This Privacy Policy sets forth how Xylem Wellness Systems LLC (hereinafter “Practice,” “Xylem,” “we,” “our,” or “us”), a Texas-based functional medicine practice committed to empowering men aged 30-50 to reclaim their health, collects, uses, and protects any information that you provide when you use our Website, enroll in our programs, or receive our services. The terms “you,” “your,” or “yours” refer to the user of our Website and/or participant in our programs.

By using the Website or enrolling in our programs, you consent to the data practices described in this Privacy Policy. If you do not agree to these terms, please do not access or use the Website or our services.

Xylem Wellness Systems LLC is committed to ensuring that your privacy is protected and that we comply with the Texas Data Privacy and Security Act (TDPSA), Texas state privacy laws, and all applicable federal consumer protection regulations governing the protection of your personal and clinical data.

1. CHANGES TO PRIVACY POLICY

We may change this Privacy Policy from time to time as our practices evolve or as required by law. When we make material changes, we will:

• Post the updated Privacy Policy on our Website with a new “Effective Date”
• Notify active clients via email of significant changes
• Obtain your consent where required by law

You acknowledge and agree that it is your responsibility to review this Website and Privacy Policy periodically and to be aware of any modifications. Your continued use of the Website or our services after such modifications will constitute your: (1) acknowledgement of the modified Privacy Policy and (2) agreement to abide and be bound by the modified Policy.

2. INFORMATION WE COLLECT

In accordance with the Texas Data Privacy and Security Act (TDPSA), Xylem Wellness Systems LLC strictly separates data collected on our public-facing Website from the clinical data required for your treatment. We practice data minimization, meaning we only collect what is reasonably necessary for each specific interaction.

A. Personal Identification Information (Public/Website) We may collect personal information such as:

• Name, date of birth, age (specifically targeting men aged 30-50)
• Email address, phone number, home or work address
• Payment and billing information
• Health insurance details (for superbill preparation only; we do not bill insurance directly)

B. Sensitive Health Data & Clinical Information As a fully licensed medical practice, we collect comprehensive health data to provide personalized functional medicine care. Note: Advanced diagnostics—such as genetic testing, microbiome evaluations, and comprehensive hormone testing —are never collected through the public Website or marketing forms. This clinical data is only collected via our secure, internal patient portal once a client is formally onboarded

• Medical History: Current and past medical conditions, medications, allergies, family health history
• Comprehensive Laboratory Results: Advanced blood work, genetic testing, stress hormone profiles, thyroid profiles, sex hormones, full metabolic and lipid evaluations, allergen testing, toxin levels, microbiome evaluations, and inflammatory markers.
• Diabetes-Related Data: A1C levels, fasting glucose, insulin levels.
• Prescription Information: Medications prescribed or de-prescribed, including weight-loss drugs (GLP-1s such as Ozempic), Testosterone Replacement Therapy (TRT), erectile dysfunction (ED) treatments, and other pharmaceuticals.
• Treatment Plans and Progress Notes: Medical assessments, clinical notes, treatment protocols

C. Biometric and Health Monitoring Data

• Continuous glucose monitor (CGM) data
• Blood pressure readings from provided monitoring cuffs
• Weight, body composition, and other biometric measurements from trackers provided in your toolkit

D. Lifestyle and Behavioral Information

• Food tracking logs and nutrition journals
• Daily schedules and time availability assessments
• Lifestyle habits, exercise patterns, sleep quality
• Progress photos (optional and with your explicit consent)
• Information you share during live group coaching calls
• Posts, comments, and interactions in our private community (optional participation)

E. Anonymous Demographic Information We may also collect anonymous demographic information that is not unique to you, such as zip code, age range, gender, preferences, interests, and favorites for program improvement and research purposes.

F. Technical and Website Usage Information Information about your computer hardware and software may be automatically collected, including IP address, browser type, domain names, access times, pages visited, and cookie data (see Section 11). This is used for business operations and general statistics, strictly separated from any clinical or Sensitive Health Data.

3. HOW WE USE YOUR INFORMATION

Xylem Wellness Systems LLC collects and uses your information to provide you with comprehensive, personalized functional medicine care and to operate our business effectively. Specifically, we use your information for:

A. Clinical Care and Treatment

• To create fully customized nutrition plans based on the foods you actually enjoy and your unique biology.
• To design personalized health protocols tailored to your diagnostic test results.
• To monitor your progress toward reversing type 2 diabetes, losing weight, and lowering your A1C.
• To help you optimize testosterone, reduce debilitating joint and lower back pain, and restore energy.
• To facilitate live group coaching calls with our licensed functional medicine doctor and experts.
• To prescribe medications (including GLP-1s, TRT, ED treatments) under close medical supervision when appropriate
• To create safe and effective de-prescribing plans to reduce your reliance on medications as your health improves.
• To provide secure telehealth consultations and white-glove medical oversight.

B. Program Delivery and Support

• To grant you access to our thriving private community of men on the same health journey (participation is optional).
• To provide educational resources, including our complete library of on-demand videos and guides.
• To facilitate communication between you and our team of specialists.

C. Administrative and Business Operations

• Internal record keeping and account management.
• To process payments, manage billing, and handle payment plans.
• To prepare superbills for you to submit to your insurance company for potential out-of-network reimbursement.
• To communicate with you about your program, appointments, and account status.

D. Service Improvement and Research

• To improve our Website, programs, products, and services based on your feedback.
• To analyze aggregate, non-identifiable data for market research and program optimization.

E. Marketing and Communications (with your consent)

• To periodically send promotional emails about new programs, products, services, or special offers.
• To share educational content, health tips, and success stories. You will be given the opportunity to opt-out of receiving marketing communications at any time.

F. Legal, Safety, and Compliance Purposes

• To comply with the TDPSA and other legal obligations.
• To respond to legal process, court orders, or subpoenas.
• To protect and defend our rights, property, and the safety of our clients and staff.

G. SMS and Mobile Communications If you choose to opt-in to our SMS/text messaging program, we use your mobile number to send essential appointment reminders, scheduling links, and administrative program updates.

• Opt-In: You consent to receive recurring text messages by checking the consent box during registration.
• Frequency: Message frequency varies based on your program activity.
• Rates: Message and data rates may apply.
• Opt-Out: Text “STOP” to our number at any time to cancel.
• Clinical Data: In accordance with TCPA compliance, we will not transmit sensitive health information, diagnoses, or detailed treatment protocols via standard SMS.

4. HOW WE SHARE YOUR INFORMATION

Xylem Wellness Systems LLC takes your privacy seriously. We will never sell, rent, or lease your Personal Information or Sensitive Health Data to third parties for marketing purposes. We only share your information in the following limited circumstances:

A. Within Our Medical Team Your Clinical Data is accessible only to authorized members of our care team who need the information to provide your treatment, including:

• Our licensed functional medicine doctor.
• Health/wellness experts and integrators directly involved in your care.
• Administrative staff and Setters necessary for scheduling, triage, and program coordination (under strict confidentiality agreements).

B. Secure Third-Party Service Providers We share your information only with carefully vetted third-party service providers necessary to execute your customized health plan. These partners are bound by Data Processing Agreements (DPAs) and strict confidentiality clauses to protect your Sensitive Health Data. They include:

• Diagnostic Laboratories: For conducting blood work, genetic testing, hormone profiles, and other advanced diagnostics.
• Medical Device Companies: For CGM devices, biometric trackers, and tools included in your Welcome Kit.
• Telehealth Platforms: Secure, encrypted video conferencing services for virtual consultations.
• Pharmacy Partners: For fulfillment of prescriptions (GLP-1s, TRT, ED medications, peptides, etc.).
• Cloud Storage and IT Service Providers: Encrypted servers and data management systems.

C. Private Community Participation (Optional)

• Participation in our private community is entirely optional.
• Information you voluntarily share (posts, comments, progress updates) will be visible to other program members.
• Your full medical records, lab results, and Clinical Data are NEVER visible to other community members.

D. Superbills for Insurance Reimbursement

• We do not bill insurance directly.
• If you request a superbill for out-of-network insurance reimbursement, we will provide you with a document containing necessary diagnosis and service codes. Once we provide it to you, you are responsible for submitting it to your insurer.

E. Family Members or Friends in Your Program If you add adult family members to your program, their personal and health information will be collected and used in the same manner described in this Privacy Policy, and each participant must individually consent to these terms.

F. Legal Requirements and Public Safety We may disclose your Personal Information or Clinical Data without your consent when required or permitted by law, including in response to a court order, subpoena, or to law enforcement in cases of suspected abuse, neglect, or imminent harm.

G. Business Transfers If Xylem Wellness Systems LLC is sold, merged, or acquired, your data may be transferred to the new owner, who will be required to honor this Privacy Policy.

H. Mobile Information Privacy Exception No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties.

5. ACCESS BY THIRD PARTIES AND SOCIAL MEDIA

Important Notice: Whenever you make your Personal Information available for access or viewing by third parties through our Website, community forums, or social media platforms, the information you share can also be seen, collected, and used by those third parties. We cannot be responsible for any unauthorized third-party use of information that you voluntarily share in public or semi-public forums.

6. DATA SECURITY AND PROTECTION

Xylem Wellness Systems LLC takes comprehensive precautions to protect your Personal Information and Clinical Data. We implement physical, technical, and administrative safeguards in accordance with industry best practices and the TDPSA.

A. Technical Safeguards

• Encryption: All sensitive Personal Information and Clinical Data are encrypted during transmission and at rest using industry-standard methods.
• Access Controls: We use strict role-based access controls to ensure that only authorized personnel can access your Clinical Data based on their job functions.
• Secure Authentication: Multi-factor authentication (MFA) is required for team member accounts.

B. Physical Safeguards

• While our program is 100% virtual, any physical records or secure devices are stored in locked facilities with restricted access.
• Workstations are secured and password-protected.

C. Administrative Safeguards

• Data Privacy Training: All employees and contractors receive regular training on data privacy and security and sign confidentiality agreements.
• System Separation: We maintain strict separation between marketing platforms and clinical documentation systems to prevent accidental data exposure.

D. Data Breach Notification In the unlikely event of a data breach that affects your Personal Information or Sensitive Health Data, we will conduct a thorough investigation and notify you in accordance with applicable Texas state data breach notification laws, outlining what happened and the steps taken to secure your data.

E. Limitations of Data Security Important Disclaimer: While we use industry-leading security measures, no data transmission over the Internet can be guaranteed to be 100% secure. You acknowledge that you use our Website and services at your own risk with respect to these inherent Internet security limitations.

7. DATA RETENTION AND DELETION

A. Retention Period

• Active Clients: We retain your data for as long as you are actively enrolled in our program.
• Inactive Clients: We retain your medical records and Clinical Data for at least 7 years from the date of your last service, in accordance with Texas medical record retention laws.
• Billing Records: Retained for the period required by applicable tax laws (typically 7 years).

B. Secure Storage and Disposal Archived records are securely stored. When the retention period expires, we ensure secure disposal through permanent electronic deletion or physical destruction.

8. YOUR RIGHTS UNDER THE TDPSA

As a consumer and client of Xylem Wellness Systems LLC, your digital privacy rights are governed by the Texas Data Privacy and Security Act (TDPSA). You have the right to:

• Access: Request confirmation of whether we are processing your personal data and request access to that data.
• Correction: Request correction of inaccuracies in your personal data.
• Deletion: Request deletion of personal data provided by or obtained about you (subject to legal exceptions, such as Texas medical record retention laws requiring us to maintain clinical records for 7 years).
• Opt-Out: Opt out of the processing of your personal data for targeted advertising or the sale of personal data. (Note: Xylem Wellness Systems LLC does not sell your personal data).

To exercise any of these rights, please contact us at info@xwellness.health.

9. PASSWORDS AND ACCOUNT SECURITY

A. Your Responsibility You may be issued a unique username and password. You are responsible for maintaining the confidentiality of your credentials and all activities that occur under your account. You must notify Practice immediately of any unauthorized use.

B. Prohibition on Sharing You are NOT permitted to share your username and/or password with anyone. Doing so puts your Clinical Data at risk, and Practice reserves the right to terminate your access immediately.

10. TELEHEALTH AND VIDEO CALL PRIVACY

As a 100% virtual functional medicine practice, we are committed to protecting your privacy during all virtual interactions.

A. Secure Platforms We use encrypted telehealth and video conferencing platforms that provide secure, password-protected meeting rooms.

B. Recording Policy Live group coaching calls and individual consultations are NOT recorded unless you provide explicit written consent in advance.

C. Interstate Telehealth Compliance Our practice and medical team are based in Texas. If you are located outside of Texas, you must inform us of your location, as telehealth regulations vary by state.

11. USE OF COOKIES AND TRACKING TECHNOLOGIES

A. What Are Cookies? A cookie is a small piece of data stored on your computer’s hard drive to help us improve your Website experience.

B. How We Use Cookies We use cookies to remember preferences, analyze website traffic, enable account functionality, and provide a better user experience.

C. Third-Party Analytics We may use tools like Google Analytics to collect aggregated, anonymized usage data (e.g., pages visited, device type). We do NOT use cookies or tracking pixels to collect or transmit Sensitive Health Data or clinical details.

12. AGE REQUIREMENTS AND ELIGIBILITY

Our programs and services are designed exclusively for adults aged 18 years and older, specifically targeting men aged 30-50. We do not knowingly collect information from minors.

13. INFORMATION ACCURACY AND CORRECTION

We rely on you to provide accurate information, especially regarding your medical history , current medications, and food tracking logs , as this data is critical to your clinical clearance and the effectiveness of your care. You may request corrections to your data by contacting us directly.

14. MARKETING COMMUNICATIONS AND OPT-OUT

With your consent, we may send promotional emails. You have the right to opt-out at any time by clicking “Unsubscribe” in the email or contacting us. Essential communications related to your care, appointments, or billing will still be sent regardless of marketing opt-out status.

15. YOUR CHOICES: MANAGING YOUR INFORMATION

You have options to manage your information. Contact us at info@xwellness.health to:

• Access or correct your data
• Request deletion of your data (subject to medical retention laws)
• Opt-out of marketing
• Withdraw previously provided consent

16. COMPLIANCE WITH TEXAS PRIVACY LAWS

Xylem Wellness Systems LLC operates strictly as a cash-based functional medicine practice. We do not engage in standard electronic transactions (such as insurance billing) that would classify us as a covered entity under HIPAA. Therefore, our data privacy practices are governed by the Texas Data Privacy and Security Act (TDPSA), the Texas Medical Practice Act, and applicable state consumer protection laws.

We operate on the principle: “We don’t guess, we test”. This commitment to rigorous, evidence-based care extends to how we protect your information—using focused, secure, and legally accurate data practices.

17. CONTACT INFORMATION

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Xylem Wellness Systems LLC Email: info@xwellness.health

18. ACKNOWLEDGMENT AND CONSENT

By using our Website, enrolling in our programs, or receiving our services, you acknowledge that you have read and understood this Privacy Policy. During the onboarding process, you will be asked to provide separate written consent through our internal TDPSA Privacy and Clinical Consent Forms to authorize the secure processing of your specific diagnostic and biometric data.

19. SEVERABILITY

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect.

20. GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of the State of Texas and applicable federal consumer protection laws, without regard to conflicts of law principles.