Privacy Policy — Youth Wellness
Legal

Privacy Policy

Last updated: May 2, 2026

Contents

  1. 1. Important Scope Note — HIPAA and the Two Sides of Youth
  2. 2. Personal Information We Collect
  3. 3. How We Use Personal Information
  4. 4. How We Share Personal Information
  5. 5. Mobile Information and SMS Privacy
  6. 6. Cookies, Pixels, and Tracking Technologies
  7. 7. Targeted Advertising
  8. 8. Data Security
  9. 9. Retention
  10. 10. Children's Privacy
  11. 11. Your State Privacy Rights
  12. 12. International Users
  13. 13. Third-Party Sites and Services
  14. 14. Changes to This Policy
  15. 15. Contact Us

Effective Date: May 2, 2026
Last Updated: May 2, 2026

Kendall Wellness Center, LLC d.b.a. Youth ("Youth," "we," "us," or "our") respects your privacy. This Privacy Policy explains what personal information we collect through www.findyouth.co, our quizzes, our booking and SMS programs, our advertising, and our marketing communications (collectively, the "Services"), how we use and share it, and the choices and rights you have.

This Policy is incorporated into our Terms of Use.

1. Important Scope Note — HIPAA and the Two Sides of Youth

Youth operates two distinct environments, and this Policy primarily covers one of them.

  • Marketing and pre-patient environment — our public website, quizzes, ads, lead-capture forms, marketing emails and SMS, and our CRM. This Policy ("Privacy Policy") applies here. The information you share before becoming a patient is not automatically protected health information ("PHI") under HIPAA. It is governed by general consumer privacy law and this Policy.
  • Patient environment — our Practice Better electronic health record ("EHR"). Once you book a consultation, complete intake, and become a patient, your clinical information is PHI and is governed by the HIPAA Notice of Privacy Practices that is presented to you inside Practice Better. The HIPAA Notice — not this Policy — controls how your PHI is used and disclosed.

If you have a question about which environment your information is in, contact [email protected].

2. Personal Information We Collect

We collect personal information from you, from your device, and from our service providers.

2.1 Information You Provide

  • Identity and contact information: name, email, phone number, mailing address, date of birth, age confirmation, state of residence.
  • Account information: login credentials, account preferences, communication preferences.
  • Quiz and intake responses: answers you provide to our public quizzes and pre-consultation forms, including general health goals, lifestyle factors, what you've tried before, and the protocol track you select.
  • Booking and scheduling information: the appointment you booked, the clinician selected, time zone, and any notes you submit at booking.
  • Payment information: billing name, billing address, and the last four digits of your payment card. Full payment-card numbers are collected and stored by our payment processor, not by us.
  • Communications: messages you send to us by email, SMS, web chat, the contact form, social-media DMs, and any feedback or testimonials you submit.
  • Marketing inputs: referral source, promo codes, opt-ins.

2.2 Information Collected Automatically

When you use the Services we (and our service providers) automatically collect:

  • Device and technical data: IP address, browser type and version, operating system, device identifiers, screen size, language, time zone.
  • Usage data: pages visited, links clicked, scroll depth, referring URLs, search terms used to find us, time on page, and quiz interaction events.
  • Cookies, pixels, SDKs, and similar technologies: see Section 6.
  • Geolocation: approximate location derived from IP address. We do not collect precise geolocation from your device.

2.3 Information from Other Sources

  • Advertising and analytics partners: event data, conversion data, and aggregated audience information (e.g., from Meta, Google).
  • Service providers: information from our EHR, CRM, payment processor, SMS platform, quiz host, and email platform that helps us operate and improve the Services.
  • Public sources: publicly available information about a person who contacts us or applies for a position with us.

2.4 Sensitive Information

Some information you provide on the marketing side — for example, quiz answers about energy levels, weight, hormones, or recovery — relates to health. Until you become a Practice Better patient, this information is not PHI under HIPAA, but we treat it as sensitive and apply the safeguards in this Policy. If your state classifies it as "sensitive personal information" under state privacy law, we honor the rights described in Section 11.

3. How We Use Personal Information

We use personal information to:

  • Operate, maintain, and secure the Services;
  • Provide quiz results, recommendations, and information you request;
  • Schedule and manage consultations and follow-ups;
  • Process payments, billing, and refunds;
  • Send transactional and informational messages by email and SMS, including appointment reminders, intake-form requests, payment notifications, refill prompts, and clinical-logistics nudges (note: we do not send PHI by SMS);
  • Send marketing communications you have consented to receive;
  • Personalize your experience and recommend relevant content;
  • Measure and improve our marketing campaigns and the Services;
  • Detect, prevent, and address fraud, abuse, security, and technical issues;
  • Comply with legal, tax, audit, and regulatory obligations;
  • Establish, exercise, or defend legal claims.

We do not sell your personal information for money. See Section 11 for state-law definitions of "sale" and "share."

4. How We Share Personal Information

We share personal information with the categories of recipients below. We share only what each recipient needs for the purpose described.

  • Electronic health record provider (HIPAA-covered) — to manage clinical records, intake, prescriptions, and patient communications.
  • Payment processor — to process payments and refunds.
  • CRM, marketing-automation, and email-and-SMS platforms — to send marketing and transactional messages, manage opportunity pipelines, and track engagement.
  • Quiz and lead-capture providers — to host and process our quizzes and forms.
  • Clinical and fulfillment partners — including lab networks and compounding pharmacies licensed in your state — for the purpose of fulfilling labs you have ordered or prescriptions a clinician has written.
  • Advertising and analytics partners — including platforms such as Meta and Google — to measure ad performance, build look-alike audiences, and retarget visitors. See Section 6.
  • Project, task, and workflow tools used internally to operate the business.
  • Professional advisors — accountants, lawyers, auditors, and compliance consultants — under appropriate confidentiality.
  • Government, regulatory, or legal recipients — when required by law, subpoena, or court order, or to protect rights, safety, or property.
  • Successors in a corporate transaction — if Youth or a substantial portion of its assets is acquired, merged, financed, or reorganized, your information may be transferred subject to this Policy or any successor policy that provides at least equivalent protection.

We do not share your information with third parties for their own independent marketing purposes without your consent.

5. Mobile Information and SMS Privacy

When you opt in to our SMS program at (786) 607-2686:

  • Mobile information (your phone number, opt-in status, opt-in source, and SMS interaction data) is collected and used to send you the messages described in our Terms of Use, Section 8 and to operate the program.
  • We do not sell, rent, or share mobile information or SMS opt-in data with third parties for their own marketing or promotional purposes. Mobile information is shared only with our service providers (such as our SMS platform and EHR) for the limited purpose of operating the program and the Services.
  • Reply STOP to opt out, or HELP for help, at any time.
  • Message and data rates may apply. Frequency varies.

This restriction on the sharing of mobile information is a separate, standalone commitment.

6. Cookies, Pixels, and Tracking Technologies

We and our partners use cookies and similar technologies to operate the Services, remember your preferences, measure performance, and serve targeted advertising. The categories we use include:

  • Strictly necessary — required for the Services to function (session management, security, load balancing).
  • Performance and analytics — for example, Google Analytics to understand how visitors interact with the Services.
  • Advertising and retargeting — for example, the Meta (Facebook/Instagram) Pixel to measure ad performance, attribute conversions, build custom audiences, and retarget visitors who do not complete the quiz.
  • CRM and chat — including GoHighLevel tracking and chat-widget cookies.
  • Quiz hosting — including cookies set by our quiz provider (e.g., Fyrebox).

We may add or change technologies from time to time and aim to keep the list above current.

6.1 Controls We Apply to Advertising and Analytics

Because the Services involve health-adjacent topics, we apply the following controls to limit how advertising and analytics partners receive and use information collected on our marketing properties:

  • We have enabled Meta's "Limited Data Use" setting for our advertising data source. This is a privacy mode in Meta's Events Manager that restricts how Meta processes the event data we share with it for U.S. health-context users.
  • We do not deploy advertising pixels on the inner pages of our health-quiz where individual health-related question answers are submitted. Pixels and analytics that run on our public landing pages, our thank-you pages, and our booking confirmation pages are scoped to record top-level events (page views, quiz starts, quiz completions, bookings) and do not transmit your individual quiz answers as event parameters.
  • We do not deploy advertising or analytics pixels inside our HIPAA-covered EHR (Practice Better).
  • For sensitive conversion events, we use server-side conversion APIs (where supported) so that any data transmitted is hashed and minimized to what is needed for ad attribution.

6.2 Healthcare Tracking Notice

We are aware that the U.S. Department of Health and Human Services has issued guidance regarding the use of online tracking technologies on healthcare-related web pages. Our marketing site, quiz, and CRM are operated outside our HIPAA-covered EHR, and the technologies above are used on those marketing properties only — and only with the controls described in Section 6.1. If you prefer that advertising and analytics technologies not run on our marketing site, you may use your browser settings, your device's mobile-tracking controls, or the industry opt-out tools listed in Section 6.3.

6.3 Your Choices

  • Browser controls — you can configure your browser to block or delete cookies. Some Services may not function fully without cookies.
  • Mobile controls — you can limit ad tracking on iOS and Android in device settings.
  • Industry opt-outs — visit aboutads.info/choices, optout.networkadvertising.org, and youradchoices.com to opt out of interest-based advertising from participating companies.
  • Global Privacy Control (GPC) — we honor the GPC signal where required by applicable law as an opt-out of "sale" and "sharing" as those terms are defined under state privacy law.
  • "Do Not Sell or Share My Personal Information" — to exercise this right under your state's law, email [email protected] with the subject line "Do Not Sell or Share." We will process the request as required by law and confirm in writing.
  • Do Not Track — browsers may transmit a Do Not Track signal. There is no industry-standard response; we do not currently respond differently to Do Not Track but we do respond to GPC as described above.

7. Targeted Advertising

We run targeted advertising on platforms such as Meta to bring people into our quiz funnel and to retarget visitors who didn't complete it. To do this we may share with the platform:

  • Hashed identifiers (email, phone) of contacts who have already engaged with us, so the platform can find similar audiences;
  • Pixel-based event data (page views, quiz starts, quiz completions);
  • Aggregated campaign metrics.

You can opt out of targeted advertising as described in Sections 6.2 and 11. Opting out will not stop you from seeing ads from us — it will stop us from using your information to personalize them.

8. Data Security

We use commercially reasonable physical, technical, and administrative safeguards designed to protect your personal information, including:

  • TLS/SSL encryption in transit;
  • Access controls and least-privilege permissioning for our staff;
  • HIPAA-compliant infrastructure for clinical data inside Practice Better;
  • Vendor due diligence and written agreements (including HIPAA Business Associate Agreements where applicable);
  • Routine review of accounts, sessions, and audit logs.

No system is 100% secure. If we ever experience a security incident affecting your information, we will provide notice as required by applicable law.

9. Retention

We keep personal information only as long as we need it for the purposes described in this Policy, subject to legal, accounting, audit, and dispute-resolution requirements. Typical retention windows:

  • Marketing leads who never become patients: retained for engagement and re-engagement, then archived or deleted on request.
  • Patient clinical records (PHI in Practice Better): retained according to applicable state medical-records retention laws and our HIPAA Notice of Privacy Practices.
  • Financial records: retained for the period required by tax and accounting law (typically 7 years).
  • Backups: may persist for a defined window in encrypted form before being purged.

You may request deletion at any time as described in Section 11. We will honor deletion requests subject to retention obligations imposed by law.

10. Children's Privacy

The Services are not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact [email protected] and we will delete it.

11. Your State Privacy Rights

Depending on where you live, you may have the rights below. We do not discriminate against you for exercising any of these rights.

11.1 Rights Available

  • Right to know / access: confirm whether we process your personal information and obtain a copy.
  • Right to correct: request correction of inaccurate personal information.
  • Right to delete: request deletion of your personal information.
  • Right to opt out of "sale" or "sharing": as defined in your state's law, opt out of any sharing of personal information for cross-context behavioral advertising or monetary or other valuable consideration. We do not sell personal information for money. We do share information with advertising partners as described in Section 7, which some state laws define as a "sale" or "share."
  • Right to limit the use of sensitive personal information (where the law provides this right).
  • Right to opt out of profiling that produces legal or similarly significant effects (where the law provides this right).
  • Right to appeal a denial of a privacy request (where the law provides this right).

11.2 Where These Rights Apply

These rights are provided under, among others:

  • Florida Digital Bill of Rights (FDBR) for Florida residents (where applicable thresholds are met);
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) for California residents;
  • Virginia Consumer Data Protection Act (VCDPA) for Virginia residents;
  • Colorado Privacy Act (CPA) for Colorado residents;
  • Connecticut Data Privacy Act (CTDPA) for Connecticut residents;
  • Utah Consumer Privacy Act (UCPA) for Utah residents;
  • Texas Data Privacy and Security Act (TDPSA) for Texas residents;
  • Comparable laws of other U.S. states as they take effect.

The exact mix of rights you have depends on your state. We honor each state's law for its residents.

11.3 California "Shine the Light"

California residents may request a list of certain categories of personal information we have shared with third parties for those third parties' direct-marketing purposes during the prior calendar year. We do not share personal information with third parties for their own direct-marketing purposes.

11.4 How to Exercise Your Rights

Submit a request by emailing [email protected] with subject line "Privacy Request" and the right(s) you want to exercise. We will verify your identity (typically by confirming information already in our records) and respond within the time required by your state's law (generally 45 days, extendable for an additional 45 days when reasonably necessary).

You may also designate an authorized agent to make a request on your behalf, subject to our verification of the agent's authority.

If we deny your request and your state provides an appeal right, you may appeal by replying to our denial with the subject line "Privacy Appeal." We will respond as required by your state's law.

11.5 If Your Request Concerns PHI

If your request concerns information that is PHI inside Practice Better, we will route the request through the HIPAA process described in your Notice of Privacy Practices. HIPAA — not state consumer-privacy law — governs PHI rights of access, amendment, accounting of disclosures, and restrictions.

12. International Users

The Services are intended for users located in the United States. If you access the Services from outside the U.S., you do so at your own initiative and are responsible for compliance with local law. Personal information will be processed in the U.S., where data-protection laws may differ from those in your country.

13. Third-Party Sites and Services

The Services contain links to and integrate with third-party sites, applications, and services that we do not control. Their privacy practices are governed by their own policies. Review them before providing information.

14. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by updating the "Effective Date" and "Last Updated" date above and, where appropriate, by additional notice (email, SMS, or a banner on the Services). Your continued use of the Services after the effective date of an updated Policy constitutes acceptance.

15. Contact Us

For questions about this Policy or to exercise any rights described above:

Kendall Wellness Center, LLC d.b.a. Youth
Miami, Florida
Email: [email protected] (subject line: "Privacy Request" or "Privacy Appeal" as applicable)
SMS: (786) 607-2686

For questions about your protected health information inside Practice Better, please refer to the HIPAA Notice of Privacy Practices provided to you at intake or contact us at the email above to request a copy.

"Experience Health, Embrace Youth." Kendall Wellness Center, LLC, all rights reserved.