HealthCareProxyMD Logo
Home
Back to homepage
Services
View our services
About Us
Learn more about us
Learn
Proxy Package™ Preparation
FAQs
Frequently asked questions
Contact
Get in touch with us
Start Here

Privacy Policy

Last Updated: January 12, 2026

1. Introduction

HealthCareProxyMD ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect information you provide when using our service to complete your Health Care Proxy and Living Will documents (your "Proxy Package™").

Important: We Are Not a HIPAA-Covered Entity or Business Associate. HealthCareProxyMD is NOT a HIPAA-covered entity, and we are NOT a business associate under HIPAA. Our communications are NOT HIPAA-protected. Please avoid sharing highly sensitive information you do not want transmitted via email or other communication channels we use.

Why We Are Not HIPAA-Covered: HealthCareProxyMD is a document preparation service and software tool that helps consumers create legal health planning documents. We are not HIPAA-covered because:

  • We do not provide medical care, treatment, diagnosis, or health services
  • We are not a health plan, health insurance company, or healthcare clearinghouse
  • We do not work on behalf of covered entities (doctors, hospitals, health plans) as a business associate
  • We do not electronically transmit health information for HIPAA-covered transactions (such as insurance claims, eligibility checks, or payment processing)
  • We are a consumer-facing document preparation service, not a business-to-business service provider for healthcare entities

Our service is similar to other document preparation tools or legal form services—we help you complete forms based on your preferences, but we do not provide medical care, bill insurance, or act on behalf of healthcare providers.

Your Choice to Share. You choose what information you share with us. Sharing is voluntary and at your consent. You can stop using our service at any time.

2. Information We Collect

Information You Provide. We collect information you voluntarily provide when using our service, including:

  • Name, email address, and phone number
  • Information about your care preferences and wishes for your Health Care Proxy and Living Will
  • Information about your designated Health Care Proxy/Agent
  • Payment information (processed by Stripe; we do not store full card details)
  • Any other information you choose to share during your call with our doctor or in email communications

Usage Information. We do not collect anonymous usage data or use analytics services to track website visitors.

3. How We Use Your Information

We use the information you provide solely to:

  • Provide our service: prepare your Proxy Package™ documents and deliver them to you, and conduct your educational coaching call with our doctor if purchased
  • Communicate with you: send your completed documents, respond to your questions, schedule your educational coaching call, and provide customer support
  • Process payments: coordinate with Stripe to process your payment
  • Improve our service: review feedback and service usage patterns to improve our website and service
  • Comply with legal obligations: maintain records as required by law or for business purposes

We Do Not Sell or Share Your Personal Information. HealthCareProxyMD does not sell, rent, or share your personal information for marketing purposes or with data brokers. We do not engage in cross-context behavioral advertising or share your information for advertising purposes.

We only share your information in the following limited circumstances:

  • Service Providers: We share information with third-party service providers who help us operate our service (e.g., Stripe for payment processing, Resend and Google for email delivery services). These providers are contractually obligated to use your information only to provide services to us and are prohibited from using it for their own purposes.
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

We do not share your data with marketing data brokers, advertising networks, or other third parties for their own marketing or commercial purposes.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we are required to inform you of the legal basis for processing your personal data. We process different categories of data under different legal bases:

1. Health Information (Special Category Data - GDPR Article 9):

  • Legal Basis: Explicit Consent (GDPR Article 9(2)(a))
  • This includes your health care preferences, living will choices, proxy designations, and medical decision preferences
  • You provide explicit consent by checking the health data consent checkbox during the form completion process
  • Right to Withdraw: You can withdraw your consent at any time by emailing Contact@HealthCareProxyMD.com. Withdrawal of consent will prevent us from processing new health data, but may not affect already completed documents that have been delivered to you. If you withdraw consent, we will stop processing your health information, subject to our legal obligations to retain certain records.

2. Personal Information (Name, Email, Address, Phone):

  • Legal Basis: Contract Performance (GDPR Article 6(1)(b))
  • This information is necessary to fulfill our contract to provide your Proxy Package™ documents
  • Required to deliver your completed documents, process payments, and provide customer support
  • Without this information, we cannot provide our service

3. Payment Information:

  • Legal Basis: Contract Performance (GDPR Article 6(1)(b))
  • Processed by Stripe for payment processing
  • Required to complete your purchase and fulfill our contractual obligations
  • We do not store your full payment card details

4. Email Communications and Document Delivery:

  • Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)) and Contract Performance (GDPR Article 6(1)(b))
  • Legitimate interest: To deliver your completed documents and provide customer support
  • Contract performance: Required to fulfill our service delivery obligations
  • You can opt-out of non-essential communications at any time by emailing Contact@HealthCareProxyMD.com
  • We will still send essential communications related to your service or account

Your Rights Based on Legal Basis:

  • If processing is based on consent: You have the right to withdraw consent at any time (as described above for health information)
  • If processing is based on contract: You have the right to access, correct, and request deletion of your data, subject to our need to retain it for contract fulfillment
  • If processing is based on legitimate interest: You have the right to object to processing. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests

For more information about your rights, see "Your Rights and Choices" (Section 10) below. If you have questions about our legal basis for processing your data, please contact us at Contact@HealthCareProxyMD.com.

5. Communication Channels and Security

Primary Communication: Email. Our primary communication channel is email. We may also communicate via phone or video call using third-party providers (e.g., for your scheduled call with our doctor).

Email Is Not Guaranteed Secure. Email is not guaranteed secure, and communications are not HIPAA-protected. When you share information with us, you consent to us communicating with you via email and other channels necessary to provide our service. You should avoid sending highly sensitive information via email if you are concerned about security.

BCC Email Storage. When we send your completed Proxy Package™ documents via email, we may send a copy to our business email address using BCC (blind carbon copy) to ensure high quality results and help resolve any issues that may arise. This allows us to maintain records for customer support purposes and verify document delivery. By using our service, you consent to this BCC email storage practice.

Data Handling and Logging Practices. We take steps to protect your information during processing. We do not log your health information, form data, or document contents in our system logs or error messages. When errors occur, we return generic error messages to protect your privacy—we never expose detailed error information, stack traces, or your data in error responses. Your information is only used to provide our service and is not stored in logs or error tracking systems.

Reasonable Security Measures. While we implement reasonable security measures and rely on Google's security infrastructure (see "How We Store Your Information" below), no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we take reasonable steps to protect your information.

6. How We Store Your Information

Storage Location. Your information is stored only in our business email inbox and associated Google Workspace tools (including Gmail, Google Calendar, and Google Drive as applicable). This data is protected by Google's account security and access controls. We do not maintain a separate patient portal, electronic health record (EHR), or dedicated database.

No Separate Patient Portal or EHR. We do not use a separate patient portal or electronic health record system. All information is stored in our Google Workspace email and associated tools, protected by Google's security infrastructure and our access controls.

7. Data Retention

We retain your information until you request deletion, except where we are required to retain it for legal, accounting, or regulatory compliance purposes.

You may request deletion of your information at any time by emailing Contact@HealthCareProxyMD.com. We will process deletion requests within 30 days, subject to our legal obligations to retain certain records.

Legal and Business Obligations: We may be required to retain certain information for legal, accounting, or regulatory compliance purposes, including:

  • Transaction and payment records: 7 years from the date of transaction (required by accounting and tax laws)
  • Email records containing Proxy Package™ documents: Retained for customer support, legal compliance, and dispute resolution purposes until you request deletion, subject to legal requirements
  • Form data in browser localStorage: Until you clear your browser data, complete your purchase, or request deletion (whichever comes first)

For more information about your rights and how to request deletion, see "Your Rights and Choices" (Section 10) below.

8. Third-Party Services

We use third-party services that may collect or process your information:

  • Stripe: Processes payments. Stripe handles your payment card data according to their privacy policy. We receive confirmation and basic transaction information only. We do not store your full payment card details.
  • Resend: Provides email delivery services for sending your Proxy Package™ documents and other communications. Resend processes email delivery according to their privacy policy.
  • Google Workspace: We use Google Workspace (Gmail, Calendar, Drive) to store and manage your information as described above.
  • Google reCAPTCHA: We use Google reCAPTCHA v3 to protect our website from spam, bots, and abuse. reCAPTCHA collects and processes information about your device, browser, IP address, and interactions with our website to analyze whether you are a human user or a bot. This processing is subject to Google's Privacy Policy and Terms of Service. reCAPTCHA may set cookies or use other storage technologies. This service helps us maintain the security and integrity of our service.
  • Vercel: Provides hosting and infrastructure services for our website. Vercel may process technical information necessary to deliver our service.
  • GitHub: We use GitHub for code repository and version control. GitHub may process technical information related to our codebase.
  • Scheduling and Video/Telephony Providers: We may use third-party services for scheduling calls and conducting video/phone calls. These services may collect information necessary to provide their functionality. Please review their privacy policies.

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

9. Cookies and Tracking

We do not use advertising trackers, analytics cookies, or sell your data to marketing data brokers. We may use essential cookies necessary for website functionality (such as maintaining form progress) and security cookies from Google reCAPTCHA to protect against spam and abuse. You can control cookies through your browser settings, though this may affect website functionality.

10. Your Rights and Choices

Data Portability. Your completed Proxy Package™ is delivered to you as a PDF document via email. This PDF format makes your data inherently portable—you can download, save, and share your documents anywhere you choose. You maintain full control over your Proxy Package™ documents and can access them at any time from your email or downloaded files.

How to Request Access or Deletion. You may request access to the personal information we hold about you, or request that we delete your information where feasible. To make a request, email us at Contact@HealthCareProxyMD.com with your name, email address, and the nature of your request (e.g., "I would like to access my information" or "I would like to delete my information").

We will respond to your request within a reasonable timeframe. Note that we may be unable to delete certain information if we are required to retain it for legal, accounting, or business purposes, or if deletion would prevent us from providing ongoing customer support.

Opt-Out of Communications. You may opt out of non-essential communications from us by emailing Contact@HealthCareProxyMD.com. We may still send you essential communications related to your service or account.

Non-Discrimination. We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge you different prices, provide you a different level or quality of services, or suggest that you may receive different treatment for exercising your rights under this Privacy Policy or applicable law, including your rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell or share (if applicable).
  • Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, ongoing business needs).
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the sale or sharing of your personal information. However, as stated above, we do not sell or share your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

How to Exercise Your California Privacy Rights. To exercise any of these rights, please email us at Contact@HealthCareProxyMD.com with:

  • Your name and email address
  • The specific right you wish to exercise
  • Any additional information needed to verify your identity

We will respond to your request within 45 days (or as otherwise required by law). We may need to verify your identity before processing your request to protect your privacy and security.

Categories of Personal Information We Collect. Under CCPA/CPRA, we collect the following categories of personal information:

  • Identifiers: Name, email address, phone number, mailing address
  • Health Information: Information about your health care preferences and wishes for your Health Care Proxy and Living Will
  • Financial Information: Payment information (processed by Stripe; we do not store full card details)
  • Internet Activity: We do not collect internet activity data through analytics or tracking services

We use this information solely for the purposes described in Section 3 ("How We Use Your Information") and do not sell or share it for marketing or advertising purposes.

Global Privacy Control (GPC) Signals. We do not sell or share your personal information, so Global Privacy Control (GPC) signals are not applicable to our service. Since we do not engage in sale or sharing of personal information, there is no opt-out mechanism needed. If you have questions about GPC or our data practices, please contact us at Contact@HealthCareProxyMD.com.

12. Children's Privacy

Our service is intended for adults (age 18 and older). We do not knowingly collect information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately at Contact@HealthCareProxyMD.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

14. Contact

If you have questions about this Privacy Policy or our privacy practices, please contact us at Contact@HealthCareProxyMD.com.