Privacy Policy

Last Updated: February 17, 2026 | Version 2.1

Your privacy and the security of your health information are fundamental to our mission. We are committed to protecting your personal and health data with the highest standards of care.

Our Privacy Promise to You

Your Information Stays With Us. Period.

We NEVER sell your data. Your personal and health information is not for sale—not now, not ever.

We NEVER share your data with third parties for marketing. No advertisers, no data brokers, no hidden partnerships.

Your data stays within Genesis World Health. We only share information when you explicitly choose to connect with a healthcare provider on our platform, or when legally required.

In Plain English: Think of your health information like money in a bank. It's yours, it stays in your account, and we only move it when you tell us to. We're the secure vault—not the marketplace.

Introduction

Genesis World Health ("we," "our," or "us") operates a comprehensive health and wellness platform designed to provide personalized health assessments, care plans, educational resources, and wellness products. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

We are committed to compliance with applicable privacy laws, including but not limited to HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), and CCPA (California Consumer Privacy Act), where applicable.

Information We Collect

1. Personal Information

  • Name, email address, date of birth, phone number
  • Account credentials (username and encrypted password)
  • Billing and payment information (processed securely through Stripe)
  • Demographic information (gender, country, timezone)

2. Health Information (Protected Health Information - PHI)

  • Health goals and wellness objectives
  • Comprehensive health assessment data (medical history, current conditions, medications, lifestyle factors)
  • Personalized care plan information
  • Progress tracking data (habits, symptoms, wellness metrics)
  • Provider interaction records and appointment information

All health information is encrypted at rest and in transit. We use industry-standard AES-256 encryption to protect your sensitive health data.

3. Usage Information

  • Device information (browser type, operating system, device identifiers)
  • Log data (IP address, access times, pages viewed, actions taken)
  • Cookies and similar tracking technologies
  • Feature usage patterns and interaction data

4. Communications

  • Email correspondence and support inquiries
  • Chat conversations with AI health assistants
  • Feedback, reviews, and survey responses

How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide personalized health assessments, generate AI-driven care plans, track your progress, and deliver wellness recommendations.
  • Provider Coordination: To facilitate appointments and communication with healthcare providers within our network.
  • E-Commerce: To process orders for supplements, wellness products, and lab testing services.
  • Payment Processing: To manage subscriptions and process transactions securely through our payment partner, Stripe.
  • Communication: To send you service updates, appointment reminders, educational content, and respond to your inquiries.
  • Platform Improvement: To analyze usage patterns, improve our AI models, enhance user experience, and develop new features.
  • Security and Compliance: To maintain audit logs, detect fraud, prevent unauthorized access, and comply with legal obligations.
  • Research (De-identified): To conduct aggregated research and analysis using de-identified data that cannot be traced back to individual users.

Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit
  • Access Controls: Role-based access with multi-factor authentication for team members
  • Audit Logging: Comprehensive logging of all access to sensitive health information
  • Regular Security Audits: Ongoing vulnerability assessments and penetration testing
  • Secure Infrastructure: HIPAA-compliant cloud hosting with redundant backups
  • Employee Training: Regular privacy and security training for all staff

While we use industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information.

Information Sharing and Disclosure

Important: We NEVER sell, rent, or trade your personal or health information to third parties. Your data is not a commodity—it's your private health information, and we treat it with the utmost respect and protection.

We may share your information only in these specific, limited circumstances:

  • Healthcare Providers Within Our Platform: Only when you explicitly choose to consult with a healthcare provider through our platform, we share relevant health information to facilitate your care.You control this—providers only see what you authorize.
  • Essential Service Providers: We work with a small number of trusted partners who help us deliver core services (e.g., Stripe for secure payment processing, cloud hosting for data storage, lab testing partners). These partners are contractually bound to:
    • Use your information ONLY to provide the specific service we've contracted
    • Never use your data for their own purposes or marketing
    • Maintain the same security standards we uphold
    • Delete or return your data when services are complete
  • Legal Requirements: When required by law, court order, or government regulation, or to protect the rights, property, or safety of our users or the public.We will notify you of such requests when legally permitted.
  • Emergency Situations: If we believe disclosure is necessary to prevent serious harm to you or others (e.g., imminent safety threats).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to users and continued protection of your privacy rights.

What we DON'T do: We do NOT share your information with advertisers, data brokers, marketing companies, social media platforms, insurance companies (unless you direct us to), or any other entity outside Genesis World Health and the essential service providers listed above.

Your Privacy Rights

You have the following rights regarding your personal and health information:

  • Access: Request a copy of your personal and health information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation on how we use your information
  • Objection: Object to certain processing activities
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Consent Withdrawal: Withdraw previously granted consent for specific uses

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and maintain session security. You can control cookie preferences through your browser settings, though disabling cookies may affect platform functionality.

Types of Cookies We Use:

  • Essential Cookies: Required for authentication and core functionality
  • Performance Cookies: Help us understand how users interact with our platform
  • Functional Cookies: Remember your preferences and settings

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data may be deleted after 3 years of inactivity (with prior notice)
  • Health Records: Retained for minimum periods required by healthcare regulations (typically 7 years)
  • Transaction Records: Retained for tax and auditing purposes (typically 7 years)
  • De-identified Data: May be retained indefinitely for research and analytics

US State Privacy Rights Notice

If you are a resident of the following US states, you have specific privacy rights under applicable state law:

🏛️ California Privacy Rights (CCPA/CPRA)

California residents have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information (subject to exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information
  • Right to Limit Use: Limit use and disclosure of sensitive personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising privacy rights

We do NOT sell your personal information. We do NOT share your personal information for cross-context behavioral advertising.

🏛️ Virginia Privacy Rights (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act:

  • Right to access, correct, delete, and obtain a copy of personal data
  • Right to opt-out of processing for targeted advertising, sale of personal data, or profiling
  • Right to appeal our decision regarding your request

🏛️ Colorado Privacy Rights (CPA)

Colorado residents have rights under the Colorado Privacy Act:

  • Right to access, correct, delete, and obtain a portable copy of personal data
  • Right to opt-out of targeted advertising, sale of personal data, or profiling
  • Right to appeal our decision with 45 days

🏛️ Connecticut Privacy Rights (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act:

  • Right to access, correct, delete, and obtain a portable copy of personal data
  • Right to opt-out of targeted advertising, sale of personal data, or profiling
  • Right to appeal our decision within 60 days

🏛️ Utah Privacy Rights (UCPA)

Utah residents have rights under the Utah Consumer Privacy Act:

  • Right to access and delete personal data
  • Right to obtain a portable copy of personal data
  • Right to opt-out of targeted advertising or sale of personal data

🏛️ Additional State Rights

Residents of Oregon, Texas, Montana, Iowa, Indiana, Tennessee, Florida, Delaware, New Hampshire, New Jersey, and other states with comprehensive privacy laws may have similar rights. We honor all legitimate privacy requests from US residents regardless of state. Contact us at [email protected] to exercise your rights.

📝 How to Exercise Your US State Privacy Rights

  • Email: [email protected]
  • Include: Your full name, state of residence, specific request, and account email
  • Response Time: We will respond within 45 days (may be extended by 45 days if necessary)
  • Verification: We may need to verify your identity before processing requests
  • Authorized Agents: California residents may designate an authorized agent to make requests

World Privacy Rights Notice

Genesis World Health respects privacy rights worldwide. If you are located outside the United States, you may have additional rights under your local law:

🇪🇺 European Union / EEA (GDPR)

If you are in the EU/EEA, the General Data Protection Regulation provides you with:

  • Right of Access: Obtain confirmation of processing and access to your data
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure ("Right to be Forgotten"): Request deletion under certain conditions
  • Right to Restriction: Restrict processing in certain circumstances
  • Right to Data Portability: Receive data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Rights Related to Automated Decision-Making: Not be subject to solely automated decisions with legal effects
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing
  • Right to Lodge Complaint: File a complaint with your local supervisory authority

Legal basis for processing: Consent, contract performance, legitimate interests, and legal obligations.

🇬🇧 United Kingdom (UK GDPR)

UK residents have rights equivalent to GDPR under the UK General Data Protection Regulation and Data Protection Act 2018. You may contact the Information Commissioner's Office (ICO) for concerns about our data handling practices.

🇨🇦 Canada (PIPEDA)

Canadian residents have rights under the Personal Information Protection and Electronic Documents Act:

  • Right to access personal information held about you
  • Right to challenge accuracy and completeness of information
  • Right to withdraw consent (subject to legal/contractual restrictions)
  • Right to complain to the Office of the Privacy Commissioner of Canada

🇦🇺 Australia (Privacy Act 1988)

Australian residents have rights under the Australian Privacy Principles:

  • Right to access and correct personal information
  • Right to opt-out of direct marketing
  • Right to complain to the Office of the Australian Information Commissioner (OAIC)

🇧🇷 Brazil (LGPD)

Brazilian residents have rights under the Lei Geral de Proteção de Dados:

  • Right to confirmation and access to personal data
  • Right to correction, anonymization, blocking, or deletion
  • Right to data portability
  • Right to information about sharing with third parties
  • Right to revoke consent

🌍 Other Jurisdictions

We also recognize privacy rights under laws in Japan (APPI), South Korea (PIPA), Singapore (PDPA), New Zealand (Privacy Act 2020), South Africa (POPIA), India (DPDP Act), and other jurisdictions. Contact us to exercise your rights under your local law.

🔒 International Data Transfers

Your information may be transferred to and processed in the United States. We implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules where applicable
  • Data Processing Agreements with service providers
  • Technical and organizational security measures

📧 International Privacy Requests

For all international privacy requests: [email protected]
Please include your country of residence and the specific right you wish to exercise.

Children's Privacy

Our services are not directed to individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected information from a child, please contact us immediately at [email protected], and we will take steps to delete such information within 30 days.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by email or through a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of our services after the effective date constitutes your acceptance of the updated Privacy Policy. If you do not agree to the modified Privacy Policy, you must discontinue use of our services.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Genesis World Health - Privacy Office

Email: [email protected]

For HIPAA-related inquiries: [email protected]

We are committed to working with you to obtain a fair resolution of any privacy concern or complaint.