Security and privacy

Your information, protected with the same care as your appointment.

We built Golden Life Standard Health to treat trust as a clinical responsibility. Below is a plain-language summary of how we handle your information, the technical safeguards in place, and the choices you have.

HIPAA-aligned practices

Our workflows, vendor contracts, and clinical documentation follow HIPAA standards for protected health information (PHI). Vendor relationships involving PHI are governed by Business Associate Agreements (BAAs).

Encrypted in transit and at rest

Every page is served over HTTPS (TLS 1.2+). Stored records, uploaded documents, and database backups are encrypted at rest using industry-standard AES-256.

Access controls and audit logging

Administrative access is restricted to authorized staff with role-based permissions. Sensitive admin actions, such as status changes and document downloads, are recorded in a tamper-evident audit log.

No data selling. No data sharing.

We never sell your information and we never share it with advertisers, brokers, or social platforms. Information you share with us is used only to deliver and improve your care.

Technical safeguards

Quiet, careful protection, layered front to back.

These are the day-to-day controls that keep your records private. We continue to invest in them as our practice grows.

  • Encrypted databases and backups
  • TLS 1.2 or higher in transit
  • bcrypt password hashing
  • Brute-force lockout on admin login
  • Short-lived, HttpOnly session cookies
  • Audit log on admin actions
  • No third-party advertising trackers
  • HIPAA-aligned hosting partners under BAA

What we collect

Only what helps us care for you.

We collect the minimum information needed to schedule, deliver, and follow up on care. Required fields are clearly marked at point of collection.

Identifying information: name, date of birth, contact details, address. Used for appointment scheduling and clinical records.

Insurance details: plan, member ID, group number, and optional uploaded card images. Used to verify benefits and process claims.

Clinical information: intake responses, symptoms, history, treatment notes. Used by your care team to build and adjust your plan.

Visit data: appointment timestamps and clinician notes. Stored under HIPAA-aligned retention policies.

We do not use analytics or marketing pixels that share personal information with third parties. We do use standard, privacy-preserving operational logs to keep the site reliable.

Your rights

You are in control of your record.

  • Access. You may request a copy of the information we hold about you.
  • Correction. You may ask us to correct inaccuracies in your record.
  • Restriction. You may ask us to limit how we use or share certain information, subject to clinical and legal requirements.
  • Complaint. You may contact our Privacy Officer or file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights without retaliation.

In a crisis, please call for help

This page describes our standard data practices. It is not a place to request emergency care. If you or a loved one are in immediate danger or having thoughts of self-harm, call 988 for the Suicide and Crisis Lifeline or 911 for emergency services.

Reach our Privacy Officer

Questions, requests, or concerns about your data

Email care@goldenlifesh.com and a member of our privacy and care team will respond within one business day.

Contact our team

Last reviewed May 2026. This page summarises our practices in plain language and is not a substitute for the full Notice of Privacy Practices, which is provided during intake and available on request.