Privacy Policy

Effective Date: July 1, 2026 | Last Updated: June 29, 2026

Introduction

Wellvera Health ("Wellvera," "we," "our," or "us") is a telehealth provider offering medical weight loss, primary care, and urgent care services to patients in Alabama, New York, Utah, Iowa, Florida, Massachusetts, Vermont, and Colorado. We are not a pharmacy; we are a telehealth practice that issues prescriptions to licensed, accredited pharmacies on behalf of our patients.

We are committed to protecting your privacy and the confidentiality of your health information. This Privacy Policy explains how we collect, use, store, and share your personal and health information, and describes your rights regarding that information. By using our website or services, you agree to the terms of this Privacy Policy.

1. HIPAA Compliance

As a healthcare provider, Wellvera Health is subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We handle Protected Health Information (PHI) in compliance with HIPAA's Privacy Rule and Security Rule. Our full Notice of Privacy Practices will be provided to you at the time of your first clinical encounter.

All data transmission on this website is protected using Secure Socket Layer (SSL/TLS) encryption technology. PHI is stored using administrative, technical, and physical safeguards designed to prevent unauthorized access, use, or disclosure.

2. Information We Collect

We may collect the following categories of information:

  • Personal Identification Information: Name, date of birth, email address, phone number, mailing address, and state of residence.
  • Health and Medical Information: Medical history, current medications, weight, health goals, symptoms, treatment plans, prescription information, and any other clinical information necessary to provide care.
  • Payment Information: Credit or debit card details collected through our payment processor, CardPointe (operated by Fiserv). We do not store full card numbers on our servers. Payment data is handled in accordance with PCI DSS standards.
  • Communications: Emails, SMS messages, and other communications you send us or that we send you in the course of providing services.
  • Website Usage Data: IP address, browser type, device type, pages visited, time spent on pages, and referring URLs, collected through cookies and analytics tools.
  • Intake Form Data: Information submitted through our patient intake forms hosted by Tally.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, manage, and improve our telehealth services and patient care.
  • To create and maintain your patient account in our electronic health records system.
  • To communicate with you regarding your health, treatment plan, prescription status, and billing.
  • To process payments for services rendered.
  • To send administrative communications including onboarding instructions and portal access.
  • To send health education content and newsletters where you have opted in.
  • To comply with applicable federal and state laws and professional licensing requirements.
  • To respond to your inquiries and provide customer support.

We do not sell your personal or health information to third parties. We do not use your PHI for marketing purposes without your explicit written authorization.

4. Disclosure of Your Information

We may share your information only in the following circumstances:

  • With your consent: We will share your information when you have provided express written authorization.
  • Treatment purposes: With licensed pharmacies and other healthcare providers directly involved in your treatment, including the compounding pharmacies that fulfill your prescriptions.
  • Service providers: With third-party vendors that assist us in operating our practice, including:
    • OptiMantra – Electronic health records and patient portal
    • Tally – Patient intake forms
    • Brevo – Email and SMS communications
    • Quo / OpenPhone – SMS and phone communications
    • CardPointe / Fiserv – Payment processing
    • Zapier – Workflow automation

    All service providers are required to maintain the confidentiality and security of your information and are prohibited from using it for any purpose other than providing services to Wellvera Health.

  • As required by law: To comply with applicable laws, regulations, court orders, or government requests.
  • To prevent harm: When disclosure is necessary to prevent serious and imminent threat to the health or safety of a person or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality protections.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your experience and analyze how our site is used:

  • Google Analytics: We collect anonymized information about website traffic and usage patterns. This data does not identify you personally.
  • Meta (Facebook) Pixel: We use the Meta Pixel to measure advertising effectiveness and reach previous visitors. You can opt out at facebook.com/privacy/policies/cookies.
  • Essential Cookies: Necessary for the operation of our website, including security and session management.

You may configure your browser to refuse cookies, though this may affect some website functionality.

6. Text Message (SMS) Communications

By providing your mobile phone number and opting into SMS communications, you consent to receive text messages from Wellvera Health related to your care, including appointment reminders, prescription updates, and onboarding instructions. Message and data rates may apply. You may opt out at any time by replying STOP to any text message. For help, reply HELP. See our Mobile Terms of Service for full details.

7. Your Rights

You may have the following rights regarding your information:

  • Access: Request a copy of the personal and health information we hold about you.
  • Correction: Request corrections to inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to our legal and clinical record retention obligations.
  • Accounting of Disclosures: Receive an accounting of certain disclosures of your PHI as required by HIPAA.
  • Opt-Out of Marketing: Opt out of marketing communications at any time by clicking "unsubscribe" in any email or replying STOP to any SMS.
  • Portability: Request transfer of your information to another provider where technically feasible.

To exercise any of these rights, please contact us using the information in Section 10 below. We will respond to all verified requests within 30 days.

8. Data Retention

We retain patient health records in accordance with applicable state and federal law, generally a minimum of seven (7) years from the date of last service. Non-clinical personal data may be retained for up to three (3) years following the end of our relationship, after which it is securely deleted or anonymized.

9. Children's Privacy

Wellvera Health services are intended for adults aged 18 and older. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected information from a minor, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised effective date. For material changes, we will notify active patients via email.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

  • Email: admin@wellvera-health.com
  • Phone: 262-829-7669

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your HIPAA rights have been violated. Information is available at hhs.gov/ocr/privacy/hipaa/complaints.