Privacy Policy

Last updated: March 2026

Introduction

Hey, Andy! ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SMS-based health coaching service.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our service.

1. Information We Collect

Personal Information You Provide:

• Name and contact information (email, phone number)
• Health and medical information (GLP-1 medication type, dosage, injection schedule)
• Health goals and personal health objectives
• Information you share via SMS or other communication channels
• Billing and payment information (processed securely by third-party providers)

Information Collected Automatically:

• Device information (phone model, OS)
• Usage data (interaction patterns, message timestamps)
• Log data (IP addresses, timestamps, error messages)

2. HIPAA Compliance

Hey, Andy! is committed to protecting health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA). All protected health information (PHI) is encrypted in transit and at rest using industry-standard security protocols. We do not sell or share your health information with third parties except as required by law or with your explicit consent.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing personalized health coaching via SMS
• Sending medication reminders and health alerts
• Improving our service and user experience
• Communicating with you about your account and service updates
• Complying with legal obligations
• Preventing fraud and ensuring account security

4. Sharing Your Information

We do not sell, trade, or rent your personal or health information to third parties. We may share information only with:

• Service providers who assist us in operating our platform (under confidentiality agreements)
• Law enforcement or regulatory agencies when required by law
• Your healthcare providers, if you explicitly authorize us to do so
• Our authorized partners for payment processing

5. Communication Methods and HIPAA Compliance

Hey, Andy! uses Rich Communication Services (RCS) as our primary communication channel to provide enhanced, HIPAA-compliant messaging. RCS offers end-to-end encryption and advanced security features that help us maintain the highest standards of data protection for your health information.

When RCS is not available on your device or carrier, we automatically fall back to standard SMS (text messaging) to ensure you can always reach us and receive critical health information. Please note: Standard SMS is not encrypted and may be less secure than RCS. We recommend using a device and carrier that supports RCS for optimal security. All data stored on our servers is encrypted regardless of the communication method used.

By using Hey, Andy!, you consent to communication via RCS or SMS and acknowledge the security differences between these methods. If you have concerns about your device's capability to receive RCS or SMS, please contact us to discuss alternative communication arrangements.

6. Data Security

We implement comprehensive security measures to protect your information, including:

• End-to-end encryption for RCS communications
• Encrypted storage of all sensitive health data on our servers
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Compliance with industry security standards

While we strive to use commercially reasonable security measures, no system is completely secure. We encourage you to protect your password and contact us immediately if you suspect unauthorized access to your account.

7. Your Rights and Choices

Access and Correction:

You have the right to access, review, and correct your personal and health information. Contact us to request access to your data or to update any inaccuracies.

Deletion:

You may request deletion of your account and associated data at any time. We will honor deletion requests within 30 days, except where we are required to retain information for legal or operational purposes.

Marketing Communications:

You may opt out of promotional messages at any time by replying "STOP" to any SMS message. You will continue to receive transactional messages related to your account.

8. Children's Privacy

Hey, Andy! is not intended for individuals under 18 years of age. We do not knowingly collect information from children. If we discover that we have collected information from a child without parental consent, we will delete such information promptly.

9. Third-Party Services

Our service may integrate with third-party platforms for payment processing or analytics. These third parties have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes via email or by posting the updated policy on our website. Your continued use of Hey, Andy! following such notification constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us at: