Meadowell
Meadowell

Privacy Policy

Effective Date: Oct 14, 2025

Privacy Policy

(Last Updated: October 14, 2025)

Meadow Health, LLC, a Colorado limited liability company doing business as Meadowell (“Company,” “we,” “us,” or “our”), values the privacy of every individual who interacts with its online properties and recognizes the importance of transparency, accountability, and security in all data-handling activities. This Privacy Policy (“Policy”) describes in detail the categories of Personal Information we collect, the purposes for which we use and disclose such information, the legal bases upon which we rely, and the rights and choices available to individuals under applicable United States privacy statutes.

By accessing, browsing, or otherwise using our website(s), mobile site(s), content platform(s), learning modules, or related digital interfaces (collectively, the “Site”), you acknowledge that you have read, understood, and agree to this Policy and to our Terms of Use, which are incorporated herein by reference. If you do not agree with any part of this Policy, you must immediately discontinue use of the Site.

1. Purpose and Scope of This Policy.

1.1 General Purpose. This Policy is intended to provide clear and comprehensive information about how the Company collects, uses, discloses, retains, and safeguards Personal Information obtained through the Site. The Site is an online health and wellness education platform designed to provide general educational and informational content relating to nutrition, lifestyle, mindfulness, and similar topics. It is not a substitute for professional medical care and does not provide clinical, therapeutic, or diagnostic services of any kind.

1.2 Applicability. This Policy applies solely to Personal Information collected from individual consumers, households, or website visitors in their personal capacity. It does not apply to: (a) information collected in an employment, contractor, or business-to-business context; (b) information collected through the Company’s separate HIPAA-compliant client portal or professional-service engagements, which are governed by distinct agreements and applicable health-privacy laws; (c) publicly available information as defined in Cal. Civ. Code § 1798.140(v)(2); (d) aggregated or de-identified data incapable of identifying a particular individual; or (e) data collected by unaffiliated third parties whose websites may link to or from our Site.

1.3 Regulatory Framework. This Policy is intended to satisfy the Company’s disclosure obligations under the following U.S. privacy statutes (each as amended from time to time): (a) the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA,” Cal. Civ. Code §§ 1798.100 – 1798.199.100); (b) the Colorado Privacy Act (“CPA,” Colo. Rev. Stat. §§ 6-1-1301 et seq.); (c) the Virginia Consumer Data Protection Act (“VCDPA,” Va. Code Ann. §§ 59.1-575 et seq.); (d) the Connecticut Data Privacy Act (“CTDPA”); (e) the Utah Consumer Privacy Act (“UCPA”); (f) the Texas Data Privacy and Security Act (“TDPSA”); and (g) the Nevada Privacy Law (NRS § 603A). Collectively, these laws are referred to as the “Applicable Privacy Laws.” The Company acts as a “business” or “controller,” as defined under the Applicable Privacy Laws, with respect to Personal Information collected through the Site.

1.4 Interpretation and Precedence. To the extent that any provision of this Policy conflicts with a mandatory requirement of an Applicable Privacy Law, the statutory requirement shall control, and this Policy shall be interpreted to give maximum effect to both. For the avoidance of doubt, nothing herein grants any right beyond those afforded by law.

2. Definitions. For purposes of this Policy, the following terms shall have the meanings set forth below. Capitalized terms not otherwise defined herein have the meaning given in the Applicable Privacy Laws.

2.1 “Personal Information” (also referred to as “personal data”) means any information that identifies, relates to, describes, references, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual or household. Personal Information includes, but is not limited to, identifiers, contact details, network activity, geolocation, or inferences drawn from such information. It does not include publicly available, de-identified, or aggregated data.

2.2 “Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

2.3 “Service Provider” (or “Processor”) means any third party that processes Personal Information on behalf of the Company pursuant to a written contract that restricts Processing to specified purposes and imposes confidentiality, data-security, and retention obligations consistent with the Applicable Privacy Laws.

2.4 “Deidentified Information” means data that cannot reasonably be used to infer details about or otherwise identify an individual, provided that the Company: (i) implements technical safeguards that prohibit re-identification; (ii) publicly commits not to attempt re-identification; and (iii) contractually obligates recipients to maintain the same.

2.5 “Aggregated Data” means statistical or demographic data derived from Personal Information but no longer reasonably capable of identifying an individual.

2.6 “Sensitive Personal Information” has the meaning set forth in CCPA § 1798.140(ae) and analogous definitions in other Applicable Privacy Laws, including precise geolocation, racial or ethnic origin, genetic data, or health-related information. The Company does not intentionally collect Sensitive Personal Information through this Site.

2.7 “Applicable Privacy Laws” collectively refers to the CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, TDPSA, and NRS 603A, as each may be amended, together with any regulations promulgated thereunder.

3. Overview of Data Collection. The Company endeavors to collect only the Personal Information reasonably necessary to achieve legitimate business purposes and to comply with applicable legal or regulatory obligations. The nature and volume of Personal Information collected may vary depending on the context of your interaction with the Site. We may collect Personal Information directly from you, automatically through your use of the Site, and from third-party or publicly available sources, as described in greater detail below.
4. Categories of Personal Information Collected. Consistent with Cal. Civ. Code § 1798.140(v)(1) and comparable provisions of other Applicable Privacy Laws, the Company may collect, and has collected within the preceding twelve (12) months, the following categories of Personal Information:

4.1 Identifiers and Contact Information. Information such as your full name, postal address, email address, telephone number, or other unique identifiers that you voluntarily provide when registering for updates, completing forms, or communicating with us.

4.2 Demographic Attributes. Information voluntarily supplied concerning age range, gender, marital or family status, education level, or similar characteristics, collected for analytic or audience-segmentation purposes.

4.3 Internet and Electronic Network Activity Information. Information automatically generated through interaction with the Site, including but not limited to IP address, device identifier, browser type, operating system, referring URLs, pages visited, time spent on pages, and clickstream data. This may also include log files and diagnostic information used to maintain security and functionality.

4.4 Geolocation Data. Approximate geographic location inferred from IP address or device settings, used for analytics, security, and regional-content customization. We do not collect precise geolocation.

4.5 Images, Recordings, and Testimonials. Photographs, videos, or written statements voluntarily submitted or authorized for publication or marketing use on the Site or in Company materials.

4.6 Inferences and Profile Data. Preferences, interests, or behavioral inferences derived from other categories of Personal Information to better understand user engagement and improve content relevance.

4.7 Exclusions. We do not intentionally collect Sensitive Personal Information through the Site and instruct users not to submit health-care or medical data via public forms or email. Any inadvertent submission will be securely deleted upon identification.

5. Sources of Personal Information.

5.1 Direct Collection. We collect Personal Information directly from you when you voluntarily provide it (for example, by completing a contact form, subscribing to newsletters, submitting a testimonial, or otherwise communicating with us). This includes information submitted through embedded forms, email correspondence, or other interactive features of the Site.

5.2 Automatic Collection. Certain data is collected automatically through your device or browser as you interact with the Site. This may include log files, IP addresses, device identifiers, browser type, operating system, referral URLs, session identifiers, and other analytics data. We use cookies, pixels, web beacons, and similar technologies to enable Site functionality, enhance performance, and understand usage patterns. Additional detail regarding our use of cookies and tracking technologies is provided in our Cookie & Tracking Technologies Policy, incorporated herein by reference.

5.3 Third-Party Sources. We may receive Personal Information from third-party analytics or marketing partners (such as Google Analytics, Meta Pixel, LinkedIn Insight Tag, and Bluehost Analytics), as well as from social-media integrations and hosting providers. These entities may provide aggregated or pseudonymized insights to help us measure Site performance and advertising effectiveness.

5.4 Combined Data. To the extent permitted by applicable law, we may combine information collected from different sources (direct, automatic, and third-party) to maintain accuracy and consistency or to improve user experience.

6. Purpose of Collection and Legal Basis for Processing.

 

6.1 Primary Purposes. We process Personal Information for one or more of the following purposes:

Operation and Maintenance: to operate, maintain, and improve the Site, ensure technical functionality, and diagnose performance issues.

Communication: to respond to inquiries, send administrative notices, and provide requested information.

Analytics and Research: to analyze usage trends and evaluate the effectiveness of educational materials.

Marketing and Outreach: to deliver newsletters, promotions, or informational content consistent with user preferences and legal requirements.

Security and Compliance: to detect, prevent, and address fraud, unauthorized activity, or violations of our Terms of Use.

Legal and Regulatory Obligations: to comply with applicable laws, regulatory audits, or judicial proceedings.

Business Continuity: to support internal record-keeping, auditing, and data-management practices.

6.2 Lawful Bases Under Applicable Privacy Laws. Under the Applicable Privacy Laws, we rely on one or more of the following bases:

Consent. When required (e.g., for marketing communications or certain analytics), we process information based on your affirmative consent.

Contractual Necessity. Processing may be necessary to perform a contract or to take steps at your request before entering into one.

Legitimate Interests. We may process Personal Information to pursue our legitimate business interests (such as improving the Site), so long as those interests are not overridden by your rights.

Legal Obligation. We may process information to comply with applicable statutes, regulations, or legal processes.

Protection of Vital Interests or Public Interest. Rarely, processing may occur to protect vital interests or as required by public policy.

6.3 Prohibited Uses. We do not process Personal Information for profiling that produces legal or similarly significant effects, nor do we sell or share Personal Information for cross-context behavioral advertising.

7. Disclosure of Personal Information.

7.1 Categories of Recipients. The Company may disclose Personal Information to the following categories of recipients, each bound by confidentiality and data-protection obligations:

Service Providers/Processors. Vendors providing hosting, cloud storage, analytics, communications, and security services.

Affiliates and Subsidiaries. For operational and administrative purposes consistent with this Policy.

Professional Advisors. Attorneys, auditors, insurers, and consultants engaged under confidentiality obligations.

Business Successors. In connection with any merger, acquisition, or sale of assets, subject to contractual safeguards.

Regulatory Authorities and Law Enforcement. When required to comply with law, respond to subpoenas, or protect rights and safety.

Others with Your Consent. As specifically authorized by you.

7.2 Nature of Disclosure. All disclosures are made pursuant to written agreements that restrict processing to specified purposes, prohibit further sale or use, and require appropriate security measures. De-identified or aggregated information may be disclosed without limitation.

7.3 No Sale or Sharing. The Company does not sell Personal Information or share it for cross-context behavioral advertising within the meaning of Cal. Civ. Code § 1798.140(ah).

7.4 Compelled Disclosures. We may disclose Personal Information when required by law, court order, or subpoena, or when we believe disclosure is necessary to prevent harm, fraud, or security incidents.

8. Retention of Personal Information.

8.1 Duration. We retain Personal Information only as long as reasonably necessary to achieve the purposes outlined in this Policy, to satisfy legal or regulatory obligations, to resolve disputes, and to enforce agreements. Specific retention periods depend on the type of information, sensitivity, potential risk of harm, and applicable statutory requirements.

8.2 Deletion and De-Identification. When retention is no longer necessary, we delete or de-identify Personal Information using commercially reasonable methods. If deletion is infeasible, we segregate and securely store the data until deletion can occur. De-identified information is maintained subject to technical and contractual safeguards prohibiting re-identification.

8.3 Records of Processing. The Company maintains internal records of data-processing activities as required by Applicable Privacy Laws to demonstrate accountability and compliance.

9. Data Security.

9.1 Safeguards. We implement administrative, technical, and physical measures designed to protect Personal Information against unauthorized access, destruction, alteration, or disclosure. These measures include, without limitation: (a) SSL/TLS encryption for data transmitted to and from the Site; (b) firewalls and intrusion-detection systems; (c) regular malware scanning and patch management; (d) access-control protocols limiting personnel exposure to sensitive systems; and (d) vendor due-diligence and contractual security obligations.

9.2 Risk Acknowledgment. While we strive to maintain industry-standard protections, no system or transmission is entirely secure. By using the Site, you acknowledge that you provide information at your own risk and that the Company cannot guarantee absolute security.

9.3 Incident Response. In the event of a data-security incident involving Personal Information, the Company will investigate promptly, mitigate risk, and provide notice to affected individuals and regulators as required by law.

10. Your Privacy Rights.

10.1 Overview. Depending on your state of residence, you may be entitled to exercise certain rights regarding your Personal Information under the Applicable Privacy Laws. We will not discriminate against you for exercising any such right.

10.2 Right to Know / Access. You have the right to request that we disclose the categories and specific pieces of Personal Information we have collected about you, the sources from which the information was obtained, the business or commercial purposes for the collection, and the categories of third parties to whom we have disclosed such information.

10.3 Right to Correction. You have the right to request correction of inaccurate Personal Information maintained about you.

10.4 Right to Deletion. You may request deletion of Personal Information we maintain about you, subject to statutory exceptions such as compliance with legal obligations, detection of security incidents, or exercise of free-speech rights.

10.5 Right to Opt-Out of Sale or Sharing. The Company does not sell or share Personal Information for cross-context behavioral advertising as defined under Cal. Civ. Code § 1798.140(ah). If this ever changes, we will update this Policy and provide an accessible opt-out mechanism as required by law.

10.6 Right to Limit Use of Sensitive Personal Information. We do not collect Sensitive Personal Information through the Site. If such collection ever occurs, you will be given advance notice and the ability to limit its use and disclosure consistent with CCPA § 1798.121.

10.7 Right to Data Portability. You may request that we provide a copy of your Personal Information in a portable, readily usable format that allows you to transmit the data to another entity.

10.8 Right to Appeal. Residents of Colorado, Virginia, Connecticut, and Texas have the right to appeal a denial of a privacy-rights request. Appeals may be submitted using the same channels identified below; we will respond within the time period required by applicable law.

10.9 Submission of Requests. You may submit requests to exercise privacy rights by emailing leadership@meadowell.com, by mail to Privacy Officer, Meadow Health, LLC d/b/a Meadowell, P.O. Box 304, Louviers CO 80131, or by using any web form provided on the Site. Please include sufficient information to verify your identity and describe your request with reasonable detail.

10.10 Verification Process. For security purposes, we may require additional information to verify your identity before responding. We will not disclose, correct, or delete Personal Information unless we can reasonably verify that you are the individual to whom the information relates or an authorized agent acting on your behalf.

10.11 Authorized Agents. If you designate an authorized agent to make a request on your behalf, we may require proof of written authorization or a power of attorney, and we may verify the agent’s identity separately.

10.12 Response Timeline. We will respond to verifiable consumer requests within forty-five (45) days of receipt. If additional time is reasonably necessary, we will notify you and may extend the period by an additional forty-five (45) days.

10.13 Recordkeeping. We maintain records of privacy-rights requests and our responses as required by law to demonstrate compliance.

11. State-Specific Disclosures.

11.1 California Notice. California residents have the rights enumerated above under the CCPA/CPRA. We confirm that we have not sold or shared Personal Information in the twelve (12) months preceding the “Last Updated” date of this Policy. We honor Global Privacy Control (GPC) signals as an opt-out preference where legally required.

11.2 Colorado Notice. Colorado residents may exercise rights under the Colorado Privacy Act by contacting us through the channels listed above. Appeals of denied requests will be reviewed by a privacy-compliance officer not involved in the initial decision.

11.3 Virginia, Connecticut, Utah, and Texas Notices. Residents of these states may exercise equivalent rights under their respective privacy statutes. We will apply the most protective standard among the Applicable Privacy Laws to ensure consistent treatment.

11.4 Nevada Notice. Nevada law grants residents the right to opt out of the sale of certain Personal Information to third parties. Because we do not sell such data, no action is required at this time.

12. International Transfers. The Site is controlled and operated from the United States and is intended for users located within the United States. If you access the Site from outside the U.S., you understand and consent to the transfer and processing of your data in the United States, which may not provide the same level of protection as the laws of your jurisdiction. We will implement appropriate safeguards for any cross-border transfers that occur.

13. Testimonials and Use of Likeness. If you voluntarily provide a testimonial, review, photograph, or video for publication, you grant the Company a non-exclusive, worldwide, royalty-free, perpetual license to use your name, likeness, and statements in any media for informational or promotional purposes consistent with this Policy and the Terms of Use. You may withdraw consent prospectively by written notice to the Privacy Officer, subject to the practical limits of existing publication.

14. Changes to This Policy. We may amend or update this Policy at any time in our sole discretion. The “Last Updated” date at the top of this page reflects the most recent revision. When we make material changes, we will post a prominent notice on the Site. Continued use of the Site after publication of changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

15. Contact Information.

Meadow Health, LLC

Attn: Privacy Officer

P.O. Box 304

Louviers CO, 80131

Email: leadership@meadowell.com

16. Interpretation and Severability. If any provision of this Policy is held invalid or unenforceable, the remaining provisions shall remain in full force and effect. Headings are for convenience only and do not affect interpretation. This Policy shall be governed by the laws of the State of Colorado, without regard to conflict-of-law principles.

[END OF POLICY]

Meadowell health quiz

1/24

How do you feel when you wake up most mornings?