✓ Nationwide Telehealth · Licensed Physicians in All 50 States
Logo
Logo
About Us
How It Works
Treatments
FAQ
Blog
Contact

Privacy Policy

Effective Date: April 16, 2026 | Last Updated: April 16, 2026. To Know Oneself Optimized Wellness LLC — Privacy Policy.

Quick Summary (Plain English)

We are a telehealth wellness company. This policy explains what information we collect, how we use it, who we share it with, and what choices you have. A few things you should know before reading the full policy:

  • We collect personal information and health-related information you provide through our website, intake forms, consultations, and orders.
  • We use advertising and analytics tools from Meta (Facebook) and Google on portions of our website. These tools may collect information about your device, browsing activity on our site, and pages you visit.
  • We do not sell your personal information for money. However, our use of advertising cookies and pixels may qualify as a "sale" or "share" of personal information under California law. California residents have the right to opt out.
  • Protected Health Information (PHI) generated through your care with a licensed provider is governed by HIPAA and our Notice of Privacy Practices, not by this Privacy Policy.
  • To exercise your privacy rights or opt out of ad tracking, email support@toknowoneself.co or use the "Do Not Sell or Share My Personal Information" link in our website footer.

1. Who We Are and What This Policy Covers

This Privacy Policy (the "Policy") describes how To Know Oneself Optimized Wellness LLC ("To Know Oneself," "TKO Vitality," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website at toknowoneself.co (the "Website"), our patient portal, our mobile and web applications, our telehealth services, and any other products, services, or communications we offer (collectively, the "Services").

To Know Oneself Optimized Wellness LLC is a technology-enabled health optimization company. We facilitate access to independent licensed healthcare providers and compounding pharmacies. The licensed providers who deliver clinical care through our platform may be considered "covered entities" under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), and we may act as a "business associate" of those providers with respect to certain information.

1.1 Relationship to Our HIPAA Notice of Privacy Practices

If you receive clinical services through a licensed provider on our platform, the Protected Health Information ("PHI") generated through that clinical relationship is governed by the applicable provider's HIPAA Notice of Privacy Practices ("NPP"), not by this Privacy Policy. Where this Policy conflicts with the NPP with respect to PHI, the NPP controls.

This Privacy Policy governs non-PHI personal information, including information you provide to us before establishing a provider-patient relationship, information collected through our Website, and information used for marketing, analytics, and business operations.

1.2 Who This Policy Does Not Cover

This Policy does not apply to:

  • Independent licensed healthcare providers, medical groups, or compounding pharmacies, each of which maintains its own privacy practices.
  • Third-party websites, applications, or services that may be linked from our Website.
  • Information collected by payment processors, identity verification services, or other third parties that you interact with directly.

We encourage you to review the privacy policies of any third party before providing information to them.

2. Information We Collect

We collect information in three ways: directly from you, automatically through your use of our Services, and from trusted third parties. The sections below describe each category.

2.1 Information You Provide Directly

When you create an account, complete intake forms, communicate with our team, or make a purchase, you provide us with information that may include:

  • Identifiers: name, email address, phone number, date of birth, mailing and billing address, and, where required for identity verification, government-issued identification.
  • Account credentials: username, password, and authentication information for our patient portal.
  • Payment information: credit card, debit card, HSA/FSA card, or other payment account details. Full card numbers are processed and stored by our payment processor (Stripe and/or Cherry), not by us. We retain limited information such as the last four digits of the card, cardholder name, and transaction records.
  • Health information: information you voluntarily provide through intake forms, health questionnaires, consultations, and communications with our team, including information about medical history, symptoms, medications, lifestyle, goals, and laboratory results.
  • Wearable and biometric data: information you choose to connect or upload from devices such as Oura Ring, Apple Watch, Garmin, or Whoop through our patient portal.
  • Communications: content of emails, text messages, chat conversations, call recordings (where disclosed and permitted), and support tickets.
  • Marketing preferences: opt-in and opt-out choices, survey responses, and feedback.

2.2 Information Collected Automatically

When you visit our Website or use our Services, we and our service providers automatically collect certain information using cookies, pixels, software development kits (SDKs), server logs, and similar technologies, including:

  • Device and connection information: IP address, device identifiers, device type, operating system, browser type and version, language settings, and mobile network information.
  • Usage information: pages visited, time and duration of visits, links clicked, referring and exit URLs, search terms, and interactions with our Website.
  • Location information: approximate geographic location derived from your IP address. We do not collect precise geolocation unless you expressly grant permission through your device.
  • Advertising and analytics identifiers: cookies, pixel-based identifiers, and event data associated with Meta (Facebook) and Google advertising and analytics products, as described in Section 5.

2.3 Information From Third Parties

We may receive information about you from third parties, including:

  • Healthcare providers and laboratories (for care coordination, with appropriate authorization).
  • Payment processors (for transaction confirmation and fraud prevention).
  • Identity verification and age verification services.
  • Advertising partners and referral sources (such as data about which advertisement or affiliate referred you, and limited campaign attribution information).
  • Social media platforms when you interact with our presence on those platforms or choose to log in using a social account.

2.4 Sensitive Personal Information

Some of the information we collect is classified as "sensitive personal information" under California law and may include:

  • Account log-in credentials.
  • Precise geolocation (only if you grant permission).
  • Contents of communications where we are not the intended recipient.
  • Information concerning your health, including health conditions, medications, and treatment interests.
  • Information concerning your sex life or sexual orientation (for example, if you inquire about treatments related to sexual health).

We use sensitive personal information only to provide you with the Services you request, to operate our business, and for other purposes authorized or required by law. We do not use or disclose sensitive personal information for purposes that California law requires us to offer an opt-out of, except as disclosed in Section 5.

3. How We Use Information

We use the information we collect for the following purposes:

  • To provide the Services: process intake forms, facilitate consultations with licensed providers, coordinate prescriptions and shipments, manage your account, and provide customer support.
  • To process transactions: bill you for products and services, manage refunds and payment plans, and detect and prevent fraud.
  • To communicate with you: send transactional messages (order confirmations, appointment reminders, shipping notifications), respond to inquiries, and send marketing communications where you have consented.
  • To personalize the Services: remember your preferences, recommend relevant content, and tailor your experience on our Website and patient portal.
  • To measure and improve our Services: conduct analytics, research, and product development; measure the effectiveness of advertising campaigns; and improve the performance, security, and reliability of the Website and patient portal.
  • To market our Services: serve advertisements to you on our Website and on third-party platforms (including Meta and Google), subject to your rights to opt out as described in this Policy.
  • To comply with legal obligations and protect rights: respond to lawful requests, enforce our terms, protect the safety of patients and staff, and defend against legal claims.

4. Our Legal Bases for Processing

We process your personal information on one or more of the following legal bases: (a) your consent; (b) performance of a contract with you; (c) compliance with our legal obligations, including obligations under HIPAA and state health privacy laws; (d) our legitimate interests in operating, improving, and marketing our Services, where those interests are not overridden by your privacy rights; and (e) protection of your vital interests or the vital interests of another person.

5. Advertising, Analytics, and Tracking Technologies

This section describes in detail how we use third-party advertising and analytics technologies on our Website. We provide this information because we believe you are entitled to know, in plain language, what data flows from your interactions with our Website to third parties.

5.1 Third-Party Advertising and Analytics Partners

We currently use the following third-party advertising and analytics technologies:

Meta Pixel and Meta Conversions API (Meta Platforms, Inc.): We use the Meta Pixel on portions of our Website and transmit server-side conversion events to Meta through the Meta Conversions API ("CAPI"). These tools help us measure the effectiveness of our advertising on Facebook and Instagram, build audiences for future campaigns, and understand how visitors interact with our Website. Information shared with Meta may include event data (such as page views, leads, and purchases), hashed email addresses, IP address, browser and device information, and limited URL information. Meta uses this information in accordance with its own Data Policy (available at https://www.facebook.com/privacy/policy).

Google Analytics, Google Ads, and Google Tag Manager (Google LLC): We use Google products to measure website performance, attribute conversions to advertising campaigns, and serve ads on Google properties and the Google Display Network. Information shared with Google may include device identifiers, IP address, browser and device information, event data, and hashed email addresses transmitted through Google's Enhanced Conversions feature. Google's use of information is described in its Privacy Policy (available at https://policies.google.com/privacy).

5.2 Where These Technologies Operate

Meta and Google advertising and analytics tools currently fire on our public-facing marketing pages and on certain pre-purchase intake and consultation request pages. These tools do not fire within your logged-in patient portal, on checkout confirmation pages that display PHI, or on any page where Protected Health Information is displayed or submitted as part of an established clinical encounter.

We continuously evaluate our tracking implementation and may add, remove, or reconfigure these technologies. When we send event data to Meta or Google from our servers, we apply filters designed to prevent the transmission of information that could reasonably identify a specific health condition, diagnosis, or treatment of an identified individual.

5.3 What We Do Not Share With Advertising Partners

We are explicit about what does not flow to Meta, Google, or any other advertising or analytics partner:

  • We do not share your medical records, diagnoses, provider notes, prescription details, or laboratory results with Meta, Google, or any other advertising or analytics partner.
  • We do not share content you submit through intake forms, health questionnaires, or communications with your provider.
  • We do not share information from your patient portal, including wearable data you have connected to your account.
  • We do not use information from your clinical encounters to target advertising to you.

5.4 Cookies and Similar Technologies

We and our service providers use the following categories of cookies and similar technologies:

  • Strictly necessary cookies: required to operate the Website and patient portal (authentication, security, fraud prevention, load balancing).
  • Functional cookies: remember your preferences and settings.
  • Analytics cookies: help us understand how visitors use the Website so we can improve it.
  • Advertising cookies: used by us and our advertising partners to serve you relevant advertisements on our Website and on third-party platforms and to measure campaign effectiveness.

You can control cookies through your browser settings and through the cookie preferences tool available on our Website. Disabling cookies may affect the availability and functionality of certain features. Please note that browser-based controls apply only to the browser and device on which you set them.

5.5 Do Not Track Signals and Global Privacy Control

Our Website recognizes and honors the Global Privacy Control ("GPC") browser signal as a valid request to opt out of the "sale" or "sharing" of personal information under California law. Because there is no common industry or legal standard for recognizing or honoring "Do Not Track" signals, we do not currently respond to "Do Not Track" signals. We may revisit this practice as standards evolve.

5.6 Opting Out of Advertising and Analytics

You can opt out of advertising and analytics tracking in several ways:

  • Click "Do Not Sell or Share My Personal Information" in the footer of our Website and submit the form.
  • Enable the Global Privacy Control in a supporting browser or browser extension.
  • Opt out of personalized advertising through the Digital Advertising Alliance (https://optout.aboutads.info) or the Network Advertising Initiative (https://optout.networkadvertising.org).
  • Adjust your ad preferences directly with Meta (https://www.facebook.com/settings?tab=ads) and Google (https://adssettings.google.com).
  • Email support@toknowoneself.co and state that you wish to opt out of the "sale" or "sharing" of your personal information.

6. How We Share Information

We share information in the limited circumstances described below. We do not sell personal information for money.

6.1 Categories of Recipients

We may share information with the following categories of recipients:

  • Licensed healthcare providers and medical groups: to facilitate your requested telehealth consultations, prescriptions, and ongoing care.
  • Compounding and dispensing pharmacies: to fulfill prescriptions written by your provider.
  • Laboratories: to order, process, and interpret laboratory tests you have requested.
  • Telehealth technology vendors: to host secure video consultations.
  • Payment processors and financing partners: including Stripe and Cherry, to process payments and offer financing.
  • Shipping and logistics carriers: including cold-chain carriers for temperature-sensitive medications.
  • Identity verification services: to confirm your identity during enrollment and prescription fulfillment.
  • Cloud infrastructure and hosting providers: that store data in secured, access-controlled environments.
  • Customer relationship management (CRM), email, SMS, and communications platforms: including GoHighLevel, to manage communications, scheduling, and follow-up.
  • Analytics and advertising partners: as described in Section 5.
  • Professional advisors: attorneys, auditors, accountants, and insurers, bound by duties of confidentiality.
  • Governmental authorities and courts: when required by law, subpoena, or legal process, or to protect against fraud, harm, or threats to safety.
  • Corporate transactions: in the event of a merger, acquisition, financing, reorganization, or sale of assets, to counterparties and their advisors (subject to confidentiality protections).

6.2 Vendor Controls

We enter into written agreements with service providers that require them to use information only for the purposes we authorize, implement appropriate security safeguards, and, where applicable, sign Business Associate Agreements ("BAAs") consistent with HIPAA. Where a vendor engages subcontractors that may access patient information, our agreements require the same level of data protection to flow down. We conduct periodic reviews of our vendor agreements and data handling practices. Patients may request a list of the categories of service providers with whom their information has been shared by contacting support@toknowoneself.co.

7. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA").

7.1 Categories Collected, Sources, Purposes, and Disclosures

In the preceding twelve months, we have collected the following categories of personal information from the sources, for the business or commercial purposes, and disclosed the categories to the recipients listed below. Each bullet below represents one CCPA category (A–L):

  • Category A — Identifiers (name, email, phone, IP, account ID). Collected: Yes. Sources: You; automated; third parties. Disclosed to: Providers, pharmacies, payment processors, CRM vendors, advertising partners.
  • Category B — Customer records (billing address, payment info). Collected: Yes. Sources: You; payment processors. Disclosed to: Payment processors, accounting vendors.
  • Category C — Protected classification characteristics (age). Collected: Yes. Sources: You; age verification services. Disclosed to: Providers, identity verification services.
  • Category D — Commercial information (purchases, interests). Collected: Yes. Sources: You; automated. Disclosed to: Payment processors, CRM vendors, advertising partners.
  • Category E — Biometric information. Collected: No. Sources: —. Disclosed to: —.
  • Category F — Internet or network activity. Collected: Yes. Sources: Automated. Disclosed to: Analytics providers, advertising partners.
  • Category G — Geolocation (approximate). Collected: Yes. Sources: Automated (IP-based). Disclosed to: Analytics providers, advertising partners.
  • Category H — Sensory data (call recordings where disclosed). Collected: Limited. Sources: You. Disclosed to: Telephony vendors, CRM vendors.
  • Category I — Professional or employment information. Collected: No. Sources: —. Disclosed to: —.
  • Category J — Education information. Collected: No. Sources: —. Disclosed to: —.
  • Category K — Inferences from other categories. Collected: Yes. Sources: Automated. Disclosed to: CRM vendors, advertising partners.
  • Category L — Sensitive personal information (credentials, health, sexual health inquiries). Collected: Yes. Sources: You. Disclosed to: Providers, pharmacies, laboratories.

7.2 "Sale" and "Sharing" of Personal Information

We do not sell personal information in exchange for money. However, our use of certain advertising cookies and pixels (including those operated by Meta and Google) may constitute a "sale" or "sharing" of personal information for cross-context behavioral advertising under CCPA. In the preceding twelve months, the categories of personal information that may have been "sold" or "shared" in this sense are: Identifiers (Category A), Internet or network activity (Category F), Geolocation (Category G), and Inferences (Category K).

We do not knowingly sell or share the personal information of consumers under 16 years of age. Our Services are not directed to individuals under the age of 18.

We do not use or disclose sensitive personal information for purposes other than those permitted by California Civil Code Section 1798.121(a).

7.3 Your California Privacy Rights

If you are a California resident, you have the following rights:

  • Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties to whom we have disclosed the information.
  • Right to Delete: request deletion of personal information we have collected from you, subject to exceptions.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: direct us to stop "selling" or "sharing" your personal information.
  • Right to Limit Use of Sensitive Personal Information: although we do not use sensitive personal information for purposes that trigger this right, you may still submit a request.
  • Right to Non-Discrimination: we will not deny services, charge different prices, or provide a different level of quality because you exercised your privacy rights.

7.4 How to Exercise Your California Rights

You can submit a privacy request through any of the following methods:

  • Email: support@toknowoneself.co with the subject "California Privacy Rights Request."
  • Phone: (775) 502-1000.
  • Online: Submit a request through the "Do Not Sell or Share My Personal Information" link in our Website footer.

We will verify your identity before fulfilling a request by matching information you provide with information in our records. You may designate an authorized agent to make a request on your behalf by providing written permission and verification. We will respond to verifiable requests within 45 days, with a possible 45-day extension where reasonably necessary.

7.5 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. To make such a request, email support@toknowoneself.co.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, satisfy legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements. Retention periods are determined based on the following criteria:

  • Medical and prescription records: retained for the period required by applicable federal and state law (typically a minimum of 7 years from the date of last service, and longer for minors or specific record types).
  • Account and transaction records: retained for the life of your account plus the period required by tax and accounting laws (typically 7 years).
  • Marketing records: retained until you opt out or for 3 years of inactivity, whichever is shorter.
  • Website and analytics logs: typically retained for 14 months, consistent with platform defaults.
  • Communication records: retained for 3 years for quality assurance, compliance, and legal purposes.

When information is no longer needed and retention is not required by law, we take reasonable steps to securely delete or de-identify it.

9. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction. These safeguards include:

  • Encryption of data in transit using TLS 1.2 or higher.
  • Encryption of sensitive data at rest using industry-standard algorithms (including AES-256).
  • Role-based access controls and the principle of least privilege.
  • Multi-factor authentication for personnel with access to patient data.
  • Audit logging and continuous security monitoring.
  • Regular vulnerability assessments and security reviews of our systems and vendors.
  • Employee training on privacy and security requirements, including HIPAA.
  • Written information security policies and incident response procedures.

No method of transmission over the internet or method of electronic storage is completely secure. You are responsible for safeguarding your account credentials and for notifying us promptly of any suspected unauthorized access to your account.

10. Children

Our Services are not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verified parental consent, we will take steps to delete that information. If you believe a child has provided personal information to us, please contact support@toknowoneself.co.

11. International Users

Our Services are intended for users in the United States. We do not currently offer Services to individuals located in the European Economic Area, the United Kingdom, or other jurisdictions outside the United States, and we do not target advertising to individuals in those jurisdictions. If you access the Website from outside the United States, your information will be transferred to, stored, and processed in the United States, which may not have the same data protection laws as your country.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date above and, where appropriate, provide additional notice by email or a prominent notice on the Website. Your continued use of the Services after the effective date of any updated Policy constitutes your acceptance of the updated Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact us:

  • To Know Oneself Optimized Wellness LLC
  • Attention: Privacy Officer
  • 6490 S McCarran Blvd, Ste 30, Bldg D
  • Reno, NV 89509
  • Email: support@toknowoneself.co
  • Phone: (775) 502-1000

Telehealth Informed Consent

By using the services provided by To Know Oneself Optimized Wellness, you acknowledge and agree to the following regarding the delivery of healthcare services via telehealth:

  • Nature of Telehealth Services. Telehealth involves the delivery of healthcare services using electronic communications, information technology, or other means between a healthcare provider and a patient who are not in the same physical location. This may include assessment, diagnosis, consultation, treatment, education, care management, and self-management of a patient.
  • Limitations of Telehealth. Telehealth has potential limitations compared to in-person medical encounters, including but not limited to: the inability to perform a hands-on physical examination, possible technology failures, and potential delays in evaluation and treatment due to deficiencies or failures of equipment or connectivity. In rare cases, information transmitted may not be sufficient to allow for appropriate medical decision-making.
  • Risks and Benefits. As with any medical procedure, there are potential risks and benefits associated with telehealth. Benefits may include improved access to care, convenience, and the ability to receive care from your own location. Risks may include incomplete medical information, technology malfunctions, or unauthorized access to your health data despite reasonable safeguards.
  • Your Rights. You have the right to withhold or withdraw consent to telehealth services at any time without affecting your right to future care or treatment. You have the right to request an in-person consultation or referral to a local provider at any time. Your provider retains the right to determine that telehealth is not appropriate for your condition and may recommend in-person evaluation.
  • Privacy and Security. All telehealth interactions are conducted using technology that is designed to protect the privacy and security of your health information in compliance with HIPAA. However, as with any internet-based communication, there are risks of a security breach. For more information, please review our HIPAA Notice of Privacy Practices.
  • Emergency Situations. Telehealth is not appropriate for medical emergencies. If you are experiencing a medical emergency, call 911 or go to your nearest emergency room immediately. Do not rely on telehealth services or this platform for emergency care.
  • Prescriptions. Medications, including controlled substances, may be prescribed via telehealth when clinically appropriate and in compliance with applicable federal and state law. Your prescribing provider will exercise independent medical judgment regarding all prescription decisions. Compounded medications are prepared by licensed compounding pharmacies and are not FDA-approved drugs.

By proceeding with services from To Know Oneself Optimized Wellness, you confirm that you have read this Telehealth Informed Consent, understand the nature and limitations of telehealth, and consent to receiving healthcare services via telehealth as described above.