Privacy Policy

We collect personal information you provide directly, such as your name, email address, date of birth, medical history, and payment details when you create an account, place an order, or communicate with our medical team.

We also automatically collect certain technical data, including IP address, browser type, device information, and usage patterns through cookies and similar technologies to improve our services.

Your personal information is used to provide and improve our medical services, process your orders and payments, communicate with you about your treatments, and ensure compliance with healthcare regulations.

We may also use aggregated, de-identified data for research and analytics purposes to improve patient outcomes and service quality.

We implement industry-standard security measures, including 256-bit SSL encryption, secure data centers, and strict access controls to protect your personal and medical information.

All data is stored in HIPAA-compliant infrastructure with regular security audits and monitoring to prevent unauthorized access, disclosure, or loss.

You have the right to access, correct, or delete your personal information at any time by contacting our support team or through your account settings.

You may also opt out of non-essential communications and request a copy of the data we hold about you. We will respond to all data requests within 30 business days.

We use marketing analytics tools — including Meta Pixel (Facebook/Instagram), Google Analytics 4, and Google Ads conversion tracking — to measure ad performance and improve our services. These tools are configured to operate in a HIPAA-respectful manner: conversion events are transmitted server-side via the Meta Conversions API and Google Enhanced Conversions, IP addresses are anonymized, and Protected Health Information (PHI) — including diagnoses, medications, lab results, intake responses, and provider notes — is NEVER transmitted to advertising platforms.

We do not have a Business Associate Agreement (BAA) with Meta or Google, which is why we strictly limit the data shared with them to non-PHI conversion signals (e.g., "purchase event occurred" without product name, "lead form submitted" without health context). Stripe (payment processing), Supabase (database & auth), Resend (transactional email), and Sentry (error monitoring) operate under appropriate data protection agreements as our sub-processors.

You may opt out of non-essential tracking via your browser's Do Not Track setting, our cookie consent banner (when present), or by emailing privacy@miahealth.com. California residents have additional rights under the CCPA/CPRA — see Section 6 below. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CPRA.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following rights: (a) the right to know what personal information we collect, use, disclose, and sell or share; (b) the right to delete personal information; (c) the right to correct inaccurate personal information; (d) the right to opt out of the sale or sharing of personal information for cross-context behavioral advertising; (e) the right to limit the use and disclosure of sensitive personal information; and (f) the right to non-discrimination for exercising any of these rights.

MIA Health does not sell personal information for monetary consideration. We may share limited non-PHI conversion data with advertising platforms; you may opt out of this sharing at any time by emailing privacy@miahealth.com or visiting the Do Not Sell or Share My Personal Information link in our footer (where present). Sensitive personal information, including health data, is used only for treatment, payment, and healthcare operations as defined under HIPAA — never for behavioral advertising.

To exercise any of your CCPA/CPRA rights, contact our Privacy Officer at privacy@miahealth.com. We will respond within 45 days. We may need to verify your identity before fulfilling certain requests, and you may designate an authorized agent to act on your behalf.

If you have questions or concerns about our privacy practices, please contact our Privacy Officer at privacy@miahealth.com (or support@miahealth.com if you cannot reach the privacy address) or by writing to our mailing address.

For HIPAA-specific privacy questions, also see our HIPAA Notice of Privacy Practices at /hipaa, which describes how Protected Health Information is handled separately from general personal information.

We are committed to resolving any privacy-related issues promptly and transparently.