ZYP Medical, LLC

Privacy Policy

Last Updated: April 22, 2026

We take your privacy seriously. Please read this Privacy Policy carefully. It explains who we are, how and why we collect, use, disclose, store, and retain your personal information, your rights regarding that information, and how to contact us or supervisory authorities with complaints or requests.

Important: Protected Health Information (“PHI”) collected in connection with providing you health care services is primarily governed by our Notice of Privacy Practices under the Health Insurance Portability and Accountability Act (“HIPAA”), not by this Privacy Policy. Where this Privacy Policy and the Notice of Privacy Practices differ regarding PHI, the Notice of Privacy Practices controls.

1. Key Terms

We, us, our: ZYP Medical, LLC.

Data protection contact: josh@zypmed.com

Personal information: Any information relating to an identified or identifiable individual.

Special category personal information: Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership; genetic and biometric data; and data concerning health, sex life, or sexual orientation.

Sensitive personal information: Personal information revealing Social Security number, driver’s license, account numbers and credentials, precise geolocation, racial or ethnic origin, religious beliefs, or union membership; personal information concerning a consumer’s health, sex life, or sexual orientation; contents of mail, email, and text messages where the business is not the intended recipient; genetic data; biometric information; or citizenship and immigration status.

Biometric information: An individual’s physiological, biological, or behavioral characteristics used to establish identity, including imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, voice recordings, and keystroke, gait, sleep, or exercise data that contain identifying information.

2. Personal Information We Collect

We may collect and use the following categories of personal information:

Category

Examples

Collected?

Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, driver’s license number, or other similar identifiers.

Yes

Personal information (CA Records Statute)

Signature, physical characteristics or description, address, telephone number, driver’s license or state ID number, medical information, or health information.

Yes

Protected classifications

Age, race, color, ancestry, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (including gender identity/expression, pregnancy), sexual orientation, veteran or military status, genetic information.

Yes

Commercial information

Records of services purchased, obtained, or considered; purchasing or consuming histories.

Yes

Biometric information

Physiological, biological, or behavioral characteristics; DNA; fingerprint, face, voice recordings; keystroke, gait, sleep, health, or exercise data.

No

Internet and network activity

Browsing history, search history, interactions with our website, application, or advertisement.

Yes

Geolocation data

General location (state/city) to verify patient location at time of telehealth encounter. We do not collect precise GPS coordinates.

Yes (general only)

Sensory information

Audio, electronic, visual, thermal, olfactory, or similar information, including recordings of telehealth visits (if any are made and separately consented to).

Limited

Professional/employment info

Current or past job history or performance evaluations.

No

Education information (FERPA)

Non-public education records.

No

Inferences

Profile reflecting preferences, characteristics, predispositions, behavior, attitudes, or aptitudes.

No

Health information (PHI)

Medical history, diagnoses, medications, labs, vitals, telehealth visit notes, pharmacy information. Governed primarily by HIPAA.

Yes

If you do not provide personal information required for us to provide services, we may not be able to provide services to you.

3. How Your Personal Information Is Collected

We collect personal information from the following sources:

• You directly — in person, by telephone, text, email, video, intake forms, and our website;

• Third parties with your consent (e.g., your pharmacy, lab, or a prior treating provider);

• Advertising networks and analytics providers;

• Government entities and regulatory bodies;

• Operating systems and platforms;

• Social networks (if you interact with us through them);

• Publicly accessible sources;

• Cookies and similar technologies on our website;

• Our IT and security systems, including automated monitoring of our website, EHR, telehealth platform, and communications systems.

4. How and Why We Use Your Personal Information

We use personal information only when we have a proper reason, for example:

• To comply with our legal and regulatory obligations (including HIPAA, state licensure, and DEA);

• To perform our contract with you, to provide telehealth services, and to take steps at your request before entering into a contract;

• For legitimate interests — such as fraud prevention, quality assurance, and improving our services — where those interests are not overridden by your rights;

• Where you have given consent (e.g., marketing communications, SMS messaging, recording of visits).

Specific business purposes include:

• Verifying your identity and physical location at the time of a telehealth encounter;

• Evaluating, diagnosing, prescribing, and coordinating care, including sending prescriptions to pharmacies and orders to labs;

• Processing payments (we do not store payment card numbers; payment is processed by PCI-DSS-compliant third parties);

• Sending appointment reminders, follow-up messages, refill reminders, and administrative communications;

• Sending marketing communications (unless you opt out);

• Responding to questions, complaints, and claims;

• Complying with legal, regulatory, accreditation, and audit obligations.

5. Communications With You — Text (SMS/MMS), Email, and Phone

5.1 Consent to Contact

By providing your mobile phone number, email address, or other contact information to ZYP Medical — whether through our website, patient portal, intake forms, or during a telehealth encounter — you expressly consent to being contacted by ZYP Medical, LLC and its authorized staff, providers, contractors, and business associates (including our EHR, telehealth, pharmacy, lab, and messaging vendors) at the phone numbers and email addresses you provide, using any of the following methods:

• Text messages (SMS and MMS), including automated, pre-recorded, or AI-generated messages;

• Phone calls, including automated calls and pre-recorded voice messages;

• Email;

• Secure patient-portal messaging;

• Push notifications from any ZYP Medical mobile application you install.

5.2 Purposes of Communications

We may contact you for any of the following reasons:

• Appointment scheduling, reminders, rescheduling, cancellations, and intake follow-up;

• Clinical care coordination, lab result delivery, refill reminders, treatment follow-up, and responses to your clinical questions;

• Billing, payment, and account notifications (including failed payments and subscription renewals);

• Service updates, new service offerings, promotions, educational content, and marketing messages (you may opt out of marketing at any time without affecting clinical or transactional messages).

5.3 Message Frequency, Rates, and Disclosures

Message frequency varies based on your engagement with our services. Message and data rates may apply — check with your wireless carrier. ZYP Medical does not charge for text messages, but your carrier may. We do not sell or share your mobile number with third parties for their own marketing purposes. SMS opt-in data and consent will not be shared with third parties for marketing purposes.

5.4 Opting Out and Help

You can opt out of non-clinical text messages at any time by replying STOP to any text message from ZYP Medical. You may receive a one-time confirmation. For help, reply HELP or contact us at (402) 407-2847 or info@zypmed.com. Please note: opting out of text messages may affect our ability to deliver time-sensitive clinical information. You may also need to opt out separately through the patient portal for portal-based messages. To stop marketing emails, use the “unsubscribe” link at the bottom of any marketing email; transactional and clinical emails will continue.

5.5 Accuracy of Contact Information

You are responsible for providing accurate contact information and updating it when it changes. If you no longer use a phone number or email address you previously provided, you must notify us so we can update our records. ZYP Medical is not responsible for messages delivered to an out-of-date or reassigned number or address.

5.6 Security of Communications

Standard SMS and email are not encrypted end-to-end and are not considered secure channels for sensitive PHI. By consenting to receive communications by SMS or email, you acknowledge and accept the risks of unauthorized interception or disclosure inherent to these channels. For the most secure communications, use our patient portal. If you prefer that we not use SMS or email for any PHI-containing communications, notify us in writing and we will use only the patient portal, phone, or mail.

6. Who We Share Your Personal Information With

We routinely share personal information with:

• Our workforce, contractors, and providers who need the information to deliver care or operate the business;

• Service providers (business associates under HIPAA where applicable), including our EHR, telehealth platform, secure messaging and SMS vendors, pharmacies, laboratories, payment processors, fax/e-fax providers, shipping and delivery companies, website hosts, analytics providers, email vendors, and marketing platforms;

• Other third parties that help us run the business, such as professional advisors (attorneys, accountants) and insurers;

• Third parties you approve (e.g., a pharmacy you designate, a family member, or a social platform you link to);

• Law enforcement, regulatory bodies, courts, and government agencies when required by law or to protect the rights or safety of any person;

• A potential buyer or successor in the event of a sale, merger, or restructuring of our business. Where practicable, we will anonymize information.

Business associates are bound by HIPAA business-associate agreements or equivalent contractual privacy and security obligations. We do not sell your personal information.

7. Personal Information We Sell or Share

ZYP Medical does not sell your personal information or your PHI to any third party. We may share limited categories of personal information (such as identifiers and internet/network activity information) with our service providers and advertising platforms for the business purposes described above. You can exercise your rights regarding sharing for cross-context behavioral advertising using the controls in Section 10.

8. How Long We Keep Your Personal Information

We retain personal information for as long as we are providing services to you and, thereafter, for as long as is necessary to:

• Respond to questions, complaints, or claims made by you or on your behalf;

• Demonstrate that we treated you fairly;

• Comply with applicable record-retention laws, including medical-record retention laws of the state in which you received care (generally 7 years after the last date of service for adult patients, longer for minors, subject to state law).

Different retention periods apply to different categories of personal information. We dispose of personal information securely when it is no longer needed.

9. Your Rights

Depending on the state in which you live, you may have one or more of the following rights:

• Right to know what personal information we collect and how we use it;

• Right to access a copy of your personal information;

• Right to correct inaccurate personal information;

• Right to delete personal information, subject to legal and medical-record retention obligations;

• Right to opt out of sale or sharing of personal information;

• Right to limit the use of sensitive personal information;

• Right to portability;

• Right to non-discrimination for exercising your privacy rights.

HIPAA rights regarding your medical record — including the rights to inspect, obtain a copy, request amendments, request restrictions, and receive an accounting of disclosures — are described in our Notice of Privacy Practices.

9.1 How to Exercise Your Rights

Submit a request at www.ZYPmed.com/privacy-policy or email josh@zypmed.com. To verify your identity we may ask you for:

• Enough information to identify you (full name, date of birth, address, and patient or matter reference number, if applicable);

• Proof of your identity and address (e.g., a government-issued ID);

• A description of the right you wish to exercise and the information to which your request relates.

We are not obligated to respond to a request if we cannot verify that the person making it is you or is authorized to act on your behalf. Information you provide for verification is used only for verification.

10. Cookies, Analytics, and Advertising Choices

We use cookies and similar technologies for necessary website functions, analytics, and advertising. You can control cookies through our cookie banner or your browser settings. You can opt out of cross-context behavioral advertising by enabling Global Privacy Control in supported browsers and through the opt-out links we provide on our Site.

11. How We Protect Your Information

We maintain administrative, technical, and physical safeguards designed to protect personal information from accidental loss, unauthorized access, or unauthorized use. Access to personal information is limited to those with a genuine business need. Our workforce is subject to confidentiality obligations. We regularly test our systems, maintain a HIPAA security program, and follow industry-accepted practices for information security. We have procedures to investigate and respond to suspected data security incidents and will notify you and applicable regulators where legally required.

12. Children

Our services are intended for adults. We do not knowingly collect personal information from children under 13 (or under 18 for medical services, except as otherwise permitted by law and parental consent). If you believe a minor has provided personal information to us, contact us and we will take steps to delete it.

13. Changes to This Privacy Policy

This Privacy Policy was last updated on April 22, 2026. We may change it from time to time; any changes are effective when posted at www.ZYPmed.com/privacy-policy. For material changes, we will provide additional notice (such as by email to current patients or a banner on the Site). Your continued use of the Site or our services after changes are posted constitutes your acceptance of the revised Privacy Policy.

14. How to Contact Us

ZYP Medical, LLC

Attn: Joshua Peterson, FNP-C — Privacy / Data Protection

11922 Standing Stone Dr, Ste 200

Gretna, Nebraska 68028

Phone: (402) 407-2847

Fax: (480) 739-0434

Email (privacy): josh@zypmed.com

Email (general): info@zypmed.com

If you would like this notice in another format (for example, large print or audio), please contact us.

15. Consent

By using our Service, you consent to this Privacy Policy. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to this Privacy Policy.

16. Electronic Agreement

This Privacy Policy is an electronic agreement. By registering for the Service, clicking “I Agree” or “Accept,” or by using the Service in any manner, you agree to this Privacy Policy as it may be updated from time to time by ZYP Medical, LLC. You acknowledge that you are able to electronically receive, download, and print this Privacy Policy.

17. Acknowledgement

By using the Service, you acknowledge that you have read this Privacy Policy and agree to be bound by it.