Skip to content

Legal

DRAFT — pending legal counsel review. These pages exist so the marketplace shell is wired correctly. Final binding text will replace this draft after sign-off (tracked in EMR-258). Do not rely on this draft as a binding agreement.

Privacy Policy

Last updated: 2026-04-25 (Draft v0)

1. What we collect

  • Account information — name, email, phone, shipping address, date of birth (for age verification).
  • Order information — products purchased, quantities, prices, payment method metadata. We do not store full card numbers; payment processing is handled by Payabli.
  • Patient information — for clinical accounts, information you provide as part of your treatment record. This is treated as Protected Health Information (PHI).
  • Outcome and product feedback — what you tell us about how a product worked for you, in aggregate or attached to your record.
  • Technical data — IP address, device type, pages visited, timestamps.

2. How we use it

  • To fulfill your orders and operate the service.
  • To provide aggregate, de-identified outcome data to vendors (e.g., “patients using Product X report a 32% average reduction in sleep onset latency”) — never patient-level.
  • To improve product recommendations within your treatment context.
  • To meet legal, tax, accounting, and compliance obligations.

3. What we will never do

  • Sell your personal information.
  • Share patient-level health information with vendors.
  • Use your data for a competing house brand without explicit consent.

4. State privacy rights (CCPA/CPRA and equivalents)

Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have rights to access, correct, delete, and port their personal information, and to opt out of certain processing. Submit requests to privacy@leafjourney.com.

5. Retention

We retain account and order records for the duration of your account plus the period required by tax, accounting, and applicable health-record retention laws (typically 7 years for financial records and longer for clinical records).

6. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Payment information is tokenized through Payabli; we do not store full card data.

7. Children

Leafjourney is not directed to children. We do not knowingly collect personal information from anyone under 18.

8. Contact

Data Protection Officer: privacy@leafjourney.com.