Privacy Policy

Effective Date: May 1, 2026

VitaCredit, Inc. ("VitaCredit," "we," "us," or "our") values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, use the VitaCredit app, interact with our services, or otherwise communicate with us.

By using our website or services, you agree to the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to information collected through:

• the VitaCredit website;
• the VitaCredit mobile or web application;
• partner clinic onboarding and communications;
• demo requests, contact forms, and other interactions with us.

This Privacy Policy does not govern information collected directly by participating clinics, payment processors, or third parties operating their own services, which are subject to their own privacy policies.

2. Information We Collect

We may collect the following categories of information:

A. Information You Provide

• Name
• Email address
• Phone number
• Mailing or billing address
• Account credentials
• Family member information you provide to register Family Members under your account
• Messages, inquiries, and support communications
• Information you provide when purchasing or redeeming VitaCredits

B. Transaction and Account Information

• VitaCredit purchase history
• Redemption history, including the participating clinic, the service category or product redeemed, the amount redeemed, and the date and time of redemption
• Treatment Credit balances and usage
• Account balance information
• Family transfer history
• Refund and adjustment records
• Device, session, and login records related to your account

C. Technical and Usage Information

• IP address
• Browser type
• Device type
• Operating system
• Pages viewed
• Referral URLs
• Session activity
• Basic analytics and diagnostic information

D. Payment Information

Payments are processed by third-party payment processors. We may receive limited transaction-related information, such as payment status, transaction identifiers, and partial billing details. We do not store full payment card information ourselves.

3. Information We Do Not Collect

VitaCredit is a stored-value platform, not a medical or clinical record system. We do not collect or store:

• medical diagnoses;
• clinical notes or treatment records;
• before-and-after photographs;
• health history, medications, or allergies;
• any other Protected Health Information ("PHI") as defined under HIPAA.

Participating clinics are independently responsible for handling any clinical or medical information under their own privacy and compliance obligations. VitaCredit is not a HIPAA Business Associate of participating clinics.

4. How We Use Information

We use information to:

• provide, operate, maintain, and improve the VitaCredit platform;
• create and manage user accounts;
• process VitaCredit purchases, redemptions, transfers, refunds, and related transactions;
• support participating clinic workflows and partner operations;
• respond to inquiries and support requests;
• send transactional communications such as account verification, security alerts, transaction confirmations, and required legal notices;
• send marketing or promotional communications, where you have opted in;
• analyze performance, usage trends, and platform reliability;
• protect against fraud, abuse, misuse, and security risks;
• comply with legal, tax, accounting, and regulatory obligations;
• enforce our Terms and policies.

5. How We Share Information

We may share information:

• with participating clinics, limited to transactional information necessary to support redemption, account verification, family transfer approval, and operational support (for example, that a member redeemed a particular service category for a specific amount on a specific date);
• with service providers and vendors who perform services on our behalf, such as hosting, analytics, communications, payment processing, customer support, and security monitoring;
• with professional advisors, including lawyers, accountants, auditors, and insurers;
• in connection with a merger, acquisition, financing, restructuring, sale of assets, or other corporate transaction;
• where required by law, legal process, or governmental request;
• where necessary to protect our rights, users, clinics, partners, or the public.

We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising in a manner intended to constitute a "sale" or "sharing" under applicable law.

6. Cookies and Analytics

We may use cookies, pixels, local storage, and similar technologies to:

• operate and secure the website and app;
• remember preferences;
• understand usage patterns;
• improve performance and user experience.

We may also use third-party analytics tools that collect technical and usage information.

7. Data Retention

We retain information based on the following general criteria:

• Account information (name, email, credentials): retained for the life of the account, plus up to seven (7) years following account closure for tax, audit, fraud prevention, and legal purposes.
• Transaction and redemption records: retained for at least seven (7) years to comply with tax, accounting, and audit obligations.
• Technical and usage logs: retained for up to twenty-four (24) months for security and analytics purposes.
• Marketing preferences: retained until you opt out, plus a reasonable period to honor your opt-out request.

We may retain information longer where required by law, regulation, legal process, or to resolve disputes and enforce agreements.

If your account is suspended or terminated, your transaction history is retained on our systems for the periods described above. Account deletion does not result in deletion of records we are legally required to retain.

8. Data Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law, including California Civil Code §1798.82.

9. Children's Privacy

VitaCredit services are intended only for users 18 years of age or older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a person under 18, we will close the account and delete the information to the extent permitted by law, while retaining any records we are legally required to keep.

10. Your Rights

Depending on your jurisdiction, you may have rights to:

• request access to certain personal information we hold about you;
• request correction of inaccurate information;
• request deletion of certain information, subject to legal retention requirements;
• request a copy of your personal information in a portable format;
• request information about how your personal information is used or disclosed;
• opt out of marketing communications.

To exercise applicable rights, contact us at: support@vitacredits.com

We may need to verify your identity before processing certain requests. We will respond within the time period required by applicable law.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including:

• the right to know what personal information we collect, use, disclose, and (if applicable) sell or share;
• the right to delete personal information, subject to legal exceptions;
• the right to correct inaccurate personal information;
• the right to opt out of the sale or sharing of personal information (we do not sell or share personal information as those terms are defined under California law);
• the right to limit the use of sensitive personal information;
• the right to non-discrimination for exercising your privacy rights.

To submit a request, contact us at: support@vitacredits.com

You may designate an authorized agent to make a request on your behalf, subject to verification.

12. Third-Party Links

Our website or app may contain links to third-party websites or services. We are not responsible for the privacy, security, or content practices of those third parties.

13. Geographic Scope

VitaCredit services are intended for users located in the United States. If you access VitaCredit from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised Effective Date. For material changes, we will provide reasonable notice through the app or by email. Continued use of the website or services after changes become effective constitutes acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact:

VitaCredit, Inc.
Email: support@vitacredits.com