Privacy Policy

1. Introduction and Scope

This Privacy Policy explains how Massoudi Longevity Professionals of America, Inc., a Delaware corporation (“MLPA,” “we,” “us,” or “our”), collects, uses, discloses, retains, and otherwise processes personal information. This Privacy Policy applies to personal information that we process through our websites, mobile applications, iOS and Android applications, e-commerce store, membership program, events, marketing activities, customer support, communications, telehealth facilitation, and AI-enabled tools, including our AI assistant called “Mya” (collectively, the “Services”).

MLPA is a longevity and wellness company led by physicians. Unless we expressly state otherwise in a separate written notice, informed consent, or clinical workflow, MLPA does not replace your primary care physician, specialist, oncologist, emergency provider, or other regular healthcare provider. Certain ancillary telehealth services, if offered, may be provided by independent licensed professionals, professional medical groups, laboratories, pharmacies, or other third-party providers. Their privacy practices may be governed by separate notices, including HIPAA Notices of Privacy Practices, informed consents, laboratory consents, pharmacy notices, or provider-specific policies.

This Privacy Policy does not itself create any physician-patient, therapist-patient, pharmacist-patient, laboratory-patient, fiduciary, or other professional relationship. It does not limit rights that you may have under health privacy, consumer health data, medical records, biometric, genetic, consumer protection, electronic communications, or data protection laws.

We may provide additional or just-in-time notices when we collect specific types of information or offer specific products or services. If a supplemental notice conflicts with this Privacy Policy, the supplemental notice controls for the specific processing described in that notice.

2. Important Health Privacy Distinctions

MLPA may process information relating to your health, wellness, longevity goals, biomarkers, medications, symptoms, conditions, lifestyle, reproductive or sexual health, mental health, wearable-device data, laboratory results, or interactions with Providers. Some of this information may be protected health information (“PHI”) under the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”) if it is created, received, maintained, or transmitted by a HIPAA covered entity or business associate for HIPAA-covered purposes. Other health-related information may not be PHI even though it concerns health.

When MLPA acts as a business associate, service provider, or processor for a covered entity, medical group, laboratory, pharmacy, provider, employer, sponsor, or enterprise customer, our use of relevant information may be governed by the applicable agreement and the covered entity’s or provider’s Notice of Privacy Practices. When information is not PHI, it is processed under this Privacy Policy and other applicable privacy laws, including state consumer health data laws where applicable.

Certain U.S. state laws use terms such as “consumer health data” to refer to personal information that identifies or can be linked to an individual and that relates to past, present, or future physical or mental health status. Where such laws apply, the Consumer Health Data section below supplements the rest of this Privacy Policy.

Unless Mya is expressly presented to you as part of a HIPAA-covered encounter or secure clinical workflow, information that you enter into Mya may not be PHI and may be processed under this Privacy Policy. Mya is not intended for emergencies, diagnosis, treatment, or clinical decision-making. Do not enter information about another person unless you have authority to do so.

3. Personal Information We Collect

The personal information we collect depends on your relationship with us, the Services you use, the choices you make, and applicable law. We may collect the categories below.

• Contact information, such as name, email address, telephone number, billing address, shipping address, state or country of residence, and contact preferences.

• Account and membership information, such as username, password or authentication credentials, membership tier, enrollment status, preferences, referral code, benefits used, eligibility information, customer support history, and account settings.

• Identity, demographic, and eligibility information, such as age, date of birth, sex, gender, language, marital status, race or ethnicity if you choose to provide it or if clinically or legally required, government-issued identifiers where needed for identity verification, and information used to confirm eligibility for certain Services.

• Health, wellness, longevity, and consumer health data, such as self-reported medical history, symptoms, diagnoses, medications, supplements, allergies, goals, lifestyle information, nutrition, fitness, sleep, stress, reproductive health information, sexual health information, mental health information, laboratory results, biomarker data, images, uploaded records, provider notes if made available through the Services, and other information you choose to submit.

• Genetic, biometric, or precise physiological information if we offer a service involving such information and you provide it or authorize us to receive it. We will use additional notice and consent where required by law.

• Telehealth-related information, such as intake forms, scheduling information, visit metadata, secure messages, consent forms, provider communications, prescriptions or refill information if applicable, and records from Providers, laboratories, pharmacies, or other partners.

• Mya AI information, such as prompts, questions, chat history, uploaded content, outputs, user feedback, usage logs, safety flags, model interaction metadata, and information used to monitor abuse, improve the experience, and maintain safety and security.

• E-commerce and transaction information, such as products viewed or purchased, order history, subscriptions, returns, refunds, discounts, shipping status, taxes, payment status, and limited payment metadata. We use third-party payment processors and generally do not store full payment card numbers.

• Device, app, and online activity information, such as IP address, device identifiers, advertising identifiers, browser type, operating system, referring URLs, pages viewed, session data, search terms, clickstream information, cookie identifiers, SDK identifiers, crash logs, performance data, and interactions with emails, texts, and push notifications.

• Location information, such as approximate location inferred from IP address, shipping location, state of residence, and precise location if you enable it through a mobile device or app setting.

• Wearable, device, and third-party integration information, such as data from Apple Health, Google Health Connect, fitness trackers, sleep trackers, continuous glucose monitors, smart scales, blood pressure devices, or other devices or services you choose to connect.

• Communications and audiovisual information, such as emails, text messages, chat messages, call recordings, video recordings, voicemails, photos, testimonials, survey responses, customer support communications, and social media messages.

• Marketing, advertising, and preference information, such as marketing opt-in status, ad interactions, referral source, cookie preferences, privacy choices, promotion participation, survey responses, and inferred interests.

• User-generated content, such as reviews, comments, testimonials, photos, forum posts, community posts, social media tags, and content you submit for publication or share with other users.

• Inferences and derived information, such as preferences, likely interests, risk flags, personalization scores, segmentation, or internal analytics derived from other information. We do not use solely automated processing to make clinical decisions or decisions that produce legal or similarly significant effects unless we provide required notice and rights.

4. Sources of Personal Information

We may collect personal information from you, when you create an account, enroll in Membership, purchase products, use the app, complete forms, interact with Mya, contact support, attend events, connect devices, or otherwise use the Services. We may also collect information from independent Providers, professional medical groups, laboratories, pharmacies, wellness providers, telehealth providers, consultants, coaches, payment processors, shipping providers, fulfillment partners, identity verification vendors, fraud prevention providers, customer support vendors, connected devices and platforms, enterprise customers, sponsors, benefit providers, analytics and advertising partners, social media partners, lead-intelligence providers, data enrichment providers, affiliates, subsidiaries, business partners, and corporate transaction parties.

We collect information automatically through cookies, pixels, SDKs, local storage, logs, tags, and similar technologies as described below. We collect information from public sources and business contact databases where permitted by law.

5. How We Use Personal Information

We may use personal information for the purposes below, as permitted by applicable law and subject to any additional consent, authorization, or notice requirements.

• Provide, operate, maintain, secure, and improve the Services, including account creation, Membership administration, e-commerce transactions, customer support, appointment scheduling, telehealth facilitation, app functionality, Mya interactions, and technical troubleshooting.

• Facilitate ancillary telehealth, wellness, laboratory, pharmacy, coaching, and other third-party services that you request, including transmitting information to independent Providers, medical groups, laboratories, pharmacies, and other partners as needed.

• Personalize your experience, remember preferences, provide educational content, generate wellness insights, display relevant account information, and help you track goals or Membership benefits.

• Operate Mya, including generating responses, maintaining conversation history, monitoring safety, detecting misuse, troubleshooting errors, improving prompts and user experience, evaluating quality, and complying with law. We will not use identifiable PHI or identifiable consumer health data to train external foundation models unless we provide required notice and obtain consent or authorization where required.

• Process orders, payments, subscriptions, renewals, cancellations, returns, refunds, taxes, shipping, fraud prevention, chargebacks, and customer service inquiries.

• Communicate with you about your account, Membership, purchases, appointments, support requests, safety notices, security alerts, policy updates, and other administrative matters.

• Send marketing communications, newsletters, promotions, event invitations, surveys, referral information, and offers, subject to your preferences and applicable law. We do not use PHI, genetic data, biometric data, or consumer health data for targeted advertising unless expressly permitted by law and consented to where required.

• Measure, analyze, and improve the Services, including product development, analytics, usability testing, de-identified research, internal reporting, quality assurance, model evaluation, safety testing, and operational planning.

• Create aggregated, anonymized, or de-identified data. We maintain de-identified data in de-identified form and do not attempt to re-identify it except as permitted by law, such as to test the de-identification process.

• Protect safety, rights, privacy, security, and property; detect, investigate, and prevent fraud, abuse, cyberattacks, unauthorized access, harassment, and unlawful activity.

• Comply with legal, regulatory, public health, licensure, tax, accounting, reporting, recordkeeping, dispute-resolution, insurance, sanctions, and compliance obligations; respond to lawful requests; enforce agreements; and establish, exercise, or defend legal claims.

• Complete corporate transactions, such as mergers, acquisitions, investments, financings, reorganizations, transfers, bankruptcy, or sale of assets.

6. Mya AI Privacy and Safety

Mya is an AI-enabled tool intended to provide general, educational, directional, wellness, and supportive information. Mya is not a human, not a physician, not a substitute for a primary care physician or specialist, not an emergency service, not a medical device, and not intended to diagnose, treat, cure, mitigate, or prevent any disease or condition. Mya may make mistakes, generate incomplete or incorrect information, or provide information that is not tailored to your circumstances.

We may process Mya interactions to provide responses, maintain chat history, improve safety, detect misuse, troubleshoot errors, evaluate quality, and improve the Services. We may use service providers or AI subprocessors to operate Mya. We require such providers to process information under contractual restrictions designed to protect confidentiality, privacy, and security. Where law requires consent or authorization for processing health-related, sensitive, biometric, genetic, or special category information, we will request consent or limit processing accordingly.

Do not rely on Mya for medical decisions. Discuss medical questions, symptoms, laboratory results, medications, supplements, exercise programs, nutrition changes, and treatment decisions with your primary care physician or other qualified healthcare professional. If you believe you may have a medical emergency, call 911 or local emergency services immediately.

7. Cookies, Pixels, SDKs, Analytics, Advertising, Session Replay, and Lead-Intelligence Technologies

We, our service providers, and our partners may use cookies, pixels, tags, SDKs, local storage, web beacons, scripts, session-replay or experience analytics tools, analytics tools, advertising technologies, attribution tools, and lead-intelligence technologies. These technologies may collect information such as IP address, browser and device identifiers, cookie identifiers, referring pages, pages visited, interactions, approximate location, session identifiers, and other online activity information.

We configure the Services to provide appropriate notice and choice for non-essential technologies. In jurisdictions that require opt-in consent for non-essential cookies or similar technologies, we do not intentionally activate those technologies until required consent has been obtained. In jurisdictions that provide opt-out rights for sale, sharing, or targeted advertising, we provide a “Your Privacy Choices,” “Do Not Sell or Share My Personal Information,” “Cookie Preferences,” or similar link and honor legally recognized opt-out preference signals, including Global Privacy Control, where required by law.

We maintain and update a cookie and tracking technology inventory that identifies the categories of technologies we use and, where appropriate, specific vendors. The public Cookie Preferences page or similar tool should identify actual vendors used by MLPA. We do not intend to rely on generic cookie disclosures that do not match actual implementation.

Strictly necessary technologies support security, account login, shopping cart, payment, load balancing, fraud prevention, consent management, and core site or app functionality. Functional technologies remember preferences, language, display settings, support features, and app settings. Analytics and performance technologies help us understand usage, performance, errors, navigation, and feature adoption. Advertising or targeted advertising technologies may measure campaigns, frequency capping, attribution, and ad performance, subject to consent and opt-out rights. Session replay or experience analytics, if used, are configured to avoid capturing sensitive fields where feasible and are used only where legally permitted. Lead intelligence or enrichment tools, if used, are disclosed in the vendor inventory and should not collect health form content or fire before required notice or consent. Mobile app SDKs support app analytics, crash reporting, push notifications, attribution, security, and functionality.

We currently do not respond to browser “Do Not Track” signals because there is no consistent industry standard for those signals. We honor Global Privacy Control and similar legally recognized opt-out preference signals where required.

8. How We Disclose Personal Information

We may disclose personal information as described below, subject to applicable law, consent requirements, authorization requirements, and contractual restrictions.

• Affiliates and subsidiaries for business operations, shared services, analytics, compliance, security, and to provide the Services.

• Service providers, contractors, and processors that perform services for us, such as hosting, cloud infrastructure, security, identity verification, customer support, communications, email, text messaging, analytics, shipping, fulfillment, payment processing, fraud prevention, professional services, and AI processing.

• Independent licensed Providers, professional medical groups, telehealth providers, laboratories, pharmacies, health coaches, wellness partners, and similar third parties when you request or authorize services involving them.

• Payment processors and financing providers to process payments, subscriptions, refunds, fraud checks, chargebacks, and billing support.

• AI subprocessors and technology providers that help operate Mya or other AI-supported features, under contractual safeguards and subject to applicable law.

• Advertising, analytics, attribution, and marketing partners, subject to your cookie and privacy choices and applicable law. We do not sell PHI and do not share PHI, genetic data, biometric data, or consumer health data for cross-context behavioral advertising unless expressly permitted and consented to where required.

• Enterprise customers, sponsors, benefit providers, or organizations that make Membership available to you, but only as permitted by law and contract. Unless you authorize otherwise, we do not disclose detailed health data, lab results, Mya chats, or clinical information to an employer or sponsor.

• Third parties you direct or authorize, such as your primary care physician, specialist, caregiver, family member, wearable app, health app, or other recipient.

• Professional advisors, insurers, auditors, bankers, lawyers, consultants, accountants, and compliance advisors.

• Government authorities, courts, regulators, law enforcement, public health authorities, or private parties when required or permitted by law or to protect rights, safety, security, and property.

• Corporate transaction parties and their advisors in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.

• Other users or the public when you choose to post or share content publicly, such as testimonials, reviews, community posts, or social media interactions. Public information may be copied, cached, indexed, screen-captured, or reshared by others.

9. Consumer Health Data Privacy Notice

This section applies to consumer health data to the extent covered by applicable U.S. state consumer health data laws, such as Washington’s My Health My Data Act, Nevada consumer health data law, and similar laws. Consumer health data may include information about health conditions, diagnoses, treatments, medications, bodily functions, vital signs, symptoms, reproductive or sexual health, mental health, measurements, biomarkers, genetic data, precise location information that could identify an attempt to receive health services, and information derived or inferred from other data to identify health status.

We may collect and use consumer health data to provide Services you request, support Membership benefits, facilitate ancillary telehealth or wellness services, operate Mya, process purchases, personalize educational content, ensure safety and security, comply with law, conduct de-identified research and analytics, and communicate with you. We may disclose consumer health data to service providers, processors, independent Providers, laboratories, pharmacies, telehealth partners, AI subprocessors, and other parties described in this Privacy Policy, where permitted by law and subject to applicable safeguards.

We do not sell consumer health data without a valid authorization where required. We do not geofence healthcare facilities for advertising or collect precise location information to identify a consumer seeking healthcare services unless legally permitted and expressly authorized. We do not use consumer health data for targeted advertising unless permitted by law and with consent where required.

Depending on your state, you may have rights to access, confirm, delete, withdraw consent, and obtain a list of third parties or affiliates with whom we have disclosed consumer health data. You may exercise these rights using the Contact section. We will verify and respond as required by law and will provide appeal rights where required.

10. U.S. State Privacy Rights Notice

Residents of California and certain other U.S. states may have privacy rights under applicable state privacy laws. The rights available to you vary by state and may be subject to legal exceptions. Depending on applicable law, you may have the right to confirm whether we process personal information about you; access or obtain a portable copy; correct inaccurate information; request deletion; opt out of sale, sharing, targeted advertising, or certain profiling; limit, opt out of, or withdraw consent to certain processing of sensitive personal information; revoke consent; appeal a denial; and designate an authorized agent to submit certain requests on your behalf.

We do not knowingly sell or share personal information of individuals under 18. We do not use personal information for solely automated decision-making that produces legal or similarly significant effects unless we provide required notice and rights.

To exercise rights, contact us at privacy@mlpahealth.com or use the privacy request form available through the MLPA website or app. We may verify your request by asking for information that reasonably matches information we maintain. Authorized agents must provide proof of authorization, and we may require you to verify your identity directly with us where permitted by law. We will not discriminate against you for exercising privacy rights, but certain Services may not be available if we cannot process information necessary to provide them. If we deny your request, you may appeal by replying to our decision or using the appeal method provided in the decision.

11. California Notice at Collection and Privacy Summary

This section supplements the rest of the Privacy Policy for California residents. We may collect the following categories of personal information, depending on your relationship with MLPA: identifiers and contact data; customer records and account data; protected characteristics and demographic data; health, wellness, and consumer health data; genetic or biometric data where offered and consented to; commercial and transaction information; internet, app, and device activity; geolocation data; audio, video, and communications content; professional or employment-related information if provided in an enterprise or business context; education information if relevant to eligibility or credentials; inferences; and sensitive personal information such as account credentials, government identifiers, precise location, racial or ethnic origin, genetic data, biometric data used for identification, health data, sex life or sexual orientation, and contents of certain communications.

We collect these categories for the purposes described in Sections 5 through 9, including Service delivery, Membership administration, e-commerce, telehealth facilitation, Mya operation, personalization, customer support, security, fraud prevention, analytics, marketing, legal compliance, and corporate transactions. We disclose these categories to the recipient categories described in Section 8. Retention periods are described in Section 17.

We do not sell personal information for money in the ordinary course of business. Certain disclosures to advertising, analytics, or marketing partners may be considered a “sale,” “sharing,” or targeted advertising under some state laws if the technologies are used for cross-context behavioral advertising or similar purposes. You may opt out through the “Your Privacy Choices” or “Do Not Sell or Share My Personal Information” link, Cookie Preferences, Global Privacy Control where required, and other controls we provide. We do not use or disclose sensitive personal information for purposes requiring a right to limit under California law unless we provide the required right or obtain consent.

12. Notice of Financial Incentives and Loyalty Features

Membership benefits, discounts, referral offers, rewards, promotions, or loyalty features may be considered financial incentives or price or service differences under some privacy laws. We offer them to encourage Membership, referrals, engagement, product purchases, or feedback. The value of the incentive is reasonably related to the value of the information or relationship, which may include the anticipated revenue, engagement, administrative cost, and goodwill associated with the program. Participation is voluntary. You may opt in by enrolling or participating in the relevant program and may opt out by canceling participation or contacting us. Program-specific terms may apply.

13. California Shine the Light and Nevada

California residents may request information regarding our disclosure of certain personal information to third parties for their own direct marketing purposes during the preceding calendar year, to the extent applicable. Submit requests using the Contact section.

Nevada residents may request to opt out of the sale of covered information as defined by Nevada law. We do not currently sell covered information for monetary consideration, but Nevada residents may submit an opt-out request using the Contact section.

14. EU, EEA, UK, and Swiss Supplemental Notice

This section applies to individuals in the European Economic Area (“EEA”), United Kingdom (“UK”), and Switzerland to the extent the EU General Data Protection Regulation, UK GDPR, Swiss data protection law, ePrivacy rules, or similar laws apply. For this section, “personal data,” “controller,” “processor,” and “processing” have the meanings given under applicable data protection law.

The controller is Massoudi Longevity Professionals of America, Inc., 23961 Calle De La Magdalena #405, Laguna Hills, CA 92653. Privacy contact: privacy@mlpahealth.com. Where required, we will designate and identify an EU or UK representative, data protection officer, or other required contact in a supplemental notice or on our website.

We process personal data under the following legal bases, depending on context: contract necessity, including to create and administer accounts, process Membership enrollment, provide app functionality, fulfill purchases, provide customer support, and deliver requested digital services; consent, including for marketing emails or texts where required, non-essential cookies and SDKs, certain connected-device data, precise location, certain health or special category data, Mya interactions where consent is required, and other optional features; legitimate interests, including Service improvement, security, fraud prevention, business operations, analytics where consent is not required, enforcing terms, managing relationships, and developing Services, balanced against your rights and interests; legal obligation, including tax, accounting, consumer protection, regulatory, safety, sanctions, recordkeeping, and lawful request obligations; vital interests, if necessary to protect someone’s life or physical safety; and public interest or healthcare purposes where applicable, such as where processing is necessary for health or medical services by or under the responsibility of professionals subject to confidentiality obligations.

Where we process special category data, such as health data, genetic data, biometric data used for identification, racial or ethnic origin, sex life, or sexual orientation, we rely on an Article 9 condition or equivalent lawful basis, such as explicit consent, healthcare provision by professionals subject to confidentiality, public health, legal claims, or substantial public interest where applicable.

Where EU, UK, or similar ePrivacy rules apply, we request consent before placing or reading non-essential cookies, SDKs, pixels, or similar technologies. You may withdraw or modify consent through Cookie Preferences or device settings. Strictly necessary technologies may be used without consent where permitted.

MLPA is based in the United States, and personal data may be transferred to the United States and other countries that may not provide the same level of data protection as your jurisdiction. Where required, we use appropriate safeguards, such as the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum or Agreement, Swiss transfer mechanisms, adequacy decisions, supplementary measures, or your explicit consent where applicable.

Subject to applicable law and exceptions, you may have the right to request access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. You also may lodge a complaint with your local supervisory authority. Withdrawal of consent does not affect processing that occurred before withdrawal.

We do not use Mya or other automated tools to make clinical decisions or decisions based solely on automated processing that produce legal or similarly significant effects. If this changes, we will provide notices and rights required by applicable law.

15. Apple Health, Google Health Connect, Wearables, and App Permissions

If you choose to connect Apple Health, Google Health Connect, a wearable device, or another third-party health app, we process the data you authorize for the purposes disclosed at the time of connection and in this Privacy Policy. You can usually disconnect integrations through account settings, app settings, or the third-party platform.

We do not use information obtained from Apple HealthKit, Google Health Connect, or similar health platform integrations for targeted advertising or sell it to data brokers. We do not disclose such data to advertising platforms unless expressly permitted by the applicable platform rules, privacy law, and your consent where required. The third-party platform’s own privacy practices are governed by its terms and privacy policy.

You can control mobile permissions, such as precise location, camera, microphone, contacts, notifications, Bluetooth, and health-data access, through your device settings. If you disable permissions, some Services may not function.

16. Marketing, Communications, and Your Choices

You may opt out of marketing emails by using the unsubscribe link or contacting us. You may opt out of promotional texts by replying STOP where supported. You may still receive transactional, administrative, security, safety, legal, account, appointment, subscription, or service-related communications. You may manage push notifications and mobile permissions through app or device settings.

You can manage cookies through Cookie Preferences, browser settings, mobile ad settings, Global Privacy Control where required, and industry opt-out tools. Applying choices may require you to repeat them on each browser or device. Declining or withdrawing consent may make some Services unavailable or less personalized.

You may access or update certain account information through account settings. You may request privacy rights using the Contact section. If you decline to provide required information, we may be unable to provide some Services.

17. Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, protect safety and security, maintain business records, and establish or defend legal claims. We consider the amount, nature, and sensitivity of information; the purposes for processing; legal retention requirements; statutes of limitation; risk of harm; and whether de-identified or aggregated information can meet the purpose.

Unless a different period is disclosed or required by law, our general retention approach is: account and Membership information for the life of the account plus a reasonable period thereafter; transaction, tax, and payment records for legal and accounting periods; marketing records until opt-out plus suppression periods; cookie and analytics records for a limited period determined by the vendor and our settings; Mya interactions for the period needed for the purposes described above; and medical or telehealth records according to applicable provider and medical-record retention laws. When retention is no longer necessary, we delete, de-identify, anonymize, or restrict further processing.

18. Security and Breach Notification

We use administrative, technical, and physical safeguards designed to protect personal information, taking into account the nature and sensitivity of the information. Safeguards may include access controls, encryption, logging, vendor due diligence, confidentiality obligations, secure development practices, incident response, and personnel training. No system is completely secure, and we cannot guarantee absolute security.

If we learn of a security incident involving personal information, PHI, consumer health data, biometric data, or other protected information, we will investigate and provide notifications to affected individuals, regulators, covered entities, Providers, or other parties as required by applicable law and contracts.

19. Children and Minors

The Services are intended for adults who are at least 18 years old unless a specific Service expressly states otherwise and appropriate parental or guardian consent is obtained. We do not knowingly collect personal information from children under 13. If we learn that we collected personal information from a child in violation of applicable law, we will take appropriate steps to delete it. Parents or guardians may contact us using the Contact section. California minors may have additional rights to request removal of content they posted, subject to legal exceptions.

20. Third-Party Websites, Apps, Providers, and App Stores

The Services may link to third-party websites, apps, products, services, payment processors, Providers, laboratories, pharmacies, social media platforms, app stores, and other third parties. Their privacy practices are governed by their own notices and policies, not this Privacy Policy. We are not responsible for the privacy, security, or content of third-party services.

21. International Availability

The Services may be operated from the United States and may not be available in all jurisdictions. Telehealth, products, laboratory services, prescriptions, Memberships, Mya, and app features may be limited by location, licensure, regulatory requirements, age, and eligibility. Do not use the Services where prohibited by law.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date indicates when it was last revised. If we make material changes, we will provide notice as required by law, such as by posting the updated policy, sending an email, providing an in-app notice, or requesting consent where required. Your continued use of the Services after an updated policy becomes effective means that the updated policy applies to your use of the Services, to the extent permitted by law.

23. Contact Us

Privacy requests and questions: privacy@mlpahealth.com

Support: support@mlpahealth.com

Legal notices: legal@mlpahealth.com

Privacy request form: available through the MLPA website or app, including https://www.mlpahealth.com/privacy-requests or any successor URL.

Cookie Preferences and Your Privacy Choices: available through the MLPA website or app footer, including https://www.mlpahealth.com/cookie-preferences, https://www.mlpahealth.com/privacy-choices, or any successor URL.

Mailing address: Massoudi Longevity Professionals of America, Inc., Attn: Privacy, 23961 Calle De La Magdalena #405, Laguna Hills, CA 92653.

If applicable law requires a toll-free privacy request number or additional request method, MLPA will make that method available in the published Privacy Policy, website footer, or app settings.