Privacy Policy

Effective Date: May 20, 2026

1. Introduction

Extend Medical LLC, a Georgia limited liability company (“Extend Medical”, “Practice”, “we”, “us”, or “our”), operates a virtual precision and longevity medicine practice serving patients across the United States and, on a limited basis, internationally.

This Website Privacy Policy (“Privacy Policy” or “Policy”) describes how we collect, use, and share information about visitors to and users of our public-facing websites, including extendmedical.com and our patient resource hub at hub.extendmedical.com (collectively, the “Website”). By accessing or using the Website, you acknowledge that you have read, understood, and consent to the terms of this Policy.

2. Scope: This Policy vs. Our Notice of Privacy Practices

Extend Medical is a healthcare provider subject to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (collectively, “HIPAA”). Information you provide to us about your health, treatment, or payment for healthcare (“Protected Health Information” or “PHI”) is governed by our separate Notice of Privacy Practices (“NPP”), which we provide to you at the time you establish a healthcare relationship with us and which is available upon request.

This Policy governs only information collected through the Website from visitors and prospective patients before a healthcare relationship is established. Once you become a patient of Extend Medical, your PHI is governed by the NPP. To the extent of any conflict between this Policy and the NPP with respect to PHI, the NPP controls.

Information collected from you in the course of your healthcare relationship with Extend Medical, including through hub.extendmedical.com after you have established care, is governed by the NPP and our Patient Intake Agreement.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you provide to us through the Website, including when you:

  • Subscribe to our newsletter (we collect your name and email address)
  • Submit a contact form, partnerships inquiry, or speaking inquiry (we collect your name, email address, telephone number, company or organization name, role, and any other information you choose to provide)
  • Express interest in becoming a patient or request a discovery call (we collect your name, contact information, basic health-related context, and program interest)
  • Communicate with us via email, text message, or phone (we collect your contact information and the content of your communication)
  • Respond to a survey, register for a webinar, or otherwise interact with our content

Information you provide before a healthcare relationship is established is governed by this Policy. Once you sign the Patient Intake Agreement and an applicable Service Agreement, all subsequent information you provide to us as a patient, including health and treatment information, is governed by the NPP.

3.2 Information We Collect Automatically

When you access the Website, we and our service providers automatically collect certain information about your device and your interactions with the Website (“Usage Data”), including:

  • Internet Protocol (IP) address and approximate geographic location derived from it
  • Browser type, browser version, and operating system
  • Device identifiers, device type, and screen resolution
  • Referring website or source
  • Pages viewed, time spent on pages, links clicked, and navigation paths
  • Date and time of access

This information is collected through cookies, web beacons, server logs, and similar technologies. See Section 6 for details on cookies and tracking technologies.

3.3 Information From Third Parties

We may receive information about you from third parties, including marketing partners, analytics providers, and social media platforms when you interact with our content on their services. This information helps us understand the effectiveness of our marketing and improve our Website.

4. How We Use Information

We use the information described in Section 3 for the following purposes:

  • To provide and operate the Website, including hosting, maintenance, security, and troubleshooting
  • To respond to your inquiries, including newsletter subscriptions, contact form submissions, partnership and speaking inquiries, and prospective patient communications
  • To establish a healthcare relationship, if you elect to become a patient, by guiding you through onboarding and the execution of the Patient Intake Agreement and applicable Service Agreement
  • To send marketing communications, including our newsletter and other educational content, where you have consented to receive them
  • To analyze and improve our Website, including by understanding visitor behavior, measuring the effectiveness of marketing, and developing new content and features
  • To prevent fraud, abuse, and security incidents, including by monitoring for unauthorized access or harmful activity
  • To comply with legal obligations, respond to lawful requests from public authorities, and protect our legal rights
  • With your consent, for any other purpose disclosed at the time we collect the information

Automated tools and artificial intelligence. We may use automated tools and artificial intelligence in connection with our Website operations, including for marketing personalization, content recommendations, lead scoring, and routine customer support. These tools do not make decisions that produce legal or similarly significant effects concerning you. Any use of artificial intelligence in connection with the provision of clinical services to patients is governed by our Notice of Privacy Practices and the applicable patient agreements.

5. How We Share Information

We share Website information only as described in this Section.

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf. These include:

  • Hosting and website infrastructure: our website hosting provider, which hosts the Website and supporting services
  • Customer relationship management, marketing automation, and email: our CRM and marketing automation platform, which powers our newsletter, lead capture forms, email marketing, and related communications
  • Payment processing: our payment processor, which handles payments initiated through the Website
  • Analytics, advertising, and embedded content: Google (including Google Analytics and YouTube) and Meta Platforms (Facebook and Instagram), which provide analytics, embedded video, advertising, and measurement tools (see Section 6 for details and opt-out options)
  • Professional advisors: attorneys, accountants, auditors, and other consultants, as needed

These service providers are authorized to use the information only as necessary to perform services for us and are contractually obligated to protect the information. They are not authorized to sell your information.

5.2 Healthcare Business Associates

Once you become a patient of Extend Medical, we engage healthcare-specific service providers, including electronic health record systems, laboratory partners, pharmacy partners, supplement dispensaries, and similar vendors, that handle Protected Health Information on our behalf. These relationships are governed by Business Associate Agreements as required under HIPAA. Sharing of PHI with these Business Associates is governed by our Notice of Privacy Practices, not this Privacy Policy.

5.3 Legal Disclosures

We may share information when we believe in good faith that disclosure is necessary to: (a) comply with applicable laws, regulations, court orders, subpoenas, or other legal process; (b) respond to lawful requests from public authorities, including law enforcement; (c) enforce our agreements, including investigation of potential violations; (d) protect the rights, property, or safety of Extend Medical, our patients, our personnel, or others; or (e) detect, prevent, or otherwise address fraud, security, or technical issues.

5.4 Business Transfers

If Extend Medical is involved in a merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. Where required by law, we will notify you and provide an opportunity to exercise applicable rights with respect to your information.

5.5 Aggregated and De-identified Information

We may share aggregated or de-identified information that does not identify any individual for any lawful purpose, including research, analytics, marketing, and educational content.

5.6 No Sale of Personal Information

Extend Medical does not sell your personal information for monetary consideration. Certain uses of advertising technologies (such as Meta and Google products) may be considered “sharing” or “sale” under certain state privacy laws. See Section 10 for your rights with respect to these activities.

6. Cookies and Similar Technologies

6.1 What Cookies Are

A cookie is a small text file placed on your device by a website. Cookies enable websites to recognize your device, remember your preferences, and analyze how the website is used. We also use related technologies, including web beacons (small pieces of code that record information about your interactions with web pages and emails) and server logs (records of activity on our servers).

6.2 Types of Cookies and Technologies We Use

Strictly necessary cookies. Required for the Website to function, including for security, load balancing, and basic navigation. You cannot opt out of these cookies if you wish to use the Website.

Analytics cookies. Help us understand how visitors interact with the Website. We use Google Analytics to collect this information. Google Analytics collects information about your device, browser, IP address, and on-Website behavior. You can opt out of Google Analytics by installing the browser add-on available at https://tools.google.com/dlpage/gaoptout.

Embedded content. We use YouTube to serve embedded video content on certain pages. YouTube may set cookies and collect information about your interaction with the video player, subject to Google's privacy policy.

Advertising and measurement cookies. We use the Meta Pixel and related Meta advertising tools (operated by Meta Platforms, Inc., the parent company of Facebook and Instagram) to measure the effectiveness of advertising, deliver relevant content, and reach prospective patients on Meta's platforms. The Meta Pixel collects information about your interactions with the Website and sends that information to Meta. You can manage Meta advertising preferences in your Facebook or Instagram account settings.

6.3 Healthcare Privacy and Tracking Technologies

We are aware of the guidance issued by the U.S. Department of Health and Human Services Office for Civil Rights concerning the use of online tracking technologies by HIPAA-regulated entities. To protect your healthcare privacy:

  • We have designed our deployment of Google Analytics, the Meta Pixel, and other third-party tracking technologies to be limited to marketing, educational, and informational pages on extendmedical.com;
  • We do not knowingly deploy third-party tracking technologies on patient intake pages, patient scheduling pages, or any page within hub.extendmedical.com where Protected Health Information may be collected, accessed, or displayed;
  • We do not knowingly transmit PHI to third-party advertising or analytics providers; and
  • If we become aware that a tracking technology has been inadvertently deployed on a page where it should not have been, we will promptly remove or disable the technology and assess whether notification or other action is required under applicable law.

6.4 Managing Cookies and Opting Out

Most web browsers allow you to control cookies through their settings. You can typically configure your browser to refuse cookies, delete existing cookies, or notify you when cookies are being set. Note that disabling cookies may affect the functionality of the Website. You may also use industry opt-out tools provided by the Digital Advertising Alliance at https://optout.aboutads.info and the Network Advertising Initiative at https://optout.networkadvertising.org.

California, Colorado, Connecticut, and other state residents. If you are a resident of a state with applicable privacy laws, you may have additional rights to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising, including in connection with our use of Google and Meta technologies. To exercise these rights, you may: (a) use the cookie and browser controls described above; (b) follow the “Your Privacy Choices” link on the Website, if available; or (c) email us at legal@extendmedical.com. See Section 10 for details on your privacy rights.

7. Text Messaging (SMS)

If you provide your mobile phone number to us through the Website or in connection with our services, you may consent to receive text messages from Extend Medical, including:

  • Confirmation messages for newsletter subscription, form submission, or appointment booking
  • Service-related messages, including appointment reminders and follow-ups
  • Educational and promotional messages, where you have opted in

Consent. Your consent to receive text messages is not a condition of purchasing any goods or services from us. Text messages may be sent using automated technology.

Frequency. The frequency of messages varies based on your interaction with us. You may receive periodic messages.

Rates. Standard message and data rates may apply. Contact your wireless carrier for details.

Opt-out. You may opt out of receiving text messages from us at any time by replying “STOP” to any message. Upon receipt of your opt-out request, we will send you a confirmation message and cease sending text messages, except as necessary to fulfill any ongoing services you have requested. For assistance, reply “HELP.”

Mobile phone opt-in data. Information collected as part of mobile phone opt-in for SMS communications, including consent records, will not be shared with third parties for their marketing purposes.

8. Email and Newsletter

If you subscribe to our newsletter or otherwise consent to receive email communications from us, we may send you educational content, practice updates, and occasional promotional messages. Every marketing email we send includes an unsubscribe link. You may unsubscribe at any time by clicking the link in any email or by emailing us at the address in Section 19. Even after you unsubscribe from marketing emails, we may still send you transactional or service-related communications, such as appointment confirmations or important account notices.

9. Patient Data and HIPAA

When you become a patient of Extend Medical by executing the Patient Intake Agreement and an applicable Service Agreement, your interactions with us, including all health, treatment, and payment information, are governed by our Notice of Privacy Practices rather than this Policy. The NPP describes:

  • How we use and disclose your PHI for treatment, payment, and healthcare operations
  • The other circumstances in which we may use or disclose your PHI without your authorization (such as public health activities, law enforcement, and judicial proceedings)
  • Your rights with respect to your PHI, including the right to access, amend, request restrictions, request confidential communications, receive an accounting of disclosures, and obtain a paper copy of the NPP
  • Our obligations regarding breach notification and the steps you can take to file a complaint

If you are a patient and have questions about our PHI practices, please refer to the NPP or contact us at the address in Section 19.

10. Your Privacy Rights

10.1 HIPAA Rights (Patients Only)

If you are a patient of Extend Medical, you have rights under HIPAA with respect to your PHI. Those rights are described in detail in the Notice of Privacy Practices, including the right to inspect and copy your PHI (we will respond within 30 days), the right to request amendments, the right to an accounting of disclosures, the right to request restrictions on use and disclosure, the right to request confidential communications, and the right to a paper copy of the NPP.

10.2 California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”). Note that medical information regulated by HIPAA or the California Confidentiality of Medical Information Act is generally exempt from the CCPA. The rights below therefore apply primarily to information collected through the Website outside of a patient relationship.

Subject to certain exceptions, you have the right to:

  • Know what categories of personal information we have collected about you, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it
  • Access a copy of the specific pieces of personal information we have about you
  • Delete personal information we have collected from you
  • Correct inaccurate personal information we maintain about you
  • Opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising (see Section 5.6 regarding our use of advertising technologies)
  • Limit the use and disclosure of sensitive personal information for purposes beyond those necessary to provide the goods or services you have requested
  • Non-discrimination: you will not be discriminated against for exercising any of these rights

Categories of personal information we collect. In the 12 months preceding the Effective Date of this Policy, we have collected the following categories of personal information from website visitors: identifiers (such as name, email, phone number, IP address); commercial information (such as transaction records and inquiry history); internet or electronic network activity (such as browsing behavior on our Website); geolocation data (approximate, derived from IP); professional or employment-related information (such as company name and role provided on inquiry forms); and inferences drawn from the foregoing.

Authorized agent. You may designate an authorized agent to submit a request on your behalf. We will require verification of your identity and the agent's authority before processing the request.

Submitting a request. You may exercise these rights by emailing us at legal@extendmedical.com or writing to the address in Section 19. We will respond within the timeframes required by applicable law.

Verification of requests. To protect your information, we may require you to provide information necessary to reasonably verify your identity and your relationship to the personal information that is the subject of the request. If we cannot verify your identity, we may decline to process the request. We will not use information you provide for verification purposes for any other purpose.

Limitations on requests. We may decline, charge a reasonable fee for, or extend the time to respond to requests that are manifestly unfounded, excessive, or repetitive, or that we are not required to honor under applicable law. We may also retain or continue to process information where required by law, including for compliance with HIPAA recordkeeping obligations, performance of healthcare contracts, defense of legal claims, or other lawful purposes.

10.3 Privacy Rights in Other U.S. States

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Tennessee, Indiana, New Hampshire, New Jersey, Kentucky, Maryland, and other states with comprehensive consumer privacy laws have rights similar to those described above, including the right to access, delete, correct, and opt out of certain processing activities. The specific rights and applicable exemptions vary by state. To exercise any state-specific rights, please contact us using the information in Section 19.

10.4 Washington My Health My Data Act

If you are a Washington resident, the Washington My Health My Data Act may grant you additional rights with respect to “consumer health data” collected through the Website prior to a HIPAA-covered patient relationship. You may exercise those rights by contacting us at the address in Section 19.

10.5 Universal Opt-Out Signals

Where required by applicable law and to the extent we have implemented the technical capability to detect such signals, we will honor browser-based opt-out preference signals, such as the Global Privacy Control (GPC), as a valid request to opt out of the sale or sharing of personal information for the browser and device on which the signal is sent. To ensure your preferences are reliably recorded, we encourage you to also submit a request as described in Section 10.2.

11. International Users

The Website and our services are operated from the United States and are intended primarily for residents of the United States. Extend Medical is a healthcare practice based in Atlanta, Georgia. We do not specifically market, target, or direct our services to residents of any jurisdiction outside of the United States. We do not maintain offices, employees, infrastructure, or licensure outside of the United States.

11.1 Use of the Website from Outside the United States

If you choose to access the Website or provide information to us from outside the United States, you do so on your own initiative. By submitting any information to us, by accessing the Website, and by accepting this Policy, you expressly understand, acknowledge, and consent to:

  • The transfer of your information to the United States;
  • The storage, processing, and use of your information in the United States;
  • The application of United States federal law (including the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations) and the laws of the State of Georgia, as the primary legal framework governing our handling of your information; and
  • The terms of this Policy and any other agreements you enter into with us.

You acknowledge that the data protection laws of the United States may differ from, and may provide less protection than, the laws of your country of residence, and that you nevertheless consent to the processing of your information in the United States.

11.2 International Patients

Extend Medical may, in its sole and absolute discretion, accept patients located outside the United States on a limited basis. Acceptance of any individual as a patient is not guaranteed and is subject to Extend Medical's clinical and operational determination.

It is solely your responsibility, and not Extend Medical's, to confirm that the laws of your country of residence and any other applicable jurisdiction permit you to: (a) receive healthcare services from a United States-based medical practice; (b) provide your personal information, including health information, to a United States-based healthcare provider; and (c) enter into the Patient Intake Agreement and any applicable Service Agreement with Extend Medical.

Extend Medical makes no representation or warranty that our services, this Website, or our handling of your information are available, lawful, appropriate, or compliant with the laws of any jurisdiction outside of the United States. Extend Medical has not evaluated and does not undertake any obligation to evaluate the laws of any jurisdiction outside of the United States. Extend Medical reserves the right to decline service to any individual, in any jurisdiction, for any reason or no reason.

11.3 Application of HIPAA

Extend Medical is a covered entity under HIPAA. HIPAA applies to the Protected Health Information we create, receive, maintain, or transmit, regardless of where you reside. International patients of Extend Medical are entitled to the same HIPAA protections that apply to United States patients with respect to their PHI.

11.4 Foreign Privacy Laws

Depending on your country of residence, additional privacy or data protection laws may apply to our processing of your information, including but not limited to the European Union General Data Protection Regulation (GDPR), the United Kingdom GDPR, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws, Australia's Privacy Act, and similar laws.

Extend Medical does not target users in the European Union, the United Kingdom, or any other jurisdiction outside of the United States. If you are a resident of such a jurisdiction and you choose to access the Website or provide information to us, you do so on your own initiative, and you consent to the application of United States law and the terms of this Policy as the governing framework for our handling of your information.

If you are a resident of a jurisdiction with applicable privacy laws and wish to inquire about or exercise any rights you may have under those laws, please contact us at legal@extendmedical.com. We will respond consistent with our legal obligations under applicable law.

11.5 Lawful Basis for Processing (Where Applicable)

Where the GDPR, UK GDPR, or similar law applies to our processing of your personal information, our lawful basis for processing is one or more of the following, as applicable: (a) your consent to the processing, which you provide by accessing the Website and submitting information to us under the terms of this Policy; (b) the performance of a contract between you and Extend Medical, including the Patient Intake Agreement and any Service Agreement; (c) compliance with our legal obligations; and (d) the legitimate interests of Extend Medical in operating, securing, and improving our services, where those interests are not overridden by your rights and interests.

11.6 Withdrawal of Consent

You may withdraw your consent to the processing of your information at any time by contacting us at legal@extendmedical.com. Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal, and does not affect processing for which we have an independent lawful basis (such as performance of a healthcare contract or compliance with legal obligations including HIPAA recordkeeping requirements). Withdrawal of consent may result in our inability to continue providing services to you.

12. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect information collected through the Website against unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption of data in transit, access controls, and ongoing monitoring.

No security measure is perfect. Despite our efforts, we cannot guarantee absolute security. Transmission of information over the internet carries inherent risks, and you provide information to us at your own risk. We are not responsible for circumvention of security measures or for the security of any device, network, or system not under our direct control.

We will notify affected individuals of any breach of unsecured personal information in accordance with applicable law, including HIPAA's Breach Notification Rule where PHI is involved and applicable state breach notification statutes.

13. Data Retention

We retain information collected through the Website for as long as necessary to fulfill the purposes for which it was collected, including to provide our services, respond to your inquiries, send you communications you have consented to receive, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the nature of the information and the purpose of processing.

PHI retention. Patient health records and other PHI are retained as required by applicable state and federal law, which may include retention periods of seven years or longer. Specific PHI retention practices are addressed in the NPP.

14. Children

The Website and our services are not directed to individuals under the age of 18 (“Minors”). By using the Website or providing any information to us, you represent and warrant that you are at least 18 years of age. Our services are provided exclusively to adult patients. We do not provide medical services to Minors, and we do not knowingly accept information submitted on behalf of any Minor. We do not knowingly collect personal information from Minors. If we learn that we have collected personal information from a Minor, we will promptly delete that information. If you believe a Minor has provided information to us, please contact us at legal@extendmedical.com.

15. Links to Other Websites

The Website may contain links to third-party websites, applications, services, or resources (such as supplement dispensaries, laboratory partners, professional associations, or news media). We are not responsible for the privacy practices or content of those third parties. This Policy does not apply to information collected by third parties through their own websites or services. We encourage you to review the privacy policies of any third-party services before providing information to them.

16. Do Not Track

Some browsers offer a “Do Not Track” (DNT) feature. Because there is no industry standard for how websites should interpret DNT signals, the Website does not currently respond to DNT signals. With respect to Global Privacy Control (GPC) signals, please see Section 10.5.

17. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we update this Policy, we will revise the Effective Date at the top of this document. If we believe the changes are material, or where required by applicable law, we may provide additional notice, such as by posting a notice on the Website or, where appropriate, by email or other communication. We encourage you to review this Policy periodically. Your continued use of the Website after we post changes constitutes your acceptance of the revised Policy.

18. General Provisions

Severability. If any provision of this Policy is held by a court or other tribunal of competent jurisdiction to be invalid, illegal, or unenforceable for any reason, that provision shall be eliminated or limited to the minimum extent necessary so that the remaining provisions of this Policy will continue in full force and effect.

No third-party beneficiaries. This Policy is for the benefit of you and Extend Medical only and does not create any rights enforceable by any other person or entity.

No waiver. No failure or delay by Extend Medical in exercising any right under this Policy will operate as a waiver of that right. No waiver shall be effective unless made in writing and signed by an authorized representative of Extend Medical.

Relationship to other agreements. This Policy is in addition to, and does not modify, our Terms of Use, the Patient Intake Agreement, any Service Agreement, the Electronic Communications Agreement, or the Notice of Privacy Practices. In the event of any conflict between this Policy and any of those documents with respect to a subject matter that the other document specifically addresses, the other document shall control with respect to that subject matter.

Governing law. This Policy and any disputes arising out of or relating to it shall be governed by the laws of the State of Georgia, without regard to its conflict of laws principles, except where preempted by federal law (including HIPAA) or where the laws of another jurisdiction are mandatorily applicable. Dispute resolution procedures applicable to disputes between you and Extend Medical are set forth in our Terms of Use and, where applicable, in the Patient Intake Agreement.

19. Contact Us

If you have questions about this Policy, our privacy practices, or wish to exercise any of your rights, please contact us:

Extend Medical LLC
Attn: Legal
4651 Roswell Road, Building C, Suite 203
Atlanta, GA 30342
Email: legal@extendmedical.com
General support: support@extendmedical.com

If you have questions about the Notice of Privacy Practices or about PHI we hold as your healthcare provider, please refer to the NPP and contact us using the information above. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights regarding any concerns about your PHI.