;
  • Request correction of inaccurate or incomplete Personal Data;
  • Request deletion of Personal Data;
  • Request restrictions on certain processing where applicable;
  • Request a portable copy of certain Personal Data;
  • Opt out of targeted advertising and certain "sale"/"sharing" disclosures where applicable;
  • Withdraw consent where processing is based on consent.

10.2 How to Exercise Rights

You may submit requests within the app by navigating to Settings → Privacy → Privacy Requests, or via email at privacy@company.com.

10.3 Authorized Agents

If you are a California resident, you may designate an authorized agent to submit a privacy request on your behalf. The authorized agent must provide written authorization or a power of attorney.

10.4 Marketing Choices

You may opt out of marketing emails via the unsubscribe link, in-app settings, or by contacting us.

11.International Transfers

The Services are intended for U.S. users, and our infrastructure and operations are based in the United States. We do not currently use vendors that process your Personal Data outside the United States.

12.HIPAA

Our Services are generally not subject to HIPAA. While we may process health-related information, we are not a "Covered Entity" or "Business Associate" for purposes of HIPAA based on the current product design. Even where HIPAA does not apply, we comply with applicable U.S. consumer health and privacy laws.

13.California and Other U.S. State Privacy Disclosures

At or before the point of collection, California consumers are entitled to notice of the categories of personal information we collect, the purposes for which we collect and use them, whether each category is sold or shared, and the retention period. See Sections 2, 4, and 5 of this Privacy Policy.

13.1 U.S. State Consumer Requests

Subject to applicable law, you may request to Know/Access, Correct, Delete, Opt-out of targeted advertising, or Limit Sensitive PI use.

Oregon Consumer Privacy Act (OCPA)

If you are an Oregon resident, you may have additional rights under the OCPA, including the right to know, correct, delete, and obtain a copy of your Personal Data, and the right to opt out of targeted advertising. To exercise your rights, see Section 10.2. Appeals may be directed to privacy@company.com with the subject "Privacy Appeal."

13.2 How to Submit Requests and Verification

Submit requests via email at privacy@company.com or through the in-app request tool at Settings → Privacy → Privacy Requests. We will verify your identity consistent with the sensitivity of the data and applicable law.

13.3 Appeals

If we decline to take action on a request, you may appeal by contacting privacy@company.com with the subject "Privacy Appeal." If your appeal is denied, you may have the right to contact your state Attorney General.

13.4 Non-Discrimination

We will not unlawfully discriminate against you for exercising your privacy rights.

14.Contact Us

  • Email: privacy@company.com / dpo@company.com
  • Mail: Company Address, Oregon, USA
Appendix

US Consumer Health Data Notice

(WA MHMDA / Similar Laws) — Last Updated: [Month XX, 2026]

This US Consumer Health Data Notice applies to U.S. residents whose Consumer Health Data we process under U.S. state consumer health privacy laws, including (where applicable) the Washington My Health My Data Act. It supplements the Privacy Policy.

"Consumer Health Data" means Personal Data that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status, including reproductive and hormone-related data.

1. Categories of Consumer Health Data We Collect and Purposes

Categories may include:

  • Hormone lab values you enter;
  • Images/photos of lab reports you upload;
  • Symptoms, height, weight, BMI, waist circumference, stress levels, mood status, sleep, diet, mental well-being, menstrual cycle tracking, and hormone-related medications and supplements;
  • Health-related notes you choose to store in the Services.

Purposes include providing educational insights, maintaining account functionality, security and fraud prevention, and service improvements.

2. Sources of Consumer Health Data

We collect Consumer Health Data directly from you and/or from devices or integrations you authorize.

3. Disclosures of Consumer Health Data

We may disclose Consumer Health Data to service providers under contract, affiliates, a successor entity in connection with a corporate transaction, with your consent, or as required by law. We do not sell Consumer Health Data for monetary consideration.

4. Consumer Health Data Requests

Subject to applicable law, you may request to confirm, access, receive a list of disclosures, delete, or withdraw consent for your Consumer Health Data.

How to submit: Email privacy@company.com or use the in-app Privacy Requests tool at Settings → Privacy → Privacy Requests.

Appeals: Email privacy@company.com with subject "Consumer Health Data Appeal." If an appeal is unsuccessful and you are a Washington resident, you may contact the Washington State Attorney General.