PRIVACY POLICY
Effective date: May 18, 2026
Last updated: May 18, 2026
Regener8 Health & Wellness, LLC ("Regener8," "we," "our," or "us") respects your privacy. This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices you have. It applies to regener8now.com, our patient portal, our marketing emails and text messages, and any other service that links to this Policy (collectively, the "Services").
Some of the information we collect is "Protected Health Information" ("PHI") under the federal Health Insurance Portability and Accountability Act ("HIPAA"). PHI is governed by our separate Notice of Privacy Practices ("NPP"). Where this Privacy Policy and the NPP conflict on PHI, the NPP controls.
Who we are
Regener8 Health & Wellness, LLC
2901 NW Commerce Park Drive, Suite 1
Boynton Beach, FL 33426
General contact: admin@regener8now.com
Privacy Officer: privacy@regener8now.com
Information we collect
2.1 Information you give us
Identifiers — name, date of birth, postal address, email, phone number, emergency-contact details.
Account credentials — username, password (stored hashed), authentication factors.
Health and wellness information (in the patient portal only) — medical history, medications, allergies, vitals, lab results, treatment notes, telehealth recordings or summaries, secure messages.
Payment information — billing name and address, last four digits of a payment card; full card numbers are processed by our PCI-DSS payment processor (Stax) and are not stored on our systems.
Communications — emails, SMS, web-form submissions, chat, voicemails.
Marketing preferences — opt-ins, opt-outs, interests you tell us about.
2.2 Information collected automatically
When you use our Services, we and our analytics providers may automatically collect:
IP address, device type, browser type and version, operating system.
Pages viewed, links clicked, referring URL, approximate location (city / region inferred from IP).
Cookies and similar technologies — see our Cookie Policy.
2.3 Information from third parties
Pharmacy partners — fulfillment status, shipping confirmations, tracking numbers.
Laboratory partners (Quest, LabCorp, etc.) — test results when authorized by you.
Insurance and benefits administrators — eligibility and claims information.
Advertising platforms (Meta, Google) — aggregated, hashed conversion events; we do not send PHI to ad pixels.
How we use information
We use information to:
Provide, operate, and improve the Services.
Schedule visits, fulfill prescriptions, and communicate clinical results.
Process payments and prevent fraud.
Send appointment reminders and shipping notifications.
Send marketing communications you have opted in to receive (you can opt out at any time).
Comply with legal obligations and enforce our Terms.
Analyze and improve performance, security, and user experience.
We do not use PHI for marketing without your written authorization, except as permitted by HIPAA.
Legal bases (where applicable)
For users in jurisdictions that require a legal basis (e.g., the EEA / UK), we rely on: your consent, performance of a contract with you, our legitimate interests (e.g., fraud prevention, service improvement), and compliance with legal obligations.
How we share information
We share information only as described below. We never sell your personal information or PHI.
Treatment, Payment, and Healthcare Operations — with our licensed providers, pharmacy partners, laboratories, and care coordinators, as detailed in the NPP.
Service providers ("sub-processors") under contract that restricts use of the data and, where applicable, signed Business Associate Agreements (BAAs):
Practice Q (IntakeQ) — EHR, scheduling, secure messaging, patient portal (BAA).
SendGrid — transactional email (BAA).
GoHighLevel — CRM, marketing email and SMS to consenting users (no PHI).
Stax — payment processing (PCI-DSS).
Microsoft 365 — email and document storage for our team (BAA).
Heidi — AI medical scribe inside the clinical workflow (BAA).
Zoom (Healthcare tier) — telehealth visits (BAA).
Hosting and analytics — Framer (marketing site, no PHI), Supabase (portal infrastructure), and similar providers used in line with HIPAA where PHI is involved.
Legal and safety disclosures — when required by law, subpoena, or court order, or to protect rights, safety, or property.
Business transfers — in connection with a merger, acquisition, financing, or sale of assets; we will notify you of any change in ownership or use of your data.
With your consent — for any other disclosure you authorize.
Cookies and tracking
We use cookies and similar technologies to keep the site working, remember preferences, and measure performance. You can control cookies through your browser settings or our cookie banner. See our Cookie Policy.
We honor Global Privacy Control (GPC) signals from compatible browsers as a "do not sell or share" request for users entitled to make one.
SMS and email communications
If you provide your phone number and opt in, we send transactional and marketing text messages governed by our SMS Terms. Reply STOP to cancel and HELP for help. Message and data rates may apply. Email recipients can unsubscribe at any time using the link at the bottom of any marketing email; transactional and clinical emails (appointment confirmations, prescription updates) cannot be unsubscribed while you are an active patient.
Your privacy rights
Depending on where you live, you may have the right to:
Access the personal information we hold about you.
Correct or update inaccurate information.
Delete information, subject to legal and clinical retention requirements.
Restrict or object to certain processing.
Receive a portable copy of certain information.
Withdraw consent for marketing communications.
File a complaint with a regulator (e.g., the U.S. Department of Health & Human Services for HIPAA matters).
California residents (CCPA / CPRA): you may also request the categories and specific pieces of personal information we have collected, sold, or shared (we do not sell), and you may not be discriminated against for exercising your rights.
To exercise any right, email privacy@regener8now.com. We may need to verify your identity before fulfilling your request. Patients should request access to medical records through the patient portal or by contacting our Privacy Officer per the NPP.
Data retention
We keep information for as long as needed to provide the Services and for legitimate business or legal reasons. Medical records are retained for at least seven (7) years from the date of last service, or longer if required by Florida law. Marketing data is retained until you opt out and a reasonable suppression-list period thereafter.
Security
We use administrative, physical, and technical safeguards aligned with HIPAA Security Rule requirements: encryption in transit (TLS) and at rest, role-based access, multi-factor authentication for staff, audit logging, vendor BAAs, and secure disposal. No system is perfectly secure; we will notify affected individuals and regulators if a breach occurs as required by law.
Children
The Services are not intended for users under 18. We do not knowingly collect personal information from children under 13. If we learn we have, we will delete it. If you believe a child has provided us information, contact privacy@regener8now.com.
International users
The Services are operated from the United States. If you access them from outside the U.S., your information will be transferred to and processed in the U.S., where data-protection laws may differ from those in your country.
Third-party links
The Services may link to sites we do not control. We are not responsible for the privacy practices of those sites. Please review their policies before submitting information.
Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top will reflect the change. If changes are material, we will notify you by email or in-portal notice. Continued use of the Services after the effective date of the updated Policy constitutes acceptance.
Contact us
Questions, requests, or complaints:
Regener8 Privacy Officer
Email: privacy@regener8now.com
Mail: 2901 NW Commerce Park Drive, Suite 1, Boynton Beach, FL 33426
For HIPAA-specific complaints, see the Notice of Privacy Practices. You may also file a complaint with the U.S. Department of Health & Human Services Office for Civil Rights at https://www.hhs.gov/ocr/.