Legal · Privacy

Privacy Policy

Last updated: 2026-05-19

Template — pre-launch. This document is a working baseline intended to be reviewed and customized by a licensed attorney familiar with telehealth, HIPAA, and the consumer-privacy laws of each state where EndurHealth operates (including California, Colorado, Connecticut, Virginia, Utah, and any others where you accept patients). Do not publish unmodified.

EndurHealth, Inc. ("EndurHealth," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you visit our website (endurhealth.com) or use our telehealth services (collectively, the "Services").

Some EndurHealth-affiliated medical practices are covered entities under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). For information about how we handle protected health information (PHI) in the course of providing medical care, please also review our HIPAA Notice of Privacy Practices.

1. Information We Collect

1.1 Information you provide directly

  • Identity & contact information: name, email, phone, mailing address, date of birth, state of residence.
  • Health information: symptoms, medical history, current medications, allergies, lab results, and treatment preferences you share through assessments, intake forms, or consultations.
  • Payment information: billing address and payment-method details (collected and stored by our PCI-compliant payment processor; we do not store full card numbers).
  • Communications: messages exchanged with our care team, support requests, survey responses.

1.2 Information collected automatically

  • Device & usage data: IP address, browser type, operating system, referring URL, pages visited, time on page, clicks.
  • Cookies & similar technologies: see Section 7 for details and your choices.

1.3 Information from third parties

  • Pharmacy & laboratory partners that fulfill prescriptions and process lab orders.
  • Advertising & analytics partners (where you have consented) that help us measure marketing performance.
  • Healthcare providers and insurers when you instruct us to coordinate care.

2. How We Use Your Information

  • Provide, maintain, and improve the Services, including connecting you with licensed physicians.
  • Schedule consultations, dispense prescriptions, order labs, and deliver test results.
  • Process payments and prevent fraud.
  • Communicate appointment reminders, prescription updates, follow-up care, and service announcements.
  • Send marketing communications, subject to your consent and your right to opt out (see Section 6).
  • Comply with legal obligations, respond to lawful requests, and enforce our Terms.

3. How We Share Your Information

We do not sell your personal information. We share information only as described below:

  • Affiliated medical practices and the licensed physicians who provide your care.
  • Pharmacies & laboratories to fulfill prescriptions and run ordered tests.
  • Service providers (hosting, analytics, customer support, payment processing, CRM, email/SMS delivery) who are contractually bound to handle your data only for our purposes. Vendors that touch PHI sign Business Associate Agreements (BAAs) as required by HIPAA.
  • Legal & safety reasons: to comply with law, respond to subpoenas, protect rights or safety, or investigate fraud.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you as required by law.
  • With your direction or consent in any other case.

4. SMS & Phone Consent (TCPA)

When you check the consent box on any EndurHealth form, you expressly consent to receive autodialed and/or pre-recorded calls and text messages from EndurHealth or its agents at the phone number you provide, including marketing messages, appointment reminders, and care-related communications. Consent is not a condition of purchase. Message and data rates may apply. Frequency varies. You can opt out at any time by replying STOP to any text or by contacting privacy@endurhealth.com.

5. Your Privacy Rights

5.1 Federal rights (HIPAA)

If your information is PHI held by an EndurHealth-affiliated medical practice, you have HIPAA rights to access, amend, request restrictions on, and receive an accounting of disclosures of your PHI. See our HIPAA Notice of Privacy Practices for full details.

5.2 State privacy rights

Residents of states with comprehensive privacy statutes — including California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Utah (UCPA), and others — have additional rights:

  • Right to know / access the personal information we have about you.
  • Right to correct inaccurate information.
  • Right to delete personal information, subject to legal/medical retention requirements.
  • Right to portability — receive a copy in a portable format.
  • Right to opt out of (i) sale or sharing of personal information, (ii) targeted advertising, and (iii) certain profiling decisions. EndurHealth does not sell personal information.
  • Right to non-discrimination for exercising your rights.
  • Right to appeal a denial of your request (where state law provides).

California "Shine the Light" (Civ. Code §1798.83) requests, and any state-specific request, can be sent to privacy@endurhealth.com. We will verify your identity before fulfilling requests. We honor browser Global Privacy Control (GPC) signals as a valid opt-out of sale/sharing for California residents.

5.3 EU/UK residents (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights of access, rectification, erasure, restriction, portability, and objection. Our lawful bases include consent, performance of a contract, legal obligation, and legitimate interests. Cross-border transfers rely on Standard Contractual Clauses. You may lodge a complaint with your local data protection authority.

6. Marketing Choices

  • Email: click the unsubscribe link in any marketing email.
  • SMS: reply STOP.
  • Phone: ask to be added to our internal do-not-call list.
  • Cookies / targeted advertising: use our cookie banner or browser settings; we honor GPC signals.

Transactional messages necessary to deliver care (appointment reminders, prescription notices, lab results) will continue regardless of marketing preferences, until you close your account.

7. Cookies & Tracking Technologies

We use first- and third-party cookies, pixels, and similar technologies for security, analytics, advertising, and personalization. Our cookie banner lets you manage non-essential cookies. Necessary cookies (authentication, fraud prevention, load balancing) cannot be disabled.

8. Data Security

We implement administrative, technical, and physical safeguards including encryption in transit (TLS) and at rest, role-based access controls, audit logging, vendor due diligence, and Business Associate Agreements with HIPAA partners. No system is perfectly secure; if you suspect unauthorized access to your account, contact us immediately.

9. Data Retention

We retain medical records for the period required by state law (typically 7–10 years from the date of last treatment, longer for minors). We retain non-medical account data for as long as your account is active plus a reasonable period thereafter to comply with legal, tax, and audit requirements.

10. Children

EndurHealth's Services are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified by email (where appropriate) or by a prominent notice on the site. The "Last updated" date at the top reflects the current version.

12. Contact Us

Privacy questions or rights requests: privacy@endurhealth.com
General inquiries: care@endurhealth.com
Mailing address: [STREET ADDRESS PLACEHOLDER]
Phone: [PHONE NUMBER PLACEHOLDER]