Privacy Policy

Headquarters Health Inc. ("Headquarters Health," "HHQ," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, mobile applications, patient portals, social‑media pages, or otherwise interact with us (collectively, the "Site"), and your choices regarding that information.

1. Scope

This Privacy Policy covers personal information that Headquarters Health processes in connection with the Site. It does not apply to anonymized or aggregated data that cannot reasonably identify you, or to third‑party websites and services that we do not control.

2. Information We Collect

We may combine information from different sources for the purposes described below.

Cookies & Similar Technologies

We use cookies, web beacons, SDKs, and local‑storage objects to recognize repeat visitors, remember preferences, analyze Site traffic, and measure the effectiveness of campaigns. You can adjust cookie preferences via your browser settings or our Cookie Settings link.

3. How We Use Information

We use personal information to:

• Provide and improve services – operate the Site, deliver telehealth sessions, personalize content, and develop new features.
• Process transactions – schedule appointments, verify insurance, and collect payments.
• Communicate with you – send confirmations, reminders, technical notices, and customer‑service messages.
• Marketing & education – send newsletters, promotions, and educational materials (with opt‑out options).
• Security & fraud prevention – detect, investigate, and prevent malicious activity.
• Compliance & legal – meet legal obligations, enforce Terms, and resolve disputes.

4. How We Disclose Information

We disclose personal information:

• Service Providers & Business Partners – IT hosting, payment processors, analytics providers, and telehealth platform vendors who process data on our behalf under strict confidentiality.
• Healthcare Professionals – treating clinicians and care teams, subject to applicable healthcare privacy laws.
• Insurance & Billing Entities – insurers, clearinghouses, and third‑party payers to facilitate claims.
• Legal & Safety – regulators, law enforcement, or other parties when required by law or to protect rights, property, or safety.
• Corporate Transactions – potential acquirers or investors in connection with a merger, acquisition, or asset sale (subject to confidentiality).
• With Consent – other disclosures you authorize.

5. Your Privacy Choices

• Account Settings – Update profile info and communication preferences within your account dashboard.
• Marketing Opt‑Out – Click the "unsubscribe" link in emails or reply STOP to SMS campaigns.
• Cookie Controls – Manage via your browser or the Cookie Settings banner.
• Device Permissions – Disable location services or push notifications in your OS settings.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access – know what personal information we hold.
• Correct – request corrections to inaccurate data.
• Delete – request deletion of personal information.
• Portability – receive data in a portable format.
• Restrict / Object – limit or object to certain processing.
• Opt‑out of Sale/Sharing (CPRA) – we do not sell/share per §1798.140.
• Non‑Discrimination – receive equal service for exercising your rights.

To exercise rights, email privacy[at]headquarters[dot]health or call (650) 555‑1234. We may verify your identity before fulfilling requests.

7. Data Security

We employ administrative, technical, and physical safeguards aligned with NIST SP 800‑53 and industry best practices, including encryption in transit and at rest, role‑based access controls, and regular security testing. No system is 100% secure; please notify us immediately of any suspected unauthorized activity.

8. Data Retention

We retain personal information as required to fulfill the purposes outlined in this Policy, comply with legal and regulatory obligations, resolve disputes, enforce agreements, and for legitimate business needs. PHI retention follows state medical‑records laws and applicable healthcare privacy regulations.

9. International Transfers

We are based in the United States and may transfer personal information to the U.S. or other countries for processing and storage as necessary to provide our services.

10. Children's Privacy

The Site is not directed to children under 13. We do not knowingly collect personal information from children without verifiable parental consent. If you believe a child has provided us personal information without consent, contact us and we will delete it.

11. Third‑Party Services & Links

Our Site may contain links to third‑party sites or integrate third‑party services (e.g., Google Analytics). This Policy does not govern third‑party practices. Review their privacy policies before providing information.

12. Changes to This Privacy Policy

We may modify this Policy from time to time. If we make material changes, we will post the updated Policy and update the "Last updated" date. Continued use of the Site after changes constitutes acceptance.

13. Contact Us

Questions or concerns about this Privacy Policy? Contact our Privacy Office: