Prime Vitality LLC dba Prime Vitality Care ("Prime Vitality Care," "we," "us," or "our") is committed to protecting the privacy, confidentiality, and security of your personal and health information.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:

• Receive care at our San Antonio clinic or through our network of providers.
• Use our telehealth and virtual care services, including Prime Virtual Care and Time Vitality AI tools.
• Visit or interact with our websites, patient portal, online tools, and any other digital platforms we operate.

This Policy is intended to complement — not replace — our HIPAA Notice of Privacy Practices and any consent forms you sign as a patient. If there is any conflict between this Privacy Policy and our HIPAA Notice of Privacy Practices regarding Protected Health Information (PHI), the HIPAA Notice will control.

Prime Vitality Care is a healthcare provider. When handling Protected Health Information (PHI), we comply with the Health Insurance Portability and Accountability Act (HIPAA) and applicable federal and Texas state privacy laws.

This Privacy Policy primarily addresses how we handle information collected through our websites, telehealth platforms, digital tools, and practice operations. Both documents work together to ensure your complete privacy protection.

We collect information when you schedule or receive services, complete forms, interact with our website or patient portal, use telehealth, or communicate with us.

• Name, mailing address, email address, and phone numbers.
• Date of birth, gender, and demographic details.
• Government identifiers when required for care, prescriptions, or billing, where permitted by law.

• Medical history, diagnoses, treatment plans, lab results, medications, and allergies.
• Information shared during in-person visits, telehealth encounters, messaging, intake forms, or questionnaires.
• Records related to functional medicine, aesthetics, hormone therapy, weight loss, peptide therapy, mental and emotional health, and other services we provide.

• Insurance details, subscriber information, and eligibility data where applicable.
• Payment card details and billing information used to process payments for services, membership plans, and products. Full card numbers are not stored where not necessary and are processed through secure third-party payment processors.

• IP address, device identifiers, browser type, operating system, and approximate location.
• Pages viewed, links clicked, session duration, and interactions with our online tools and AI features.
• Telehealth connection logs such as date, time, and duration of sessions (not the clinical content of the visit unless documented in your medical record).

• Messages, emails, phone calls, texts, and chat transcripts when you communicate with our team or use our AI tools, subject to applicable consent and notice.
• Feedback, reviews, surveys, and responses you provide.

We use your information for the following purposes, consistent with HIPAA and applicable law.

• To schedule and conduct in-person and telehealth visits, provide diagnosis and treatment, coordinate care, and manage follow-up.
• To review your history, labs, and prior treatment plans so we can offer personalized functional and preventive care.

• To manage your patient account, maintain accurate medical records, and operate our practice.
• To improve quality of care, monitor outcomes, refine clinical protocols, and support training and supervision.
• To secure and monitor our platforms, prevent fraud, and protect against unauthorized access or misuse.

• To verify eligibility, submit claims, and process payments for services, memberships, and products.
• To handle billing inquiries, refunds, and account adjustments in accordance with our Terms.

• To contact you regarding appointments, test results, treatment plans, prescription refills, and care coordination.
• To send service-related announcements, reminders, satisfaction surveys, and educational content related to your care, unless you opt out where applicable.

• To understand how our website, telehealth platforms, and tools are used so we can improve performance, accessibility, and user experience.
• To personalize content, recommendations, and offerings based on your interactions (such as relevant educational articles, wellness programs, or membership options).

• To comply with HIPAA, Texas telehealth laws, and other federal and state regulations.
• To respond to valid legal requests, subpoenas, court orders, audits, and investigations where required by law.
• To detect, prevent, and respond to suspected or actual security incidents or threats to patient or public safety.

We may share information in the following circumstances, consistent with HIPAA and applicable law:

• With physicians, nurse practitioners, and other clinicians involved in your care for treatment and coordination.
• With labs, imaging centers, pharmacies, and other entities necessary to deliver your care.

• With vendors and contractors who perform services on our behalf (e.g., EHR systems, telehealth platforms, billing services, secure messaging, payment processors, cloud hosting, analytics tools), subject to Business Associate Agreements where required by HIPAA.
• These parties are contractually required to protect your information and may only use it as permitted by their agreement and applicable law.

• With your health plan, insurer, or employer-sponsored plan to obtain payment, prior authorizations, or approvals for services, when applicable.

• When you provide written authorization, we may share information with other individuals or organizations you designate (e.g., family members, other providers, or wellness coaches).
• You may revoke an authorization at any time in writing, except to the extent we have already relied on it.

We may disclose information without your authorization when permitted or required by law, including:

• To public health authorities, health oversight agencies, and regulators.
• To comply with court orders, subpoenas, or other valid legal processes.
• To law enforcement under limited, legally defined circumstances.
• To prevent or lessen a serious and imminent threat to health or safety, consistent with law and professional standards.

We use administrative, physical, and technical safeguards designed to protect your information from unauthorized access, loss, misuse, alteration, or disclosure.

Our efforts include:

• HIPAA-compliant telehealth platforms with encrypted data transmission.
• Secure electronic health record and patient portal systems with role-based access controls.
• Authentication, audit logs, and continuous monitoring of system use.
• Workforce training and written policies regarding privacy, security, and incident response.
• Regular risk assessments and security reviews of our systems and vendor relationships.

You are responsible for protecting your account credentials, avoiding use of public or shared devices for sensitive communications where possible, and notifying us promptly if you suspect unauthorized access to your account.

Your rights depend on whether the information is PHI under HIPAA, other medical information, or general website/consumer data. Subject to legal limitations, you may have the right to:

• Access medical records: Request access to or copies of your health information in designated record sets.
• Request corrections: Ask us to correct inaccurate or incomplete information in your record.
• Request restrictions: Request limitations on certain uses or disclosures of your PHI, such as limiting disclosure to a health plan when you pay out-of-pocket in full, as permitted by law.
• Request confidential communications: Ask that we contact you via alternative means or at an alternative location (e.g., a different phone number or mailing address).
• Request an accounting of disclosures: Obtain a list of certain disclosures of your PHI made in the past six years, excluding those for treatment, payment, and healthcare operations.
• Obtain a copy of our HIPAA Notice: Request a paper or electronic copy of our HIPAA Notice of Privacy Practices at any time.
• Data deletion (non-PHI): Where permitted by applicable state law, request deletion or anonymization of certain non-clinical information, subject to our legal and clinical record-keeping obligations.

We may use cookies, pixels, web beacons, local storage, and similar technologies on our websites and digital platforms to:

• Remember your preferences and improve user experience across sessions.
• Analyze website performance, usage patterns, and traffic sources.
• Support security features and session management.
• Provide relevant content and measure the effectiveness of our pages and campaigns.

You can manage cookies through your browser settings and, where offered, our on-site cookie preferences tools. Disabling certain cookies may affect site functionality or features.

Prime Virtual Care and related telehealth services are delivered through secure, HIPAA-compliant platforms, and we meet or exceed Texas and federal telehealth requirements.

• Your telehealth sessions are encrypted in transit, and we take steps to protect confidentiality similar to in-office visits.
• We may use digital tools, symptom checkers, or AI-assisted technologies (including Time Vitality AI) to help organize information, support clinical decision-making, or enhance your user experience. Clinicians remain solely responsible for your diagnosis and treatment.
• If any telehealth or AI interaction is recorded or stored beyond standard medical documentation, we will disclose this in advance and obtain any required consent.

Our services are generally intended for adults age 18 and older.

We do not knowingly collect personal information from children under 18 through our public website without involvement of a parent or legal guardian, except as allowed by law in the context of clinical care (for example, when a minor is seen with parental consent).

If you believe a minor has provided us information online without appropriate consent, please contact us immediately so we can take appropriate steps to address it.

Prime Vitality Care primarily serves patients within the United States and provides telehealth services only in jurisdictions where our clinicians are licensed.

If you access our website or digital tools from outside the United States, be aware that your information may be transferred to, stored, or processed in the U.S., where data protection laws may differ from those in your country of residence.

By using our sites or services from outside the U.S., you acknowledge this transfer and processing is subject to this Privacy Policy and applicable U.S. law.

We may update this Privacy Policy periodically to reflect changes in technology, our practices, services, or legal requirements.

• When we make material changes, we will update the "Effective Date" at the top of this page and may provide additional notice — such as via email, patient portal message, or an on-site banner — where required by law.
• Your continued use of our website, telehealth services, or clinic after an updated policy is posted constitutes your acceptance of the revised terms.
• We encourage you to review this page regularly to stay informed about our privacy practices.

If you have questions about this Privacy Policy, our HIPAA Notice of Privacy Practices, your rights, or how we handle your information, please contact us:

By using Prime Vitality Care's website, patient portal, telehealth services, AI tools, or in-person clinical services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms, subject to any additional consents you may provide separately.

Your clinical care always remains subject to applicable medical consent forms and our HIPAA Notice of Privacy Practices, which are provided to you at or before your first appointment and remain available through our Patient Hub at all times.