lemma health

Lemma Health Privacy Policy

Updated: Mar 17, 2025

This Policy describes the personal information that is collected, used, and disclosed by Lemma Health, Inc. dba Lemma Health and its subsidiaries and affiliated companies, including the medical practices and other healthcare entities and pharmacies with which Lemma Health contracts in order to provide products and services to you (all of the foregoing collectively, “Lemma Health”, “Lemma”, “We”, or “Us”). This privacy policy (“Policy”) applies to the websites of Lemma Health, including lemmahealth.com (the “Website”), and Lemma Health’s applications and other online services (collectively, “Services”). This Policy does not apply to websites, applications or services that display or link to different privacy statements.

Please read this policy carefully. By accessing or using our Website and/or Application, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

Information We Collect

Personal information: Personal information means information associated with or used to identify or contact a specific person. Personal information we collect may include:

  • Identifiers such as your first and last name, date of birth, sex or gender, physical address, email address, phone number, identification numbers, etc.
  • Audio, visual, and other electronic information such as photographs and videos for purposes other than diagnosis or treatment
  • Commercial information such as your order history, products purchased or considered, payment information, and shipping history
  • Internet and network activity information such as IP address, geolocation information, device information, log data, and cookies and similar technologies
  • Inferences drawn from any of the information collected about you such as your preferences, characteristics, and behavior, etc.
Health information: Health information is a type of personal information that includes any identifying information we collect relating to your medical history, including symptoms, diagnoses, treatment and outcomes. Health information we collect may include:
  • Audio, visual, and other electronic information such as photographs and videos for purposes of diagnosis or treatment
  • Medical history such as medical conditions, medications, allergies, treatment options, prescriptions, and any other health-related information for purposes of diagnosis or treatment.
  • Commercial information such as your order and shipping history

Sources of Information

Information you provide to us: You may actively provide us information when you use our Services such as through our Website, emails, social media, surveys, sweepstakes and promotions, or any other online or offline interactions.

If you become a patient of a healthcare provider affiliated with or contracted by Lemma Health or organizations that Lemma Health has contracted with, with your consent we may collect health information about you relating to your treatment such as your medical history and allergies to medications to provide you with continuous services through other affiliated health care providers.

Information we collect: Some information is automatically collected through your interactions and use of our Services such as your IP address, access times, hardware and software information, device information, device event information (e.g. crashes, unsuccessful logins, browser type), the web page you’ve viewed or engaged with before or after using the Services, and other relevant information. We may use cookies, web beacons and other tracking technology to collect this information.

Information we receive from third parties: We may receive information from third parties such as affiliates, business partners, and service providers to operate our business and improve your experience and interactions with us.

We use third-party service providers such as Google Analytics by Google LLC (“Google”) to track and analyze Website traffic through the use of cookies and other tracking technology. This allows us to show you advertisements and content that may be of interest to you based on your interactions with the Services, other online services, and/or information received from third parties.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://policies.google.com/privacy.

Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: http://tools.google.com/dlpage/gaoptout.

We may receive information that is available publicly, either online or offline, to operate our business and improve your experience and interactions with us.

How We Use Your Information

Lemma Health and affiliated Providers may use information about you to:

  • Connect you with a healthcare professional for consultation and treatment;
  • Operate and improve our Website, products, and Services;
  • Verify your identity as the holder of an account with us;
  • Respond to your comments and questions and provide customer service;
  • Provide and deliver products and Services you request;
  • Process, fulfill, and administer transactions and orders for Services or Products ordered by you;
  • Create De-Identified Data such as aggregate statistics relating to the use of our Application;
  • Communicate with you about the Services, and to deliver any administrative notices or alerts and communications relevant to your use of the Services;
  • Notify you about changes to our Website or any products or services we offer or provide though them;
  • Promote our Services to you;
  • Fulfill any other purpose for which you provide us personal data;
  • Make sure our terms, policies, and agreements with you and any third parties are enforced;
  • Comply with applicable laws and regulations

Log Files

Lemma Health follows a standard procedure of using log files. These files log visitors when they visit websites. It is common industry practice for hosting companies to do this as part of hosting services' analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

Children Under 18

Persons under the age of 13 are prohibited from using our online Services even if they are patients of Lemma Health. Persons between the ages of 13 and 18 may only use our online Services with the legal authorization of their parent or legal guardian. Lemma Health does not knowingly collect any information from persons under the age of 13 (or from persons between the age of 13 and 18 without appropriate authorization). If you are a parent or guardian of an individual under the age of 18 and believe your child has disclosed personal or health information to Lemma Health without your authorization, please contact us at info@lemmahealth.com

Disclosure of Your Information

We take the confidentiality of your information and protection of your personal and/or health information seriously. Please be mindful of your own privacy needs as you choose what to share and make public. We cannot control the privacy or security of information you choose to make public. We limit our disclosure of your information to the following possible scenarios:

  • To licensed medical providers so that they may provide you with telehealth and related products and Services you request;
  • To contractors and third-party service providers that we use to support our business and who are contractually bound to keep your personal data confidential;
  • In order to protect the safety and security of Lemma Health, the Services, our operations, our systems, our properties, our customers, or any other related person or entity;
  • To protect the rights and property of Lemma Health, our agents, customers, and others including to enforce our agreements, policies, and Terms of Service;
  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • To a company we merge with or acquire, or that buys us, or in the event of change in structure of our company of any form;
  • With your consent
We do not share data without your explicit consent. We may share non-personal, de-identified, or aggregated information with third parties.

Retention of Information

We may retain your information as required or permitted by applicable laws and regulations. For example, if you are a resident of certain jurisdictions you may be able to request to have your personal information deleted. If your request is granted, we may still be required by medical laws to retain your health information for a period of time.

Your medical records will be retained by us for a period of at least five (5) years, unless a longer period is required by state or federal law, after which they may be destroyed. If you are younger than twenty-three (23) years of age on the date the records may potentially be destroyed, your records will be kept at least until you reach the age of 23 or as required by state or federal law.

Choices About Your Information

You may send requests about your contact preferences, or changes to your information including requests to opt-out of sharing your personal information with third parties by emailing info@lemmahealth.com.

You may request deletion of your Personal Data by contacting info@lemmahealth.com. However, please be aware that we may be required (by law or otherwise) to keep such data and not delete it (or to retain it for a certain period of time, in which case it will be deleted after the required retention period). By deleting your personal data, we will remove it from active databases, however, it may remain in archives and we also may continue to use de-Identified data about your use of Services.

Your Rights with Respect to Protected Health Information

When you set up an account with Lemma Health, you are creating a direct customer relationship with Lemma Health that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you provide information to Lemma Health, including but not limited to, your name, email address, shipping address, phone number and certain transactional information, which we do not consider to be “protected health information” or “medical information.” However, in using certain components of the Service, you may provide certain health or medical information that may be protected under applicable laws. While Lemma Health is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”), it may act as a “business associate” to certain healthcare providers, medical groups, and pharmacies, and as such, certain provisions of HIPAA may apply to our handling of protected health information (PHI). We are committed to following the relevant laws and regulations to protect your information. To the extent Lemma Health is deemed a “business associate” however, Lemma Health may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide to Lemma Health, the Medical Group or the Providers (“PHI”). In addition, any medical or health information that you provide that is subject to specific protections under applicable state or federal laws (collectively, with PHI, “Protected Information”), will be used and disclosed only in accordance with such applicable laws. Any covered entity that we contract with is required by law to maintain the privacy and security of your protected health information. By accessing or using any part of the Service, you understand that any information that you submit to Lemma Health that is not intended and used solely for the provision of diagnosis and treatment by the Medical Group and Providers, or prescription fulfillment by pharmacies, is not considered Protected Information, and will be subject only to our Privacy Policy and any applicable state laws that govern the privacy and security of such information, unless otherwise specified by state or federal law. For purposes of clarity, information you provide to Lemma Health in order to register and set up an account on the Platform, including name, date of birth, username, email address, shipping address, and phone number, are not considered Protected Information. In accordance with HIPAA and other applicable laws, you have the following rights regarding your PHI: Right to Access and Copy – You have the right to inspect and obtain a copy of your PHI, including medical records and other health information we have about you. Requests must be made in writing and we will typically respond within 30 days. We may charge a reasonable, cost-based fee for providing copies.
  • Right to Access and Copy – You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. To do so, please contact us at info@lemmahealth.com. We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
  • Right to Request an Amendment – If you believe that the health information we have about you is incorrect or incomplete, you may request an amendment. We may deny your request in certain cases, but we will provide a written explanation within 60 days.
  • Right to Request Confidential Communications – You have the right to request that we communicate with you through alternative means or at alternative locations. We will accommodate all reasonable requests.
  • Right to Request Restrictions – You can request that we limit the use or disclosure of your PHI for treatment, payment, or healthcare operations. While we are not required to agree to all restriction requests, we will comply if required by law. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
  • Right to Receive an Accounting of Disclosures – You have the right to request a list of certain disclosures of your PHI made in the six years prior to your request, excluding disclosures for treatment, payment, or healthcare operations.
  • Right to a Paper Copy of this Notice – You have the right to receive a paper copy of this privacy notice, even if you have agreed to receive it electronically.
  • Right to choose someone to act on your behalf – If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
  • Right to be Notified of a Breach – You have the right to be notified in the event that we or one of our business associates experiences a breach of your unsecured PHI.
  • Right to File a Complaint – If you believe your privacy rights have been violated, you can file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint. If you choose to file a complaint with us, you can do so by contacting us Lemma Health Privacy Officer, josh@lemmahealth.com.
We may use and disclose your PHI in the following circumstances:
  • To provide and coordinate healthcare services with medical providers, laboratories, or pharmacies.
  • To obtain payment for healthcare services provided to you.
  • To support the business activities of Lemma Health, including quality assessment, employee training, and customer support.
  • When required by federal, state, or local law.
  • For purposes such as disease prevention, product recalls, or reporting adverse reactions to medications.
  • In response to a court or administrative order, or in response to a subpoena, discovery request, or other lawful process.
  • If you are an organ donor, we may share your PHI with organ procurement organizations.
  • To prevent or reduce a serious threat to your health or safety, or the health or safety of others.
  • For research purposes under certain conditions.
  • We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
  • We can use or share health information about you for workers’ compensation claims, for law enforcement purposes or with a law enforcement official, with health oversight agencies for activities authorized by law, and for special government functions such as military, national security, and presidential protective services
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, contact us at info@lemmahealth.com. In these cases, you have both the right and choice to tell us to:
  • Share information with your family, close friends, or others involved in your care
  • Share information in a disaster relief situation
  • Include your information in a hospital directory
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. In these cases we never share your information unless you give us written permission:
  • Marketing purposes
  • Sale of your information

Our Responsibilities

The covered entities involved in your care through Lemma Health are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and give you a copy of it. • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

  • Request that a business that collects a consumer's personal data disclose the categories of personal data that a business has collected about consumers.
  • Request that a business delete any personal data about the consumer that a business has collected.
  • Request that a business that sells a consumer's personal data not sell the consumer's personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Data Security

We use reasonable technical, administrative, and physical safeguards (including encryption) to protect your personal data from unauthorized access, disclosure, alteration, and destruction. While no online transmission is entirely secure, we strive to protect your information as best as possible. While we do our best to try to protect your personal data, we cannot guarantee the security of any information you transmit to us. If you notice suspicious activity or believe that your account may have been compromised in some way, please contact us immediately at info@lemmahealth.com. You must keep your account password secure and your account confidential, and you are responsible for any and all use of your account. To help us protect personal information, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.

Changes to This Policy

We may update this Privacy Policy from time to time and make changes to our information practices as permitted by law. You can reference the date on the top to determine when this Privacy Policy was last updated. Any changes will become effective when we post the revised Privacy Policy on the Services. If you are registered for the Services, you will be notified of any material changes to this notice prior to it becoming effective. Your use of the Services following the changes means that you acknowledge and accept the revised Privacy Policy.

Contact

If you have questions or concerns about this Privacy Policy, please contact us Lemma Health Privacy Officer at josh@lemmahealth.com.

Thank you for choosing Lemma Health. We are committed to protecting your privacy and ensuring a secure and personalized experience while delivering high‑quality healthcare services.