Privacy Policy
Last Updated: June 22, 2026
MEDHERO operates this website and related online services, including related information, content, features, tools, forms, payment functionality, products, services, and communications in order to provide information about MEDHERO, allow users to interact with our website, request information, book or inquire about services, purchase deposits or other available offerings, and communicate with us.
MEDHERO’s website is powered by Shopify, which enables certain website, ecommerce, payment, and related functionality. This Privacy Policy describes how we collect, use, and disclose personal information when you visit, use, make a purchase or other transaction through the Services, submit information through the Services, subscribe to communications, or otherwise communicate with us.
This Privacy Policy applies to information collected through our website and related online services. It does not replace MEDHERO’s HIPAA Notice of Privacy Practices, which describes how MEDHERO may use and disclose protected health information in connection with treatment, payment, and health care operations.
If there is a conflict between our Terms of Use and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
Please read this Privacy Policy carefully. By using or accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.
Personal Information We Collect or Process
When we use the term “personal information,” we are referring to information that identifies, relates to, describes, or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot identify or reasonably be linked to you.
We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:
Contact details, including your name, address, billing address, shipping address, phone number, and email address.
Financial information, including credit card, debit card, financial account numbers, payment card information, transaction details, form of payment, payment confirmation, and other payment details.
Account information, including your username, password, security questions, preferences, and settings.
Appointment, inquiry, and scheduling information, including information you provide when requesting a discovery call, consultation, appointment, service information, membership information, or other communication from MEDHERO.
Transaction information, including the items, services, deposits, offerings, or pages you view, put in your cart, add to your wishlist, purchase, return, exchange, cancel, or otherwise interact with, and your past transactions.
Communications with us, including the information you include in communications with us, such as when you send an inquiry, submit a form, request support, or otherwise contact MEDHERO.
Marketing and communication preferences, including your email marketing preferences, SMS consent status, communication preferences, unsubscribe choices, and opt-out choices.
Device information, including information about your device, browser, network connection, IP address, and other unique identifiers.
Usage information, including information regarding your interaction with the Services, such as how and when you interact with or navigate the Services.
Health-related information you voluntarily submit, if any. MEDHERO does not intentionally collect protected health information through general website forms, Shopify, Klaviyo, Meta, Google, or other marketing or advertising tools. However, if you voluntarily submit health-related information through a non-secure website form, email, SMS, checkout note, marketing form, or other general communication channel, we may receive that information. Please do not submit symptoms, diagnoses, lab results, medication details, insurance information, urgent medical concerns, or other sensitive medical information through general website forms, marketing forms, email, SMS, Shopify checkout, Klaviyo forms, Meta forms, or other non-secure channels unless MEDHERO specifically provides a secure method for doing so.
Sensitive personal information, where applicable, including information that may be considered sensitive under certain privacy laws, such as health-related information you voluntarily provide, payment information, account access credentials, or other sensitive information. MEDHERO does not use sensitive personal information for purposes other than those permitted by applicable law.
Personal Information Sources
We may collect personal information from the following sources:
Directly from you, including when you create an account, visit or use the Services, submit a form, make a purchase or deposit, request information, book or inquire about services, communicate with us, subscribe to communications, or otherwise provide us with your personal information.
Automatically through the Services, including from your device when you use our website or online services, and through the use of cookies and similar technologies.
From our service providers, including when we engage them to enable certain technology, website functionality, payment processing, analytics, communications, scheduling, marketing, security, or other business operations, and when they collect or process your personal information on our behalf.
From our partners or other third parties, where permitted by law and consistent with this Privacy Policy.
How We Use Your Personal Information
Depending on how you interact with us or which Services you use, we may use personal information for the following purposes:
Provide, Tailor, and Improve the Services
We use your personal information to provide you with the Services, including to perform our contract with you, process payments, process purchases or deposits, fulfill transactions, remember your preferences, send notifications related to your account or transaction, create and manage your account, provide website functionality, respond to inquiries, and improve the user experience.
This may include using your personal information to better tailor and improve the Services, including making the website easier to use, improving content, and understanding how users interact with MEDHERO online.
Appointments, Inquiries, and Service Requests
We may use your personal information to respond to inquiries, schedule consultations, manage appointment requests, communicate with you about services, process deposits or payments, and provide administrative support related to your relationship with MEDHERO.
Medical Practice Operations
If information is collected, created, received, maintained, or transmitted by MEDHERO in connection with health care services, that information may be protected health information under HIPAA or medical information under applicable state law. Such information is handled in accordance with MEDHERO’s HIPAA Notice of Privacy Practices and applicable law.
Marketing and Advertising
We may use your personal information for marketing and promotional purposes, such as to send marketing, advertising, educational, and promotional communications by email, text message, or other channels where permitted by law and based on your communication preferences and consent.
We may also use personal information to show or measure online advertisements for MEDHERO services on the Services or other websites, subject to applicable law and the privacy protections described in this Privacy Policy.
Consent-Based Communications
We may use your information to send email or SMS communications where permitted by law and based on your consent and communication preferences.
Security and Fraud Prevention
We use your personal information to authenticate your account, provide a secure payment and website experience, detect, investigate, or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and secure our Services.
If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else.
Communicating with You
We use your personal information to provide customer support, respond to you, provide effective services, send administrative messages, and maintain our business relationship with you.
Legal Reasons
We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.
How We Disclose Personal Information
In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:
With Shopify, vendors, and other third parties who perform services on our behalf, such as IT management, website hosting, payment processing, data analytics, customer support, cloud storage, scheduling support, communications, security, marketing support, and related business operations.
With scheduling, communication, payment, website, analytics, marketing, and technology providers that help us operate the website, process payments or deposits, manage inquiries, communicate with users, provide analytics, and support our business operations.
With business and marketing partners to provide marketing services and advertise to you, where permitted by law. Our business and marketing partners will use your information in accordance with their own privacy notices.
With health care providers, professional advisors, or service providers where necessary to support MEDHERO’s medical practice operations and where permitted by applicable law.
When you direct, request, or otherwise consent to our disclosure of certain information to third parties, such as through your use of social media widgets, login integrations, payment functionality, or other third-party tools.
With our affiliates or otherwise within our corporate group, where applicable.
In connection with a business transaction, such as a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.
To comply with legal obligations, including to respond to subpoenas, search warrants, court orders, legal process, government requests, or similar requests; to enforce applicable terms of service or policies; and to protect or defend the Services, our rights, and the rights of our users or others.
We do not intentionally disclose protected health information, medical records, diagnosis information, treatment information, lab results, appointment details, or patient-specific care information to advertising platforms, marketing platforms, ecommerce tools, or website tracking vendors.
Relationship with Shopify
The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services.
Information you submit to the Services may be transmitted to and shared with Shopify, as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services.
In addition, to help protect, grow, and improve our business, we may use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our website, along with other merchants and with Shopify.
To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our website, along with other merchants, and with Shopify. In these circumstances, Shopify may be responsible for the processing of your personal information, including for responding to requests to exercise rights over use of your personal information for these purposes.
To learn more about how Shopify uses personal information and the rights that may be available to you, please review Shopify’s Consumer Privacy Policy and Shopify’s Privacy Portal.
Medical Information, Protected Health Information, and HIPAA
MEDHERO is a medical practice. Certain information collected, created, received, maintained, or transmitted by MEDHERO in connection with the provision of health care services may be considered protected health information under HIPAA or medical information under applicable state law.
This Privacy Policy describes how MEDHERO collects and uses information through our website and online services. It does not replace MEDHERO’s HIPAA Notice of Privacy Practices, which describes how MEDHERO may use and disclose protected health information in connection with treatment, payment, and health care operations.
Please do not submit sensitive medical information, symptoms, diagnoses, lab results, medication details, insurance information, urgent medical concerns, or other confidential medical information through general website forms, marketing forms, email, SMS, Shopify checkout, Klaviyo forms, Meta forms, or other non-secure channels unless MEDHERO specifically provides a secure method for doing so.
For medical questions, appointment-related care, urgent concerns, or patient-specific communications, please contact MEDHERO directly through the secure communication method provided by the practice or call the office directly. If you are experiencing a medical emergency, call 911 or seek emergency care immediately.
MEDHERO does not intentionally use Shopify, general website forms, Meta, Klaviyo, Google, or other marketing or advertising tools to collect, store, process, transmit, or disclose protected health information. To the extent information submitted through the website may be considered medical information, MEDHERO will handle that information in accordance with applicable privacy laws and MEDHERO’s internal privacy practices.
Cookies, Online Tracking, and Advertising Technologies
MEDHERO may use cookies, pixels, tags, analytics tools, and similar technologies to understand website performance, improve the user experience, measure advertising effectiveness, and provide relevant marketing.
We may use third-party tools such as Shopify, Meta, Google, Klaviyo, or similar providers for analytics, advertising measurement, marketing, website functionality, and related purposes. These tools may collect information such as device information, browser information, IP address, pages visited, referral source, and interactions with our website.
Because MEDHERO is a medical practice, we do not intentionally use tracking technologies to disclose protected health information, medical records, diagnosis information, treatment information, lab results, appointment details, patient portal activity, or patient-specific care information to advertising platforms or tracking vendors.
MEDHERO does not use website tracking tools on secure patient portals, medical intake forms, patient records, or other systems intended to collect or manage protected health information unless such use is reviewed and implemented in accordance with applicable privacy laws.
Where required by law, we will provide notice and obtain consent before using non-essential cookies or tracking technologies. You may be able to manage your cookie preferences through our website settings, browser settings, cookie banner, or applicable privacy choice links.
Nothing in this Privacy Policy, a cookie banner, or similar website notice is intended to authorize the disclosure of protected health information to tracking technology vendors where such disclosure would require a HIPAA-compliant authorization or other legal permission.
Email and SMS Marketing Communications
If you choose to subscribe, MEDHERO may send you marketing communications by email or text message, including information about services, offers, events, educational content, membership information, and practice updates.
Email and SMS marketing are optional. Consent to receive marketing messages is not required to purchase services, book an appointment, become a patient, or receive care from MEDHERO.
Email consent and SMS consent are collected separately. Providing your phone number does not automatically enroll you in SMS marketing. By opting in to SMS marketing, you agree to receive recurring automated promotional, personalized, and/or informational text messages from MEDHERO at the phone number provided. Message frequency may vary. Message and data rates may apply.
You may unsubscribe from marketing emails by clicking the unsubscribe link in any marketing email. You may opt out of SMS messages at any time by replying STOP, and you may receive help by replying HELP.
MEDHERO does not use email or SMS marketing platforms to send protected health information, medical records, lab results, diagnosis information, treatment instructions, urgent medical communications, or patient-specific medical advice. Patient-specific medical communications should occur through secure channels approved by MEDHERO.
Additional terms may apply to SMS communications. Please review MEDHERO’s SMS Terms & Conditions for more information.
California Privacy and Sensitive Information
MEDHERO is located in California and will comply with applicable California privacy laws, including California medical privacy laws where applicable.
Depending on how you interact with MEDHERO, some information may be considered sensitive personal information under applicable privacy laws. This may include health-related information you voluntarily provide, payment information, account credentials, or other sensitive information.
MEDHERO does not use or disclose sensitive personal information for purposes other than those permitted by applicable law, such as providing requested services, processing transactions, maintaining security, preventing fraud, complying with legal obligations, or supporting MEDHERO’s medical practice and business operations.
Where applicable, you may have the right to limit certain uses or disclosures of sensitive personal information, opt out of certain data sharing, or exercise other privacy rights described in this Privacy Policy.
Third-Party Websites and Links
The Services may provide links to websites, platforms, tools, or other online services operated by third parties.
If you follow links to sites not affiliated with or controlled by MEDHERO, you should review their privacy and security policies and other terms and conditions.
We do not guarantee and are not responsible for the privacy or security of third-party sites or services, including the accuracy, completeness, or reliability of information found on those sites.
Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of those platforms without limitation as to its use by us or by a third party.
Our inclusion of third-party links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as otherwise disclosed on the Services.
Children’s Data
The Services are not intended to be used by children, and we do not knowingly collect personal information about children under the age of majority in your jurisdiction.
If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.
As of the effective date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell,” as those terms are defined in applicable law, personal information of individuals under 16 years of age.
Security and Retention of Your Information
Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee perfect security.
In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecured channels to communicate sensitive, confidential, or medical information to us.
How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, provide the Services, respond to inquiries, process transactions, comply with legal obligations, resolve disputes, enforce contracts or policies, support medical practice operations, or maintain appropriate business records.
Your Rights and Choices
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances, and, in certain cases, we may decline your request as permitted by law.
Right to Access / Know. You may have a right to request access to personal information that we hold about you.
Right to Delete. You may have a right to request that we delete personal information we maintain about you.
Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
Right to Opt Out of Sale or Sharing for Targeted Advertising. Depending on where you reside, you may have a right to opt out of the “sale” or “sharing” of your personal information or to opt out of the processing of your personal information for purposes considered to be targeted advertising, as defined in applicable privacy laws. You can exercise your rights to opt out of certain data sharing, sale, or targeted advertising through the Privacy Choices or Do Not Sell or Share My Personal Information link available on our website, where applicable.
Right to Limit Certain Uses of Sensitive Personal Information. Depending on where you reside and how applicable law applies, you may have the right to limit certain uses or disclosures of sensitive personal information.
Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as messages about your account, transactions, appointment-related administrative communications, or other non-marketing communications.
You may opt out of SMS messages at any time by replying STOP to any MEDHERO text message, and you may receive help by replying HELP.
Please note that if you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt out for the device and browser that you use to visit the website. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt-out request to the account as well. Other than the Global Privacy Control, we do not recognize other “Do Not Track” signals that may be sent from your web browser or device.
You may exercise any of these rights where indicated on the Services, through applicable privacy choice links, or by contacting us using the contact details provided below. To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, please review Shopify’s Consumer Privacy Policy and Shopify’s Privacy Portal.
We will not discriminate against you for exercising any of these rights.
We may need to verify your identity before we can process your request, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting a request from an agent, we may require that the agent provide proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
We will respond to your request in a timely manner as required under applicable law.
Complaints
If you have complaints about how we process your personal information, please contact us using the contact details provided below.
Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below or to lodge your complaint with your local data protection authority.
For complaints related to protected health information, please review MEDHERO’s HIPAA Notice of Privacy Practices for additional information about your rights and how to file a privacy complaint.
International Transfers
Please note that we may transfer, store, and process your personal information outside the country where you live.
If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms, such as the European Commission’s Standard Contractual Clauses or any equivalent contracts issued by the relevant competent authority of the United Kingdom, as applicable, unless the data transfer is to a country that has been determined to provide an adequate level of protection.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for operational, legal, regulatory, or other reasons.
We will post the revised Privacy Policy on this website, update the “Last Updated” date, and provide notice as required by applicable law.
Contact
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any rights available to you, please contact:
MEDHERO Privacy Officer
905 Calle Amanecer, Suite 115
San Clemente, CA 92673
Phone: (949) 207-3603
Email: info@medhero.com