1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, phone number, mailing address, date of birth, and membership status.
• Payment Information: Credit card details, billing address, and payment history (processed securely through third-party payment processors).
• Health-Related Information: Any health interests, preferences, symptoms, or conditions you voluntarily share through our AI assistants, chatbots, or when purchasing products and services. This information is optional and provided at your discretion.
• Communications: Messages you send to us, including customer support inquiries, feedback, and survey responses.
• Profile Information: Preferences, interests, and any other information you choose to add to your account profile.

1.2 Information Collected Automatically

• Usage Information: Pages visited, features used, links clicked, time spent on pages, AI assistant interactions, chatbot conversations, search queries, and navigation paths through our platform.
• Device Information: IP address, browser type and version, operating system, device identifiers, mobile network information, and device settings.
• Location Information: Approximate geographic location based on IP address. We do not collect precise GPS location unless you explicitly grant permission.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your use of our Services. See Section 9 for details.

1.3 Information from Third Parties

• Healthcare Providers: If you receive services through the Freely Health Network, we may receive limited information from independent healthcare providers necessary to facilitate service delivery.
• Analytics Providers: We use third-party analytics services that may collect information about your use of our Services.
• Social Media: If you interact with our social media pages, we may receive information from those platforms in accordance with their privacy policies.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery and Operations

• Operate, maintain, and improve our platform, AI assistants, chatbots, and membership services
• Process transactions and deliver products and services you request
• Facilitate physician orders through the Freely Health Network when required
• Provide customer support and respond to your inquiries
• Personalize your experience and display relevant content

2.2 Communications

• Send you service-related notifications, updates, and security alerts
• Provide information about membership benefits and account status
• Send marketing communications about products, services, promotions, and events (you can opt out at any time)
• Conduct surveys and request feedback

2.3 Analytics and Improvements

• Monitor and analyze usage patterns, trends, and user behavior
• Diagnose technical issues and improve platform performance
• Conduct research and development to enhance our Services
• Train and improve our AI models using aggregated, de-identified data only (see Section 2.4)

2.4 AI Training and Development

2.5 Legal and Safety

• Comply with legal obligations and respond to legal requests
• Protect the rights, property, and safety of Beim Health, our users, and the public
• Prevent, detect, and investigate fraud, security incidents, and prohibited activities
• Enforce our Terms of Service and other policies

3. Information Sharing and Disclosure

We do not sell your personal information to third parties.

We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Payment Processors: To process payments and manage billing (e.g., Stripe, PayPal)
• Cloud Hosting: To store data and host our platform (e.g., AWS, Google Cloud)
• Analytics Providers: To analyze platform usage (e.g., Google Analytics, Mixpanel)
• Email Service Providers: To send transactional and marketing emails (e.g., SendGrid, Mailchimp)
• Customer Support Tools: To provide customer service (e.g., Zendesk, Intercom)

All service providers are contractually obligated to protect your information and use it only for the specific purposes we authorize.

3.2 Healthcare Providers

When you purchase products or services requiring a physician order, we share the following information with independent healthcare providers in the Freely Health Network:

• Your name, date of birth, and contact information
• Information about the product or service ordered
• Relevant health information you provided specifically for the order

We share only the minimum information necessary to facilitate the service. Healthcare providers operate independently and are responsible for their own privacy and security practices.

3.3 Legal Requirements

We may disclose information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Government or regulatory requests
• Requests from law enforcement or public authorities
• Legal claims or disputes involving Beim Health

3.4 Business Transfers

If Beim Health is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated and De-Identified Information

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for research, analytics, marketing, or other purposes. This information is not considered personal information.

3.6 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Type	Retention Period
Account Information	Duration of account activity plus 7 years after account closure (for legal, accounting, and regulatory compliance)
Payment Information	7 years after last transaction (for tax and accounting purposes)
AI Chatbot Conversations	90 days, unless you request earlier deletion
Usage and Analytics Data	2 years from collection date
Marketing Communications	Until you opt out, then 30 days to process removal
Customer Support Records	3 years from last interaction

After the retention period expires, we securely delete or anonymize your information. You may request deletion of your information at any time, subject to our legal obligations to retain certain data (see Section 7).

5. Data Security

We take the security of your information seriously and implement comprehensive administrative, technical, and physical safeguards to protect it from unauthorized access, use, disclosure, alteration, and destruction.

5.1 Security Measures

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption algorithms (AES-256)
• Access Controls: Strict role-based access controls limit employee and contractor access to personal information on a need-to-know basis
• Authentication: Multi-factor authentication (MFA) required for all administrative access
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring
• Security Audits: Regular third-party security assessments and vulnerability testing
• Employee Training: All personnel receive regular privacy and security training
• Secure Development: Security practices integrated into our software development lifecycle

5.2 Payment Security

Payment information is processed through PCI-DSS compliant third-party payment processors. We do not store full credit card numbers on our servers.

5.3 Limitations

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

5.4 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected users within 72 hours of discovering the breach, or as required by applicable law
• Provide details about the breach, affected information, and steps we are taking
• Offer guidance on steps you can take to protect yourself
• Notify relevant regulatory authorities as required by law

6. HIPAA Disclaimer and Health Information

If you choose to share health-related information through our Services:

• It will be handled in accordance with this Privacy Policy, not HIPAA
• It may be used to personalize your experience and provide relevant products
• It will be stored and processed in accordance with our data security and retention practices
• You can request deletion at any time (see Section 7)

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Access and Portability

• Right to Access: Request a copy of the personal information we hold about you
• Right to Data Portability: Receive your information in a structured, commonly used, machine-readable format (CSV or JSON)
• We will respond to access requests within 30 days

7.2 Correction and Updates

• Right to Correct: Request correction of inaccurate or incomplete information
• You can update most information directly in your account settings
• For assistance, contact support@beimcares.com

7.3 Deletion

• Right to Delete: Request deletion of your personal information
• We will delete your information within 30 days of a valid request
• Some information may be retained if required by law or for legitimate business purposes (e.g., financial records for tax compliance, fraud prevention)
• Deleted accounts cannot be recovered

7.4 Opt-Out Rights

• Marketing Communications: Opt out by clicking "unsubscribe" in any marketing email or contacting us at support@beimcares.com
• AI Training: Opt out of having your conversations used for AI training (will not affect service quality)
• Cookies: Manage cookie preferences through your browser settings (see Section 9)
• Analytics: Opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on

7.5 Object to Processing

• Object to processing of your information for direct marketing purposes
• Object to automated decision-making or profiling

7.6 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: support@beimcares.com
• Subject line: "Privacy Rights Request"
• Include: Your name, email address, and specific request

We may require verification of your identity before fulfilling requests to protect your information. We will respond within 30 days or as required by applicable law. There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

8. State-Specific Privacy Rights

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

8.2 Virginia Residents (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act to access, correct, delete, and obtain a copy of their personal data, as well as opt out of targeted advertising and certain profiling.

8.3 Colorado, Connecticut, and Utah Residents

Residents of Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA) have similar rights to access, correct, delete, and obtain portable copies of their data, plus opt-out rights for targeted advertising and sale of personal data.

8.4 Other States

We extend similar privacy rights to all U.S. residents regardless of state law. If you have questions about your rights, contact support@beimcares.com.

9. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to collect information about your use of our Services, remember your preferences, and provide a personalized experience.

9.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for website functionality, authentication, and security. Cannot be disabled.	Session or up to 1 year
Performance Cookies	Collect anonymous data about how you use our site to help us improve performance.	Up to 2 years
Functional Cookies	Remember your preferences and personalize your experience.	Up to 1 year
Analytics Cookies	Help us understand user behavior and improve our Services (Google Analytics, Mixpanel).	Up to 2 years
Advertising Cookies	Currently not used. If implemented in the future, we will update this policy and request consent.	N/A

9.2 Third-Party Cookies

We use the following third-party services that may place cookies:

• Google Analytics: Website analytics and user behavior tracking
• Payment Processors: Secure payment processing (Stripe, PayPal)
• Customer Support Tools: Live chat and support services

9.3 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies (may affect site functionality)
• Delete existing cookies
• Set preferences for specific websites
• Be notified when cookies are set

Browser Settings:

• Chrome: Settings → Privacy and Security → Cookies
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and Website Data
• Edge: Settings → Cookies and Site Permissions

Opt-Out Tools:

• Google Analytics Opt-out Browser Add-on
• NAI Opt-Out Tool
• Digital Advertising Alliance Opt-Out

9.4 Do Not Track

Some browsers have "Do Not Track" (DNT) features. We currently do not respond to DNT signals because there is no industry standard for how to respond. We will update this policy if standards are established.

10. International Data Transfers

Beim Health is based in the United States. If you access our Services from outside the U.S., your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.

10.1 European Economic Area (EEA) and UK

If you are located in the EEA or UK, we rely on the following legal bases for international data transfers:

• Standard Contractual Clauses approved by the European Commission
• Your explicit consent to the transfer
• Necessity for the performance of our contract with you

You have rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority.

10.2 Other Countries

We implement appropriate safeguards to protect your information regardless of where it is processed. By using our Services, you consent to the transfer of your information to the United States and other countries where we operate.

11. Children's Privacy

Age Requirement: Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from anyone under 18.

If you are under 18, you must not:

• Create an account or use our Services
• Provide any personal information to us
• Interact with our AI assistants or chatbots

If we discover we have collected information from someone under 18, we will delete it immediately. If you believe we have collected information from a minor, contact us at support@beimcares.com.

COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA) by not collecting information from children under 13.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

12.1 Notice of Material Changes

When we make material changes to this Privacy Policy, we will:

• Update the "Effective Date" at the top of this document
• Send you an email notification at least 30 days before changes take effect
• Post a prominent notice on our platform homepage
• Provide a summary of key changes

12.2 Your Options

If you do not agree with the updated Privacy Policy:

• You may close your account before the effective date
• You will receive any applicable pro-rated refunds
• Continued use after the effective date constitutes acceptance

12.3 Non-Material Changes

Minor updates (clarifications, contact information, formatting) may be made without advance notice. We encourage you to review this Privacy Policy periodically.

12.4 Version History

Previous versions of this Privacy Policy are available upon request by contacting support@beimcares.com.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by Beim Health. This Privacy Policy does not apply to third-party services.

We are not responsible for:

• Privacy practices of third-party websites or services
• Content or security of external links
• Data collection by third parties you interact with through our platform

We encourage you to review the privacy policies of any third-party services before providing them with your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: