Privacy Policy

Last updated: April 6, 2026

1. Introduction

TuFlorecer LLC ("TuFlorecer," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you access or use our website, applications, and services (collectively, the "Platform").

Important: This Privacy Policy governs personal information we collect as a technology platform. Protected health information (PHI) collected in connection with healthcare services is governed by the Notice of Privacy Practices maintained by our affiliated clinical partners in accordance with the Health Insurance Portability and Accountability Act (HIPAA).

2. Information We Collect

Information You Provide Directly

• Account information: name, email address, phone number, date of birth, mailing address, and login credentials.
• Health information: medical history, current medications, allergies, health conditions, height, weight, and other information submitted through our intake questionnaire.
• Payment information: billing address and payment details (processed and stored by Stripe — we do not store your full credit or debit card numbers).
• Communications: messages you send to our support team, chat interactions with our AI assistant, and feedback you provide.
• Preferences: language preference, communication preferences, and notification settings.

Information Collected Automatically

• Device and browser information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Usage data: pages visited, time spent on pages, links clicked, and navigation paths within the Platform.
• Location data: approximate geographic location derived from your IP address.
• Cookies and similar technologies: we use cookies, pixel tags, and similar technologies as described in our Cookie section below.

3. How We Use Your Information

• To create and manage your account and provide our services.
• To coordinate telehealth consultations with affiliated healthcare providers, including transmitting your health information to licensed clinicians for clinical evaluation.
• To process payments and manage your subscription.
• To coordinate prescription fulfillment and medication delivery with our pharmacy partners.
• To communicate with you about your account, treatment, and services — including appointment reminders, order status updates, and important service announcements.
• To improve the Platform, analyze usage patterns, and develop new features.
• To comply with legal obligations and protect our rights.

4. How We Share Your Information

We may share your personal information with advertising partners through technologies such as Meta Pixel, TikTok Pixel, and Google Analytics. Under the California Consumer Privacy Act (CCPA), this activity may be considered a "sale" or "sharing" of personal information. You have the right to opt out — see our Do Not Sell page for details. We do not sell your protected health information (PHI) to third parties. We may share your information in the following circumstances:

• Healthcare providers: We share your health information with independent licensed healthcare providers and affiliated professional entities who deliver clinical services through the Platform. This sharing is necessary to provide you with medical consultations and treatment.
• Pharmacy partners: We share prescription and shipping information with licensed compounding pharmacies to fulfill medication orders.
• Service providers: We share information with trusted third-party service providers who assist us in operating the Platform, including payment processors (Stripe), email services (Resend), cloud hosting, and analytics providers.
• Legal requirements: We may disclose information when required by law, regulation, legal process, or governmental request.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

We may share de-identified or aggregated information that cannot reasonably be used to identify you for analytics, research, and business purposes.

5. Health Information and HIPAA

TuFlorecer operates as a technology and administrative platform. The healthcare providers who deliver clinical services through our Platform are independent entities that maintain their own obligations under HIPAA. Business Associate Agreements (BAAs) are in place between TuFlorecer and its clinical partners to ensure appropriate handling of protected health information.

Your rights regarding your protected health information — including the right to access, amend, and request an accounting of disclosures — are governed by the Notice of Privacy Practices maintained by the affiliated clinical entities providing your care. Contact our support team for assistance in exercising these rights.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. These include:

• Essential cookies: Required for the Platform to function, including authentication, security, and session management.
• Analytics cookies: Help us understand how users interact with the Platform using services such as Google Analytics 4.
• Advertising cookies: Used to deliver relevant advertisements and measure their effectiveness through Meta Pixel, TikTok Pixel, and similar technologies.

You can manage your cookie preferences through our cookie consent banner or your browser settings. Disabling certain cookies may affect the functionality of the Platform. We honor Global Privacy Control (GPC) signals sent by your browser.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including encryption in transit (TLS/SSL), secure cloud infrastructure, access controls, and regular security assessments.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Data Retention

We retain your personal information for as long as your account is active, as needed to provide you services, and as required by law. Health-related records may be retained for the minimum periods required by applicable state and federal regulations. When personal information is no longer needed, we will securely delete or de-identify it.

9. Your Rights and Choices

Depending on your state of residence, you may have the following rights regarding your personal information:

• Right to access: Request a copy of the personal information we hold about you.
• Right to correction: Request correction of inaccurate personal information.
• Right to deletion: Request deletion of your personal information, subject to certain legal exceptions.
• Right to opt out: Opt out of the sale or sharing of your personal information for targeted advertising purposes.
• Marketing opt-out: Opt out of promotional emails by clicking the unsubscribe link in any email. Opt out of SMS by replying STOP to any text message.

To exercise any of these rights, contact us at info@tuflorecer.com. We will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your privacy rights.

10. Additional Rights for California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including: the right to know what personal information we collect, the right to delete, the right to correct, the right to opt out of sales/sharing, the right to limit the use of sensitive personal information, and the right to non-discrimination. Note that CCPA/CPRA does not apply to information protected by HIPAA.

To exercise your California privacy rights, contact us at info@tuflorecer.com or call (555) 123-4567. You may also designate an authorized agent to submit requests on your behalf.

11. Additional State Privacy Rights

In addition to California, residents of the following states have privacy rights under their respective data privacy laws:

• Texas (Texas Data Privacy and Security Act): Texas residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of the sale of personal data, targeted advertising, and profiling.
• Colorado (Colorado Privacy Act): Colorado residents have the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of the sale of personal data, targeted advertising, and profiling.
• Connecticut (Connecticut Data Privacy Act): Connecticut residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of the sale of personal data, targeted advertising, and profiling.
• Virginia (Virginia Consumer Data Protection Act): Virginia residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of the sale of personal data, targeted advertising, and profiling.
• Nevada (SB 220): Nevada residents may submit a request to opt out of the sale of their covered information. Submit requests to info@tuflorecer.com.

To exercise any of these rights, contact us at info@tuflorecer.com. We will respond within the timeframe required by your state's law. You may also designate an authorized agent to submit requests on your behalf.

12. Consumer Health Data

If you are a resident of Washington State, the Washington My Health My Data Act provides additional protections for consumer health data. Consumer health data includes information that identifies or is reasonably linkable to a consumer and that identifies the consumer's physical or mental health status.

We collect consumer health data including: health conditions, medications, treatment history, height, weight, BMI, and other information submitted through our intake questionnaire. This data is collected for the purpose of coordinating telehealth services and is shared with affiliated healthcare providers and pharmacy partners as described in this Privacy Policy.

Washington residents have the right to access, delete, and withdraw consent for the collection of their consumer health data. To exercise these rights, contact us at info@tuflorecer.com.

13. Open Payments Database Notice

For informational purposes, you may search the federal Open Payments database maintained by the Centers for Medicare & Medicaid Services (CMS) at https://openpaymentsdata.cms.gov to determine if your healthcare provider has received payments from pharmaceutical or medical device companies. This database provides transparency about financial relationships between healthcare providers and manufacturers.

14. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a minor, we will take steps to delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on the Platform and, where required, by email. The "Last updated" date at the top indicates when the policy was most recently revised.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: info@tuflorecer.com
• Phone: (555) 123-4567