Privacy Policy

Last Updated: March 1, 2026

1. Introduction

Serena Health LLC ("Serena Health," "we," "us," or "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at staging.serenahealth.life and use our telehealth and prescription services.

By accessing our website or using our services, you consent to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use our services.

Effective Date: March 1, 2026

2. Information We Collect

2.1 Personal and Contact Information

We collect personal information that you provide directly to us, including:

  • Full legal name
  • Email address
  • Phone number
  • Mailing and shipping address
  • Date of birth and gender

2.2 Health Information

To provide telehealth services, we collect health-related information, including:

  • Medical history and current health conditions
  • Current medications, supplements, and allergies
  • Treatment goals and preferences
  • Clinician evaluations, clinical notes, and prescriptions
  • Lab results or other medical documents you provide

2.3 Payment Information

To process transactions, we collect:

  • Credit or debit card number
  • Billing address
  • Transaction history

Payment information is processed by our PCI-compliant payment processing provider and is not stored on our servers in its complete form.

2.4 Automatically Collected Information

When you use our website, we automatically collect:

  • IP address and device identifiers
  • Browser type and operating system
  • Pages visited, time spent on site, and navigation paths
  • Referring website or advertising source

3. How We Use Your Information

We use your information for the following purposes:

  • Medical Review and Care: To evaluate your candidacy for treatment, make prescribing decisions, and provide ongoing clinical care
  • Prescription Fulfillment: To transmit prescriptions to our pharmacy partner and coordinate medication compounding and delivery
  • Payment Processing: To charge for services, manage subscriptions, and process refunds when applicable
  • Communications: To send order confirmations, shipping updates, treatment reminders, and respond to your inquiries
  • Service Improvement: To analyze usage patterns, improve our website, and develop new features
  • Marketing: To send promotional communications (you may opt out at any time)
  • Legal Compliance: To comply with applicable healthcare regulations, tax laws, and legal processes

4. Data Sharing and Third-Party Service Providers

We never sell, rent, or trade your personal information or health data.

We may share information with the following categories of service providers for the purposes described:

  • Pharmacy Partner: Our FDA-registered compounding pharmacy partner receives your prescription and shipping information to fulfill orders
  • Payment Processing Provider: Our payment processor handles transactions securely; we do not store full card numbers on our servers
  • Healthcare Providers: Our licensed clinicians and clinical staff access your health information to provide care
  • Communication Providers: Service providers that facilitate email notifications, SMS messages, and other communications on our behalf
  • Shipping Carriers: Carriers receive shipping addresses to deliver your medications
  • Legal Authorities: When required by law, subpoena, or court order

Important: All third-party service providers are contractually required to maintain confidentiality and use your information only for the specific purposes we authorize. They may not use your data for their own marketing or any other unauthorized purpose.

5. Data Security

Serena Health maintains strict data security standards to protect your personal and health information. We implement industry-standard security measures including:

  • Encryption: SSL/TLS encryption for all data in transit; AES-256 encryption for data at rest
  • Access Controls: Role-based access controls limiting who can view your information to authorized personnel only
  • Authentication: Secure login with password requirements for all accounts
  • Auditing: Regular security audits and vulnerability assessments
  • Employee Training: Staff training on data protection and privacy requirements
  • Incident Response: Documented procedures for detecting and responding to potential data breaches

While we take reasonable precautions to protect your information, no method of internet transmission or electronic storage is completely secure. You acknowledge that you provide information at your own risk.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Deletion: Request deletion of your information, subject to legal retention requirements for medical records
  • Right to Opt-Out: Unsubscribe from marketing communications at any time
  • Right to Portability: Request your data in a commonly used electronic format
  • Right to Restrict Processing: Request limits on how we use your data in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it was shared.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions including legal obligations and ongoing medical record retention requirements.
  • Right to Opt-Out of Sale: We do not sell your personal information. However, you have the right to direct us not to sell your personal information at any time.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a CCPA request, email us at [email protected] with the subject line "CCPA Request." We may need to verify your identity before processing your request.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

  • Medical Records: Retained for a minimum of 7 years from the date of last treatment, or as required by applicable state law, whichever is longer
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Communication Records: Retained for 3 years from the date of communication
  • Website Analytics Data: Retained for up to 26 months

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience and measure the effectiveness of our services.

8.1 Types of Cookies We Use

  • Essential Cookies: Required for core website functionality such as login sessions, form submissions, and security. These cannot be disabled without affecting site operation.
  • Analytics Cookies: Help us understand how visitors interact with our website, which pages are most visited, and how users navigate. This data is aggregated and anonymized.
  • Advertising Cookies: Allow us to measure the effectiveness of our advertising campaigns and deliver relevant content. These cookies may track your activity across websites.
  • Functional Cookies: Remember your preferences and settings to provide a personalized experience.

8.2 How to Manage Cookies

You can control and manage cookies in the following ways:

  • Browser Settings: Most browsers allow you to block or delete cookies through their settings menu. Note that disabling essential cookies may prevent certain features from functioning properly.
  • Opt-Out Tools: You can opt out of interest-based advertising by visiting the Digital Advertising Alliance at optout.aboutads.info or the Network Advertising Initiative at optout.networkadvertising.org.
  • Do Not Track: Some browsers offer a "Do Not Track" setting. While there is no industry standard for responding to these signals, we respect your preference when technically feasible.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will post the updated policy on this page
  • We will update the "Effective Date" at the top of this policy
  • For significant changes, we may notify you by email

Your continued use of our services after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

10. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your data rights, please contact us:

Serena Health LLC
Attn: Privacy Officer
111 NE 1st St, 8th Floor, Miami, FL 33132

Email: [email protected]
Phone: +1 786 527-2536

We aim to respond to all privacy inquiries within 30 days.