Legal

Privacy Policy

How Heyday Health collects, uses, and protects your personal information.

Effective: May 17, 2026

Scope of this Policy
Information we collect
How we use your information
How we share your information
Health information & HIPAA
Third-party data processors
Cookies and tracking
Data retention
Your rights and choices
Security
Children's privacy
Changes to this Policy
Contact us

1. Scope of this Policy

This Privacy Policy describes how HeydayMD LLC, a New Mexico limited liability company doing business as "Heyday Health" ("Heyday," "we," "us," or "our"), collects, uses, discloses, and protects personal information about visitors and patients who use the heydaymd.com website and related telehealth services (collectively, the "Services").

Heyday operates as a technology platform that connects patients with independently licensed healthcare providers. Medical services, prescriptions, and clinical decisions are provided solely by these licensed providers, who maintain their own privacy practices for the protected health information they collect during your treatment.

2. Information we collect

Information you provide

Contact information: name, email address, phone number, mailing address
Health intake information: age, sex assigned at birth, symptoms, health history, medications, lifestyle factors collected through our intake quiz
Identity verification: date of birth, government-issued ID where required by law or for telehealth verification
Payment information: credit card or bank account details, billing address (processed by our payment processor, not stored on our servers)
Communications: messages you send through our forms, chat, or email
Lab results: blood test results you upload or that are collected via partnered laboratory networks

Information collected automatically

Device and browser information: IP address, browser type, operating system, device identifiers
Usage data: pages visited, links clicked, time spent on the site, referrer URLs
Cookies and similar technologies: see Section 7

Information from third parties

Licensed providers: we may receive consultation notes or treatment status updates from the licensed providers who treat you
Laboratory partners: we receive lab results when you complete testing through our affiliated CLIA-certified labs
Pharmacy partners: we receive fulfillment status updates when medication is dispensed

3. How we use your information

We use the information we collect to:

Connect you with appropriate licensed providers for evaluation and treatment
Process and fulfill orders for lab kits and medications
Provide customer service, respond to your inquiries, and send service-related notifications
Send appointment reminders and lab result notifications
Send educational content, health resources, and product updates (only if you have opted in)
Operate, maintain, secure, and improve our Services
Detect and prevent fraud, abuse, or violations of our Terms of Service
Comply with legal obligations, including telehealth regulations, prescription tracking requirements, and tax reporting

We share your information with the following categories of recipients:

Licensed healthcare providers

When you request a clinical evaluation, we share your intake responses, contact information, and relevant health history with the licensed provider in your state who will evaluate your case. These providers are responsible for treatment decisions and prescriptions.

Laboratory and pharmacy partners

When you order a lab kit or are prescribed a medication, we share necessary information with our CLIA-certified laboratory partners and licensed mail-order pharmacies to fulfill testing and prescriptions.

Service providers

We share information with vendors that perform services on our behalf, including hosting, database, payment processing, email delivery, analytics, and customer support. See Section 6 for specific named processors.

Legal compliance

We may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of Heyday, our patients, or others.

Business transfers

If Heyday is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

What we do not do: We do not sell your personal information. We do not share your health information with advertisers. We do not use protected health information for targeted advertising.

5. Health information and HIPAA

Information you provide directly to our affiliated licensed providers during a clinical encounter is generally considered Protected Health Information (PHI) and is governed by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state law. Each licensed provider maintains a separate Notice of Privacy Practices describing how they handle PHI.

Information you provide to Heyday Health as a technology platform (such as marketing form submissions, account information, and pre-clinical intake data) is governed by this Privacy Policy. Once you become a patient and information is transmitted to a licensed provider, it may also become subject to HIPAA protections held by that provider.

6. Third-party data processors

We work with the following service providers, each of whom is contractually bound to handle your information securely and only for the purposes we specify:

Cloudflare, Inc. — website hosting, content delivery, security (United States)
Convex Inc. — backend database for application data and lead intake (United States)
Web3Forms — secure form submission delivery via email (United States)
Stripe, Inc. — payment processing (United States)
Google LLC — fonts and basic analytics (United States)
Licensed laboratory partners — CLIA-certified labs that process diagnostic tests
Licensed mail-order pharmacies — pharmacy partners that dispense prescriptions

7. Cookies and tracking technologies

We use cookies, local storage, and similar technologies to:

Remember your preferences and session state
Authenticate you and keep you signed in
Measure traffic and improve our Services
Run advertising campaigns and measure their effectiveness (with your consent where required)

You can control cookies through your browser settings. Disabling cookies may affect some functionality.

8. Data retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including to satisfy any legal, accounting, or reporting requirements. Medical records held by your treating provider are retained according to applicable state law (typically 7 years from last patient contact or longer for minors).

You may request deletion of marketing data we hold about you (see Section 9), though clinical records held by treating providers must be retained per regulatory requirements.

9. Your rights and choices

Depending on your state of residence, you may have the right to:

Access the personal information we hold about you
Correct inaccurate information
Delete your personal information, subject to legal retention requirements
Opt out of marketing communications (use the unsubscribe link in any marketing email, or contact us)
Restrict or object to certain processing activities
Data portability — receive a copy of your data in machine-readable format
Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected]. We may need to verify your identity before processing your request.

California residents: Under the California Consumer Privacy Act (CCPA/CPRA), you have additional rights including the right to know the specific pieces of personal information we have collected, the right to request deletion, and the right to opt out of the sale or sharing of your personal information. Heyday Health does not sell personal information.

European Economic Area, UK, and Switzerland: Under GDPR and equivalent laws, you have the rights listed above plus the right to lodge a complaint with your local data protection authority. The lawful bases on which we process your information include performance of a contract, compliance with legal obligations, your consent, and our legitimate interests in providing and improving our Services.

10. Security

We implement reasonable administrative, technical, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS) and at rest, access controls, vendor agreements, and regular security review.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

11. Children's privacy

Heyday Health's Services are intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a minor, we will delete it. Contact us if you believe a minor has provided us with personal information.

12. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date at the top. Material changes will be communicated via email or prominent notice on our website. Your continued use of the Services after changes are posted constitutes acceptance of the updated Policy.

13. Contact us

For privacy questions, complaints, or to exercise your rights:

HeydayMD LLC
1209 Mountain Road Pl NE, Ste N
Albuquerque, NM 87110
United States

Email: [email protected]
Subject line: Privacy Request

We will respond within 30 days of receiving a verified request.