YouthFuel

Privacy Policy

Last Updated: February 25, 2025

1. Introduction

Welcome to YouthFuel ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our telehealth service.

This policy complies with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Data Controller

YouthFuel, Inc. is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@youth-fuel.com

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Profile Information: Date of birth, state of residence, health history, and treatment preferences
  • Protected Health Information (PHI): Medical records, lab results, prescriptions, clinical notes, and health assessments as part of your telehealth treatment
  • Payment Information: Billing address and payment details (processed securely by Stripe)
  • Communications: Messages, feedback, and support requests you send to us

3.2 Automatically Collected Information

  • Usage Data: How you interact with our service, features used, pages visited
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies and Similar Technologies: See our Cookie Policy for details

3.3 Information from Third Parties

  • Authentication Providers: If you sign in using a third-party service
  • Payment Processors: Transaction information from Stripe
  • Lab Partners: Lab results and testing data from our partnered laboratories
  • Pharmacy Partners: Prescription fulfillment status and shipping information

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Healthcare Operations: To provide telehealth services and fulfill our treatment obligations
  • Contract Performance: To provide our service and fulfill our obligations
  • Legitimate Interests: To improve our service, prevent fraud, and ensure security
  • Legal Obligation: To comply with applicable laws, regulations, and HIPAA requirements
  • Consent: For marketing communications and optional features

5. HIPAA Compliance

As a telehealth provider, we are committed to full HIPAA compliance:

  • All Protected Health Information (PHI) is encrypted in transit and at rest
  • Access to PHI is restricted to authorized healthcare personnel
  • We maintain comprehensive audit logs of all PHI access
  • Business Associate Agreements (BAAs) are in place with all third-party vendors handling PHI
  • Regular security assessments and compliance audits are conducted

6. How We Use Your Information

We use your information to:

  • Provide telehealth consultations and treatment services
  • Process prescriptions and coordinate with pharmacy partners
  • Deliver lab results and treatment monitoring
  • Process transactions and send related information
  • Send administrative messages, updates, and appointment reminders
  • Respond to your comments, questions, and support requests
  • Analyze usage patterns and optimize user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

7. Data Sharing and Disclosure

We may share your information with:

7.1 Healthcare Partners

  • Licensed Physicians: Your treating providers within the YouthFuel network
  • Laboratory Partners: For processing lab tests and delivering results
  • Pharmacy Partners: For prescription fulfillment and delivery

7.2 Service Providers

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing
  • Vercel: Hosting and content delivery

7.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Legal processes (subpoenas, court orders)
  • Government or regulatory requests
  • Protection of our rights, privacy, safety, or property
  • Investigation of fraud or security issues

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity in compliance with HIPAA requirements.

8. Data Retention

We retain your personal data for as long as necessary to:

  • Maintain your account and provide our service
  • Comply with medical record retention requirements
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements

Typical Retention Periods:

  • Medical records: 7 years from last date of service (or as required by state law)
  • Active accounts: Duration of service use plus 30 days
  • Inactive accounts: 2 years from last login
  • Payment records: 7 years (legal requirement)
  • Audit logs: 6 years (HIPAA requirement)

9. Your Rights

You have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of your personal data and medical records we hold.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

9.3 Right to an Accounting of Disclosures

Under HIPAA, you have the right to receive an accounting of certain disclosures of your PHI.

9.4 Right to Request Restrictions

You can request restrictions on certain uses or disclosures of your PHI.

9.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

9.6 Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at: support@youth-fuel.com

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • End-to-end encryption for all PHI in transit (TLS/SSL) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Role-based access controls and authentication requirements
  • Comprehensive audit logging of all data access
  • Employee training on HIPAA compliance and data protection
  • Incident response and breach notification procedures

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

12. Children's Privacy

Our service is intended for adults aged 18 and older. We do not knowingly collect personal data from children. If you believe we have collected information from a minor, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

Your continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@youth-fuel.com

For HIPAA-related inquiries or to exercise your rights, please include "Privacy Request" in the subject line.

Privacy Policy | YouthFuel | YouthFuel