Last updated: Jan 6, 2026

Privacy Policy

TakeBack Health, LLC (“TakeBack Health,” “we,” “us,” or “our”) values your privacy and is committed to protecting the personal and health-related information you provide to us. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website, create an account, or use any of our telehealth or administrative services. This Privacy Policy applies to all visitors and users of our website in all U.S. jurisdictions and information that may collect from you via email, text or other electronic messages (collectively the “Site”). This Privacy Policy does not govern the use and disclosure of Protected Health Information except as described in the section titled Protected Health Information (HIPAA) below.

By accessing or using our services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

By creating an account, providing information to us (by any means, whether in correspondence, via our Site, or otherwise), or continuing to use our services, you acknowledge that you have read, understood, and consent to be bound by this Privacy Policy.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR OUR PRACTICES, YOU MAY NOT USE OUR SITE. THIS PRIVACY POLICY MAY CHANGE FROM TIME TO TIME AND YOUR CONTINUED USE OF OUR SITE CONSTITUTES YOUR ACCEPTANCE OF THOSE CHANGES. WE ENCOURAGE YOU TO REVIEW THIS PRIVACY POLICY PERIODICALLY.

Protected Health Information (HIPAA)

Some of the information we collect and store in connection with your use of our services constitutes Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

TakeBack Health may access, store, and use limited PHI for purposes such as:

• Care coordination and patient communications
• Appointment reminders and follow-up notifications
• Patient education and administrative support
• Platform operations and quality improvement

Primary clinical records, diagnoses, treatment decisions, and prescribing records are maintained by licensed healthcare providers and affiliated medical entities, including Arora Health, using their designated electronic medical record systems

TakeBack Health uses HIPAA-compliant systems and safeguards, including HIPAA-configured customer relationship management tools, and enters into appropriate Business Associate Agreements with vendors and partners that may handle PHI on our behalf.

PHI is governed by a separate Notice of Privacy Practices, which explains:

• How PHI may be used and disclosed
• Your rights regarding your health information
• How to exercise those rights

You may review the applicable Notice of Privacy Practices by requesting a copy by contacting privacy@takeback.health

1. Information We Collect

We may collect and use certain information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”), including:

Account Information:

• Full name, email address, phone number, mailing address
• Date of birth, gender, and demographic data
• Account login credentials (usernames, passwords)

Health-Related Information:

• Health history, symptoms, or conditions you report through forms or questionnaires
• [Information you enter in our patient portal or EMR platform]
• [Communications with healthcare professionals]

Financial Information:

• [Billing details, payment method, and transaction records]

Technical, Internet, and Usage Data:

• IP address, browser type, device identifiers, and usage data collected through cookies, pixels, or analytics tools

We collect most of this personal information directly from you—in person, by telephone, text or email, and/or via our Site. However, we may also collect information:

• From a third party with your consent (e.g., your bank or credit card provider);
• From cookies on our Site; and
• Via our IT systems, including, automated monitoring of our Site and other technical systems, such as our computer networks and connections, access control systems, communications systems, email and instant messaging systems. 

2. Use of Information

We may use the Personal Information we collect:

• To provide the Site to you
• To register and manage your account
• To provide access to telehealth or related wellness services by separate clinical providers
• To communicate with you about your care, appointments, or account (on behalf of separate clinical providers)
• To send promotional content or updates (only if you opt in or otherwise request from us)
• To comply with applicable laws, regulations, or legal obligations
• Prevent fraud or abuse, and ensure the security of our services
• For operational reasons, such as improving efficiency, training and quality control
• For statistical analysis to help us manage our business
• To inform you about the treatment/services which you have indicated an interest to or signed up for.
• To notify you about changes to our website or any products or services we offer or provide though it.
• To update and enhance our customer records.
• To marketing our services and those of selected third parties to existing and former customers, third parties who have previously expressed an interest in our services, third parties with whom we have no previous dealings.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

We may anonymize, de-identify, or aggregate Personal Information so the end-product does not identify you or any other individual to analyze usage patterns or improve our services. Once aggregated, anonymized or de-identified, such information is not considered Personal Information for purposes of this Privacy Policy and we may use it for any purpose.

3. Information Sharing and Disclosure

We may share your Personal Information under the following circumstances:

• With service providers, (e.g., EMR vendors, cloud providers, analytics platforms) to help us operate the Site and our platform, provided they contractually agree to maintain confidentiality and only use data for specified purposes.
• With affiliated professional entities or healthcare providers, to deliver medical or clinical services.
• With analytics providers, to assist us in performing analytics and help us measure the effectiveness of the Site and our marketing and advertising efforts.
• With marketing and advertising partners, to assist us in serving, measuring the performance of, and optimizing our advertisements.
• To third parties to market their products or services to you if you have consented to.
• As required by law, including in response to subpoenas, court orders, investigative demands, requests for cooperation from a law enforcement agency, or other legal processes.
• In the event of a business transfer, such as a merger, acquisition, or sale of assets as well as in the event of any insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
• For other reasons, as we otherwise describe to you when you provide the Personal Information. Additionally, we may disclose your Personal Information with your consent or when you direct us to do so.

We may also need to share some Personal Information with other parties to the extent we believe it is necessary or appropriate to (1) protect our operations and those of our affiliates and subsidiaries; (2) investigate and prevent against fraud and other illegal activity; (3) protect our rights, privacy, safety, property, and/or those of others; or (4) allow us to pursue available remedies or limit damages that we may sustain.

4. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality and gather information about site usage. Cookies are small text files of information stored by the Internet browser on your computer’s hard drive. We may use these cookies to collect browsing data to keep track of your preferences and profile information and to collect general usage and volume statistical information. Our cookies do not collect personal or confidential information and are not spyware.

There are a number of different types of cookies, however, our Site uses:

• Essential – These cookies are necessary to the core functionality of our Site and some of its features, such as access to secure areas.
• Performance and Functionality – These cookies are used to enhance the performance and functionality of our Site. For example, we may use these cookies so that we recognize you on our Site and remember your previously selected preferences. These could include what language you prefer and your geographic location. These cookies are nonessential to the use of our Site, however, without these cookies, certain functionality may become unavailable. A mix of first-party and third-party cookies are used.
• Analytics and Customization – Takeback Health uses these cookies and technologies to analyze how the Site is accessed, used, or performing in order to improve your user experience and to maintain, operate and continually improve the Site. For example, we use analytic cookies on the Site to collect: page url/page title and user browser/system information, which includes browser type, referrer, language, java/flash support, IP address, and ad-serving data.

You have the right to decide whether to accept or reject certain cookies. You may configure your browser to reject cookies, but doing so may limit your access to certain features. Essential cookies cannot be rejected, as they are strictly necessary to provide you with our Site.

5. Global Privacy Control

‘Global Privacy Control’ (GPC) is a browser setting that allows users to automatically communicate their preference to opt out of data sharing or selling across different websites. When you enable a GPC setting in your web browser, you are signaling to websites that you wish to opt out of the sale or sharing of your personal information across all websites that recognize this signal. If you have enabled a GPC signal on your browser, we will automatically process your request to not sell or share your personal information.

6. Your Privacy Rights (U.S. State Laws)

Depending on your state of residence, you may have the right to:

• Access a copy of the Personal Information we have collected about you
• Request deletion or correction of inaccurate Personal Information
• Opt out of the sale or sharing of Personal Information
• Limit the use and disclosure of sensitive Personal Information
• Appeal the denial of any privacy rights request

If you are located in the located in the State of California, Colorado, Connecticut, Delaware, Iowa, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia please go to our Privacy Notice Addendum to learn about additional rights you may have under applicable data protection laws.

7. Data Retention and Security

We retain your Personal Information for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law. Different retention periods apply for different types of Personal Information. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of Personal Information; the potential risk from unauthorized use or disclosure of the Personal Information; the purpose(s) for which we use or may use the Personal Information; whether we can achieve the purpose(s) through other means; and the applicable legal requirements. When it is no longer necessary to retain your Personal Information, we will delete or anonymize it. If we anonymize or de-identify your Personal Information after the necessary retention period, we will maintain and use the anonymized or de-identified information in anonymize or de-identified form and not attempt to re-identify the information except as required or permitted by law.

We use commercially reasonable administrative, technical, and physical safeguards to protect your data. However, no system is completely secure, and we cannot guarantee the absolute security of your information. Any such transmission of information by you over the internet is at your own risk.

8. Communications and Marketing

We may use your Personal Information to send you updates (by email, text message, telephone or post) about our Site and services we may offer, including exclusive offers, promotions or new products services. We may also use your contact information to send administrative messages, appointment reminders, or service updates.

You may opt out of marketing and promotional messages by following the instructions in the email or contacting us directly using the method in the “Contact Us” Section below.

You cannot opt out of essential communications such as account notices.

9. Where Your Personal Information is Held

Information may be held at our offices and those of our third party agencies, service providers, representatives, agents, affiliated professional agencies and healthcare providers as described above (see above: “Information Sharing and Disclosure”).

10. A Note to Users Outside of the United States

Takeback Health is headquartered in the United States and utilizes service providers in the United States. The Site is not intended for Site visitors outside the United States. If you are a non-U.S. user of the Site, by visiting the Site and providing us with data, you acknowledge and agree that your Personal Information may be processed for the purposes identified in this Privacy Policy. If you choose to access our Site outside the United States, Takeback Health and our service providers may transfer your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. In particular, you are advised that the United States uses a sectoral model of privacy protection that relies on a mix of legislation, governmental regulation, and self-regulation. Where the laws of your country allow you to do so, by using the Site or the services or by providing your data, you consent and authorize Takeback Health to transfer, store, and use all such Personal Information in the United States (and any other country where we may operate) which may not offer an equivalent level of protection to that required in the country where you reside and to the processing of that Personal Information by us on our servers located in the United States, as described in this Privacy Policy. If you do not want your Personal Information transferred to the United States and any other country where we operate, please do not submit any information to us or use our Site or the services.

11. Third-Party Links and Services

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third-party websites or services. This is not as an endorsement by us of any third party website, content that may be offered on such third party website, or of any products or services provided by such third party. We do not control, nor are we responsible for, such third party website, product or service offerings. As such, we urge that you exercise caution before providing them with your personal information and to review the third party’s privacy policy for information on its data processing practice. You should contact the site administrator for such third party website if you have any complaints, claims, concerns or questions regarding such third party website or its privacy practices.

This Privacy Policy applies only to TakeBack Health’s operations.

12. Children’s Privacy

Our services are intended for users 18 years of age or older. If you are under 18, do not use our services, access the Site, or provide any information about yourself including, without limitation, your name, address, email address or any screen name or user name you may use.  We do not knowingly collect Personal Information from minors under 18. If we learn that we have inadvertently collected Personal Information from a minor, we will delete it promptly. If you believe we may have any information from or about a child under 18, please see our “Contact Us” Section below.

13. Telemedicine Provider Licensure Disclosures
In accordance with state telemedicine requirements, the following provider licensure information is publicly disclosed:
Vermont
License #: 042.0016085-COMP
Expiration Date: 11/31/2026
Entity: Arora Health and Aesthetics
Provider: Dr. Sean Arora, MD

Rhode Island
License #: MD20370
Expiration Date: 6/30/2026
Entity: Arora Health and Aesthetics
Provider: Dr. Sean Arora, MD

Massachusetts
License #: 1018420
Expiration Date: 7/20/2027
Entity: Arora Health and Aesthetics
Provider: Dr. Sean Arora, MD

Clinical services are provided by licensed clinicians through partner medical entities. Availability of services varies by state and is subject to applicable laws and regulations.

14.  Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Effective Date” at the top of this page indicates when it was last revised. Please review this Privacy Policy periodically to read the current version.

Your continued use of our services or Site after any changes signifies your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Privacy@TakeBack.Health 

TakeBack Health, LLC

PRIVACY NOTICE ADDENDUM

This Privacy Notice Addendum (“Notice”) supplements the information contained in the above Privacy Policy and applies solely to all visitors, users, and others located in the European Economic Area, the UK, or who reside in Australia, Canada or the State of California, Colorado, Connecticut, Delaware, Iowa, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia (“consumers” or “you”). 

We adopt this Notice to comply with the California Shine the Lights law, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Colorado Privacy Act, the Connecticut Data Privacy Act, the Delaware Personal Data Privacy Act, the Iowa Consumer Data Protection Act, the Indiana Consumer Data Protection Act, the Kentucky Consumer Data Protection, the Maryland Online Data Privacy Act, the Minnesota Consumer Data Privacy Act, the Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire Senate Bill 255, New Jersey Senate Bill 332, the Oregon Consumer Privacy Act, the Rhode Island Data Transparency and Privacy Protection Act, the Tennessee Information Protection Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act, the Virginia Consumer Data Protection Act, and certain other privacy and data protection laws, as applicable (collectively, the “Statutes”). Any terms defined in the Statutes will have the same meaning when used in this Notice. Any terms used in this Notice but undefined herein shall have the meaning provided in the Privacy Policy.

As further set forth in our Privacy Policy, we may collect certain information that is (i) linked or reasonably linkable to an identified or identifiable individual or natural person, or (ii) that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household, or (iii) as further defined in the Statutes as “Personal Data” or “Personal Information,” as further described in our Privacy Policy.

1. Shine the Light Law.

California Civil Code Section 1798.83, also known as the “Shine The Light” law permits individuals who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

2. Personal Information We Collect About You

Categories of Personal Information	Examples Personal Information	Collected
Category A – Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.	Yes
Category B – Customer records information (i.e. Information that identifies, relates to, describes, or is capable of being associated with, a particular individual)	Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.	Yes
Category C – Characteristics of protected classifications under state or federal law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
Category D – Commercial information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	No
Category E – Biometric information	Retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.	No
Category F – Internet or other electronic network activity information	Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.	Yes
Category G – Geolocation data	Physical location or movements.	No
Category H – Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information.	No
Category I – Professional or employment-related information.	Place of employment, position, job history, salary, resume, and other related data.	No
Category J – Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
Category K – Sensitive personal information	(1) personal information that reveals: ·      A person’s social security, driver’s license, state identification card, or passport number; ·      A person’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; ·      A person’s precise geolocation; ·      A person’s racial or ethnic origin, religious or philosophical beliefs, or union membership; ·      The contents of a person’s mail, email, and text messages unless the business is the intended recipient of the communication; or ·      A person’s genetic data. (2) the processing of biometric information for the purpose of uniquely identifying a consumer; (3) personal information collected and analyzed concerning a consumer’s health, or a personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.	Yes
Category L – Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	An inference is essentially a characteristic deduced about a consumer (such as ‘married,’ ‘homeowner,’ ‘online shopper,’ or ‘likely voter’) that is based on other information a business has collected.	No

 

3. Personal Information We Sold or Disclosed for a Business Purpose.

In the preceding 12 months, we have disclosed for a business purpose to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

• Category A – Identifiers
• Category B – Customer records information
• Category C – Characteristics of protected classifications under state or federal law
• Category F – Internet or other electronic network activity information
• Category K – Inferences drawn from collected personal information

In the preceding 12 months, we have sold to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

• Category A – Identifiers
• Category B – Customer records information
• Category C – Characteristics of protected classifications under state or federal law
• Category F – Internet or other electronic network activity information
• Category K – Inferences drawn from collected personal information

4. Your Rights Under the CCPA.

You may have the right under the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

Disclosure of Personal Information We Collect About You	You have the right to know: The categories of personal information we have collected about you; The categories of sources from which the personal information is collected; Our business or commercial purpose for collecting or selling personal information; The categories of third parties with whom we share personal information, if any; and The specific pieces of personal information we have collected about you. Please note that we are not required to: Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or Provide the personal information to you more than twice in a 12-month period.
Personal Information Sold, Shared, Disclosed, or Used for a Business Purpose	In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know: The categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and The categories of personal information that we disclosed about you for a business purpose. You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the sale of your personal information. If you exercise your right to opt-out of the sale of your personal information, we will refrain from selling your personal information, unless you subsequently provide express authorization for the sale of your personal information. To opt-out of the sale [or disclosure] of your personal information, visit our homepage and click on the Do Not Sell My Personal Information link here: [URL].
Right to Limit Use and Disclosure of Sensitive Personal Information.	You have the right to opt-out of the use and disclosure of your sensitive personal information for anything other than supplying requested goods or services. We only use sensitive personal information for supplying the requested goods or services.
Right to Correction	You have the right to request correction of inaccurate personal information maintained by us about you. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.
Right to Deletion	Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: Delete your personal information from our records; and Direct any service providers to delete your personal information from their records. Please note that we may not delete your personal information if it is necessary to: Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; Debug to identify and repair errors that impair existing intended functionality; Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; Comply with the California Electronic Communications Privacy Act; Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent; Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; Comply with an existing legal obligation; or Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Protection Against Discrimination	You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things: Deny goods or services to you; Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; Provide a different level or quality of goods or services to you; or Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Please note that we may charge a different price or rate or provide a different level or quality of [goods and/or services] to you, if that difference is reasonably related to the value provided to our business by your personal information.

5. Your Rights Under Other State Privacy Laws

Colorado, Connecticut, Delaware, Iowa, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, also provide consumers who are residents of these states with certain rights regarding their Personal Data. This Section describes the rights you may have under these state privacy laws, under certain circumstances and subject to certain exceptions. Please contacts us if you have any questions about your rights under these state privacy laws.

Consumer Right	Explanation	Applies to Residents of:
The Right to Opt-Out	You may have the right to opt out of the processing of Personal Data concerning you for the purposes of: ·      Targeted Advertising; ·      The Sale of Personal Data; or ·      Profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.	Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia
The Right of Access	You may have the right to confirm whether we are processing Personal Data concerning you and to access your Personal Data. Please note, there may be restrictions on how often you may exercise this right.	Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia
The Right to Correction	You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.	Colorado, Connecticut, Delaware, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia
The Right to Deletion	You may have the right to delete Personal Data concerning you or to request that we delete Personal Data provided by, or obtained about, you.	Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia
The Right to Data Portability	You may have the right to obtain a copy of your Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. Please note, there may be restrictions on how often you may exercise this right.	Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia
The Right to Appeal	We hope that we can resolve any query or concern you raise about our use of your Personal Data. However, if we do not take action on your request to exercise any of your rights, we will inform you without undue delay after the receipt of the request our reason for not taking action. You may appeal any decision we have made about your request by following the instructions in the communication you receive from us notifying you of our decision.	Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Virginia

6. How to Exercise Your Rights.

If you would like to exercise any of your rights as described in this Privacy Notice, please:

• Complete a data subject request form available on our Site at [URL];
• Call us at (734) 887-1166; or toll free at (844) 703-6161
• Write to us at:
  

  TakeBack Health, LLC
  455 E Eisenhower Pkwy
  Suite 300 PMB1040
  Ann Arbor, MI 48108
  United States

• e-mail us at:
  privacy@takeback.health

Please note that you may be restricted on the number of data access or data portability disclosures you may make within a 12-month period.

If you choose to contact us by [website/email/phone/in writing], we will take steps to verify your identity before granting you access to your personal information or complying with your request. In order to help protect your privacy and maintain security, you will need to provide us with:

• Enough information to identify you;
• Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
• A description of what right you want to exercise and the information to which your request relates.

In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

You may use a representative, called an “authorized agent,” to submit a request to us.

In some states, an authorized agent must be a natural person, or a business entity registered with the appropriate Secretary of State, that you have authorized to act on your behalf.

In order to protect your privacy, Takeback Health requires you to confirm that you have provided the authorized agent permission to submit the request and you must provide the authorized agent with signed permission. “Signed” means that the written attestation, declaration, or permission has either been physically signed or provided electronically pursuant to the Uniform Electronic Transactions Act. In California, an authorized agent that has power of attorney pursuant to California Probate Code section 4121 to 4130 must submit proof of statutory power of attorney, but in such cases, consumer verification will not be required.

Takeback Health may deny a request from an authorized agent that does not submit proof that they have been authorized to act on your behalf. Requests submitted by an authorized agent will still require verification of the person who is the subject of the request in accordance with the process described above.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.