Privacy policy

Last updated: August 12, 2025

Venus Well operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Venus Well is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.
  • Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.
  • Account information including your username, password, security questions, preferences and settings.
  • Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
  • Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
  • Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
  • From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf;
  • From our partners or other third parties.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

  • Provide, Tailor, and Improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
  • Security and Fraud Prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
  • Communicating with You. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.
  • Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites. You can exercise your rights to opt-out of those uses here .
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy . Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

  • Right to Access / Know. You may have a right to request access to personal information that we hold about you.
  • Right to Delete. You may have a right to request that we delete personal information we maintain about you.
  • Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
  • Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to Opt out of Sale or Sharing for Targeted Advertising. Depending on where you reside, you may have a right to opt out of the "sale" or "share" of your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. You can exercise your rights to opt-out of those uses here. Please note that if you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out for the device and browser that you use to visit the website. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/. Other than the Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent from your web browser or device.
  • Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below. To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visit https://privacy.shopify.com/en.

We will not discriminate against you for exercising any of these rights. We may need to verify your identity before we can process your requests, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority.

International Transfers

Please note that we may transfer, store and process your personal information outside the country you live in.

If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at megan@venusandmarswell.com or contact us at 212 North 2nd Street, 100, Richmond, KY, 40475, US

This Consumer Health Data Privacy Policy supplements the Mish Health Ventures DBA Venus and Mars Well Privacy Policy (the “Privacy Policy”) and applies to personal data defined as “consumer health data” (“CHD”) by the Washington state My Health My Data Act (“MHMDA”) and Nevada’s Consumer Health Data Privacy Law (“Nevada CHD Law”). It also incorporates the concept of Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), ensuring that data related to your health and wellness is handled with the highest privacy and security standards.

For the purposes of this policy, PHI refers to individually identifiable health information that relates to your past, present, or future physical or mental health, healthcare services, or payment for healthcare. Undefined capitalized terms shall have the meaning set forth in the Privacy Policy.

Categories of CHD Collected

As described further in our Privacy Policy, and depending on how you interact with Mish Health Ventures DBA Venus and Mars Well and applicable law, we may collect the following categories of CHD, as broadly defined in the MHMDA and Nevada CHD Law:

  • Individual health conditions, treatment, diseases, or diagnoses: E.g., in connection with you seeking healthcare services or medications from us.

  • Social, psychological, behavioral, and medical interventions: E.g., through the collection of your medical history as part of the treatment services you seek on or through us.

  • Health-related surgeries or procedures: E.g., through the collection of health-related surgeries or procedures within your medical history as part of the treatment services you seek from us.

  • Use or purchase of prescribed medication: E.g., through your purchase of medication or your medical history provided to us.

  • Bodily functions, vital signs, symptoms, or measurements of health information: E.g., as part of seeking healthcare services or medications.

  • Diagnoses, diagnostic testing, treatment, or medication: E.g., through medical history collected by us, or when you seek healthcare services or medications.

  • Gender-affirming care information: E.g., through the collection of your medical history.

  • Reproductive or sexual health information: E.g., as part of your medical history when seeking healthcare services or medications.

  • Genetic data: E.g., when included in your medical history.

  • Data that identifies a consumer seeking healthcare services: E.g., medical records collected by us.

  • Other information that may be used to infer, derive, or extrapolate data related to the above or other health information.

Patient Rights

In addition to the rights provided under the Washington My Health My Data Act (MHMDA) and Nevada Consumer Health Data Privacy Law, individuals have rights under HIPAA, including:

  • Right to Access: Request access to and obtain a copy of your Protected Health Information (PHI).

  • Right to Amend: Request amendments to your PHI if you believe it is incorrect or incomplete.

  • Right to Restrict Disclosures: Request restrictions on certain uses or disclosures of your PHI.

  • Right to Confidential Communications: Request that communications regarding your health information be sent via alternative means or to alternative locations.

  • Right to Accounting of Disclosures: Receive a record of certain disclosures of your PHI made by us.
    For a full explanation of your rights, please refer to our Notice of Privacy Practices.


Sources of CHD

As described in our Privacy Policy, we collect CHD from the following sources:

  1. Directly from you (e.g., when you provide information to us while using our services);

  2. Automatically through your use of the Services (e.g., via cookies or device information);

  3. Social media and other content platforms;

  4. Other third-party sources (e.g., healthcare providers, labs, or pharmacies).

Purposes for Collection of CHD

We describe the purposes for the collection and use of CHD in the “Purposes for How We Use Your Information” section of our Privacy Policy. As described there, we may collect and use CHD for the following purposes, as directed by you or with your consent:

  • To provide and manage the Services (e.g., processing your healthcare requests);

  • To analyze and improve the Services;

  • For advertising and marketing purposes;

  • For legal purposes, including complying with laws or establishing, exercising, or defending legal rights.

How and Why We Share CHD

We may share CHD for business purposes with the categories of entities described in the “How We Disclose Your Information” section of our Privacy Policy. As further described in our Privacy Policy and subject to applicable law, we may share the categories of CHD for the following reasons:

  • To deliver products and services to you, including to complete transactions initiated by you;

  • To maintain consistency in the level of service across our products and services;

  • To enhance our products, services, and your customer experience;

  • With your consent, such as for certain advertising or promotional efforts;

  • To protect our company and others (e.g., enforcing our Terms of Use, Privacy Policy, or contracts with you);

  • To comply with legal obligations;

  • In connection with any potential acquisition, merger, or purchase involving our business assets.

As described in our Privacy Policy, we reserve the right to create Aggregate/De-Identified Data from the information we collect and to disclose such data at our discretion.

We may share CHD with the following categories of third parties:

  • Health Care Providers and Services: For the provision of health services.

  • Service Providers: For business operations, such as payment processing, shipping, or analytics.

  • For the Protection of Mish Health Ventures DBA Venus and Mars Well: To regulatory agencies, as required by law.

  • For Legal Purposes: In response to legal requests or governmental inquiries.

  • Business Transfers: In connection with business transactions, such as mergers or acquisitions.

  • At Your Direction or With Your Consent: Including sharing with other users if you post in public forums or interact with other users.

Breach Notification
In the event of a breach involving your Consumer Health Data (CHD) or Protected Health Information (PHI), Mish Health Ventures DBA Venus and Mars Well will notify you as required under HIPAA regulations and applicable state laws. Notifications will include:

  • A description of what happened.

  • The type of information involved.

  • Steps you can take to protect yourself.

  • What we are doing to investigate, mitigate harm, and prevent future incidents.
    For more details on our breach notification process, please see our Notice of Privacy Practices.

How To Exercise Your MHMDA or Nevada CHD Law Rights

Depending on your jurisdiction, you may have the following rights under the MHMDA or Nevada CHD Law:

  1. Confirmation: Request to confirm whether we are collecting, sharing, or selling your CHD;

  2. Access: Request access to your CHD;

  3. Deletion: Request deletion of your CHD;

  4. Withdraw Consent: Withdraw consent to the collection or sharing of your CHD.

To exercise these rights, please submit your request through [Insert Webform Link]. We may contact you for further information to authenticate your identity. We will not request sensitive personal or financial information for identity authentication, and no employee will ask for your password.

If your request is denied, you may appeal the decision through [Insert Appeal Webform Link]. If you are a Washington resident and your appeal is denied, you can contact the Washington State Attorney General at www.atg.wa.gov/file-complaint. If you are a Nevada resident and your appeal is denied, you can contact the Nevada Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.

Updates to this CHD Policy

We reserve the right to change this CHD Policy at any time to reflect updates in the law, our data collection and usage practices, the features of our Services, or advances in technology. We will make the revised CHD Policy accessible through the Services, so please review it periodically. The date this CHD Policy was last updated is noted at the top of this document. By continuing to use our Services after amendments are posted, you acknowledge the updated CHD Policy.

Contact Us

If you have any questions about this CHD Policy or our privacy practices, please contact us at:

Mish Health Ventures DBA Venus and Mars Well
privacy@venusandmarswell.com

 

Privacy Policy
Effective Date:11-20-2024

Updated: 1-6-2025

1. Purpose

This document summarizes the permitted uses and disclosures of patient protected health information (“PHI”) as permitted by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule” or the “HIPAA Privacy Rule”), as amended by the Health Information Technology for Economic and Clinical Health Act, which is at Section 13400, et seq. of the American Recovery and Reinvestment Act of 2009, 42 U.S.C. § 17921, et seq., (the “HITECH Act”) and any regulations promulgated thereunder, including the HIPAA omnibus final rule (the “HIPAA Final Rule”).

2. Scope

This policy applies to all Company staff members.

3. Privacy Policy Statement

The Company is committed to complying with the Privacy Rule.

The Company recognizes the need to protect the privacy of PHI in order to facilitate the effective delivery of health care. These Privacy Policies and Procedures are designed and intended to ensure[1] the Company’s compliance with the Privacy Rule. The Company adopts these Policies and Procedures to protect the PHI that it creates and maintains from unauthorized use, disclosure, or access, and to maintain the confidentiality and integrity of that PHI. These Policies and Procedures also ensure that individuals have rights related to their PHI. Through the Company’s Notice of Privacy Practices ("Privacy Notice") individuals are informed of the Company’s legal duties and these Policies and Procedures, as well as their individual rights with respect to their PHI.

4. Key Definitions

“Protected Health Information” is information that (1) identifies (or could be reasonably used to identify) an individual, (2) is created or received by a HIPAA covered entity (a health care provider, health plan or health care clearinghouse) and (3) relates to the past, present or future physical or mental health of the individual, the provision of health care to the individual, or the past, present or future payment for the provision of health care to the individual.

A “Business Associate” is a person or entity, other than a member of a covered entity’s workforce, that creates, receives, maintains or transmits PHI on behalf of a covered entity for a function or activity regulated by HIPAA. The HIPAA Final Rule expands the definition of “business associate” to include subcontractors to a business associate that create, receive, maintain or transmit PHI on behalf of a business associate. Business associate functions or activities on behalf of a covered entity include claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management and repricing.

These Policies and Procedures will be amended and/or supplemented as necessary and appropriate to comply with changes in the law or regulations or other interpretation of the Company’s privacy-related obligations, or to reflect changes related to the Company. The Company will document and implement changes to these Policies and Procedures whenever there is a change in the law, regulations or interpretation of the Company’s privacy obligations and/or a material change to the uses or disclosures of PHI or other privacy practices that necessitate a change in these Policies and Procedures. If a change requires revisions to the Privacy Notice, the Company will not implement the change before the effective date of the revised Privacy Notice unless the Privacy Officer deems it necessary to apply the change to PHI that the Company created or received before this effective date.

 

 

[1] The term “ensure,” as used throughout these Policies and Procedures, is not meant to guarantee compliance with the Privacy Rule. Rather, “ensure” shall mean that the Privacy Officer, Business Associates and others, as applicable, will use their best efforts to comply with the Privacy Rule.

Introduction

This Privacy Policy ("Policy") describes the data protection practices of Mish Health Ventures DBA Venus and Mars Well ("we," "our," or "us"), including when you visit any website that links to this Privacy Policy www.venusandmarswell.com and any affiliated mobile applications (collectively, our "Websites") or otherwise provide data to us. This Privacy Policy is incorporated into our Terms of Use. Please read this Privacy Policy carefully to understand how we handle your information. If you do not agree to this Privacy Policy, please do not use the Services.  In addition to HIPAA, this Privacy Policy complies with state-specific privacy laws, including the California Consumer Privacy Act (CCPA), Nevada Consumer Health Data Privacy Law, and Washington My Health My Data Act (MHMDA). If state laws impose stricter requirements than HIPAA, the Company will adhere to the stricter standard. This Privacy Policy should be read in conjunction with our Consumer Health Data Policy and Notice of Privacy Practices, which provide additional details on the Company’s data handling practices, patient rights, and state-specific compliance.

This Privacy Policy contains the following sections:

1. The Information We Collect and the Sources of Such Information

We obtain information about you through various means when you use our Services. Certain information is necessary for us to provide the Services. If you do not provide such information or ask us to delete it, you may no longer be able to access or use parts of our Services.

Information You Provide to Us

We collect the following information that you provide directly to us:

  • Account Information: Name, address, email address, telephone number, date of birth, and other identifiers.

  • Billing Information: Shipping address, payment information (e.g., credit card number, verification number, expiration date), collected by our payment processors on our behalf.

  • Commercial Information: Information about your transactions, including purchases and healthcare provider information, if applicable.

  • Health Information: Medical history, lifestyle data, symptoms, treatment options, medical records, and other relevant information.

  • Demographic Information: Gender, age, marital status, and similar data.

  • Geolocation Information: General location (e.g., city, state, or zip code) based on your IP address.

  • User-Generated Content: Any content you post on our Services (e.g., public forums, reviews, and interactions with providers).

  • Sensitive Personal Information: This includes health-related data, information about your sex life or sexual orientation, and sensitive demographic data (e.g., race and ethnicity).

Purposes for How We Use Your Information

We may use your information for the following purposes:

  • Provide and Manage the Services: This includes facilitating healthcare services, processing orders, verifying your identity, and maintaining your account.

  • Communication: To respond to inquiries, provide customer support, send notifications, and communicate on behalf of healthcare providers.

  • Analytics and Improvements: Conduct research and analysis to improve our Services and enhance user experience.

  • Personalization: Customize content and advertisements to better match your preferences.

  • Legal Obligations: Comply with legal obligations, protect the safety and rights of others, and safeguard our business.3. Online Analytics and Advertising


We may use third-party web analytics services (e.g., Google Analytics, Facebook Ads) to collect and analyze usage information. These services help us understand how users interact with our Services and assist with personalized advertising.

You may opt out of cross-device tracking and tailored advertisements through your mobile device settings.

How We Disclose Your Information

We may disclose your information in the following ways:

  • Service Providers: We may share information with third-party service providers who assist us with payment processing, shipping, analytics, and other business operations.

  • Health Care Providers: If applicable, we may disclose health-related information to healthcare providers for treatment purposes.

  • PHI may be disclosed to Business Associates under signed agreements requiring compliance with HIPAA and applicable laws. These agreements ensure that Business Associates protect PHI and use it only for the purposes for which they were engaged.

  • Legal Compliance: We may disclose information to comply with legal obligations, such as court orders, subpoenas, or government requests.

  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

  • The Company will use or disclose only the minimum necessary PHI to accomplish the intended purpose, except as required by law or authorized by the individual.

We do not sell your personal information.

Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Right to Access: You can request access to the personal information we hold about you.

  • Right to Correct: You may request that we correct any inaccuracies in your personal data.

  • Right to Delete: You may request the deletion of your personal data, subject to legal limitations.

  • Right to Opt-Out of Marketing: You can opt-out of receiving marketing communications from us by following the instructions in the email or contacting us directly.

  • Cookie Preferences: You can manage your cookie settings through your browser or our Cookie Policy.

  • We reserve the right to implement these technologies in the future to improve user experience, analyze website traffic, or provide personalized content. Any updates to our use of cookies will be reflected in this Privacy Policy and, where required by law, we will notify users and obtain their consent before using such technologies.

  • Individuals have the right to request an accounting of certain disclosures of their PHI made by the Company. This includes disclosures for purposes other than treatment, payment, and healthcare operations. Requests can be made by contacting the Privacy Officer.

To exercise your rights, please contact us using the information provided at the end of this policy.


Third-Party Services and Health Information

Our Services may link to third-party websites, apps, or services that are not controlled by us. This Privacy Policy does not cover those third-party services, and we are not responsible for their privacy practices. Please review their privacy policies before providing any personal information.

Mish Health Ventures DBA Venus & Mars Well may disclose patient information to third-party service providers, such as labs, pharmacies, and billing processors, to facilitate treatment, payment, and healthcare operations.

How We Protect Your Information

We use a variety of security measures, including encryption and access controls, to protect your personal information. However, no security system is completely foolproof, and we cannot guarantee the absolute security of your data. You are responsible for keeping your account password confidential.

All employees undergo annual training on HIPAA compliance, data security, and our privacy policies. Training ensures that employees understand their responsibilities for protecting PHI and sensitive information and adhere to all Company protocols.

In the event of a data breach involving your PHI, we will notify you as required by law. Notifications will be made no later than 60 days after the discovery of the breach, in accordance with HIPAA regulations. These notifications will include details about the breach, the type of information involved, and steps you can take to protect yourself. We will also notify relevant authorities, such as the U.S. Department of Health and Human Services (HHS), and follow up with remedial actions to prevent future incidents.

Breach Notification
In the event of a breach involving your Protected Health Information (PHI) or Consumer Health Data (CHD), the Company will notify affected individuals, the Department of Health and Human Services (HHS), and any applicable entities, as required by HIPAA and state laws. Notifications will include:

  • A description of the breach.

  • The types of information involved.

  • Steps individuals can take to protect themselves.

  • What the Company is doing to mitigate harm and prevent future incidents.

 Retention of Your Information

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. The duration of retention depends on factors such as:

  • The type and sensitivity of the data

  • Legal obligations to retain the information

  • Our legitimate business interests

PHI is retained for a minimum of six (6) years, as required by HIPAA regulations. Other types of information, such as account or payment data, are retained as necessary to fulfill legal, contractual, or business obligations. Once no longer required, we securely delete or anonymize the data.

Children

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal information from individuals under 18. If we discover that we have collected such information, we will promptly delete it. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so that we can take appropriate action.

Mish Health Ventures DBA Venus & Mars Well does not routinely provide services to individuals under the age of 18. If services for minors are offered in the future, additional consents and policies will apply, as outlined in separate agreements.

Revisions to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices or applicable laws. When we make material changes, we will notify you by updating the "Effective Date" at the top of this policy. Your continued use of our Services constitutes your acknowledgment of these changes. Mish Health Ventures DBA Venus & Mars Well reserves the right to update this Privacy Policy at any time. Updates will be effective immediately upon posting on our website. Patients are encouraged to review the Privacy Policy periodically for changes.

Privacy Information for California Residents

If you are a resident of California, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to Know: You can request details about the categories and specific pieces of personal information we collect about you.

  • Right to Delete: You can request that we delete your personal information, subject to certain exceptions.

  • Right to Opt-Out of Sale: We do not sell personal information, but you can request to opt-out of sharing for advertising purposes.

  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To make a request, please contact us at megan@venusandmarswell.com. We may need to verify your identity before responding.

Privacy Information for Texas Residents

Under Texas law, we may process your sensitive personal information (such as health data) in accordance with your consent. You have the right to request that we limit the use of your sensitive information for purposes other than providing you with the services you have requested.

To request a limitation on the use of your sensitive data, please contact us at megan@venusandmarswell.com

Privacy Information for Nevada Residents

Nevada residents may opt out of the sale of "personally identifiable information" by contacting us at megan@venusandmarswell.com. While we do not currently sell personal information, we will process your request should our practices change. 

Contacting Us

If you require this Privacy Policy in an accessible format, please contact us at privacy@venusandmarswell.com.

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Mish Health Ventures DBA Venus and Mars Well

privacy@venusandmarswell.com