Privacy Policy

Last Updated: March 31, 2026

This Privacy Policy describes how UC4Life LLC (dba Institute for Functional Health) (collectively, “IFFH,” “we,” “us” or “our”) process personal information that we collect or otherwise generate through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website, mobile applications, social media pages) as well as our marketing activities, live events and other activities described in this Privacy Policy (collectively, the “Service”). 

IFFH may process personal information that identifies your past, present, or future health or mental health status, or that otherwise constitutes “consumer health data” or equivalent terms as defined by applicable US state laws (“Consumer Health Data”). To the extent such laws apply to your Consumer Health Data, please see our Consumer Health Data Privacy Policy, which supplements this Privacy Policy.

This Privacy Policy does not apply to personal information that we receive from and process on behalf of our enterprise customers while providing IFFH services to them. For example, to the extent that we receive your personal information from your employer related to your eligibility for our Service, our use of that personal information may be governed by our agreements (including, as applicable, a business associate agreement) with the relevant enterprise customer. If you have questions regarding your personal information that we process on behalf of an enterprise customer, please direct your questions to the relevant enterprise customer.

NOTICE TO U.S. STATE RESIDENTS: Please see the U.S. State Privacy Rights Notice at Collection section of this Privacy Policy for additional information if you are a U.S. resident.

Guiding Privacy Principles

We built IFFH for families, ourselves and you. Your privacy is one of our top priorities. We empower you to take control of your health and that includes having control of certain aspects of your personal information. While IFFH may operate as a “business associate” as the Health Insurance Portability and Accountability Act (“HIPAA”) defines that term, HIPAA does not apply to all personal information that we process. Regardless, we leverage measures designed to protect and process your personal information in accordance with our guiding privacy principles below and as otherwise stated in this Privacy Policy. Please read the Privacy Policy in full to understand our personal information practices.

• Your identity is not for sale for money. In the ordinary course of our daily operations, we do not disclose your personal information to third parties in exchange for money. For more information on how we may disclose your personal information, please see How we share your personal information.
• We limit the information we collect and retain. We collect personal information to provide you with our products and Services. We retain your personal information for the period of time necessary to fulfill the purposes for which we collected it, including delivering requested products and Services, protecting the interests of our members, and for the period of time required by law.
• We limit the manners in which we share your test results with third parties. In order to deliver our product and Services to you, it may be necessary for us to provide certain information to our lab and other provider partners. We limit how such recipients may use your personal information.

‍Personal information we collect

Information you provide to us or that we generate about you. Depending on how you interact with the Service, the personal information you may provide to us through the Service or that we generate about you or otherwise may include:

• Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, and phone number.
• Demographic data, such as your city, state, country of residence, postal code, age, date of birth, gender or gender identity, racial or ethnic identity, assigned sex at birth, and sexual orientation.
• Account data, such as the username and password that you may set to establish an online account on the Service, date of birth, biographical details, photograph or picture, links to your profiles on social networks, preferences, information about your participation in our promotions or surveys, and any other information that you add to your account profile.
• Service-eligibility data, if you are accessing the Service as part of an enterprise customer-provided offering or benefit, you may provide us with relevant information such as your employer or other enterprise customer name, eligibility data, and relevant enterprise customer identification number.
• Health-related data, such as mental or physical history, conditions and diagnoses, treatments, medications, medical images, biomarkers, lab samples, lab results, clinical notes, and other physical or mental health information. This may include personal information that you provide directly to us when you complete electronic forms designed for you to self-report your physical or mental health status, upload medical records, or link a wearable or Internet of Things device to our Services.
• Communications data based on our exchanges with you, including when you contact us through the Service, communicate with us via email, phone, chat features, social media, or otherwise.
• Relationship data, such as familial or other relationship to third parties whose personal information you may provide to us.
• Payment data needed to complete transactions, including payment card information or bank account number. We use a third-party vendor to directly collect and process your payment card information, as described further below.
• Government-issued identification number data, such as a state or local identification number (e.g., driver’s license or state ID number) and an image of the relevant identification card.
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
• User-generated content data, such as photos, images, music, videos, comments, reviews, questions, messages, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
• Derived data, such as inferences about you that we derive or otherwise infer from your personal information.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

• Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
• Precise geolocation data when you authorize our mobile application to access your device’s location.
• Online activity data, such as pages or screens you viewed, search history, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
• Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails enabling us to detect if you have opened or forwarded a message.

Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies:

• Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your personal information to:

• provide, operate and improve the Service and our business;
• process your requests, orders and transactions;
• personalizing the service, including understanding your needs and interests, remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;
• establish and maintain your user profile on the Service;
• enable security features of the Service, such as by sending you security codes via email, and remembering devices from which you have previously logged in;
• communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
• understand your needs and interests, and personalize your experience with the Service and our communications; and
• provide support for the Service, and respond to your requests, questions and feedback.

Insights and development. We may use your personal information for:

• insights (including research, such as publishing research-related materials); 
• to analyze your usage of the Service, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails; and 
• development purposes, including to analyze and improve the Service and our business and to develop new products and services.

Marketing and advertising. We may collect and use certain of your personal information for marketing and advertising purposes:

• Direct marketing. We may send you direct marketing communications (including in relation to our products and those of others) and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
• Interest-based advertising. Our third-party advertising partners may use cookies, pixels and other technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Service, our communications and other third-party online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. We do not use health-related information or genetic data for interest-based advertising.
• Testimonials. We may use your feedback to post comments about your experience with any Service on the website, in our marketing and promotional materials.

Promotions, contests, and events.

• We may use your personal information to administer promotions and contests and to communicate with you about any such promotions or contests in which you participate.
• We may use your personal information to administer events and communicate with you about events in which you participate. 

Compliance and protection. We may use your personal information to:

• comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, court orders, investigations or requests from government authorities;
• protect our, your or others’ rights, privacy, health, safety or property (including by making and defending legal claims);
• audit our internal processes for compliance with legal and contractual requirements or our internal policies;
• enforce the terms and conditions that govern the Service; and
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Data sharing in the context of corporate events, we may share certain personal information in the context of actual or prospective corporate events with our advisors, the prospective or actual counterparties to the corporate event and their advisors.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. Except as required or permitted by applicable law, we will not attempt to re-identify any data that has been aggregated, de-identified and/or anonymized. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service, promote our business, and for research purposes.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

• Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
• Functionality. To enhance the performance and functionality of our services.
• Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we may use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as online chat functionality providers (including those that leverage generative AI technologies), hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics).

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Stripe. Stripe may use your payment data in accordance with its privacy policy, https://stripe.com/privacy.

Research partners. We may share personal information with research partners to conduct research.

Advertising partners and ad networks. Third-party advertising companies for the interest-based advertising purposes described above. We do not provide health-related information or genetic data to such advertising partners.

Lab and provider partners. We may share your personal information with healthcare services providers, laboratory services providers, and other providers of medical and medical-adjacent services.

Enterprise customers. We may share certain limited personal information with the relevant enterprise customers through which you received access to the Services (e.g., if you redeemed the IFFH memberships, the date you used/obtained the Service (for example, the date(s) you booked and completed the Service aspects such as scans, date of scan report upload)). We do not provide health-related information or genetic data to enterprise customers.

Third parties designated by you. We may share your personal information with other third parties where you have instructed us or provided your consent to do so. For example, we may also share personal information with your medical provider (and/or their affiliated organization).

Business and marketing partners. Third parties with whom we jointly offer products or services, or whose products or services may be of interest to you.

Linked third-party services or devices. If you log into the Service with a third-party service such as Google, or choose to link a wearable or Internet of Things device to your Service account, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy or other relevant terms and the settings associated with your account with the third-party service.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Other users and the public. Certain user-generated content, including your health-related data and other data you submit to us may be visible to other users and the public, such as when you post comments in publicly accessible parts of the Service or provide a testimonial that is intended to be public. This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information. Once you publish content, it may be copied and stored on third-party systems where you might not have the ability to have it deleted.

Your choices

In this section, we describe the rights and choices available to all users. Users who are located in certain U.S. states can find additional information about their rights below.

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account and navigating to your account profile and settings.

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. It may take time for your opt-out to be effective. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

If you receive text messages from us, you may opt out of receiving further text messages from us by replying STOP to our message.

For marketing that you have consented to receive based on your health-related data and/or genetic data, you can control how we market to you by contacting us at info@iffhealth.com.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Advertising choices. You may be able to limit use of your information for interest-based advertising through the following settings/options/tools:

• Browser settings. Changing your internet web browser settings to block third-party cookies.
• Privacy browsers/plug-ins. Using privacy browsers and/or ad-blocking browser plug-ins that let you block tracking technologies.
• Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising. You may be able to exercise that option at the following websites:
  
  
  • Google: https://adssettings.google.com/
  • Facebook: https://www.facebook.com/about/ads ‍
• Ad industry tools. Opting out of interest-based ads from companies that participate in the following industry opt-out programs:
  
  
  • Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
  • Digital Advertising Alliance: optout.aboutads.info.
• Mobile settings. Using your mobile device settings to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these opt-out settings on each device and browser from which you wish to limit the use of your information for interest-based advertising purposes.

We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.

Blocking images/clear gifs: Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Mobile location data. You can disable our access to your device’s precise geolocation in your mobile device settings.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Privacy rights. Depending on the applicable law, you may have certain rights with respect to your personal information (for example, if you reside in a state that provides you with rights in relation to genetic data). These rights may include rights to request access, delete and/or destroy genetic data and biological samples from which genetic data may be derived. To exercise potentially available privacy rights, please contact us at info@iffhealth.com. Not all rights are absolute and we may deny your requests to exercise such rights in accordance with applicable laws.

‍Other sites and services

This Privacy Policy does not apply to third-party websites, applications, products, services or other properties even if they may link to our Service or we may refer you to such third parties as part of our Service. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links, relationships and other integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and services you use.

Security

We employ technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Retention

We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as length of time we have an ongoing relationship with you and provide services to you; the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of your personal information; the purposes for which we process your personal information and whether we can achieve those purposes through other means; whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); whether retention is advisable in light of our legal position, such as in regard to applicable statutes of limitations, litigation or regulatory investigations; and applicable legal requirements. For example, we will retain your personal information for as long as you have an account with us or keep using our services, and the length of time thereafter during which we may have a legitimate need to reference your personal information to address issues that may arise..

When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, de-identify it, or isolate it from further processing.

Children and Teens

Our services are not intended for use by anyone under 18 years of age without written consent from a legal guardian. If you are a parent or guardian of a minor from whom you believe we have collected personal information in a manner prohibited by law, or if information was provided on your behalf when you were under 18, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last updated. We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

‍How to contact us

If you have questions about our personal information practices or if you would like to exercise any privacy-related right that may be available to you, please contact us via the method listed below.

Email: info@iffhealth.com

‍

U.S. State Privacy Rights Notice at Collection

Except as otherwise provided, this section applies to residents of U.S. states to the extent they have privacy laws applicable to us that grant their residents the rights described below (collectively the “State Privacy Laws”).

This State Privacy Rights Notice at Collection is part of our full Privacy Policy. 

This section describes how we collect, retain, use, disclose, sell and share for the purposes of targeted advertising personal information of residents of applicable U.S. states and the rights these users may have with respect to their personal information. Please note that not all rights listed below may be afforded to all individuals and that if your state does not afford you these rights, you may not be able to exercise these rights. In addition, we may not be able to process your access, correction or deletion request if you do not provide us with sufficient detail to allow us to confirm your identity and understand and respond to your request.

For purposes of this section, the term “personal information” means information that relates to an identified or identifiable natural person, or that is reasonably capable of being used to identify, contact, or precisely locate a natural person, household, or a particular computing system or device. 

We do not attempt to reidentify deidentified information derived from personal information, except for the purpose of testing whether our deidentification processes comply with applicable law. 

Your privacy rights. You may request to exercise the rights listed below. We will respond to your request in accordance with applicable law. We may decline to honor your request where an exception applies.

• Right to know
  
  
  • You can request to know whether we process your personal information. 
  • You can request the following information about how we have collected and used your personal information during the past 12 months and how we will continue to do so:
    
    
    • The categories of personal information that we have collected.
    • The categories of sources from which we collected personal information.
    • The business or commercial purpose for collecting, selling, and/or sharing personal information for targeted advertising purposes.
    • The categories of personal information that we sold or shared for targeted advertising purposes, and the categories of third parties to whom this information was sold or shared, categorized by the type of personal information for each type of third party.
    • The categories of personal information that we disclosed for business purposes and the types of entities to whom this information was disclosed.
    • The specific third parties to which we have disclosed personal information.
• Access. You can request a portable copy or representative summary of the personal information that we have collected about you. 
• Correction. You can ask us to correct inaccurate personal information that we have collected about you.
• Deletion. You can ask us to delete the personal information that we have collected from or about you.
• Revoke consent. You may have the right to revoke your consent to our processing of your personal information.
• Opt-out.
  
  
  • Opt-out of targeted advertising. We process certain personal information for targeted advertising purposes. You can opt out of the use of your personal information for targeted advertising purposes. We do not use health-related data for targeted advertising.
  • Other than for targeted advertising purposes, we do not sell personal information (including Sensitive Personal Information), as defined under applicable law. We have not engaged in such activities in the 12 months preceding the date this Privacy Policy was last updated. Without limiting the foregoing, we do not sell or “share”/knowingly sell or “share” personal information (including Sensitive Personal Information) of minors under 18 years of age.
  • Automated decision making. We do not use your personal information to engage in automated processing or profiling personal information to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements to make a decision that produces legal or similarly significant effects.   
• Sensitive Personal Information
  
  
  • You can opt-out of our processing of your Sensitive Personal Information by electing not to provide it to us or by notifying us of your opt-out.
• Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the State Privacy Laws.  
• Appeal. You can appeal our denial of any request validly submitted. 

Exercising your right to know, access, correction, deletion, and appeal [and limiting processing of Sensitive Personal Information]. You may submit requests via email to info@iffhealth.com.  

We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

Exercising your right to opt-out of/revoke your consent to the “sale” of your personal information or “sharing” of your personal information for targeted advertising purposes. You can submit requests to opt-out of targeted advertising and other sales of personal information by clicking here or by broadcasting the Global Privacy Control signal. For information about how to use the Global Privacy Control, please visit https://globalprivacycontrol.org/. These signals set your opt-out preferences only for the particular browser or device you are using and any consumer profile that we associate with that browser or device unless you are logged into your account, in which case we will honor the signal with respect to that browser or device and your account,  including your offline consumer profile associated with that account.

Verification of Identity; Authorized agents. We may need to verify your identity to process your know, access, correction, deletion, or appeal requests and reserve the right to confirm your residency. We may need to request your name, e-mail address, phone number, address or other information, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to reauthenticate yourself before disclosing or deleting your personal information. If you make a request to delete, we may ask you to confirm your request before we delete your personal information. 

Under some State Privacy Laws, you may enable an authorized agent to make a request on your behalf. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. Depending on the kind of request you have made, we may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your State Privacy Law rights on your behalf, the information we request to verify your identity, or confirmation that you have given the authorized agent permission to submit the request.

Personal information that we collect, use and disclose. We have summarized the personal information we collect and may disclose, sell to or share with third parties by reference below to both the categories of personal information defined in the “Personal Information we collect,” “How we use your personal information,” and “How we share your personal information” sections of this Policy above and the categories of personal information specified in state law. This table describes our practices currently preceding the effective date of this Privacy Policy. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.