Privacy, practiced with precision.

This Privacy Policy describes how Synergic Health Solutions (“Synergic,” “we,” “us”) collects, uses, shares, and protects information when you visit synergichealthsolutions.com, create an account, complete an intake, or use our patient portal and membership services.

Synergic is a telehealth platform that connects patients with independent, licensed physicians. Clinical records created by your treating physician are also governed by our HIPAA Notice of Privacy Practices. Where this policy and that notice overlap, the notice controls for protected health information.

We collect only what is needed to deliver and improve your care:

• Identity and contact details — name, date of birth, email, phone, shipping address, and state of residence.
• Health information — intake questionnaire responses, medical history, medications, laboratory results, and prescription records.
• Payment information — billing details processed by PCI-compliant payment processors; we do not store full card numbers.
• Technical and usage data — device type, browser, IP address, and pages visited, collected through cookies and similar technologies.
• Communications — secure messages with your care team and correspondence with our support staff.

Cookies are limited to those necessary for the site to function and aggregate analytics that help us improve it. You can control cookies through your browser settings; essential cookies cannot be disabled without affecting core functionality.

We use your information to:

• Coordinate your care — routing your intake and labs to a licensed physician for review.
• Operate your account, membership, and patient portal.
• Communicate with you about appointments, shipments, lab results, and account matters.
• Improve our services, security, and clinical operations.
• Comply with legal, regulatory, and record-keeping obligations.

We do not sell your personal information, and we do not use your health information for third-party advertising.

Information is shared only with parties involved in delivering your care or operating the platform:

• Your treating physician and clinical care team.
• FDA-registered pharmacy partners that fulfill prescriptions, when one is issued.
• Licensed laboratories that process your biomarker panels.
• Payment processors that handle billing on our behalf.
• Vetted service providers operating under contract — including business associate agreements where required by HIPAA.
• Authorities, when disclosure is required by law or legal process.

Every third party that touches your data is bound by confidentiality and data-protection obligations consistent with this policy.

Health information that identifies you and relates to your care is treated as protected health information (PHI) and handled under HIPAA-compliant processes. Our HIPAA Notice of Privacy Practices describes in detail how PHI may be used and disclosed and the rights you hold over it, including access, amendment, and an accounting of disclosures.

We retain personal information for as long as needed to provide your care and operate your account. Clinical records are retained in accordance with state medical-record retention laws, which typically require retention for several years after your last encounter — even if you close your account.

When information is no longer required, it is deleted or de-identified using documented procedures.

Your data is encrypted in transit and at rest. Access is restricted by role, logged, and reviewed. Our infrastructure and vendor relationships are managed under HIPAA-aligned administrative, technical, and physical safeguards.

No method of transmission or storage is completely secure. If we learn of a breach affecting your information, we will notify you as required by applicable law.

Depending on your state of residence, you may have the right to:

• Access a copy of the personal information we hold about you.
• Correct inaccurate information.
• Request deletion, subject to medical-record retention requirements.
• Opt out of marketing communications at any time.
• Receive information about how your data has been shared.

To exercise any of these rights, contact us using the details at the end of this document. We will verify your identity before acting on a request.

We may update this policy as our services and legal obligations evolve. Material changes will be posted on this page with a revised effective date, and account holders will be notified of significant changes before they take effect.