Effective Date: July 23, 2024

At NoHeartAttack Ltd. (operating the Healos™ System), we are committed to protecting your personal data while delivering science-backed, AI-supported heart health solutions. This Privacy Policy outlines how we collect, use, protect, and share your information in compliance with applicable privacy laws—including GDPR (EU), CCPA (California), and PIPL (China)—as well as platform-specific requirements by Google, Meta, and our product partner Calerie®.

1. Information We Collect

We collect only what is necessary to provide high-quality services and optimize your health outcomes.

A. Personal Data

Full name, phone, email, shipping/billing address, purchase history.

Used to fulfill orders, customer support, and personal recommendations.

B. Health & Wellness Data (Optional)

Self-reported symptoms, consultations, biomarker data (e.g., blood reports).

Used strictly for personalized dietary, supplement, and lifestyle recommendations by our AI Expert System and licensed professionals.

C. Technical & Device Data

IP address, browser/device type, OS, session behavior (cookies), usage trends.

Helps us secure the platform, analyze trends, and optimize user experience.

D. Marketing Preferences

Opt-ins for newsletters, promotions, customer journey automations, and follow-ups (via GHL platform & partners like ActiveCampaign).

2. How We Use Your Information

We use your data to:

Deliver Services: Personalize coaching, reminders, insights, and process product orders.

Communicate: Support, updates, program info, and promotional offers (with opt-out).

Enhance Experience: Personalize dashboards, plans, and push AI-based recommendations.

Ensure Legal Compliance: Operate under relevant laws and platform policies.

Refine AI Systems: Use anonymized behavior data to improve AI accuracy, user satisfaction, and predictive health interventions.

3. Data Security

We maintain industry-standard security protocols to prevent unauthorized access or misuse:

Encryption: SSL/TLS during data transmission; encryption at rest for sensitive fields.

Access Control: Limited to authorized staff with privacy/security training and NDAs.

Audits & Monitoring: Continuous security reviews, penetration testing, and platform-level access logging.

Vendor Due Diligence: Partners like Stripe, Google Cloud, Meta, and Calerie are assessed for security compliance.

4. Data Sharing Policy

We do not sell your data. We share minimal data under strict agreements for:

PurposePartnersConditionsPaymentsStripe, PayPalPCI-compliant, tokenizedEmail/SMS AutomationActiveCampaign, GHLConsent-basedMarketing (retargeting)Google, MetaAnonymized only; compliant with platform policiesOrder FulfillmentCalerie®Limited data access for shipping/product supportComplianceTax or health authorities (FDA, IRS, etc.)Legal obligation only

5. Your Rights (by Region)

Depending on your jurisdiction, you can:

Access: Request a copy of your personal information.

Correct: Fix inaccurate/incomplete information.

Delete: Request account/data deletion, unless required for transactions or compliance.

Opt-Out: Unsubscribe from promotional messaging anytime.

Portability: Request data transfer in machine-readable format.

Non-Discrimination: Exercising your rights will not affect service eligibility or pricing.

Contact: [email protected] for any of the above.

6. Cookies & Tracking

We use tracking technologies to:

Analyze usage patterns (Google Analytics)

Improve experience (session memory, cart recovery, login status)

Deliver ads based on interests (Google Ads, Meta Pixel)

You can adjust cookie settings via:

Browser settings

Cookie banner controls on our website

7. International Compliance & Cross-Border Transfers

We store and process data primarily in the USA, Canada, and via secure cloud servers (Google Cloud). For international users:

GDPR: Lawful basis is either consent or contract; SCCs used for cross-border transfer.

CCPA: Opt-out links and disclosure available.

PIPL: We obtain separate consent for sensitive information and cross-border data use.

8. Third-Party Links

We may link to third-party platforms (e.g., Calerie.com). We are not responsible for their privacy practices—please review their respective policies before sharing data.

9. Children’s Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from minors. If we are informed otherwise, we will delete such data.

10. Privacy Policy Updates

We may update this Privacy Policy to reflect changes in law, platforms, or services. Material updates will be communicated via:

Email notifications (if subscribed)

Website banners or announcements

The “Effective Date” at the top of this document

11. Contact Us

For any privacy-related questions, feedback, or requests:

NoHeartAttack Ltd. (Healos)

Email: [email protected]
📞 Phone: +1-877-519-9060
🏢 Address: 200 Spectrum Center Drive, Suite 2100, Irvine, CA 92618, USA

Your privacy fuels our mission. Thank you for trusting Healos™ as your partner in heart & brain health.