Bon Health
Legal

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy (the "Privacy Policy") describes how Bon Health Corporation, a Delaware corporation ("Bon Health," "we," "us," or "our"), collects, uses, discloses, and safeguards information in connection with your access to and use of bonhealth.io (the "Site").

By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy and that you consent to the collection, use, and disclosure of information as described herein and in accordance with applicable law. If you do not agree with this Privacy Policy, do not access or use the Site.

This Privacy Policy is incorporated by reference into our Terms of Service. Capitalized terms not defined here have the meanings given in our Terms of Service.

1. Scope

This Privacy Policy applies to information collected through the Site. It does not apply to:

  • Information collected by any Medical Group, Provider, Pharmacy, Lab, or other component of the Partner Platform (as those terms are defined in our Terms of Service and Medical Disclaimer). Those parties maintain their own privacy practices, including, where applicable, Notices of Privacy Practices issued under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations ("HIPAA");
  • Information collected by any third-party website, application, service, or platform that is linked from the Site; or
  • Information collected offline or through any channel other than the Site.

The Site is a marketing and informational surface. It is not a clinical platform and is not designed to collect health information from you. Please do not submit health, medical, mental-health, substance-use, reproductive, genetic, biometric, or other sensitive information through contact forms, email, or any other channel on the Site. If you wish to engage with clinical services, you will be directed to the Partner Platform, where your information will be handled under that platform's privacy practices.

2. HIPAA and Health Information

Bon Health is not a "covered entity" under HIPAA. One or more Medical Groups, Providers, Pharmacies, or Labs that make up the Partner Platform may be "covered entities" or "business associates" under HIPAA, and Bon Health may in limited circumstances act as a "business associate" of one or more such entities. HIPAA does not necessarily apply to a given entity or communication merely because health information is involved; HIPAA may or may not apply to your interactions with Bon Health, the Partner Platform, or any affiliated entity.

To the extent that Bon Health is deemed a business associate under HIPAA, and solely in that capacity, Bon Health will handle "protected health information" as defined by HIPAA ("PHI") in accordance with its business associate obligations. Health information subject to specific protections under applicable state laws (together with PHI, "Protected Information") will be handled in accordance with those laws. Information that is not Protected Information under applicable law may be used and disclosed as described in this Privacy Policy.

Consumer health data that is not PHI may be subject to separate state-law consumer-health-data privacy regimes (including, without limitation, Washington's My Health My Data Act, Nevada's SB 370, and Connecticut's expanded consumer-health-data provisions). To the extent such laws apply, we will handle such consumer health data in accordance with those laws; additional disclosures regarding consumer health data may be provided in a supplemental notice.

3. Information We Collect

We collect information in the following categories.

3.1 Information You Provide Directly

When you interact with the Site, you may choose to provide information to us, including:

  • Contact information, such as your name, email address, phone number, and mailing address, when you submit a contact form, sign up for communications, or otherwise reach out to us.
  • Communications, including the content of emails, chat messages, or other correspondence you send to us, together with any attachments.
  • Survey, feedback, or testimonial information, if you voluntarily participate in a survey, questionnaire, review, or testimonial.
  • Marketing preference information, such as the treatment categories or therapy areas you indicate an interest in, and your communication-channel preferences, when you sign up to receive marketing communications.
  • Employment-related information, if you apply for a position with us through the Site (separately disclosed under our candidate privacy practices).

3.2 Information Collected Automatically

When you visit the Site, certain information is collected automatically through your device, browser, and interactions with the Site, including:

  • Identifiers and device information, such as Internet Protocol ("IP") address, device identifiers, device type, operating system, browser type and version, language settings, time zone, and screen resolution.
  • Usage information, such as pages and screens viewed, links clicked, time and duration of visits, navigation paths, scroll behavior, referring and exit URLs, and timestamps.
  • Approximate location information, derived from your IP address (generally at the city, region, or country level).
  • Cookie and similar-technology identifiers, including first-party and third-party cookies, pixels, tags, local and session storage, embedded scripts, web beacons, and software development kits.
  • Session and attribution information, including campaign identifiers, click identifiers, anonymous session identifiers, and similar parameters that may be appended to URLs or stored in your browser when you arrive at the Site from advertising, email, search, social media, or referral sources.

3.3 Information From Third Parties

We may receive information about you from third parties, including:

  • Advertising, analytics, and measurement partners, who may share information about your interactions with our advertisements, campaigns, or referral sources.
  • Social media platforms, if you engage with our pages, accounts, or advertisements on those platforms.
  • Service providers and vendors, who assist us in operating, securing, or improving the Site.
  • Publicly available sources, such as public records and publicly accessible databases.

3.4 Inferences

We may generate inferences from the information described above — for example, inferences about your likely interests, preferences, and responses to our content or advertising.

3.5 Information We Do Not Intentionally Collect Through the Site

We do not intentionally collect PHI, Social Security numbers, government-issued identification numbers, financial account numbers, payment card information, children's information, biometric identifiers, geolocation data more precise than city or region, or other sensitive personal information through the Site. If you submit such information voluntarily, you do so at your own risk, and we will handle the information in accordance with applicable law.

4. How We Use Information

We use the information we collect for the following purposes:

  • To operate, maintain, secure, and improve the Site and our business;
  • To respond to your inquiries, communications, messages, and requests;
  • To send you marketing communications, newsletters, or updates, consistent with your preferences and applicable law, as described in Section 14 and in our Marketing Communications Consent & SMS/Email Program Terms;
  • To measure, analyze, optimize, and report on the effectiveness of our advertising, marketing, content, and campaigns, including attribution of conversions and lifetime-value analyses;
  • To personalize content, features, offers, recommendations, and advertising both on the Site and on third-party platforms;
  • To conduct research, analytics, product development, and internal business operations, including usage analytics and A/B testing;
  • To detect, investigate, and prevent fraud, abuse, spam, security incidents, and unauthorized activity, and to enforce our Terms of Service;
  • To comply with applicable laws, regulations, legal processes, government or regulatory requests, audits, and obligations of our licensors and partners; and
  • To establish, exercise, or defend legal claims, and to protect the rights, property, or safety of Bon Health, our users, our personnel, our partners, or the public.

We may aggregate or de-identify information so that it can no longer reasonably be linked to you and may use and disclose such aggregated or de-identified information for any purpose permitted by applicable law.

5. How We Share Information

We may share information in the following circumstances:

  • With service providers and vendors, such as hosting, infrastructure, analytics, advertising, marketing, email and SMS delivery, customer support, fraud prevention, security, and professional service providers (including legal, accounting, and tax), each of whom processes information on our behalf under contractual obligations consistent with this Privacy Policy.
  • With advertising, measurement, and social media partners, to deliver, measure, attribute, and optimize advertising across the Site, third-party websites, and platforms, and to build and serve audience segments.
  • With the Partner Platform, including for purposes of measuring the relationship between your visit to the Site and any resulting service, and enabling the Partner Platform to provide services you request.
  • With our corporate affiliates and subsidiaries, for purposes consistent with this Privacy Policy.
  • In connection with a corporate transaction, such as a merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, or sale or transfer of all or a portion of our assets, in which information may be transferred to successors, acquirers, or other transaction counterparties, subject to customary confidentiality restrictions.
  • For legal, compliance, and safety purposes, including to comply with applicable law, regulation, subpoena, court order, or other legal process; to respond to lawful requests from governmental authorities; to enforce our agreements and policies; and to protect the rights, property, or safety of Bon Health, our users, or others, including for fraud prevention and risk-management purposes.
  • With your consent, or at your direction.

We do not disclose information to third parties for their own independent direct marketing purposes without your consent. As described in Section 14, we do not sell or share your mobile telephone number or text-message consent, and we do not share that information with third parties or affiliates for their own marketing or promotional purposes.

5.1 "Sale" or "Sharing" of Personal Information

We do not sell your personal information in exchange for monetary consideration. However, certain disclosures of personal information to advertising, analytics, measurement, and social media partners for cross-context behavioral advertising purposes may qualify as a "sale" or "sharing" of personal information under certain U.S. state privacy laws, including the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, Cal. Civ. Code § 1798.100 et seq. ("CCPA"), and comparable laws in Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. You may exercise your right to opt out of such sharing as described in Section 10 below.

We do not knowingly "sell" or "share" the personal information of individuals under 16 years of age.

6. Cookies, Pixels, and Similar Technologies

We and our service providers use cookies and similar technologies (collectively, "Cookies") to operate the Site, remember your preferences, measure performance, conduct analytics, and deliver targeted advertising. Cookies may be set by us (first-party) or by third parties (third-party), and may persist for a single session or for longer periods.

The categories of Cookies we use include:

  • Strictly necessary Cookies, which are required for the Site to function and cannot be disabled through our consent management tools.
  • Functional Cookies, which remember preferences and enhance usability.
  • Analytics and performance Cookies, which help us understand how visitors interact with the Site and improve performance.
  • Advertising, marketing, and measurement Cookies, which we and our partners use to deliver relevant advertising, measure its effectiveness, and attribute conversions across websites, apps, and platforms.

Where required by applicable law, we request your consent to non-essential Cookies through a consent banner or similar mechanism. You can manage your Cookie preferences at any time by:

  • Adjusting the Site's cookie settings or "Your Privacy Choices" control;
  • Adjusting your browser settings to refuse or delete Cookies;
  • Using industry opt-out mechanisms (including those operated by the Digital Advertising Alliance at optout.aboutads.info, the Network Advertising Initiative at optout.networkadvertising.org, and, for users in the EEA/UK, the European Interactive Digital Advertising Alliance at youronlinechoices.eu); or
  • Using a legally recognized opt-out preference signal, such as the Global Privacy Control ("GPC"), where required by applicable law.

Disabling Cookies may affect Site functionality. We do not currently respond to browser "Do Not Track" signals because no uniform industry standard exists for interpreting them.

7. Advertising and Analytics

We use third-party advertising, measurement, and analytics providers to help us advertise our products and services to you, understand how the Site is used, and attribute conversions. These providers may set and read Cookies on your device, receive information about your activities on the Site and elsewhere over time, and combine such information with data from other sources. Some providers act as our service providers; others act as independent controllers or businesses for their own purposes. You can learn more and manage your preferences through the tools identified in Section 6 above.

8. Data Retention

We retain information for as long as is necessary to fulfill the purposes described in this Privacy Policy, subject to applicable law. Retention periods depend on the type of information and the purposes for which it is used, including:

  • Contact and communications: for as long as necessary to respond to and follow up on your inquiry, plus a reasonable additional period for recordkeeping, dispute resolution, and regulatory or tax requirements.
  • Marketing data: until you unsubscribe or object, and for a reasonable subsequent period consistent with applicable law, including records of consent and opt-out necessary to demonstrate compliance.
  • Technical, analytics, and attribution data: for the periods consistent with our analytics retention settings and applicable law.
  • Records required for legal or regulatory compliance: for the periods required by applicable law.

When information is no longer needed, we will delete, anonymize, or aggregate it in accordance with applicable law.

9. Information Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction, consistent with the sensitivity of the information and applicable law. No method of transmission over the internet or electronic storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for safeguarding any credentials you use in connection with the Site and for notifying us promptly of any suspected unauthorized access.

10. Your Privacy Rights

Depending on your state or country of residence, you may have certain rights regarding your personal information. We honor rights as required by applicable law.

10.1 U.S. State Privacy Rights

Residents of certain U.S. states — including, as applicable, California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia — may have the following rights, subject to the conditions and exceptions of the applicable law:

  • Right to Know / Access. You have the right to request that we disclose the categories and, in some cases, specific pieces of personal information we have collected about you, along with the sources, purposes, and categories of third parties to which we have disclosed such information.
  • Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
  • Right to Delete. You have the right to request that we delete personal information we have collected about you, subject to exceptions under applicable law (for example, where we are required to retain information to comply with a legal obligation or to complete a transaction you requested).
  • Right to Data Portability. You have the right to obtain a copy of your personal information in a portable and, where feasible, readily usable format.
  • Right to Opt Out of (a) the sale or sharing of personal information, (b) targeted advertising, and (c) profiling in furtherance of decisions that produce legal or similarly significant effects.
  • Right to Limit the use and disclosure of "sensitive personal information" (as defined by applicable law), where applicable.
  • Right to Non-Discrimination. You have the right not to be discriminated against for exercising your rights.
  • Right to Appeal, where provided by applicable law, if we decline to act on your request.

10.2 California-Specific Rights

If you are a California resident, the CCPA provides you with additional rights, including those described in Section 10.1 above. California residents also have rights under California Civil Code § 1798.83 (the "Shine the Light" law) to request information regarding our disclosures of personal information to third parties for those third parties' direct marketing purposes. As noted above, we do not disclose personal information to third parties for their own direct marketing purposes. California residents may also have rights under California's "Eraser" law (Cal. Bus. & Prof. Code § 22581) relating to removal of content posted by minors.

10.3 Consumer Health Data Rights

If you are a resident of Washington, Nevada, Connecticut, or another jurisdiction with a consumer-health-data privacy law, you may have additional rights regarding "consumer health data" or similarly defined data as defined by such law, including rights to access, delete, and withdraw consent. Please contact us as described below to exercise these rights.

10.4 Nevada Residents

Nevada residents have the right, under Nev. Rev. Stat. § 603A.340, to submit a verified request directing us not to sell certain "covered information" (as defined in that statute). Please contact us as described below.

10.5 Rights of Residents of the EEA, the United Kingdom, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have rights under the General Data Protection Regulation ("GDPR"), the UK GDPR, or equivalent laws, including the rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (where processing is based on consent). You also have the right to lodge a complaint with a supervisory authority.

The legal bases on which we process personal information may include: your consent; the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; compliance with legal obligations to which we are subject; and our legitimate interests (including operating, securing, and improving the Site, conducting analytics and marketing, and preventing fraud), balanced against your rights and interests.

10.6 How to Exercise Your Rights

To exercise any right described above, please email contact@bonhealth.io with a description of your request. We will respond within the time required by applicable law. We may need to verify your identity before fulfilling certain requests, and may request additional information for that purpose; any information provided for verification will be used only for that purpose and for security or fraud-prevention purposes.

You may authorize an agent to submit a request on your behalf, subject to verification that the agent is authorized to act for you and that you are the consumer on whose behalf the request is being made.

If we deny your request, we will inform you of the reason and, where applicable, your right to appeal. We will not discriminate against you for exercising any of these rights.

11. Children's Privacy

The Site is not directed to, nor intended for use by, children under the age of 18, and we do not knowingly collect personal information from individuals under 18. We do not knowingly sell or share the personal information of individuals under 16 years of age. If you believe a child under 18 has provided personal information to us through the Site, please contact us at contact@bonhealth.io and we will take appropriate steps to delete such information.

12. International Data Transfers

Bon Health is based in the United States, and information we collect may be processed, stored, and transferred in the United States and other jurisdictions that may have data-protection laws different from those of your country of residence. Where required by applicable law, we implement appropriate safeguards for cross-border transfers, including standard contractual clauses or other lawful transfer mechanisms.

13. Third-Party Sites and Services

The Site may contain links to third-party websites, applications, services, or platforms, including the Partner Platform and social media platforms. This Privacy Policy does not apply to information collected by those third parties. We encourage you to review the privacy policies of any third parties before providing them with information.

14. Marketing Communications; SMS and Email

We offer marketing email and text-message (SMS/MMS) programs that you may choose to join. Our marketing communications are governed by our Marketing Communications Consent & SMS/Email Program Terms (the "Marketing Terms"), which describe the communications you may receive, how you provide and revoke consent, message frequency, and message-and-data-rate disclosures, and which are incorporated by reference into our Terms of Service. By opting in to a marketing program, you agree to the Marketing Terms.

Our marketing programs are interest-based. If you tell us you are interested in a particular treatment category or therapy area, we may use that stated interest to send you relevant marketing communications. We do not use PHI, medical records, diagnoses, lab results, prescription history, or clinical intake information to target, personalize, or deliver marketing communications to you.

You may opt out of marketing communications at any time and at no cost:

  • Email: click the "unsubscribe" link included in every marketing email, adjust your communication preferences where that option is available, or contact us at contact@bonhealth.io.
  • Text messages: reply STOP (or CANCEL, END, QUIT, UNSUBSCRIBE, or STOPALL) to any marketing text message, or contact us at contact@bonhealth.io. Reply HELP for help. Message and data rates may apply.

We honor opt-out and revocation requests made by any reasonable method, within the time required by applicable law.

Mobile information — including your mobile telephone number and your consent to receive text messages — is not sold, and is not shared with third parties or affiliates for their own marketing or promotional purposes. We may share such information with service providers that deliver messages on our behalf, subject to contractual restrictions consistent with this Privacy Policy.

Even if you opt out of marketing communications, we may continue to send you transactional, service-related, security-related, and other non-marketing communications, as further described in the Marketing Terms.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this document and, if the changes are material, we will provide additional notice (such as by email or by a prominent notice on the Site). Your continued use of the Site after the effective date of any revised Privacy Policy constitutes your acceptance of the changes.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Bon Health Corporation Attn: Privacy Email: contact@bonhealth.io

Medical emergency?Call 911 or go to the nearest emergency room. If you are in crisis, call or text 988 for the Suicide and Crisis Lifeline.