RENOVANCE HEALTH

Weight Management and Obesity Medicine LLC

doing business as Renovance Health

PRIVACY POLICY

In-Person and Telehealth Services

Last Updated: June 1, 2026

This Privacy Policy for Renovance Health Weight Management and Obesity Medicine LLC (“Renovance Health,” “we,” “us,” or “our”), doing business as Renovance Health, describes how and why we collect, store, use, and share your information when you use our Services. Our Services include both in-person clinical care at our New Jersey office and telehealth services delivered via our website and platform.

By using our Services — whether scheduling an in-person visit, enrolling in a telehealth program, or visiting our website — you accept the practices described in this Privacy Policy. Questions? Contact us at info@renovancehealth.com.

HOW YOUR INFORMATION FLOWS: A PLAIN-LANGUAGE OVERVIEW

We want you to understand exactly what happens to your information when you interact with Renovance Health. Here is a simple summary:

When you visit our website (www.renovancehealth.com) and fill out any form — whether to request an appointment, complete intake paperwork, or access the patient portal — that information is securely transmitted to and stored in CharmHealth (also known as ChARM EHR), our HIPAA-compliant Electronic Health Record (EHR) and practice management platform.

CharmHealth serves as the backbone of our clinical operations. It powers:

• Online appointment scheduling and confirmations

• Patient intake forms and medical history questionnaires

• The Charm Health patient portal (where you view your records, lab results, and messages)

• Secure provider-patient messaging

• Clinical documentation, treatment plans, and visit notes

• Prescription and GLP-1 medication management workflows

• Billing and payment records for direct-pay services

CharmHealth operates under a signed Business Associate Agreement (BAA) with Renovance Health, meaning they are contractually and legally bound to protect your health information under HIPAA. CharmHealth does not use your information for any purpose outside of providing services to Renovance Health.

Important: Any information you enter on our website — including appointment requests, intake forms, and messages — is processed and stored within CharmHealth’s HIPAA-compliant infrastructure. By submitting information through our website, you consent to this data flow. CharmHealth’s patient portal is subject to CharmHealth’s own Privacy Policy in addition to this one.

1. WHAT INFORMATION DO WE COLLECT?

Information You Provide Directly

We collect personal information you voluntarily provide when you register, schedule appointments, complete intake forms, enroll in our weight management or GLP-1 programs, make payments, or otherwise contact us. This includes:

• Full name, date of birth, and gender

• Email address, phone number, mailing and billing addresses

• Debit/credit card or payment information

• Login credentials for your CharmHealth patient portal account

• Electronic signatures and consent forms

• Photographs or videos submitted for clinical or identification purposes

• Communications you send us via email, the patient portal, or voicemail

Sensitive Health Information

Because we provide medical weight management and obesity medicine services, we necessarily collect and process sensitive health data through CharmHealth, including:

• Medical history, diagnoses, and treatment plans

• GLP-1 and obesity medication history and prescription details

• Body composition data, weight measurements, and metabolic health markers

• Laboratory results and prior provider records

• Date and clinical notes from in-person and telehealth visits

• Images or videos shared for diagnosis or treatment purposes

• Secure messages exchanged with your Renovance Health provider

All health data is processed with your consent and in accordance with applicable HIPAA regulations and New Jersey state law. For full details on how your protected health information (PHI) is handled, please refer to our separately issued Notice of Privacy Practices.

Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and device identifiers

• Browser type, operating system, and connection information

• Pages visited, links clicked, time spent, and referring/exit URLs

• Cookie and web beacon data (see Section 3)

Information From Third Parties

We may receive information about you from pharmacies, laboratories, prior providers, and third parties who facilitate your care, including prescription history, insurance eligibility, and laboratory test results. This information is stored within CharmHealth as part of your medical record.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your information for the following purposes:

• To create and manage your CharmHealth patient account and patient portal access

• To deliver in-person and telehealth clinical services, including scheduling, treatment, follow-up, and secure messaging

• To process direct-pay payments for our services

• To send appointment reminders, treatment updates, and service-related communications via CharmHealth

• To send marketing and promotional communications (you may opt out at any time)

• To comply with legal and regulatory obligations, including HIPAA

• To improve our website, platform, and clinical workflows

• To protect the security and integrity of your data and our systems

3. TRACKING TECHNOLOGIES AND COOKIES

Our website may use the following technologies. Note: these apply to our marketing website only. Your CharmHealth patient portal is governed by CharmHealth’s own technical infrastructure and privacy practices.

Cookies: Small data files stored on your browser that help us remember preferences and enable analytics. Third-party cookies may support services such as Google Analytics. You may manage cookie preferences through your browser settings.

Web Beacons: Code embedded in web pages or emails that tracks activity such as page views and email opens.

Scripts and Analytic Tools: Code and third-party tools that track website performance, errors, and user behavior to help us improve our Services.

4. WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION?

CharmHealth (EHR and Practice Management Platform)

All clinical data, appointment information, intake forms, patient portal interactions, and billing records are stored and managed in CharmHealth (ChARM EHR). CharmHealth operates as our Business Associate under HIPAA, with a signed BAA in place. CharmHealth’s privacy practices are available at https://www.charmhealth.com/privacy-policy.html.

Other Service Providers and Vendors

We share information with third-party vendors who assist with hosting, data analysis, IT services, customer support, email delivery, payment processing(bluefin), and marketing. All vendors handling PHI operate under BAAs or equivalent data protection agreements.

Healthcare Partners

We share clinically relevant information with pharmacies, for GLP-1 medications, laboratories, and other providers involved in your care as necessary to deliver services.

Payment Processing

Payment transactions are processed through Bluefin who have their own privacy. Billing records are also maintained within CharmHealth.

Legal Compliance

We may disclose information when required by law, court order, subpoena, or governmental authority, or when necessary to protect our rights or the safety of others.

Business Transfers

In the event of a merger, acquisition, sale, or other disposition of Renovance Health’s assets or business, your information may be transferred to the successor entity, subject to equivalent privacy protections.

We do not sell your personal information to third parties.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain your information in CharmHealth and our systems for as long as your account is active, as long as necessary to provide Services, and as required by applicable law — including HIPAA’s medical record retention standards and New Jersey state regulations (generally a minimum of 7 years for adult patients; 7 years past the age of majority for minor patients). When retention is no longer required, we will securely delete or anonymize your information.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement layered security measures to protect your personal and health information:

• CharmHealth’s HIPAA-compliant, encrypted infrastructure for all clinical data

• Signed Business Associate Agreement (BAA) with CharmHealth, Bluefin, our telehealth platform, and all HIPAA-covered vendors

• Multi-factor authentication (MFA) on all clinical and administrative accounts

• Role-based access controls limiting data access to authorized personnel only

• Encryption of data in transit (TLS) and at rest

• Ongoing cybersecurity monitoring and risk assessments

No system is 100% secure. While we take every reasonable precaution, we cannot guarantee absolute security. You should only access our Services and patient portal in a secure environment and keep your credentials confidential. If you believe your account has been compromised, contact us immediately at info@renovancehealth.com.

7. PATIENT PORTAL — CHARMHEALTH

Renovance Health uses CharmHealth’s patient portal as the secure hub for your healthcare experience. Through the portal you can:

• View your visit notes, treatment plans, and lab results

• Send and receive secure messages with your provider

• Complete or update intake forms and health questionnaires

• Request prescription refills

• Access telehealth visit links

• Review and pay invoices

Access to the patient portal requires you to create a CharmHealth account. By creating this account and using the portal, you are also subject to CharmHealth’s Terms of Service and Privacy Policy. Renovance Health is not responsible for CharmHealth’s independent privacy practices beyond our BAA obligations.

Point-of-Entry Consent Notice: When you submit any form on our website — including appointment requests, intake questionnaires, or contact forms — your information will be securely transmitted to and stored in CharmHealth, our HIPAA-compliant EHR system. By submitting this form, you consent to this transfer and storage of your information.

8. DO WE COLLECT INFORMATION FROM MINORS?

Our Services are intended for individuals 18 years of age or older, or as otherwise required by applicable state law. We do not knowingly collect data from or market to children under 18. If you are a parent or guardian and believe your minor child’s information has been collected, please contact us at info@renovancehealth.com and we will promptly address the matter.

9. NO USE OUTSIDE THE UNITED STATES

Our Services are intended for use within the United States only. This Privacy Policy and the collection, use, and disclosure of your information are governed by U.S. law, including HIPAA.

10. YOUR PRIVACY RIGHTS

Access, Correction, and Deletion

You may review, update, or request deletion of your personal information at any time by contacting us or through your CharmHealth patient portal. Note that HIPAA imposes specific rules on the amendment and deletion of medical records; certain records may be retained as required by law.

Withdrawing Consent

Where we process your information based on consent, you may withdraw consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing that occurred prior to withdrawal.

Marketing Opt-Out

You may unsubscribe from marketing communications at any time by clicking “Unsubscribe” in any marketing email or by contacting us directly. Clinical and service-related communications (e.g., appointment reminders, billing notices, portal messages) are not subject to marketing opt-out.

State Privacy Rights

Residents of certain states, including New Jersey, may have additional rights such as the right to know what personal information is collected, the right to correct inaccurate information, and the right to non-discrimination for exercising privacy rights. To exercise any applicable rights, contact us at info@renovancehealth.com.

11. DO-NOT-TRACK SIGNALS

Because no uniform technology standard for recognizing Do-Not-Track (DNT) signals has been finalized, we do not currently respond to DNT browser signals. If a recognized standard is adopted in the future, we will update this Policy accordingly.

12. THIRD-PARTY WEBSITES AND SERVICES

Our website may contain links to third-party websites, including CharmHealth’s patient portal. We are not responsible for the privacy practices of third parties beyond our contractual agreements. We encourage you to review the privacy policies of each website and application you use, including CharmHealth’s at https://www.charmhealth.com/privacy-policy.html.

13. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or applicable law. The updated version will be effective as of the “Last Updated” date at the top of this document. For material changes, we will notify you by email or by prominent notice on our website. We encourage you to review this Policy regularly.

14. HOW TO CONTACT US

For questions, concerns, or requests related to this Privacy Policy:

Renovance Health Weight Management and Obesity Medicine LLC

doing business as Renovance Health

New Jersey 5 Greentree Center, Suite 117

Marlton, NJ 08053

Email: info@renovancehealth.com

Website: www.renovancehealth.com

To review, update, or request deletion of your personal information, email us at info@renovancehealth.com. We will respond within the timeframe required by applicable law.

This Privacy Policy covers both in-person services at our New Jersey clinic and telehealth services delivered via our platform. Clinical data is managed through CharmHealth (ChARM EHR) under a HIPAA Business Associate Agreement. For questions about your protected health information (PHI) under HIPAA, please refer to our separately issued Notice of Privacy Practices.