Privacy Policy.

1. Scope & relationship to HIPAA.

This Privacy Policy describes how Limitless Performance Medicine handles personal information collected through our website (emergelimitless.com) and the patient portal (portal.emergelimitless.com).

If you become a Limitless patient, the protected health information (PHI) we collect about you in the course of providing care is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), its implementing regulations, and the Limitless Notice of Privacy Practices, which is provided to you at intake and available on request. Where this Privacy Policy conflicts with HIPAA or our Notice of Privacy Practices with respect to PHI, the HIPAA-compliant document controls.

2. Information we collect.

Information you provide

• Identifiers such as name, email address, phone number, mailing address, and date of birth;
• Intake information including medical history, current medications, symptoms, lifestyle data, and goals;
• Account credentials for the patient portal;
• Payment information (card number, billing address) — processed and stored by our payment processor (Stripe), not by us;
• Communications you send to us by email, secure portal message, or telephone.

Information collected automatically

• Device and browser information, IP address, referring URL, pages visited, and time spent;
• Cookies and similar technologies used to maintain sessions, remember preferences, and measure site performance.

Information from third parties

• Laboratory results from Quest, LabCorp, or other reference laboratories you authorize;
• Pharmacy fulfillment data from our 503A and 503B partners;
• Payment, fraud-prevention, and chargeback data from Stripe.

3. How we use your information.

We use the information we collect to:

• Provide and improve clinical services, including evaluation, lab interpretation, prescribing, and follow-up care;
• Operate the patient portal, telehealth platform, and secure messaging;
• Process payments, manage memberships, prevent fraud, and comply with tax and accounting requirements;
• Communicate with you about appointments, lab results, protocol updates, and service changes;
• Send marketing communications about Limitless services where you have consented and provide an opportunity to unsubscribe at any time;
• Comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.

4. How we share your information.

We do not sell your personal information. We share it only as follows:

• Treatment partners — laboratories, 503A and 503B compounding pharmacies, telehealth platform providers, and other healthcare entities involved in your care, as permitted by HIPAA.
• Service providers — vendors that support our operations (e.g., Stripe for payment processing, hosting providers, email and messaging providers, analytics) under contract obligations to protect your information and use it only on our instructions.
• Legal and safety — when required by law, subpoena, or court order; to protect the rights, property, or safety of patients, staff, or the public; or to respond to a public-health emergency.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality protections and continued application of this Privacy Policy.

5. Cookies & analytics.

We use cookies and similar technologies to operate the website, remember your preferences, and understand site performance. You can control cookies through your browser settings. Some features of the patient portal require cookies to function correctly.

6. Security.

We use administrative, technical, and physical safeguards designed to protect your information, including TLS encryption in transit, access controls, audit logging, and HIPAA-compliant infrastructure for the patient portal. No system is perfectly secure; if we discover a breach affecting your information, we will notify you as required by law.

7. Your rights.

Depending on your state of residence, you may have the right to access, correct, delete, or export the personal information we hold about you, and to opt out of certain uses. Patients additionally have the rights described in our HIPAA Notice of Privacy Practices, which include the right to access, amend, or request restrictions on your medical record. To exercise any of these rights, contact us at the address below.

8. Children's privacy.

The Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

9. Changes to this Policy.

We may update this Privacy Policy from time to time. The current version is always posted at emergelimitless.com/privacy with the "Last updated" date above. Material changes will be communicated to active patients by email or portal notification.

10. Contact.