Effective Date: 10 July 2025

Last Reviewed: 10 July 2025

Better Health Labs, Inc., doing business as Measured (“Measured,” “we,” “our,” or “us”) respects your privacy. Because we partner with multiple physician entities, two legal regimes apply to your data:

Framework Overview

Framework

What it governs

Data “Controller”

Part I – HIPAA Notice of Privacy Practices

All Protected Health Information (“PHI”) generated during clinical services — whether insurance-covered RD visits furnished by Bridge-affiliated groups or cash-pay MD/NP visits furnished by Measured-Affiliated groups

The treating medical group

Part II – Consumer Privacy Policy

All personal information that is not PHI (“Non-PHI”), including web analytics, cookies, ad data, device IDs, and SMS opt-ins

Better Health Labs, Inc.

Key Definitions

• “Platform.” Measured’s websites, mobile apps, APIs, and digital channels.

• “Bridge.” Cloud Health Medical Group, P.C. and state affiliates.

• “Measured-Affiliated Medical Groups.” Coastal Care Medical Group entities in FL, CA, NJ.

All other capitalized terms have the meaning given in the Terms of Service.

Part I – HIPAA Notice

Measured-Affiliated Medical Groups have adopted Bridge’s HIPAA Notice verbatim. You may read or download it here.

The Notice explains your PHI rights — inspect/copy, amend, restrict, confidential comms, accounting of disclosures — and Bridge’s duties to safeguard PHI and notify you of breaches. If anything in Part II conflicts with the Notice, the Notice controls for PHI.

Part II – Consumer Privacy Policy (Non-PHI)

1. Age & Territory

The Platform is intended for U.S. residents age 18 or older and under the age of 65. We do not knowingly collect data from minors or individuals outside the United States; if we learn we have done so, we will delete it.

2. Categories of Non-PHI We Collect

Category

Examples

Source

Identifiers

Name, email, phone, IP, device ID

Forms / device

Commercial Data

Purchase history, last-4 card digits

Transactions

Internet/Device Data

Pages viewed, clicks, session replay

Cookies / pixels

Geolocation

City-level IP; GPS (opt-in)

Browser / device

Inferences

Ad segments, weight-loss stage

Sentry, Mixpanel, AI

Additional Data We Collect from Purchases

When you make a purchase or attempt to make a purchase through the Platform, we may also collect:

• Name

• Billing and shipping addresses

• Payment method (e.g., credit card last-4 digits, expiration)

• Email address

• Phone number

We refer to this as Order Information, and we use it to fulfill transactions, confirm your order, contact you about billing or issues, and to help prevent fraud. Order Information is retained and treated as Non-PHI unless combined with clinical data.

3. How We Collect & Use Non-PHI

• Forms, surveys, chat transcripts

• Cookies, local storage, web beacons

• Sentry (error logs, limited session replay)

• Mixpanel (product analytics)

• Device APIs you explicitly enable (camera, contacts, GPS)

• Third-party partners (labs, pharmacies, insurers)

We use Non-PHI to: operate the Platform, personalize content, measure ads, process orders, send transactional emails/SMS, send marketing texts with your opt-in (§ 5), detect fraud, comply with law, and produce de-identified research datasets.

4. Tracking Tech & AI

Tool

Purpose

Opt-out

Google Analytics 4

Web traffic

Browser add-on

Meta Pixel / CAPI

Ad targeting & measurement

Facebook Ad Settings

Mixpanel

Feature usage & funnels

In-app “Do Not Track”

Sentry

Error monitoring & limited replay

Disable cookies

OpenAI GPT

On-device text classification; no re-train on your data

Email privacy@trymeasured.com

Blocking cookies may impact single sign-on and cart persistence.

Do Not Track (DNT) Signals

Some browsers offer a “Do Not Track” signal that you can enable to express your preferences about online tracking. At this time, our Platform does not respond to DNT signals, and we may continue to collect analytics and usage information even if such a signal is received.

4A. Advertising Opt-Out Tools

If you receive personalized ads based on your interaction with our Platform, you may opt out through the links below:

• Facebook Ad Preferences

• Google Ads Settings

• Bing Ads Preferences

• Digital Advertising Alliance Opt-Out

Please note that opting out does not stop ads altogether — it prevents certain targeting based on your data.

5. SMS & TCPA Consent

If you tick “Yes, text me,” you consent to receive recurring autodialed marketing and transactional messages. Msg & data rates may apply. Reply STOP to cancel, HELP for help. Consent not required for purchase.

6. Disclosure of Non-PHI

Recipient Type

Purpose

Infrastructure – AWS & GCP

Host servers, databases

Email/SMS – Customer.io, Twilio

Notify you of labs, refills, promos

Payment – Stripe, Braintree

Process transactions

Analytics – Google, Meta, Mixpanel

Measure performance

Labs & Pharmacies

Fulfill orders you authorize

Successors

Merger/acquisition

Law Enforcement

As required by subpoena or court order

We do not sell personal data for money.

7. Your Privacy Rights

Residents of CA, CO, CT, VA, and UT may: know, access, correct, delete, and opt-out of “sharing” for cross-context ad targeting. Email privacy@trymeasured.com or use the “Do Not Sell/Share” footer link. We will verify your identity via email/SMS.

International Users (EU/UK)

If you are located in the European Union or United Kingdom, you may have the right to:

• Access the personal information we hold about you

• Correct or update inaccurate data

• Request deletion of your personal data

• Object to or restrict our processing in certain circumstances

• Receive a portable copy of your information

To exercise these rights, please email privacy@trymeasured.com. We may verify your identity before fulfilling your request. Your data may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

8. Data Security

We employ administrative, technical, and physical safeguards consistent with industry-standard frameworks (e.g., NIST 800-53 moderate). Measures include encryption in transit and at rest, multi-factor authentication for privileged users, and periodic security assessments. While no online service is 100% secure, we continuously monitor and improve our defenses.

9. Data Retention

We retain personal information only as long as reasonably necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce contracts. When retention is no longer required, we securely delete or de-identify data.

10. Accessibility

Measured is actively working to improve the accessibility of the Platform. If you encounter a barrier, email careteam@trymeasured.com and we will make reasonable efforts to accommodate you.

11. Changes & Contact

Material changes will appear here and, where appropriate, be announced by email or in-app message.

Questions: privacy@trymeasured.com

Mail: 169 Madison Ave #2012, New York, NY 10016