Privacy Policy — My4MLife

Effective Date: 2026-05-18
Last Updated: 2026-05-18

My4MLife ("we," "us," or "our") is a health-education and protocol-coaching platform. Medical care, including diagnosis, prescriptions, lab orders, and clinical advice, is delivered by our contracted licensed telemedicine partner — not by My4MLife directly. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our website, mobile app, and platform (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. We observe data-protection practices aligned with HIPAA, even though My4MLife itself is not a HIPAA-covered entity. Our contracted telemedicine partner IS a covered entity and is the custodian of any medical record created during your care. We comply with applicable federal and state privacy laws.

Our role vs. the telemedicine partner's role

My4MLife provides: health education, protocol design, the 4M framework, the app experience, AI-driven coaching, and the routing infrastructure that connects you to medical care when you choose to engage it.
Our contracted licensed telemedicine partner provides: the medical encounter itself — diagnosis, prescriptions, lab orders, clinical decision-making, the medical record. The partner is the prescribing-clinician-of-record.
The pharmacy partner provides: fulfillment of prescriptions issued by the licensed clinician.
What this means for your data: intake answers and personalized assessment responses you give us live in our systems until you consent to a consult — at which point we forward a defined data package to the telemedicine partner. From that handoff forward, your medical record lives with the partner, governed by their HIPAA Notice of Privacy Practices.

1. Information We Collect

Personal Information

We collect personal information you voluntarily provide, including your name, email address, phone number, date of birth, gender, mailing address, and government-issued identification.

Health-Related Information

We collect health-related information you provide to us through our 8-question personalized assessment, sign-up demographics, and any intake forms before you engage with our telemedicine partner. This may include self-reported symptoms, height and weight, biological sex, medications, and your stated goals. This information is consumer health survey data on our side. Once you consent to a consult, we forward a defined data package to the telemedicine partner — at which point that data becomes Protected Health Information (PHI) under the partner's HIPAA-covered medical record. PHI generated during your consult (diagnosis, prescriptions, lab results, clinical notes) is held by the telemedicine partner, not by My4MLife.

Payment Information

When you make a purchase, our third-party payment processor collects your payment card information. We do not store complete payment card numbers on our servers.

Device and Usage Data

We automatically collect certain information when you visit our website, including IP address, browser type, operating system, referring URLs, pages visited, and time spent on pages.

2. How We Use Your Information

Provide telehealth consultations and prescription services
Process orders and payments
Coordinate with licensed pharmacies to fulfill prescriptions
Communicate with you about your care, orders, and account
Comply with legal obligations and healthcare regulations
Improve our website, services, and patient experience
Detect and prevent fraud or abuse
Send marketing communications (with your consent)

3. How We Share Your Information

We do not sell your personal information. We share information only as necessary and with appropriate safeguards:

Healthcare Providers

Licensed physicians and clinical staff who provide your care.

Pharmacy Partners

State-licensed pharmacies that dispense and ship your medications.

Payment Processors

Third-party processors (e.g., Stripe) that handle billing. These providers have signed Business Associate Agreements (BAAs) where required.

Legal Compliance

When required by law, court order, subpoena, or to protect the safety of others.

Service Providers

Hosting, analytics, and communications vendors who support our operations, all bound by confidentiality agreements.

4. HIPAA Posture

My4MLife is NOT a HIPAA-covered entity. Our contracted licensed telemedicine partner IS a covered entity, and any Protected Health Information (PHI) generated during your medical care is held by them under HIPAA. We observe HIPAA-aligned data-protection practices on our side because some of the information you share with us may later become PHI when handed off to the partner. Specifically, we maintain:

Administrative, physical, and technical safeguards for PHI
Business Associate Agreements with all vendors who access PHI
Designated Privacy and Security Officers
Regular risk assessments and staff training
A detailed HIPAA Notice of Privacy Practices available upon request

5. Data Security

We implement industry-standard security measures to protect your information, including TLS 1.2+ encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, multi-factor authentication for staff, and comprehensive audit logging. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

You have the following rights regarding your information:

Access: Request a copy of the information we hold about you
Correction: Request that we correct inaccurate information
Deletion: Request deletion of your information (subject to legal retention requirements)
Restrict Processing: Request that we limit how we use your information
Portability: Request a copy of your information in a structured format
Object: Object to certain uses of your information, including marketing
Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at privacy@my4mlife.com.

7. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to operate our website, analyze usage, and improve user experience. You can control cookies through your browser settings. We honor your consent preferences via our cookie banner. Disabling cookies may affect website functionality.

8. Third-Party Services

Our website may contain links to third-party sites (e.g., social media). We are not responsible for their privacy practices. Please review their policies before providing any information.

9. Children's Privacy

Our Services are intended for adults 18 years and older. We do not knowingly collect information from children under 18. If we learn we have collected information from a minor, we will delete it promptly.

10. Data Retention

We retain your information for as long as necessary to provide our Services and comply with legal obligations. Medical records are retained for at least the period required by applicable state law (typically 7-10 years). You may request deletion of non-essential data at any time.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on our website. The "Last Updated" date at the top reflects the most recent revision. Continued use of our Services after changes constitutes acceptance.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact:

My4MLife Privacy Officer
Email: privacy@my4mlife.com
Phone: (800) 555-0199
Mail: My4MLife Privacy Office, [Address to be provided]

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.