Privacy Policy
What we collect, why we collect it, where it lives, and what you can do about it. We have tried to write this in plain English rather than the usual boilerplate.
Who we are
Vital Edge Optimization is a physician-led concierge health practice. This policy covers our website at vitaledgeoptimization.com and our member portal at portal.vitaledgeoptimization.com. If you have questions about anything here, email admin@vitaledgeoptimization.com.
This policy and your medical records
Some of the information we hold about members is protected health information under HIPAA. Our handling of that information is also governed by our Notice of Privacy Practices, which describes your rights regarding your medical record in more detail. Where the two documents differ on protected health information, the Notice of Privacy Practices controls. Ask us for a copy at any time.
What we collect
When you visit this website
Nothing, unless you tell us something. We do not run analytics, advertising trackers, or marketing pixels, and we do not set cookies to follow you around. There is no tracking to opt out of, because we do not do it.
If you submit the assessment form, we receive what you type into it: your name, email address, phone number, state of residence, your goals, which membership tier interests you, and any message you include.
When you become a member
Through the portal we collect the information needed to actually care for you, which you provide or we generate together:
- Account details — your email address and password, managed through our identity provider. We never see your password.
- Intake information — date of birth, biological sex, contact and address details, emergency contact, medical conditions, surgical history, medications, allergies, and lifestyle information such as tobacco, alcohol, exercise, and diet.
- Clinical information — lab results and summaries, protocols, supplement plans, training and nutrition plans, messages with your team, check-ins, and notes.
- Wearable data — only if you choose to connect a device. See below.
Connected devices and wearables
You may connect a wearable device, such as an Oura Ring, to your portal account. This is entirely optional and always your choice.
If you connect a device, you authorize it on the manufacturer's own website — we never see or handle your login for that service. We then retrieve the categories of data you approved, which for Oura are your daily readiness, sleep, and activity summaries, heart rate and heart rate variability, blood oxygen, and workouts. We do not request your email address or personal profile from Oura.
We store the access credential for that connection in encrypted form on our servers. It is readable only by the specific background job that fetches your data — it is not accessible through the portal, and staff cannot read it.
You can disconnect at any time from the Wearables card in your portal, which revokes our access and deletes the stored credential. Readings already shared remain part of your health record unless you ask us to remove them. Disconnecting stops anything new from arriving.
How we use your information
To provide care, and to run the practice that provides it: reviewing your data, building and adjusting your protocols, communicating with you, scheduling, and meeting our legal and professional obligations. We use your information to answer your questions and improve your care — not to profile you for marketing.
We use AI tools, operated inside our own protected cloud environment, to help our clinicians prepare for visits and summarize information. These tools support our team's judgment; they do not replace it, and no clinical decision is made by software alone.
What we never do
- We do not sell your personal information. Not now, not as a future business model.
- We do not rent or share your information with advertisers or data brokers.
- We do not use your health information to target advertising to you.
Who we share information with
Only where it is necessary to run the practice, and only under contract:
- Amazon Web Services — hosts our portal, database, and backups in the United States. AWS is bound by a signed Business Associate Agreement covering protected health information.
- Netlify — hosts this marketing website. No member health information passes through it.
- Google Fonts and Cloudflare — serve the typefaces and animation library used by our pages. Loading a page from these services discloses your IP address to them. They receive nothing else, and no health information.
- Laboratories and clinical partners — where needed to order and interpret your testing.
We may also disclose information where the law requires it, or to protect someone's safety in an emergency.
Where your information lives, and how it is protected
Member data is stored in the United States, in a private network segment that is not reachable from the public internet. It is encrypted in transit and encrypted at rest with keys we control. Access is restricted to the members of our team who need it, the database enforces per-member access rules at the row level, and administrative access is logged.
No system is perfectly secure, and we will not pretend otherwise. If a breach affects your information, we will notify you as required by law.
How long we keep it
We keep medical records for at least the period required by the laws of the state in which you were treated, which is generally several years after your last visit. Assessment form submissions from people who do not become members are kept only as long as needed to follow up. You can ask us to delete information that we are not legally required to retain.
Your choices
- See your information — much of it is visible in your portal; ask us for the rest.
- Correct it — tell us and we will fix it.
- Disconnect a wearable — any time, from your portal.
- Get a copy of your record, or ask us to send it to another provider.
- Close your account — we will delete what we are not required to keep.
- Stop hearing from us — reply to any email and say so.
Depending on where you live, you may have additional rights over your personal information. Ask us and we will honor them.
Not for children
Our services are for adults. We do not knowingly collect information from anyone under 18.
Where we practice
Our physicians provide medical services only in states where they hold active licensure. Submitting the assessment form does not create a physician-patient relationship.
Changes to this policy
If we change this policy, we will update the date above. If a change materially affects how we handle your information, we will tell you directly rather than quietly editing this page.
Contact
Questions, requests, or complaints: admin@vitaledgeoptimization.com.