Privacy Policy

Introduction

Ascent Trim and Wellness (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and safeguarding your personal and health information. This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use our medical wellness and weight management services, including our website, mobile applications, telemedicine platform, patient portal, and all related services (collectively, the “Services”).

As a healthcare provider, we are subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, as well as applicable state privacy laws. This Privacy Policy works in conjunction with our Notice of Privacy Practices, which specifically describes how we may use and disclose your Protected Health Information (“PHI”).

Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Name, date of birth, and mailing address
• Email address and telephone number
• Payment and billing information
• Emergency contact information
• Government-issued identification (when required for identity verification)
• Demographic information

2.2 Health Information

As part of providing medical services, we collect health-related information, including:

• Medical history and current health conditions
• Current medications and allergies
• Vital signs and biometric data
• Body composition measurements from 3D scanning
• Laboratory and diagnostic test results
• Treatment plans and progress notes
• Photographs for treatment progress documentation
• Communications with our healthcare providers

2.3 Automatically Collected Information

When you access our Services, we may automatically collect:

• Device information (type, operating system, unique identifiers)
• IP address and general location information
• Browser type and settings
• Usage data and interaction with our platforms
• Cookies and similar tracking technologies
• Log files and analytics data

2.4 Information from Third Parties

We may receive information from third parties, including:

• Referring healthcare providers
• Licensed compounding pharmacies that fulfill prescriptions
• Health insurance providers (if applicable)
• Identity verification services
• Payment processors

How We Use Your Information

We use the information we collect for the following purposes:

Treatment: To provide, coordinate, and manage your healthcare, including medical evaluations, diagnosis, treatment planning, prescription services, telemedicine consultations, and ongoing clinical oversight.

Payment: To process payments, verify billing information, manage your account, and coordinate with payment processors.

Healthcare Operations: To support our internal operations, including quality assessment, staff training, compliance auditing, and business planning.

Communication: To contact you regarding appointments, treatment updates, prescription status, health coaching, and administrative matters.

Technology Services: To provide access to our patient portal, AI-driven health monitoring systems, progress tracking tools, and other technology features.

Legal Compliance: To comply with applicable laws, regulations, and legal processes.

Safety and Security: To protect the safety, rights, and property of our patients, staff, and the public.

Disclosure of Your Information

We may disclose your information in the following circumstances:

Healthcare Providers: We share information with our licensed healthcare providers, including our Medical Director and clinical staff, who are involved in your care.

Pharmacy Partners: When medications are prescribed, we share necessary information with our licensed 503A compounding pharmacy partners to fulfill prescriptions.

Technology Partner: Ascent AI Labs, our technology partner, processes certain information to provide our health-tracking platform, AI monitoring systems, and payment processing services. Ascent AI Labs is bound by contractual obligations to protect your information.

Service Providers: We engage third-party service providers who perform functions on our behalf, such as payment processing, data hosting, analytics, and customer support. These providers are contractually required to protect your information.

Legal Requirements: We may disclose information when required by law, court order, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

With Your Consent: We may disclose information for other purposes with your written authorization.

HIPAA and Protected Health Information

As a covered entity under HIPAA, we maintain strict safeguards to protect your Protected Health Information (PHI). Our Notice of Privacy Practices, provided separately, contains detailed information about:

• How we may use and disclose your PHI
• Your rights regarding your health information (including the right to access, amend, and receive an accounting of disclosures)
• How to file a complaint if you believe your privacy rights have been violated
• Our legal duties with respect to PHI

Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your information from unauthorized access, use, alteration, and disclosure. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and monitoring
• Employee training on privacy and security practices
• Business associate agreements with third-party service providers

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your personal information and health records in accordance with applicable federal and state laws, professional standards, and our internal retention policies. Medical records are typically retained for at least seven years from the date of last treatment, or longer as required by law.

Upon expiration of the retention period, we will securely dispose of your information.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

Access: You may request access to your personal information and health records.

Correction: You may request that we correct inaccurate or incomplete information.

Deletion: You may request deletion of certain personal information, subject to legal retention requirements.

Restriction: You may request restrictions on certain uses or disclosures of your information.

Portability: You may request a copy of your health records in electronic format.

Opt-Out: You may opt out of non-essential marketing communications at any time.

To exercise any of these rights, please contact us using the information provided in Section 13 below. We may require verification of your identity before processing your request.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and platforms. These technologies help us analyze usage patterns, remember your preferences, and improve our Services.

Essential Cookies: Required for basic website functionality and security.

Analytics Cookies: Help us understand how visitors interact with our website.

Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services.

Third-Party Links

Our Services may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services before providing your information.

Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on our website and updating the “Effective Date” at the top of this document.

For significant changes, we may also provide notice via email or through our patient portal. Your continued use of our Services after any changes constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our privacy practices, please contact us:

For complaints regarding HIPAA violations, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights.

State-Specific Privacy Rights

14.1 Colorado Residents

Under the Colorado Privacy Act, Colorado residents have the right to:

• Access their personal data
• Correct inaccuracies
• Delete personal data
• Obtain a portable copy of their data
• Opt out of targeted advertising, sale of personal data, and profiling

To exercise these rights, please contact us using the information in Section 13.

14.2 California Residents

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Please note that HIPAA-covered health information is generally exempt from these laws.

For non-health personal information, California residents may request:

• Disclosure of categories of personal information collected
• Specific pieces of personal information held
• Categories of sources and third parties
• Business or commercial purposes for collection

California residents also have the right to request deletion and to opt out of the sale or sharing of personal information. We do not sell personal information.

Telemedicine Privacy Considerations

When you use our telemedicine services, please be aware that:

• Video consultations are conducted through secure, HIPAA-compliant platforms
• We recommend conducting telemedicine appointments in a private location
• You are responsible for the privacy of your own environment during video consultations
• Session recordings, if any, are stored securely and treated as part of your medical record

HIPPA Compliance & Medical Privacy

Ascent Trim & Wellness is committed to protecting your personal health information (PHI). We maintain compliance with the Health Insurance Portability and Accountability Act (HIPAA) to ensure that your medical records, intake forms, and consultation data are encrypted and stored securely. Our proprietary clinical management system is designed with administrative, physical, and technical safeguards to prevent unauthorized access to your sensitive information. We do not sell or share your medical data with third-party marketers. Your information is only shared with our licensed Medical Director and our partner pharmacies for the sole purpose of providing your clinical care and fulfilling your prescriptions.

AI and Automated Processing

Our Services may utilize artificial intelligence and automated processing technologies provided by Ascent AI Labs to:

• Monitor patient health metrics and progress
• Provide personalized health recommendations
• Analyze body composition data
• Enhance clinical decision support