PRIVACY POLICY

Effective Date: May 14, 2025

INTRODUCTION

AbendHealth ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect through our website and services, how we use and share it, and the choices you have regarding your information. By using the AbendHealth website (the "Site") or purchasing our fitness and nutrition coaching memberships, you agree to the practices described in this Privacy Policy. This Policy is intended to comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA), California Online Privacy Protection Act (CalOPPA), and the Children's Online Privacy Protection Act (COPPA), as well as other relevant laws. We encourage you to read this Policy carefully.

INFORMATION WE COLLECT

Personal Information You Provide: We collect personal information that you voluntarily provide when using our Site, signing up for our memberships, scheduling appointments, or contacting us. This may include your name, mailing address, email address, phone number, date of birth, and any other information you choose to provide. For example, if you register for a coaching membership or contact us through a form, we may ask for your contact details and relevant health or fitness information. We also collect payment information (such as credit card details or billing address) when you make a purchase; however, payment data is processed securely by our third-party payment processors (e.g., Wix Payments or Stripe) and is not stored on our servers.

Information Collected via Scheduling: If you schedule an appointment or consultation through our Site using third-party scheduling tools like Calendly, we will collect information such as your name, contact information, and appointment details through that service. This information is used to manage your appointment and provide our services to you.

Automatically Collected Data: When you visit our Site, we automatically collect certain technical information about your device and usage of the Site. This includes your IP address, browser type, device type, operating system, referring website, pages viewed, and the dates/times of access. We collect this data through cookies and similar tracking technologies to help personalize your experience and improve our website’s functionality. Cookies are small text files placed on your device that enable certain features and allow us to remember your preferences. You can set your browser to refuse cookies or alert you when cookies are being sent, but note that doing so may cause some parts of our Site to not function properly.

HOW WE USE YOUR INFORMATION

We use the collected information for the following purposes:

To Provide and Improve Services: We use your personal information to deliver our coaching and healthcare services, process your membership and appointment requests, and communicate with you about your account or schedule. For example, we may use your contact information to send appointment reminders or respond to your inquiries. We also use the information to personalize your experience on our Site and to improve our offerings and customer service.
Payments and Transactions: We use payment information to process membership fees or other transactions you authorize. All credit card payments are handled by secure third-party processors (such as Wix Payments or Stripe) that adhere to PCI-DSS security standards, meaning your payment data is encrypted and protected. We do not store your full credit card details on our own systems.
Analytics and Site Performance: We use Google Analytics and similar tools to collect information about how visitors use our Site. This data (e.g., pages visited, time on site, and interactions) helps us understand user behavior and improve our website content and layout. Google Analytics may collect data such as your IP address, device information, and browsing actions on our Site, but Google provides this information to us in aggregated form that does not directly identify individuals. These insights allow us to enhance our Site’s performance and user experience.
Marketing Communications: We may use your information to send you promotional communications (such as our newsletter or special offers) if you have subscribed or otherwise given us permission. You can opt out of marketing emails at any time by clicking the "unsubscribe" link in those emails or by contacting us directly.
Advertising and Retargeting: We also use the Facebook Pixel (Meta Pixel) on our Site for advertising purposes. This tool helps us measure the effectiveness of our Facebook/Instagram ads and deliver personalized advertisements to you. The Facebook Pixel may collect information about your actions on our Site (for example, pages visited or links clicked) and connect that information with your Facebook account or profile, allowing us to “retarget” ads to you on Facebook or Instagram. Please note that this kind of retargeting involves the collection of identifying personal information by Facebook’s tracking technology to serve you targeted ads across the internet. If you prefer not to receive targeted ads from us on social media, you can adjust your ad preferences on those platforms or use tools to block such tracking.
Compliance and Legal Obligations: We may use or disclose your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For example, we may use your data to maintain records for tax or healthcare compliance, or to respond to a court order or subpoena. We fully cooperate with law enforcement inquiries and may disclose certain information if we believe in good faith that it’s necessary to investigate fraud, protect our rights, or ensure the safety of our patients, users, or others.

COOKIES & TRACKING TECHNOLOGIES

Cookies: Our Site uses cookies and similar tracking technologies to provide and enhance our services. Cookies allow us to recognize you and remember your preferences (for example, to keep you logged in or remember items in your cart). We use both first-party and third-party cookies for various purposes:

Necessary Cookies: These cookies are essential for the website to function properly (for example, enabling core functionalities like user login, shopping cart, or secure areas of the site). Without these cookies, certain services you request may not be available.
Analytics Cookies: We use Google Analytics cookies to gather information on how visitors use our Site. This includes data about your site usage and interactions, which we analyze to improve our content and user experience. Google Analytics may set cookies (such as _ga identifiers) on your browser to collect information like your IP address, browser type, and pages visited. The information generated by these cookies (which may include truncated portions of your IP address) is transmitted to Google and stored on Google’s servers. Google uses this information to compile aggregate reports on website activity for us. Importantly, Google Analytics data is aggregated and does not identify you personally. You can opt out of Google Analytics data collection by installing the official Google Analytics opt-out browser add-on, or by adjusting your browser settings to refuse analytics cookies.
Advertising Cookies: Our Site also uses cookies and pixels for advertising and social media features. In particular, the Meta (Facebook) Pixel may set cookies to collect data about your visit. These cookies allow Facebook to recognize visitors of our Site in order to provide us with analytics and to serve targeted advertisements on Facebook/Instagram to those visitors. For instance, if you visit our Site and later use Facebook, you might see an ad from us based on your interaction with our Site. Data collected via these cookies and pixels may be combined with information you provided to the third party (like Facebook) and is subject to the third party’s privacy policies. You can control how these cookies are used through your browser settings or via tools provided by those third parties (for example, you can adjust your Facebook account ad settings or use opt-out tools provided by the Digital Advertising Alliance).

Do Not Track: Some web browsers offer a "Do Not Track" (“DNT”) feature that lets you signal your privacy preferences to websites. Currently, our Site does not respond to DNT signals because there is no consistent industry standard for compliance. Remember that even if we did attempt to honor DNT signals, we cannot guarantee that our third-party service providers (such as Google or Facebook) would recognize or honor those signals. We will update this Privacy Policy if our practices regarding DNT change in the future.

Your Choices: You have options to manage or disable cookies and tracking: you can modify your browser settings to refuse cookies or delete cookies. You can also use browser extensions or privacy settings to block certain trackers. However, please note that disabling cookies may affect your ability to use certain features of our Site (for example, membership logins or online scheduling might not work properly). Our cookie consent banner (if shown when you first visit the Site) also allows you to customize which cookies to accept.

DISCLOSURE OF INFORMATION TO THIRD PARTIES

We do not sell, rent, or trade your personal information to unrelated third parties for their own marketing purposes. However, we do share your information with certain trusted third parties in order to operate our business, provide our services to you, and for the purposes described in this Policy. These third parties act as our service providers or partners, and they include:

Wix.com (Website Platform): Our website is built and hosted on the Wix platform. Wix provides us with the online platform that allows us to offer our services to you. Any information you provide through our Site (such as through contact forms, account signup, membership purchases, or newsletter subscriptions) is stored on Wix’s secure servers. Wix may process your data for purposes of hosting the site, analytics, or enabling website features on our behalf. According to Wix’s policies, they implement strong security measures (including data encryption and secure data storage) to protect personal information, and they maintain PCI DSS compliance for handling any payment information on the platform. For more details, you can review Wix’s own Privacy Policy on their website.
Payment Processors (Stripe and Wix Payments): We use third-party payment services to handle transactions securely. When you make payments on our Site, those payments may be processed by Wix Payments (Wix’s integrated payment system) or Stripe. These payment processors will receive your payment card information directly to process the transaction. They are each PCI-DSS Level 1 compliant (the highest level of payment data security) and employ encryption and tokenization to protect your card data. For example, Stripe uses industry-standard encryption (AES-256) to protect data at rest on their servers. We do not see or store your full credit card number or security code when you make a payment. We may receive limited information from the payment processor (such as a confirmation of payment, last four digits of your card, or a tokenized ID for the transaction). These payment providers have their own privacy policies that govern how they handle your personal information; we encourage you to review those policies (see Stripe’s Privacy Policy and Wix’s Payments Terms/Privacy).
Scheduling Provider (Calendly): We use Calendly to manage online appointment scheduling for certain services. If you book an appointment through our scheduling link, the information you provide (e.g. name, email, phone number, requested time) is collected by Calendly on our behalf so that we can schedule and confirm your session. We have access to that information in order to honor your appointment and communicate with you. Calendly may send you automated emails or texts (such as appointment confirmations and reminders) as part of the scheduling process. Any information you submit via the Calendly scheduler is subject to Calendly’s own privacy practices, which you can review on their website. We only use the scheduling information to manage appointments you’ve requested and do not use it for other purposes.
Analytics and Advertising Partners: As described above, we use Google Analytics to understand how users interact with our Site. This means Google may receive certain usage data from your browser when you visit our Site (such as page requests and general location based on IP). Google Analytics operates as our service provider, and Google is restricted from using the data for purposes other than providing analytics to us. We also utilize Facebook’s advertising services via the Facebook Pixel, which means Meta (Facebook) may collect or receive data about your visit to our Site for the purpose of measuring ad effectiveness and targeting ads. For instance, if you have a Facebook account, Meta might detect that you visited our Site and later allow us to show you an ad on Facebook related to our services. We do not provide personally identifying information (like your name or contact info) to our analytics or advertising partners; any tracking on our Site by these partners is done via cookies or code that they provide. The use of data by Google and Facebook is governed by their respective privacy policies. You can opt out of Google Analytics as noted above, and you can manage your ad preferences on Facebook (or use industry opt-out sites like the DAA’s WebChoices tool) if you wish to limit the use of your data for targeted advertising.
Email and Communications Providers: If we send emails or newsletters, we may use an email service provider to distribute those messages (for example, Wix’s ShoutOut tool or similar services). These providers would have access to your email address and name for the sole purpose of sending emails on our behalf. They are not allowed to use your information for any other purposes.
Other Service Providers: We may engage other third-party companies or individuals to assist us with various business functions – for example, cloud storage providers, IT support, or professional advisors. Such parties will only receive information as necessary for the function they perform and are contractually obligated to protect your information and use it only for our authorized purposes.

We strive to be transparent about the third parties who may process your personal information. Note that if you leave our Site or interact with a third-party link, this Privacy Policy will no longer apply. For example, our Site may contain links to external websites (such as partner organizations, social media pages, or referenced articles), or integrate third-party widgets. If you click those links or use those features, you will be interacting with the third party and their privacy policy will govern your interaction. We recommend you review the privacy policies of any third-party sites or services you visit. AbendHealth is not responsible for the privacy practices of third-party websites or services that are not under our control.

Legal Requirements and Business Transfers: In addition to sharing information with service providers, we may disclose personal information in other circumstances: (a) Legal Compliance: We may disclose your information if required to do so by law or in response to a valid subpoena, court order, or government request. We may also disclose information if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to anyone’s safety, or violations of our terms and conditions. (b) Business Transfers: If AbendHealth is involved in a merger, acquisition, sale of assets, reorganization, or other similar transaction, your personal information may be transferred to the succeeding entity or party as part of that transaction. In such cases, we will ensure that your information remains subject to equivalent privacy protections as those outlined in this Policy. You will be notified via a prominent notice on our Site or by email of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information in that context.

YOUR RIGHTS & CHOICES

You have certain rights and choices regarding your personal information. We are committed to honoring your rights under applicable privacy laws:

Access and Portability: You have the right to request information about the personal data we hold about you and to get access to that data in a usable format. For example, California residents have the right to request that we disclose the specific pieces and categories of personal information we have collected about them. Once we receive and verify an access request, we will provide you with the information we have (including the categories of sources, purposes for collection, and third parties with whom we share data, as required by law). For your data security, we will only send personal data in response to an access request to an authorized and verified requestor.
Correction: If any of your personal information is incorrect or outdated, you have the right to request a correction. Upon your request and after verification, we will correct or update any inaccurate or incomplete personal information we hold about you. We strive to ensure that all personal data in our possession is accurate, current, and complete.
Deletion: You have the right to request deletion of the personal information we have collected from you (sometimes called the “right to be forgotten”). If you request that we delete your data, we will delete your personal information from our records and direct our service providers to do the same, as required by law. Keep in mind there are some exceptions to this right – we may retain information as permitted by law, for example, to complete transactions you have requested, to comply with legal obligations (such as financial record-keeping or health record retention laws), or to exercise or defend legal claims. We will inform you if any such exception applies to your deletion request.
Opt-Out of Sale/Sharing of Personal Data: You have the right to opt out of the “sale” of your personal information. As noted above, AbendHealth does not sell personal information in the traditional sense (we do not exchange your data for money). We also do not share your personal information with third parties for their own marketing. If our use of certain analytics or advertising cookies is interpreted as a "sale" or “sharing” under California law (because it involves transferring identifiers to third parties for advertising benefits), you may opt out by using browser-based signals such as the Global Privacy Control (GPC) or by contacting us to indicate your preference. We will honor such opt-out requests to the extent required by applicable law. After you opt out, we will refrain from selling or sharing your data in this manner unless you later provide consent allowing us to do so.
Opt-Out of Marketing Communications: If you signed up to receive our newsletter or promotional emails and you no longer wish to receive them, you have the right to opt out. You can unsubscribe from marketing emails by clicking the “unsubscribe” link included in those emails. You can also contact us at any time to request removal from our marketing list. Please note that even if you opt out of marketing messages, we may still send you transactional or administrative communications that are necessary to provide our services (for example, appointment confirmations, payment receipts, or important notices about your account or services).
Non-Discrimination: We will not discriminate against you for exercising any of these privacy rights. This means that if you exercise your rights (such as requesting deletion or opting out of data sharing), we will not deny you services, charge you a different price, or provide a different level of service just because you exercised your privacy rights. We may, however, offer different price tiers or service levels that are reasonably related to the value of data you provide (as permitted by law), but any such offerings will be made available without prejudice to those who exercise privacy rights.

Exercising Your Rights: To exercise the access, correction, deletion, or other rights described above, please contact us using the information in the Contact Us section below. Describe your request with sufficient detail that we can understand and respond to it. For certain requests, we will need to verify your identity to ensure that we do not disclose or delete information improperly at someone else’s request. We will ask you for information that matches our records (for instance, confirming specific details we have on file, or requiring you to contact us from the email or phone number associated with your account). If you use an authorized agent to submit a request on your behalf (if permitted by law), we will take steps to verify the agent’s authority and may still require you to verify your identity directly. We will respond to privacy requests within the timeframe required by law (e.g., for California residents, generally within 45 days). If we need more time, we will inform you of the reason and extension period in writing.

Additional Choices: In addition to the rights above, you can control certain data collection and use practices: for example, you can disable cookies as described in the Cookies section, use ad-blocking or tracking protection software, or adjust privacy settings on your social media accounts to limit data sharing. You may also decline to provide certain personal information to us (for example, choosing not to fill out an optional profile field), though this may limit your ability to use some of our services. If you have any questions or need assistance with exercising your rights or adjusting your preferences, please contact us.

CHILDREN'S PRIVACY

Our services and Site are not directed to children under the age of 18, and we do not knowingly collect personal information from anyone under 18 years old. If you are under 18, please do not use this Site or provide any personal information to us. In compliance with COPPA (the Children’s Online Privacy Protection Act), we do not knowingly collect, use, or disclose personal information from children under 13 years of age. In fact, our policy is that we do not permit individuals under 18 to use the Site, and we do not knowingly collect data from them. Many websites choose to prohibit children under 13 from using their services altogether due to the cost and complexity of compliance with COPPA, and we have decided to set an even higher age cutoff (under 18) for use of our Site to err on the side of caution.

If we learn that we have inadvertently collected personal information from a child under 13 (or under 18, without parental consent), we will take prompt steps to delete that information from our records. If you are a parent or guardian of a minor and believe your child has provided personal information to us without your consent, please contact us immediately (see Contact Us below). We will work with you to investigate and remove any such data. We encourage parents and guardians to monitor their children’s internet use and to help enforce this Policy by instructing their children never to provide personal information on this Site without permission.

Minors under 18 years of age may receive our coaching or healthcare services with the involvement of a parent or guardian (for example, a parent may enroll a teenager in a nutrition program). In such cases, any online interaction (such as scheduling or communication via the Site) should be done by the parent or guardian. We will not knowingly communicate directly with a minor via email, text, or other means without a parent or guardian’s consent and supervision. Any information provided about a minor will be treated with strict confidentiality and used only for the purposes of providing services with appropriate consent.

DATA SECURITY

We take the security of your personal information seriously and use a combination of administrative, technical, and physical safeguards to protect it. These measures include:

Secure Hosting & Encryption: Our website is hosted on Wix’s platform, which provides a secure hosting environment. Wix offers HTTPS secure access to the Site, meaning that all data transmitted between your browser and our Site is encrypted using SSL/TLS protocols. You can verify you are on a secure connection by looking for the padlock symbol in your browser’s address bar and the "https://" in the URL. Additionally, information you enter on our Site (for example, in forms or at checkout) is transmitted over encrypted channels. Wix also encrypts stored personal information to add a layer of protection to data at rest on their servers.
Payment Security (PCI Compliance): We use PCI DSS-compliant payment providers. Wix and Stripe are both certified as PCI DSS Level 1 compliant, which is the highest level of security standard for the payment card industry. This means they follow strict protocols to protect credit card data, including encryption, network safeguards, and regular security audits. For example, Stripe maintains a security program that includes encryption of all credit card numbers and storing decryption keys on separate secure machines. Because payments on our Site are processed by these providers, sensitive payment information (like your full credit card number) never reaches our servers.
Access Controls: We limit access to personal information to those employees, contractors, and service providers who need to know it in order to operate, develop, or improve our services. All personnel who handle personal information are trained on confidentiality and data security practices. We use authentication measures (such as passwords and, where applicable, multi-factor authentication) to prevent unauthorized access to accounts and systems that contain personal data.
Network and System Security: Wix and our service providers employ firewalls, intrusion detection systems, and other advanced technologies to monitor and protect network traffic and prevent unauthorized access to data. Our website software and plugins are kept up-to-date to patch security vulnerabilities. We also utilize secure coding practices in development to mitigate common web threats.
Monitoring and Testing: We and our hosting providers regularly monitor our websites and systems for potential security vulnerabilities and attacks. Wix, for instance, conducts routine security scans and uses third-party security services to enhance protection. In the event of any suspected security issue, we respond promptly to investigate and remediate it. We also have an incident response plan in place to handle any data breaches, should they occur, including notifying affected users and authorities as required by law.

While we employ robust security measures to protect your information, it’s important to note that no website or Internet transmission is completely secure. You should also take steps to protect yourself online. Keep your account credentials (username and password) confidential and use a unique, strong password for our Site. If you suspect that your account or information has been compromised (for example, if you notice suspicious activity in your account or receive unsolicited communications that seem to come from us asking for your personal information), please contact us immediately. We will never ask you for your password via email or phone.

DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, unless a longer retention period is required or permitted by law. In practice, this means:

Membership and Patient Information: If you have an ongoing relationship with us (e.g., you are a member of one of our coaching programs or a patient in our practice), we will retain your personal information for the duration of that relationship. For example, information related to your membership account or health coaching records will be kept as long as you are an active client. After your relationship with us ends, we may retain certain information for a period of time that allows us to smoothly transition or terminate the services (for instance, keeping your contact information to send you any final updates or surveys).
Legal and Regulatory Obligations: We may be required to retain certain information to comply with laws or regulations. For instance, financial and transaction records are typically kept for a number of years to comply with tax and accounting laws. If you received healthcare services from us, medical records might be retained for a period mandated by state law (which can often be several years) or by medical best practices, even if you are no longer an active patient. We also retain documentation related to consents and communications as needed to demonstrate compliance with privacy laws or to resolve any disputes.
Operational Needs: We may retain data for internal analysis purposes. Usage data (related to site analytics) is generally aggregated and anonymized over time, but raw logs may be retained for a short period. If you contacted customer support or we assisted you with an issue, we might keep records of that correspondence to help address any future concerns.
Deletion of Data: When we no longer have a legitimate need or legal obligation to retain your personal information, we will securely dispose of it. This may involve deleting electronic records from our systems and instructing our service providers to delete their copies, or anonymizing the data so it can no longer be associated with you. We also periodically review the data we hold to ensure we are not keeping information longer than necessary.

In summary, the length of time we keep your information depends on the nature of the information and the purpose for which it was collected. If you have specific questions about our data retention practices for a certain type of data, you can contact us for more information.

CHANGES TO THIS PRIVACY POLICY

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons. When we make changes, we will post the updated Policy on this page with a new effective date. If changes are significant, we may also notify you by additional means, such as by email or by placing a prominent notice on our Site.

Your continued use of our Site or services after any updates to this Privacy Policy constitutes your acceptance of the changes, to the extent permitted by law. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If we make material changes to how we collect, use, or share personal information, we will take appropriate measures to inform you, consistent with the significance of the changes and legal requirements.

CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us using one of the methods below. We are here to help and will respond as promptly as possible.

AbendHealth
544 Mount Hope Road, Rockaway, NJ 07866, USA
Phone: 973-532-2095
Email: support@abendhealth.com

Please feel free to reach out to us with any questions about this Policy, to exercise your rights as described above, or for any other privacy-related inquiries. We take your privacy seriously and will do our best to address your concerns.