Policies

This page contains Daybreaker Health legal policies and notices.

Included Documents

Terms of Service
Privacy Policy
Telehealth Consent Form
HIPAA Notice of Privacy Practices

TERMS OF SERVICE

DAYBREAKER HEALTH, P.C.

Effective Date: April 1, 2025
Last Updated: April 1, 2025
Version: 1.0

PLAIN-LANGUAGE SUMMARY

These Terms of Service are a legal agreement between you and Daybreaker Health. By using our platform, you agree to these terms. Key points: (1) You must be 18+ and a US resident; (2) We provide a health optimization platform—physicians provide medical care; (3) This is NOT for emergencies—call 911; (4) Disputes are resolved through binding arbitration, not court; (5) Our liability is limited. Please read carefully.

IMPORTANT NOTICES

PLEASE READ THESE TERMS CAREFULLY BEFORE USING OUR SERVICES.

ARBITRATION NOTICE: These Terms contain a binding arbitration clause and class action waiver in Section 22. By agreeing to these Terms, you agree that disputes will be resolved through individual arbitration rather than in court, and you waive your right to participate in class actions. You may opt out within 30 days of first accepting these Terms.

MEDICAL DISCLAIMER: Daybreaker Health is a Medical Services Organization (MSO) that provides a technology platform and care coordination services. Clinical medical services are provided by independent physicians contracted through Qualiphy Medical Group. We do NOT provide emergency or urgent care. If you have a medical emergency, call 911 immediately.

Acceptance of Terms
Eligibility & Account Requirements
Description of Services
Services Not Provided / Scope Limitations
User Obligations & Representations
Prohibited Uses
Membership & Subscription Terms
Additional Fees
Refund Policy
Telehealth Consent
Medical Disclaimers
Supplement Disclaimers
Off-Label Prescribing Disclosures
AI Coach Disclaimers
Technology & Service Availability
Intellectual Property
Third-Party Services & Links
Privacy & Data Use
Account Termination
Warranties Disclaimer
Limitation of Liability
Dispute Resolution: Binding Arbitration & Class Action Waiver
Indemnification
Governing Law
Force Majeure
Modifications to Terms
General Provisions
Accessibility
Contact Information

1. ACCEPTANCE OF TERMS

1.1 Binding Agreement

These Terms of Service (“Terms”) constitute a legally binding agreement between you (“you,” “your,” or “User”) and Daybreaker Health, P.C., a California professional corporation (“Daybreaker,” “we,” “us,” or “our”).

By creating an account, accessing our mobile application, using our website at https://daybreakerhealth.com, or otherwise using any of our services, you:

Acknowledge that you have read and understood these Terms
Agree to be bound by these Terms
Represent that you have the legal capacity to enter into this agreement
Agree to comply with all applicable laws and regulations

1.2 Additional Agreements

By using our services, you also agree to:

Privacy Policy – How we collect, use, and protect your personal information
HIPAA Notice of Privacy Practices – How we use and disclose your Protected Health Information
Telehealth Consent Form – Authorization for telehealth services (required before first consultation)
Cookie Policy – Use of cookies and tracking technologies
SMS/Text Messaging Terms – Terms governing text message communications
End User License Agreement (EULA) – Terms governing use of our mobile application

These documents are incorporated by reference into these Terms.

1.3 Changes to Terms

We may modify these Terms at any time. See Section 26 for details on how changes are communicated and your options.

1.4 If You Do Not Agree

If you do not agree to these Terms, you may not access or use our services. Your continued use after any changes constitutes acceptance of the modified Terms.

2. ELIGIBILITY & ACCOUNT REQUIREMENTS

2.1 Age Requirement

You must be at least 18 years of age to use our services. By using our services, you represent and warrant that you are at least 18 years old.

If you are under 18, you may only use our services with the consent and supervision of a parent or legal guardian who agrees to be bound by these Terms on your behalf.

2.2 Geographic Restrictions

Our services are available only to residents of the United States. You must be physically located in one of the 50 US states at the time of each telehealth consultation. Physicians must be licensed in the state where you are located.

By using our services, you represent and warrant that:

You are a legal US resident
You will be physically located in a US state during telehealth consultations
You will accurately disclose your location

2.3 Account Creation

To use our services, you must create an account by providing:

Full legal name
Email address
Phone number
Date of birth
Physical address
Payment information

You agree to provide accurate, current, and complete information during registration and to update such information to keep it accurate, current, and complete.

2.4 Account Security

You are responsible for:

Maintaining the confidentiality of your account credentials
All activities that occur under your account
Notifying us immediately of any unauthorized access or use

We are not liable for any loss or damage arising from your failure to protect your account credentials.

2.5 One Account Per Person

Each person may maintain only one account. Accounts are non-transferable. You may not:

Create multiple accounts
Share your account credentials with others
Allow others to access your account
Transfer or assign your account to another person

2.6 Account Verification

We may verify your identity and eligibility at any time. Failure to provide requested verification may result in suspension or termination of your account.

3. DESCRIPTION OF SERVICES

3.1 Platform Overview

Daybreaker Health operates a subscription-based longevity and health optimization platform. We provide:

Technology Platform: Mobile application and web interface for accessing services
Care Coordination: Connecting you with physicians, labs, and pharmacies
Administrative Services: Scheduling, billing, and member support
AI Health Coaching: Personalized wellness recommendations based on wearable data (informational only, not medical advice)

3.2 Medical Services Organization (MSO) Model

Important: Daybreaker Health is a Medical Services Organization (MSO). We provide administrative, technology, and coordination services. We do NOT provide medical care directly.

Clinical medical services are provided by independent physicians contracted through Qualiphy Medical Group. These physicians:

Are licensed in the state(s) where you receive care
Maintain their own professional liability (malpractice) insurance
Exercise independent medical judgment
Are NOT employees of Daybreaker Health

3.3 Services Included in Membership

Your $99/month membership includes:

Health Domains:

Movement – Fitness protocols, mobility assessments, exercise recommendations
Nutrition – Dietary guidance, meal planning, metabolic optimization
Sleep & Recovery – Sleep optimization, recovery protocols, stress management
Prescriptions – Medication management, e-prescribing (consultation fees included; medication costs separate)
Therapies – Therapeutic protocols and interventions
Aesthetics – Skin health, anti-aging protocols
Environment – Environmental health optimization
Medical Care – Preventive care, health diagnostics, condition management

Included Services:

Unlimited messaging with care team
Telehealth physician consultations (video, phone, or asynchronous)
Monthly 20-minute coaching calls
AI-driven wearable coaching and health insights
Personalized health protocols
Lab ordering and interpretation (lab costs separate)
Membership community access
Mobile app access

3.4 What Is NOT Included

The following are not included in your membership and are billed separately:

Laboratory tests (Quest Diagnostics, LabCorp pricing)
Prescription medications (pharmacy pricing + shipping)
Supplements (member discount pricing)
Specialized treatments or procedures
Third-party services

4. SERVICES NOT PROVIDED / SCOPE LIMITATIONS

4.1 Emergency Care

WE DO NOT PROVIDE EMERGENCY MEDICAL CARE.

If you are experiencing a medical emergency, CALL 911 IMMEDIATELY or go to your nearest emergency room.

Examples of medical emergencies include but are not limited to:

Chest pain or pressure
Difficulty breathing
Severe bleeding
Loss of consciousness
Signs of stroke (sudden weakness, numbness, vision changes, difficulty speaking)
Severe allergic reactions
Severe abdominal pain
High fever with confusion
Suicidal or homicidal thoughts

4.2 Urgent Care

We do not provide urgent care services. If you have an urgent medical issue that is not life-threatening but requires same-day attention, please visit an urgent care facility or emergency room.

4.3 Other Excluded Services

Our platform does NOT provide:

Surgical procedures
Inpatient hospital care
In-person physical examinations (except at micro-clinics when available)
Dental or vision care
Mental health crisis intervention (call 988 Suicide & Crisis Lifeline)
Substance abuse treatment requiring detox or rehabilitation
Pediatric care (under 18 without parental consent)
Obstetric care (prenatal, labor, delivery)
Services requiring in-person evaluation that cannot be done via telehealth

4.4 Controlled Substances

During our first year of operation, we do NOT prescribe Schedule II-IV controlled substances. This includes but is not limited to:

Opioid pain medications (Oxycodone, Hydrocodone, Morphine)
Benzodiazepines (Xanax, Valium, Klonopin, Ativan)
Stimulants (Adderall, Ritalin, Vyvanse)
Sleep medications (Ambien, Lunesta)
Other DEA-scheduled medications

This policy may change in the future with appropriate protocols and compliance measures.

4.5 Limitations of Telehealth

Telehealth has inherent limitations. Some conditions require in-person evaluation. Your physician may:

Recommend in-person follow-up
Refer you to a specialist
Decline to provide certain treatments via telehealth
Require additional testing before prescribing

You agree to follow physician recommendations for in-person care when clinically indicated.

5. USER OBLIGATIONS & REPRESENTATIONS

5.1 Accurate Information

You agree to provide accurate, complete, and truthful information, including:

Personal identification information
Complete medical history
Current medications and supplements
Allergies and adverse reactions
Lifestyle factors (diet, exercise, sleep, alcohol, tobacco, drug use)
Family medical history
Current symptoms and health concerns

Providing false or misleading health information may result in inappropriate treatment and could endanger your health.

5.2 Updating Information

You agree to promptly update your information when:

Your health status changes
You start or stop medications
You experience side effects or adverse reactions
You receive care from other providers
Your contact information changes
You move to a different state

5.3 Following Medical Advice

You agree to:

Follow treatment plans and physician instructions
Take medications as prescribed
Attend recommended follow-up appointments
Obtain in-person care when recommended
Report concerns, side effects, or changes in condition promptly
Complete recommended laboratory tests

5.4 Your Location

You must be physically located in a US state where your treating physician is licensed at the time of each telehealth consultation. You agree to:

Accurately disclose your physical location
Notify us if you are traveling to a different state
Understand that services may not be available in all locations

5.5 Emergency Plan

You agree to:

Know how to contact emergency services (911)
Know the location of your nearest emergency room
Understand that our services are NOT for emergencies
Seek emergency care when appropriate, regardless of cost or convenience

5.6 Legal Compliance

You agree to comply with all applicable federal, state, and local laws in connection with your use of our services.

6. PROHIBITED USES

6.1 You May NOT:

Account Misuse:

Create false or misleading accounts
Create multiple accounts
Share account credentials
Transfer or sell your account
Access another person’s account without authorization

Platform Misuse:

Use the platform for any illegal purpose
Attempt to gain unauthorized access to our systems
Introduce viruses, malware, or other harmful code
Interfere with platform functionality or security
Scrape, data mine, or extract data from the platform
Reverse engineer, decompile, or disassemble the application
Circumvent security measures or access controls
Use bots, scripts, or automated tools without authorization

Service Misuse:

Seek prescriptions for controlled substances through deception
Provide false health information to obtain medications
Resell, distribute, or share medications obtained through our platform
Use services for purposes other than your own personal health
Seek care for conditions you know require in-person evaluation

Conduct:

Harass, threaten, or abuse our staff, physicians, or other members
Use offensive, discriminatory, or inappropriate language
Engage in fraudulent activity
Violate the privacy or rights of others

6.2 Consequences

Violation of these prohibitions may result in:

Immediate suspension or termination of your account
Forfeiture of membership fees
Reporting to law enforcement or regulatory authorities
Civil or criminal liability
Legal action to recover damages

7. MEMBERSHIP & SUBSCRIPTION TERMS

7.1 Membership Fee

The standard membership fee is $99 per month. Membership provides access to all included services described in Section 3.3.

7.2 Billing Cycle

Monthly Billing: Charged on the same date each month (or the last day of shorter months)
Annual Billing: If available, charged once per year with applicable discount

Your first billing date is the date you subscribe. Subsequent charges occur on the same calendar date.

7.3 Auto-Renewal

YOUR MEMBERSHIP AUTOMATICALLY RENEWS at the end of each billing period (monthly or annually) unless you cancel.

By subscribing, you authorize us to charge your payment method on file for each renewal period until you cancel.

7.4 Renewal Notice

We will send you an email reminder at least 7 days before your renewal date. This reminder will include:

Renewal date
Amount to be charged
How to cancel if you do not wish to renew

7.5 Payment Methods

We accept:

Credit cards (Visa, Mastercard, American Express, Discover)
Debit cards
FSA/HSA cards (for eligible services)

You agree to provide a valid payment method and maintain current payment information.

7.6 Failed Payments

If your payment fails:

We will attempt to charge your payment method again
You will receive notification of the failed payment
You will have a 7-day grace period to update your payment method
After the grace period, your account may be suspended
Continued non-payment may result in account termination

7.7 Price Changes

We may change membership pricing with 30 days’ advance notice to existing members. Price changes apply to the billing period following the notice period.

If you do not agree to a price change, you may cancel before it takes effect.

7.8 Cancellation

How to Cancel:

In-App: Settings > Subscription > Cancel Membership
Email: care@daybreakerhealth.com
Phone: (805) 549-4172

Cancellation Terms:

Cancellation is effective at the end of your current billing period
You retain access to services until the end of the paid period
No partial-month refunds for unused time
You may reactivate at any time (may be subject to current pricing)

7.9 FTC Click-to-Cancel Compliance

In compliance with the FTC’s “click-to-cancel” rule, cancellation is as easy as sign-up. You can cancel:

Through the same method you used to subscribe
Without speaking to a retention agent (unless you choose to)
Without navigating through excessive steps or screens

8. ADDITIONAL FEES

8.1 Services Billed Separately

The following services are not included in your membership fee and are billed separately:

Service	Approximate Cost	Notes
Laboratory Tests	$50-$500+	Quest/LabCorp pricing; varies by test
Prescription Medications	Variable	Pharmacy pricing + shipping
Supplements	Member discount pricing	Third-party products
Micro-Clinic Visits	TBD	When available
Specialized Treatments	Variable	As quoted

8.2 Lab Costs

Laboratory tests are ordered through Quest Diagnostics, LabCorp, or other partners. Costs vary based on:

Tests ordered
Your location
Your insurance (if using insurance for labs)

You will be informed of estimated costs before tests are ordered.

8.3 Prescription Costs

Prescription medications are filled through partner pharmacies. Costs depend on:

Medication type and quantity
Pharmacy pricing
Shipping costs
Insurance coverage (if applicable)

We do not control prescription pricing. You are responsible for all prescription costs.

8.4 FSA/HSA Eligibility

Service	FSA/HSA Eligible
Membership fees	✅ Yes
Telehealth consultations	✅ Yes
Laboratory tests	✅ Yes
Prescription medications	✅ Yes
Supplements	❌ Generally No*
Merchandise	❌ No

*Some supplements may be eligible with a Letter of Medical Necessity. Consult your FSA/HSA administrator.

8.5 Taxes

You are responsible for any applicable sales tax, use tax, or other taxes imposed by governmental authorities on your purchases.

9. REFUND POLICY

9.1 No Refunds for Services Rendered

We do not provide refunds for:

Membership fees for periods during which you had access to services
Telehealth consultations that have occurred
Laboratory tests that have been processed
Prescriptions that have been filled
Supplements that have been shipped

9.2 No Partial-Month Refunds

If you cancel your membership mid-billing-cycle, you will:

Retain access until the end of the current billing period
NOT receive a refund for the unused portion

9.3 Exceptions

We may provide refunds in the following limited circumstances:

Billing Error: If we charged you in error (e.g., duplicate charge)
Technical Failure: If a technical issue on our end prevented you from accessing services
Service Not Provided: If we failed to provide a scheduled consultation

Refund requests must be submitted within 30 days of the charge.

9.4 Dissatisfaction

Dissatisfaction with services or results is not grounds for a refund. Health outcomes vary, and we do not guarantee specific results. If you are dissatisfied, you may cancel your membership prospectively.

9.5 Chargebacks

If you dispute a charge with your bank or credit card company:

We will provide transaction records and service documentation
Your account may be suspended pending resolution
Fraudulent chargebacks may result in account termination and collection action

Before your first telehealth consultation, you must review and sign our Telehealth Consent Form. This form explains:

How telehealth works
Technology requirements
Benefits, risks, and limitations
Emergency protocols
Your rights and responsibilities

Your continued use of telehealth services constitutes ongoing consent. You may withdraw consent at any time by notifying us in writing.

10.3 State-Specific Requirements

Telehealth consent requirements vary by state. We comply with the telehealth laws of each state where we provide services, including California, Colorado, and New York.

11. MEDICAL DISCLAIMERS

11.1 No Guarantee of Results

WE DO NOT GUARANTEE ANY SPECIFIC HEALTH OUTCOMES.

Health outcomes depend on many factors, including genetics, lifestyle, adherence to treatment, and individual response. Results vary from person to person.

Marketing statements such as “transform your health” or “turn back your biological clock” describe goals and aspirations—not guaranteed outcomes.

11.2 Not a Substitute for In-Person Care

Our telehealth services supplement but do not replace in-person medical care. You should maintain a relationship with a primary care physician for:

Annual physicals
Vaccinations
In-person examinations when needed
Emergency and urgent care

11.3 Physician Independence

The physicians providing medical services through our platform are:

Independent contractors of Qualiphy Medical Group
NOT employees of Daybreaker Health
Exercising their own independent medical judgment
Responsible for their own clinical decisions

Daybreaker Health does not direct, control, or interfere with physicians’ clinical decisions.

11.4 Daybreaker’s Role

Daybreaker Health provides:

Technology platform
Administrative services
Care coordination
Member support

Daybreaker Health does NOT:

Practice medicine
Diagnose conditions
Prescribe medications
Make clinical treatment decisions

11.5 Limitations of Remote Care

Remote/telehealth care has limitations:

Physical examination is limited to visual observation
Some diagnoses require in-person evaluation
Some treatments cannot be provided via telehealth
Technical issues may affect care delivery

You agree to seek in-person care when recommended by your physician or when clinically indicated.

11.6 Second Opinions

You have the right to seek second opinions from other healthcare providers. Our physicians’ assessments and recommendations are based on the information available to them and may differ from other providers’ opinions.

12. SUPPLEMENT DISCLAIMERS

12.1 FDA Disclaimer

THESE STATEMENTS HAVE NOT BEEN EVALUATED BY THE FOOD AND DRUG ADMINISTRATION. PRODUCTS RECOMMENDED THROUGH OUR PLATFORM ARE NOT INTENDED TO DIAGNOSE, TREAT, CURE, OR PREVENT ANY DISEASE.

12.2 Supplements Are Not Medications

Dietary supplements:

Are NOT FDA-approved drugs
Are NOT tested by the FDA for safety or efficacy before marketing
May not have the same quality controls as pharmaceuticals
May vary in purity, potency, and quality

12.3 Third-Party Products

Supplements recommended or sold through our platform are manufactured by third parties. Daybreaker Health:

Does NOT manufacture supplements
Does NOT independently test supplements for purity or potency
Does NOT guarantee supplement quality
Is NOT responsible for third-party manufacturing practices

12.4 Potential Risks

Supplements may:

Interact with prescription medications
Cause allergic reactions
Have side effects
Be contraindicated for certain conditions
Affect medical test results

Always inform your physician about all supplements you take. Consult your physician before starting any new supplement.

12.5 Your Responsibility

You are responsible for:

Reviewing supplement ingredients and labels
Disclosing all supplements to your physicians
Reporting any adverse reactions
Purchasing supplements from reputable sources

13. OFF-LABEL PRESCRIBING DISCLOSURES

13.1 What Is Off-Label Prescribing?

“Off-label” prescribing means using an FDA-approved medication for a purpose, population, or dosage not specifically approved by the FDA. Off-label prescribing is legal and common in medical practice.

13.2 Off-Label Medications We May Prescribe

Our physicians may prescribe medications off-label for longevity and health optimization purposes, including but not limited to:

GLP-1 Agonists (e.g., Semaglutide, Tirzepatide):

FDA-approved for: Type 2 diabetes, obesity (BMI ≥30 or ≥27 with comorbidities)
Off-label use: Metabolic optimization in individuals not meeting obesity criteria
Known risks: Nausea, vomiting, diarrhea, constipation, pancreatitis (rare), gallbladder disease, thyroid tumors (in animal studies)

Peptides (e.g., BPC-157, CJC-1295, Ipamorelin):

FDA status: Generally NOT FDA-approved for human use
Off-label use: Recovery, healing, longevity optimization
Known risks: Limited human safety data, potential for contamination, unknown long-term effects

Hormone Therapy (e.g., Testosterone, Estrogen, DHEA):

FDA-approved for: Hormone deficiency states
Off-label use: Optimization in individuals with “normal” levels
Known risks: Cardiovascular effects, prostate issues (testosterone), breast cancer risk (estrogen), mood changes

Before prescribing off-label medications, your physician will:

Explain the FDA-approved use vs. the prescribed use
Discuss known risks, benefits, and alternatives
Inform you of limited long-term safety data (where applicable)
Obtain your informed consent

You may decline off-label medications without penalty.

13.4 Your Rights

You have the right to:

Know when a medication is being prescribed off-label
Ask questions about risks and benefits
Decline off-label treatment
Request alternative on-label medications (if available)
Seek second opinions

14. AI COACH DISCLAIMERS

14.1 AI Coach Purpose

Our AI health coach analyzes your wearable data, lab results, and health information to provide personalized wellness recommendations for:

Sleep optimization
Activity and exercise
Recovery and stress management
Nutrition guidance
Health trend identification

14.2 NOT Medical Advice

THE AI COACH DOES NOT PROVIDE MEDICAL ADVICE, DIAGNOSES, OR TREATMENT RECOMMENDATIONS.

The AI coach provides:

✅ Informational wellness guidance
✅ General health education
✅ Lifestyle recommendations
✅ Data visualization and trends

The AI coach does NOT provide:

❌ Medical diagnoses
❌ Clinical treatment decisions
❌ Prescription recommendations
❌ Emergency medical guidance

14.3 Human Oversight

All clinical decisions are made by licensed physicians, NOT AI
Physicians review AI-generated insights before clinical use
You can always request human review of any AI recommendation

14.4 Accuracy Limitations

AI recommendations are based on:

Data you provide (which may be incomplete or inaccurate)
Wearable device data (which may have accuracy limitations)
Algorithms (which have inherent limitations)

AI recommendations may be:

Inaccurate or inappropriate for your specific situation
Based on general population data that may not apply to you
Affected by data quality issues

14.5 Your Responsibility

You are responsible for:

Verifying AI recommendations with your physician before acting on them
Not relying solely on AI for health decisions
Seeking professional medical advice for health concerns
Understanding that AI is a tool, not a substitute for medical care

15. TECHNOLOGY & SERVICE AVAILABILITY

15.1 Service Provided “As Is”

Our platform and services are provided on an “AS IS” and “AS AVAILABLE” basis. We do not guarantee:

Uninterrupted access to the platform
Error-free operation
Compatibility with all devices
Availability in all locations
That the service will meet your expectations

15.2 Planned Maintenance

We may temporarily suspend access for maintenance. When possible, we will provide advance notice of planned maintenance.

15.3 Technical Failures

We are NOT liable for:

Video or audio failures during consultations
App crashes or errors
Internet connectivity issues
Server outages or downtime
Third-party service failures (Qualiphy platform, Terra API, wearable syncing)
Data loss due to technical issues
Delays in care due to technical problems

15.4 Backup Procedures

If video fails during a consultation:

Your physician may continue via phone call
The consultation may be rescheduled
We will make reasonable efforts to ensure you receive care

15.5 Device Requirements

You are responsible for maintaining:

Compatible device (iOS 15+ or Android 12+)
Reliable internet connection (minimum 5 Mbps for video)
Updated app version
Working camera and microphone (for video consultations)

15.6 Changes to Platform

We may modify, update, or discontinue features of the platform at any time. Material changes that negatively affect your use of the service will be communicated in advance when feasible.

16. INTELLECTUAL PROPERTY

16.1 Daybreaker’s Ownership

Daybreaker Health owns all right, title, and interest in:

The Daybreaker name, logo, and trademarks
The mobile application and website
All software, code, and algorithms
All content (text, images, graphics, videos)
AI models and health coaching algorithms
User interface and design elements

16.2 Limited License

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to:

Access and use the platform for personal, non-commercial purposes
View and download content for personal use

This license terminates upon termination of your account or violation of these Terms.

16.3 Restrictions

You may NOT:

Copy, modify, or create derivative works of the platform or content
Reverse engineer, decompile, or disassemble the application
Remove copyright, trademark, or proprietary notices
Use our trademarks without written permission
Sell, resell, or commercially exploit the platform
Frame or mirror the website without permission

16.4 User-Generated Content

If you submit content (reviews, testimonials, forum posts, feedback):

You retain ownership of your content
You grant Daybreaker a perpetual, royalty-free, worldwide, non-exclusive license to use, reproduce, modify, display, and distribute your content
You represent that your content is original and does not infringe third-party rights
We may use your content in marketing (with your consent for identifiable information)
We may remove content that violates these Terms or is otherwise objectionable

16.5 DMCA Compliance

If you believe content on our platform infringes your copyright, please send a DMCA takedown notice to:

Email: legal@daybreakerhealth.com

Mail:
DMCA Agent
Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

Your notice must include:

Identification of the copyrighted work
Identification of the infringing material and its location
Your contact information
Statement of good faith belief that use is not authorized
Statement under penalty of perjury that information is accurate
Your physical or electronic signature

17. THIRD-PARTY SERVICES & LINKS

17.1 Third-Party Service Providers

Our platform integrates with third-party services, including:

Service	Purpose
Qualiphy	Telehealth physician services
Terra API	Wearable data integration
Quest/LabCorp	Laboratory testing
Partner pharmacies	Prescription fulfillment
Stripe	Payment processing
Supabase	Database hosting

17.2 Third-Party Terms

Third-party services are governed by their own terms of service and privacy policies. By using our platform, you agree to comply with applicable third-party terms. Key third-party policies:

Qualiphy: https://qualiphy.me/terms-of-service-cookies-privacy-policy/
Stripe: https://stripe.com/legal
Apple Health: https://www.apple.com/legal/privacy/

17.3 No Endorsement

Links to external websites are provided for convenience only. We do not:

Endorse or control external websites
Guarantee accuracy or completeness of external content
Accept responsibility for external sites’ privacy practices

17.4 Third-Party Liability

We are NOT liable for:

Actions or omissions of third-party service providers
Quality of services provided by third parties
Errors or failures by labs, pharmacies, or wearable devices
Third-party data breaches or privacy violations

18. PRIVACY & DATA USE

18.1 Privacy Policy

Our collection, use, and disclosure of personal information is governed by our Privacy Policy, available at https://daybreakerhealth.com/privacy-policy.

By using our services, you consent to our data practices as described in the Privacy Policy.

18.2 HIPAA Notice

Our use and disclosure of Protected Health Information (PHI) is governed by our HIPAA Notice of Privacy Practices, provided separately.

By using our services, you consent to:

Collection of personal information as described in our Privacy Policy
Use of PHI for treatment, payment, and healthcare operations
Electronic communication and record-keeping
Data sharing with service providers as described in our Privacy Policy

18.4 Marketing Communications

We may send you marketing communications with your consent. You may opt out at any time by:

Clicking “unsubscribe” in marketing emails
Texting STOP to opt out of SMS marketing
Adjusting preferences in app settings
Contacting care@daybreakerhealth.com

19. ACCOUNT TERMINATION

19.1 Your Right to Cancel

You may cancel your membership and close your account at any time. See Section 7.8 for cancellation procedures.

19.2 Our Right to Suspend or Terminate

We may suspend or terminate your account, with or without notice, for:

With Cause (Immediate):

Violation of these Terms
Providing false or fraudulent information
Abusive behavior toward staff or physicians
Non-payment after grace period
Fraudulent activity
Illegal use of services
Court order or legal requirement

Without Cause (30 Days’ Notice):

At our sole discretion, with 30 days’ advance written notice
For business reasons (discontinuing services, inability to provide services in your state)

19.3 Effect of Termination

Upon termination:

Your access to the platform is revoked immediately (for cause) or at end of notice period (without cause)
No refund for unused membership time
Your medical records are retained per our retention policy (minimum 7 years)
You may request export of your data before termination
Pending prescriptions may be completed or transferred at physician discretion

19.4 Survival

The following sections survive termination:

Section 9 (Refund Policy)
Section 11 (Medical Disclaimers)
Section 16 (Intellectual Property)
Section 20 (Warranties Disclaimer)
Section 21 (Limitation of Liability)
Section 22 (Arbitration)
Section 23 (Indemnification)
Section 24 (Governing Law)

20. WARRANTIES DISCLAIMER

20.1 “AS IS” Disclaimer

THE PLATFORM AND SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED.

20.2 Disclaimer of Implied Warranties

TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO:

MERCHANTABILITY – That the services are of merchantable quality
FITNESS FOR A PARTICULAR PURPOSE – That the services are suitable for your specific needs
NON-INFRINGEMENT – That the services do not infringe third-party rights
ACCURACY – That information provided is accurate, complete, or current
RELIABILITY – That the platform will operate without interruption or error
RESULTS – That you will achieve any specific health outcomes

20.3 No Warranty of Health Outcomes

WE DO NOT WARRANT OR GUARANTEE ANY SPECIFIC HEALTH RESULTS. Health outcomes depend on many factors beyond our control.

20.4 Third-Party Disclaimers

We do not warrant:

The quality or accuracy of third-party services (labs, pharmacies, wearables)
Compatibility with your devices or third-party applications
Continued availability of third-party integrations

20.5 State Law Variations

Some states do not allow disclaimer of implied warranties. If you are in such a state, some of the above disclaimers may not apply to you, and you may have additional rights.

21. LIMITATION OF LIABILITY

21.1 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, DAYBREAKER HEALTH’S TOTAL LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR YOUR USE OF THE SERVICES SHALL NOT EXCEED THE GREATER OF:

(A) THE AMOUNT YOU PAID TO DAYBREAKER HEALTH IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM; OR

(B) FIVE HUNDRED DOLLARS ($500).

21.2 Exclusion of Damages

IN NO EVENT SHALL DAYBREAKER HEALTH BE LIABLE FOR:

INDIRECT DAMAGES – Damages not directly caused by our actions
INCIDENTAL DAMAGES – Costs incurred as a side effect
CONSEQUENTIAL DAMAGES – Downstream effects of service issues
PUNITIVE DAMAGES – Damages intended to punish
SPECIAL DAMAGES – Unusual damages specific to your situation
EXEMPLARY DAMAGES – Damages to make an example

21.3 Specific Exclusions

We are NOT liable for:

Lost Profits or Revenue – Business losses from service issues
Lost Data – Data loss due to technical failures
Personal Injury or Death – Arising from your use of services (except as required by law)
Health Outcomes – Failure to achieve desired health results
Third-Party Actions – Actions of Qualiphy physicians, labs, pharmacies, or other third parties
Technology Failures – Platform outages, app crashes, connectivity issues
Wearable Data Inaccuracies – Incorrect data from connected devices
AI Recommendations – Following AI coach guidance that proves unhelpful
Missed Diagnoses – Conditions not identified via telehealth
Prescription Issues – Side effects, interactions, or outcomes from medications
Supplement Issues – Effects from supplements recommended through platform
Force Majeure Events – Events beyond our reasonable control

21.4 Basis of the Bargain

You acknowledge that:

These limitations of liability are a fundamental part of the agreement
Daybreaker would not provide services without these limitations
These limitations allocate risk between the parties
The pricing of services reflects this risk allocation

21.5 State Law Variations

Some states do not allow limitation or exclusion of liability for certain damages. If you are in such a state, some limitations may not apply to you. In such cases, our liability is limited to the maximum extent permitted by applicable law.

21.6 Essential Purpose

These limitations apply even if any remedy fails of its essential purpose.

22. DISPUTE RESOLUTION: BINDING ARBITRATION & CLASS ACTION WAIVER

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT AND TO HAVE A JURY TRIAL.

22.1 Agreement to Arbitrate

You and Daybreaker Health, P.C. (“Daybreaker,” “we,” “us,” “our”) agree that any dispute, claim, or controversy arising out of or relating to:

(a) These Terms of Service and any prior versions;

(b) Your use of the Daybreaker platform, mobile application, website, or services;

(d) Your membership, subscription, billing, or payments;

(e) Any privacy, data security, or breach of personal information;

(f) Any marketing or advertising practices;

(g) Any services provided or not provided;

(h) Any alleged breach of contract, tort, statute, regulation, ordinance, or other legal theory (whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory);

shall be resolved through binding individual arbitration administered by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules, rather than in court.

22.2 Exceptions to Arbitration

The following are NOT subject to this arbitration agreement:

Small Claims Court: You may assert claims in small claims court if your claims qualify and remain in small claims court;
Intellectual Property: Either party may seek equitable relief in court for infringement or misuse of intellectual property rights (trademark, copyright, trade secret, patent);
Emergency Injunctive Relief: Either party may seek emergency injunctive relief in court to prevent irreparable harm pending arbitration.

22.3 CLASS ACTION WAIVER

YOU AND DAYBREAKER AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING.

The arbitrator may not:

Consolidate more than one person’s claims
Preside over any form of class, consolidated, or representative proceeding

If this class action waiver is found to be unenforceable, then the entirety of this arbitration provision shall be null and void (but all other provisions of these Terms remain in effect).

22.4 Informal Resolution First

Before filing arbitration, you must:

Send a written Notice of Dispute to:

Daybreaker Health, P.C.
Attn: Legal Department – Dispute Notice
260 Craig Way
San Luis Obispo, CA 93405
Email: legal@daybreakerhealth.com
The Notice must include:
- Your full name
- Your Daybreaker account email address
- Detailed description of your claim
- Relief sought (including damages amount, if any)
Allow 60 days for informal resolution attempts
If unresolved after 60 days, either party may file arbitration with AAA

22.5 Arbitration Procedures

AAA Rules: Arbitration is conducted under AAA Consumer Arbitration Rules (available at www.adr.org). If conflict between AAA Rules and this Agreement, this Agreement controls.

Arbitrator Authority: The arbitrator has exclusive authority to resolve all disputes, including:

Arbitrability (whether a claim is subject to arbitration)
Scope and enforceability of this arbitration clause
Whether this Agreement was validly formed

Substantive Law: The arbitrator shall apply the substantive law of the State of California (without reference to conflict of laws principles), except that the Federal Arbitration Act (9 U.S.C. §§ 1-16) governs interpretation and enforcement of this arbitration provision.

Hearing Location: Arbitration shall take place:

In the county where you reside (if in California); OR
Via videoconference (if you reside outside California or prefer remote); OR
In San Luis Obispo County, California (if you choose in-person and reside outside California)

Discovery: Limited to what is necessary and relevant to the dispute. The arbitrator has discretion to limit discovery.

22.6 Arbitration Costs

For claims under $10,000: Daybreaker will pay all AAA filing, administration, and arbitrator fees.

For claims $10,000-$75,000: You pay AAA filing fee; Daybreaker pays administration and arbitrator fees.

For claims over $75,000: Fees allocated per AAA Consumer Arbitration Rules.

Attorneys’ Fees: If you prevail and the arbitrator awards you more than Daybreaker’s last written settlement offer (or if Daybreaker made no offer), Daybreaker will pay your reasonable attorneys’ fees and costs.

22.7 Confidentiality

All arbitration proceedings (existence, disclosures, hearings, rulings, awards) are confidential and may not be disclosed except:

As required by law or court order
To enforce the arbitration award
To Daybreaker’s insurers, auditors, or legal/financial advisors (under confidentiality obligations)

22.8 Arbitrator’s Decision

The arbitrator’s decision is final and binding on all parties, with very limited right to appeal under the Federal Arbitration Act. Either party may enter judgment on the award in any court of competent jurisdiction.

22.9 OPT-OUT RIGHT

You may opt out of this arbitration agreement within 30 days of first accepting these Terms.

To opt out, send written notice to:

Daybreaker Health, P.C.
Attn: Arbitration Opt-Out
260 Craig Way
San Luis Obispo, CA 93405
Email: arbitration-optout@daybreakerhealth.com

The opt-out notice must include:

Your full name
Your Daybreaker account email address
Statement: “I opt out of the arbitration agreement in Daybreaker’s Terms of Service”
Date
Your signature (electronic or handwritten)

If you opt out:

All other Terms still apply
You and Daybreaker are NOT bound to arbitrate disputes
Either party may sue in court

If you do NOT opt out within 30 days, you are bound by this arbitration agreement.

22.10 Bilateral Obligation

This arbitration provision applies equally to you and Daybreaker. Daybreaker also waives its right to bring class, consolidated, or representative actions against you.

22.11 Survival

This arbitration provision survives:

Termination of your account
Termination of your membership
Expiration or termination of these Terms
Bankruptcy or insolvency of either party

22.12 Changes to Arbitration Provision

We may change this arbitration provision only with 30 days’ advance notice posted on our website and emailed to your account email address. Changes apply only to disputes arising after the effective date.

If you reject changes, you may opt out within 30 days by following the opt-out procedure. Continued use after 30 days constitutes acceptance.

22.13 Severability

If any part of this arbitration provision (except the class action waiver) is found invalid or unenforceable, the remainder remains in effect.

If the class action waiver (Section 22.3) is found invalid or unenforceable, then this entire arbitration provision shall be null and void (but all other Terms remain in effect).

23. INDEMNIFICATION

23.1 Your Indemnification Obligation

You agree to indemnify, defend, and hold harmless Daybreaker Health, P.C., and its officers, directors, employees, contractors, agents, affiliates, and successors (“Daybreaker Parties”) from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:

(a) Your breach of these Terms;

(b) Your violation of any law, regulation, or third-party right;

(d) Any information you provide (including false or misleading information);

(e) Your infringement of any intellectual property or other rights;

(f) Any dispute between you and a third party;

(g) Your negligence or willful misconduct.

23.2 Procedure

If a claim is made:

We will notify you promptly
You will cooperate fully in the defense
We reserve the right to assume exclusive defense and control (at our expense) of any matter subject to indemnification
You will not settle any claim without our prior written consent

23.3 Survival

This indemnification obligation survives termination of your account and these Terms.

24. GOVERNING LAW

24.1 California Law

These Terms and any dispute arising out of or related to these Terms or your use of the services shall be governed by and construed in accordance with the laws of the State of California, without regard to conflict of laws principles.

24.2 Federal Arbitration Act

Notwithstanding the above, the Federal Arbitration Act (9 U.S.C. §§ 1-16) governs the interpretation and enforcement of the arbitration provision in Section 22.

24.3 Venue for Non-Arbitrable Claims

For any claims not subject to arbitration (e.g., small claims court, intellectual property injunctions), you and Daybreaker consent to exclusive jurisdiction and venue in the state or federal courts located in San Luis Obispo County, California, or if you reside outside California, in the county where you reside.

25. FORCE MAJEURE

25.1 Definition

Neither party shall be liable for failure or delay in performing obligations due to circumstances beyond reasonable control (“Force Majeure Events”), including but not limited to:

Acts of God (earthquake, flood, fire, hurricane, tornado)
Pandemics, epidemics, or public health emergencies
War, terrorism, civil unrest, or armed conflict
Government actions, regulations, embargoes, or sanctions
Internet service provider failures
Power outages or utility failures
Strikes, labor disputes, or work stoppages
Third-party service outages (Supabase, Railway, Terra API, Qualiphy)
Cyberattacks or security incidents
Supply chain disruptions

25.2 Obligations During Force Majeure

Affected party must notify the other party promptly
Obligations are suspended during the Force Majeure Event
Affected party must use reasonable efforts to resume performance

25.3 Extended Force Majeure

If a Force Majeure Event continues for more than 30 days, either party may terminate the affected services without penalty.

26. MODIFICATIONS TO TERMS

26.1 Right to Modify

We reserve the right to modify these Terms at any time.

26.2 Material Changes

For material changes (changes that significantly affect your rights or obligations), we will provide:

30 days’ advance notice via email to your account email address
In-app notification
Posting of updated Terms on our website

Material changes include changes to:

Pricing
Arbitration provisions
Limitation of liability
Scope of services
User obligations

26.3 Non-Material Changes

For non-material changes (formatting, clarifications, administrative updates), changes are effective immediately upon posting. We will update the “Last Updated” date.

26.4 Your Options

If you do not agree to material changes:

You may cancel your account within 30 days without penalty
Continued use after the effective date constitutes acceptance

26.5 Version History

Previous versions of these Terms are available upon request. Contact legal@daybreakerhealth.com.

27. GENERAL PROVISIONS

27.1 Entire Agreement

These Terms, together with the Privacy Policy, HIPAA Notice, Telehealth Consent Form, and any other documents incorporated by reference, constitute the entire agreement between you and Daybreaker Health regarding your use of the services. These Terms supersede all prior agreements, understandings, and communications.

27.2 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the parties’ intent.

Exception: If the class action waiver in Section 22.3 is found invalid, the entire arbitration provision is void.

27.3 Waiver

Our failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision. Any waiver must be in writing and signed by Daybreaker.

27.4 Assignment

You may not assign or transfer these Terms or your rights hereunder without our prior written consent
Daybreaker may assign or transfer these Terms, in whole or in part, without restriction (including in connection with a merger, acquisition, or sale of assets)

27.5 No Third-Party Beneficiaries

These Terms are for the benefit of you and Daybreaker only. There are no third-party beneficiaries, except:

Qualiphy physicians are intended third-party beneficiaries of the liability limitation provisions
Daybreaker Parties are intended third-party beneficiaries of the indemnification provisions

27.6 Survival

Provisions that by their nature should survive termination shall survive, including: Intellectual Property, Disclaimers, Limitation of Liability, Arbitration, Indemnification, and Governing Law.

27.7 Headings

Section headings are for convenience only and have no legal effect.

27.8 Electronic Signatures

Electronic signatures and electronic records are valid and enforceable under the Electronic Signatures in Global and National Commerce Act (ESIGN Act) and applicable state laws (UETA).

27.9 Notice Procedures

To Daybreaker:

Email: legal@daybreakerhealth.com
Mail: Daybreaker Health, P.C., 260 Craig Way, San Luis Obispo, CA 93405

To You:

Email to the address on file with your account
In-app notification
Push notification (if enabled)

27.10 Relationship of Parties

The relationship between you and Daybreaker is that of independent contractors. Nothing in these Terms creates a partnership, joint venture, employment, or agency relationship.

27.11 Language

These Terms are in English. If translated, the English version controls.

27.12 Export Control

You agree to comply with all US export control laws and regulations. You may not use or export the services in violation of US law.

28. ACCESSIBILITY

28.1 Commitment

Daybreaker Health is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone and applying relevant accessibility standards.

28.2 Standards

We strive to conform to Web Content Accessibility Guidelines (WCAG) 2.1 Level AA.

28.3 Accommodations

If you need accommodations or have difficulty accessing any part of our platform, please contact us:

Email: accessibility@daybreakerhealth.com

Phone: (805) 549-4172

We will work with you to provide the information or service you need through an alternative communication method.

29. CONTACT INFORMATION

General Inquiries & Member Support

Email: care@daybreakerhealth.com
Phone: (805) 549-4172

Legal Inquiries

Email: legal@daybreakerhealth.com

Mail:
Legal Department
Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

ACKNOWLEDGMENT

By creating an account, clicking “I Agree,” or using Daybreaker Health services, you acknowledge that:

You have read and understood these Terms of Service
You agree to be bound by these Terms
You consent to electronic communications and electronic signatures
You understand the arbitration agreement and class action waiver
You have had the opportunity to review the Privacy Policy, HIPAA Notice, and Telehealth Consent Form

Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405
(805) 549-4172
care@daybreakerhealth.com

These Terms of Service were last updated on April 1, 2025.

APPENDIX: CHANGE LOG FROM CURRENT TERMS

Removed (High-Risk Items)

Item Removed	Risk Level	Reason
“Netherlands law” governing law	🔴 CRITICAL	Copy-paste error; wrong jurisdiction
No medical disclaimers	🔴 CRITICAL	Marketing copy implied guaranteed outcomes
Weak/missing account provisions	🟡 IMPORTANT	Inadequate user obligations

Added (Critical Legal Protections)

Item Added	Risk Level	Purpose
Mandatory arbitration clause	🔴 CRITICAL	Prevent class actions; industry standard
Class action waiver	🔴 CRITICAL	Essential liability protection
30-day opt-out for arbitration	🔴 CRITICAL	Enforceability requirement
Limitation of liability ($500/12mo fees)	🔴 CRITICAL	Cap exposure
Medical disclaimers (no guaranteed outcomes)	🔴 CRITICAL	Prevent health claims liability
AI coach disclaimers	🔴 CRITICAL	AI is informational, not medical
Off-label prescribing disclosures	🔴 CRITICAL	GLP-1, peptide, hormone liability
Supplement FDA disclaimers	🔴 CRITICAL	FDA compliance
Emergency care exclusion	🔴 CRITICAL	Prevent emergency liability
Technology failure disclaimers	🟡 IMPORTANT	Limit tech liability
MSO model explanation	🟡 IMPORTANT	Segregate clinical liability
Auto-renewal/cancellation terms	🟡 IMPORTANT	FTC compliance
Indemnification clause	🟡 IMPORTANT	Cost recovery
Force majeure	🟡 IMPORTANT	Pandemic/disaster protection

Key Differences from Competitors

Feature	Daybreaker	Wild Health	Parsley	Function	Calibrate	Levels
Arbitration	✅ AAA	✅ AAA	✅ JAMS	✅ AAA	✅ AAA	✅ AAA
30-Day Opt-Out	✅	✅	✅	✅	✅	✅
Class Waiver	✅	✅	✅	✅	✅	✅
Liability Cap	12mo/$500	12mo fees	12mo/$500	12mo/$500	12mo fees	6mo/$250
Governing Law	California	Delaware	New York	Delaware	Delaware	Delaware
Off-Label Disclosure	✅	✅	✅	N/A	✅	N/A
AI Disclaimers	✅	✅	✅	✅	N/A	✅

ATTORNEY REVIEW FLAGS

Section 22 (Arbitration): Verify enforceability in all 50 states; monitor state law challenges
Section 21 (Limitation of Liability): Confirm caps are enforceable under state consumer protection laws
Section 13 (Off-Label): Verify peptide and GLP-1 disclosures meet FDA/DEA requirements
Section 4.4 (Controlled Substances): Confirm policy aligns with Ryan Haight Act compliance
Section 11 (Medical Disclaimers): Verify marketing materials align with disclaimer language
MSO Model: Confirm clinical liability segregation is properly maintained

COMPLIANCE CHECKLIST

PRIVACY POLICY

DAYBREAKER HEALTH, P.C.

Effective Date: April 1, 2025
Last Updated: April 1, 2025
Version: 1.0

PLAIN-LANGUAGE SUMMARY

This Privacy Policy explains how Daybreaker Health collects, uses, shares, and protects your personal information. We collect health data, contact information, and other details to provide you with personalized longevity and health optimization services. We do NOT sell your personal information. You have rights to access, correct, and delete your data. California, Colorado, and other state residents have additional rights explained below.

Introduction & Scope
Personal Information We Collect
How We Collect Your Information
Purposes for Collection & Use
How We Share Your Information
Data Retention
Your Privacy Rights
California Privacy Rights (CCPA/CPRA)
Colorado Privacy Rights (CPA)
Other State Privacy Rights
Security Safeguards
Cookies & Tracking Technologies
Third-Party Services & Links
Children’s Privacy
International Users
Automated Decision-Making & AI
De-Identified Data
Data Breach Notification
Changes to This Policy
Contact Us

1. INTRODUCTION & SCOPE

1.1 Who We Are

Daybreaker Health, P.C. (“Daybreaker,” “we,” “us,” or “our”) is a Medical Services Organization (MSO) that operates a subscription-based longevity and health optimization platform. We provide administrative services, care coordination, and technology while independent physicians contracted through Qualiphy Medical Group provide clinical services.

Corporate Address:
Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

1.2 What This Policy Covers

This Privacy Policy describes:

The categories of personal information we collect
How we collect, use, and share your personal information
Your rights regarding your personal information
How we protect your personal information
How to contact us with questions or concerns

This Policy applies to:

Our mobile application (iOS and Android)
Our website at https://daybreakerhealth.com
All services provided through our platform
Communications with you (email, SMS, phone, in-app messaging)

This Privacy Policy should be read together with:

Terms of Service – Governs your use of our platform
HIPAA Notice of Privacy Practices – Explains how we use and disclose Protected Health Information (PHI) for treatment, payment, and healthcare operations
Telehealth Consent Form – Authorizes telehealth services
Cookie Policy – Details our use of cookies and tracking technologies
SMS/Text Messaging Terms – Governs text message communications
End User License Agreement (EULA) – Governs use of our mobile application

1.4 Effective Date

This Privacy Policy is effective as of the date listed above and applies to all personal information collected on or after that date.

2. PERSONAL INFORMATION WE COLLECT

We collect various categories of personal information to provide our services. Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

2.1 Categories of Personal Information

A. Identifiers

Data Type	Examples
Contact Information	Name, email address, phone number, mailing address
Account Information	Username, account ID, password (encrypted)
Device Identifiers	Device ID, advertising ID, IP address, MAC address
Government IDs	Date of birth (for age verification and medical records)

B. Health & Medical Information (Sensitive Personal Information)

Data Type	Examples
Medical History	Health conditions, diagnoses, allergies, past surgeries, family medical history
Current Health	Medications, supplements, prescriptions, treatment plans
Lab Results	Blood tests, biomarkers, metabolic panels, hormone levels
Biometric Data	Heart rate, heart rate variability (HRV), sleep stages, activity levels, steps, calories burned
Wearable Data	Data synced from Apple Health, Oura, Whoop, continuous glucose monitors (CGMs), fitness trackers
Clinical Notes	Physician assessments, consultation notes, care protocols
Genetic Data	If genetic testing is offered in the future
Lifestyle Data	Diet, exercise habits, sleep patterns, stress levels, alcohol/tobacco use

C. Financial Information

Data Type	Examples
Payment Information	Credit/debit card (last 4 digits only; full numbers processed by payment processor)
Billing Information	Billing address, transaction history, subscription status
FSA/HSA Information	If you provide for reimbursement purposes

D. Geolocation Data

Data Type	Examples
Precise Location	GPS coordinates (for micro-clinic appointments only, with your permission)
Coarse Location	City, state, ZIP code (for telehealth compliance and physician licensing)

E. User-Generated Content

Data Type	Examples
Profile Information	Profile photo, preferences, health goals
Communications	Messages to physicians, coaches, or support; survey responses
Media	Photos or videos from mobility assessments (if using phone camera features)

F. Device & Usage Information

Data Type	Examples
Device Information	Device type, operating system, browser type, app version
Usage Data	Pages viewed, features used, time spent, click paths, session duration
Technical Data	Crash logs, error reports, performance data
Referral Information	How you found us, referral source

G. Inferences

Data Type	Examples
Health Insights	Metabolic profiles, biological age estimates, health trend predictions
Behavioral Patterns	Activity patterns, sleep quality trends, recovery indicators

2.2 Sensitive Personal Information

Under CCPA/CPRA, “sensitive personal information” includes:

Health information (medical history, conditions, treatments)
Genetic data (if collected)
Biometric information (used for identification)
Precise geolocation

We collect sensitive personal information only for purposes permitted under CCPA/CPRA:

Providing requested health services
Ensuring security and integrity
Short-term transient use
Performing services on our behalf
Verifying or maintaining quality of services

We do NOT use sensitive personal information for advertising or profiling for purposes unrelated to your healthcare.

3. HOW WE COLLECT YOUR INFORMATION

3.1 Information You Provide Directly

Account Registration: Name, email, phone, password, date of birth
Health Intake Forms: Medical history, medications, allergies, lifestyle information
Consultations: Information shared during telehealth appointments
Surveys & Assessments: Responses to health questionnaires
Support Requests: Information in customer service communications
Payment: Billing and payment details (processed by Stripe)

3.2 Information Collected Automatically

App Usage: Features accessed, time spent, interactions
Device Information: Device type, operating system, unique identifiers
Log Data: IP address, browser type, pages visited, timestamps
Cookies & Similar Technologies: See Section 12

3.3 Information from Third Parties

Wearable Devices: Data synced via Terra API from Apple Health, Oura, Whoop, Garmin, Fitbit, CGMs, and other connected devices
Lab Partners: Test results from Quest Diagnostics, LabCorp, and other laboratory partners
Pharmacy Partners: Prescription fulfillment status
Qualiphy Medical Group: Clinical notes and treatment information from your physicians
Payment Processors: Transaction confirmations from Stripe

3.4 Your Choices About Data Collection

You can choose not to provide certain information, but this may limit your ability to use some features:

If You Don’t Provide…	You May Not Be Able To…
Health history	Receive personalized care or prescriptions
Wearable data	Use AI coaching features or health insights
Location	Schedule micro-clinic appointments
Payment information	Subscribe to paid services

4. PURPOSES FOR COLLECTION & USE

We use your personal information for the following purposes:

4.1 Providing Healthcare Services (Treatment)

Delivering telehealth consultations
Creating personalized health protocols
Ordering and interpreting lab tests
Prescribing medications and supplements
Providing AI-driven health coaching and insights
Coordinating care with Qualiphy physicians
Tracking your health progress

4.2 Processing Payments (Payment)

Processing subscription fees ($99/month)
Billing for additional services (labs, prescriptions, supplements)
Managing refunds and disputes
Detecting and preventing fraud

4.3 Operating & Improving Our Platform (Operations)

Maintaining and improving app functionality
Troubleshooting technical issues
Analyzing usage patterns to enhance user experience
Training our AI coaching algorithms (using de-identified data only)
Conducting quality improvement activities
Auditing and compliance monitoring

4.4 Communicating With You

Sending appointment reminders and confirmations
Providing prescription and lab result notifications
Responding to support requests
Sending service updates and announcements
Marketing communications (with your consent; you can opt out anytime)

4.5 Legal & Compliance

Complying with applicable laws and regulations
Responding to legal process (subpoenas, court orders)
Protecting our rights and the rights of others
Reporting to public health authorities as required
Fulfilling regulatory obligations (HIPAA, state medical board requirements)

4.6 Security & Fraud Prevention

Protecting against unauthorized access
Detecting and preventing fraudulent activity
Ensuring the security of our systems and data
Verifying your identity

5.1 We Do NOT Sell Your Personal Information

Daybreaker Health does NOT sell your personal information to third parties.

Daybreaker Health does NOT share your personal information for cross-context behavioral advertising.

We share personal information with the following categories of third parties for the purposes described:

A. Healthcare Providers (for Treatment)

Third Party	Data Shared	Purpose
Qualiphy Medical Group	PHI (medical history, symptoms, treatment plans)	Providing physician services
Lab Partners (Quest, LabCorp)	PHI (name, DOB, test orders)	Conducting laboratory tests
Pharmacy Partners	PHI (prescriptions, shipping address)	Fulfilling prescriptions

B. Service Providers (Business Associates under HIPAA)

Third Party	Data Shared	Purpose
Supabase	All data (encrypted)	Database hosting and storage
Railway	Technical data	Backend infrastructure
Terra API	Wearable data	Syncing data from connected devices
Stripe	Payment information	Payment processing
[Email Provider]	Email address, name	Sending transactional emails
[SMS Provider]	Phone number	Sending text notifications

All service providers handling Protected Health Information (PHI) have signed Business Associate Agreements (BAAs) and are contractually required to protect your data.

C. Analytics Providers (De-Identified Data Only)

Third Party	Data Shared	Purpose
Analytics tools	De-identified usage data	Understanding app usage patterns

We do NOT share identifiable health information with analytics providers.

D. Professional Advisors

Third Party	Data Shared	Purpose
Legal counsel	As needed for legal matters	Legal advice and representation
Auditors	As needed for audits	Compliance and financial audits

E. Government & Law Enforcement (When Required)

We may disclose information when required by law:

Public health authorities (disease reporting)
Law enforcement (court orders, subpoenas)
Medical licensing boards (complaint investigations)
Government agencies (regulatory compliance)

5.3 Business Transfers

If Daybreaker Health is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our platform before your information becomes subject to a different privacy policy.

We may share your information with other third parties when you give us explicit consent to do so.

6. DATA RETENTION

6.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Data Category	Retention Period	Basis
Medical Records (PHI)	7 years from last patient interaction	State medical record retention laws; HIPAA
Financial Records	7 years	IRS requirements; financial regulations
Account Data	Duration of account + 30 days after deletion	Service provision
Wearable Data	While account is active; deleted 30 days after account closure	Service provision (unless part of medical record)
Marketing Preferences	Until you opt out or delete account	Your consent
De-Identified Data	Indefinitely	No longer personal information
Backup Data	30 days rolling	Disaster recovery

6.2 Deletion Process

When personal information is deleted:

Logical Deletion: Data marked as deleted in active systems (with audit trail)
30-Day Recovery Period: Data recoverable during this period if deletion was accidental
Permanent Deletion: After recovery period, data is cryptographically erased
Backup Purge: Deleted from backups within 30 days per backup rotation schedule

Note: Some data may be retained longer if required by law (e.g., medical records) or if subject to legal hold.

7. YOUR PRIVACY RIGHTS

7.1 Rights Available to All Users

Regardless of where you live, you have the right to:

Access: Request information about what personal data we hold about you
Correction: Request correction of inaccurate personal information
Deletion: Request deletion of your personal information (subject to legal exceptions)
Opt-Out of Marketing: Unsubscribe from marketing emails and texts at any time
Data Portability: Request a copy of your data in a portable format

7.2 How to Exercise Your Rights

Online Form: https://daybreakerhealth.com/privacy-request-form

Email: privacy@daybreakerhealth.com

Mail:
Privacy Officer
Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

Phone: (805) 549-4172

7.3 Verification Process

To protect your privacy, we must verify your identity before responding to requests:

Access/Know Requests: We verify by matching at least 2 data points (e.g., email + phone number, or name + address)
Deletion Requests: We verify by matching at least 3 data points (e.g., email + phone + account information)
Additional Verification: For high-risk requests, we may require additional verification

7.4 Response Timeframes

Initial Response: Within 10 business days (acknowledging receipt)
Substantive Response: Within 45 days of verified request
Extension: Up to 45 additional days if reasonably necessary (we will notify you)

7.5 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide:

Written authorization signed by you
Proof of agent’s identity
We may contact you directly to verify the request

8. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

8.1 Your California Rights

A. Right to Know

You have the right to request that we disclose:

Categories of personal information collected
Categories of sources from which information was collected
Business or commercial purposes for collecting
Categories of third parties with whom we share
Specific pieces of personal information we have collected about you

B. Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions:

We may retain information if necessary to:

Complete a transaction or provide services
Detect security incidents or fraud
Debug or repair functionality
Exercise free speech or other legal rights
Comply with legal obligations
Conduct research in the public interest (with safeguards)
Enable internal uses reasonably aligned with your expectations

Note: Medical records may be subject to longer retention under state law.

C. Right to Correct

You have the right to request correction of inaccurate personal information. We will use commercially reasonable efforts to correct the information, taking into account the nature of the information and purposes for processing.

D. Right to Opt-Out of Sale/Sharing

We do NOT sell personal information.

We do NOT share personal information for cross-context behavioral advertising.

If our practices change, we will provide a “Do Not Sell or Share My Personal Information” link on our homepage.

E. Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of sensitive personal information to uses:

Necessary to perform services or provide goods
For security and integrity purposes
For short-term transient use
To verify or maintain quality of services
As authorized by regulations

Note: Because we use sensitive personal information (health data) only to provide healthcare services you request, this right may have limited application.

To limit sensitive personal information use: privacy@daybreakerhealth.com

F. Right to Non-Discrimination

We will NOT discriminate against you for exercising your privacy rights. We will not:

Deny you services
Charge different prices
Provide different quality of service
Suggest you will receive different treatment

8.2 California “Shine the Light” Law

Under California Civil Code Section 1798.83, California residents may request information about personal information we disclosed to third parties for their direct marketing purposes.

We do NOT share personal information with third parties for their direct marketing purposes.

8.3 California Information Collected (12-Month Look-Back)

In the preceding 12 months, we have collected the following categories of personal information:

Category	Collected	Source	Purpose	Disclosed To
Identifiers	Yes	You; Automatic	Services; Communication	Service providers; Healthcare providers
Health Information (Sensitive)	Yes	You; Wearables; Labs	Healthcare services	Physicians; Labs; Pharmacies
Financial Information	Yes	You	Payment processing	Payment processor (Stripe)
Geolocation	Yes	You; Device	Clinic appointments; Compliance	Service providers
Device/Usage Data	Yes	Automatic	Operations; Security	Service providers
Inferences	Yes	Derived from above	Health insights	Physicians

8.4 Submitting California Requests

Request Form: https://daybreakerhealth.com/privacy-request

Email: privacy@daybreakerhealth.com

Toll-Free Number: (805) 549-4172

9. COLORADO PRIVACY RIGHTS (CPA)

If you are a Colorado resident, you have rights under the Colorado Privacy Act (CPA).

9.1 Your Colorado Rights

Right to Access: Confirm whether we process your data and access that data
Right to Correct: Correct inaccuracies in your data
Right to Delete: Delete your personal data
Right to Data Portability: Obtain a portable copy of your data
Right to Opt-Out: Opt out of targeted advertising, sale of data, and profiling

9.2 Universal Opt-Out Mechanisms

We honor Global Privacy Control (GPC) signals and other universal opt-out mechanisms.

If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for:

Sale of personal data (we don’t sell, but will honor the signal)
Targeted advertising
Certain profiling activities

9.3 Right to Appeal

If we deny your privacy request, you have the right to appeal. To appeal:

Email: privacy@daybreakerhealth.com (Subject: “Colorado Privacy Appeal”)

We will respond to appeals within 45 days. If we deny your appeal, you may contact the Colorado Attorney General:

Colorado Attorney General
Consumer Protection Section
1300 Broadway, 10th Floor
Denver, CO 80203
https://coag.gov/file-complaint/

10. OTHER STATE PRIVACY RIGHTS

10.1 Nevada Privacy Rights

Nevada residents may opt out of the sale of certain covered information. We do NOT sell personal information. If our practices change, we will provide an opt-out mechanism.

10.2 New York Residents

New York residents are protected by the SHIELD Act, which requires reasonable security measures. See Section 11 for our security safeguards.

Breach Notification: We will notify New York residents of data breaches in the most expedient time possible as required by NY law.

10.3 Other States

Other states have enacted or are enacting privacy laws (Virginia, Connecticut, Utah, Texas, Oregon, etc.). We aim to honor privacy rights broadly. Contact us at privacy@daybreakerhealth.com for information about rights in your state.

11. SECURITY SAFEGUARDS

11.1 Our Security Program

We implement comprehensive administrative, technical, and physical safeguards to protect your personal information, consistent with HIPAA Security Rule requirements and industry best practices.

Administrative Safeguards

Security Officer: Designated individual responsible for security program
Privacy Officer: Designated individual responsible for privacy compliance
Risk Assessments: Annual security risk assessments
Workforce Training: Annual HIPAA and security awareness training for all staff with access to PHI
Access Management: Role-based access controls; access limited to minimum necessary
Incident Response: Documented breach response procedures
Business Associate Agreements: Written agreements with all vendors handling PHI
Sanction Policy: Disciplinary procedures for security violations

Technical Safeguards

Encryption at Rest: AES-256 encryption for all stored data
Encryption in Transit: TLS 1.3 for all data transmission
Multi-Factor Authentication (MFA): Required for all administrative access
Unique User IDs: Individual authentication for all system access
Automatic Logoff: Sessions expire after inactivity
Audit Logging: All PHI access logged and monitored
Access Controls: Database row-level security (RLS)
Intrusion Detection: Real-time monitoring for unauthorized access
Vulnerability Management: Regular security patches and updates
Penetration Testing: Periodic third-party security assessments

Physical Safeguards

Data Center Security: HITRUST-certified, SOC 2 Type II compliant hosting (Supabase, Railway)
Device Security: Encryption required for all devices with PHI access
Secure Disposal: Secure destruction of data per NIST 800-88 guidelines

11.2 No Absolute Guarantee

While we use commercially reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11.3 Your Role in Security

You are responsible for:

Safeguarding your password and account credentials
Using a secure internet connection (avoid public WiFi for healthcare activities)
Notifying us immediately of any unauthorized account access
Keeping your contact information current

12. COOKIES & TRACKING TECHNOLOGIES

12.1 What Are Cookies?

Cookies are small text files stored on your device by websites and apps you visit. They help us remember your preferences, understand how you use our platform, and improve your experience.

12.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the platform to function:

Session management (keeping you logged in)
Security (fraud detection, authentication)
Load balancing

You cannot disable essential cookies as they are required for basic functionality.

Analytics Cookies (Optional)

These cookies help us understand how users interact with our platform:

Page views and navigation paths
Feature usage
Error tracking and crash reporting

You can opt out via browser settings or our cookie preference center.

Marketing Cookies (Optional, if applicable)

If we use marketing cookies, they help us:

Measure advertising effectiveness
Understand referral sources

You can opt out via browser settings, our cookie preference center, or third-party opt-out tools.

12.3 How to Manage Cookies

Browser Settings: Most browsers allow you to block or delete cookies. See your browser’s help documentation.

Third-Party Opt-Out Tools:

Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
Network Advertising Initiative: http://www.networkadvertising.org/choices/
Digital Advertising Alliance: http://www.aboutads.info/choices/

Impact of Disabling Cookies: Some features may not work properly if you disable essential cookies.

12.4 Do Not Track Signals

Some browsers offer “Do Not Track” (DNT) signals. There is no universal standard for DNT, and we do not currently respond to DNT signals.

12.5 Global Privacy Control (GPC)

We DO honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for targeted advertising and sale of data (to the extent applicable).

13. THIRD-PARTY SERVICES & LINKS

13.1 Third-Party Services We Use

Our platform integrates with third-party services. Each has its own privacy policy:

Service	Purpose	Their Privacy Policy
Supabase	Database hosting	https://supabase.com/privacy
Railway	Backend infrastructure	https://railway.app/legal/privacy
Terra API	Wearable data integration	https://tryterra.co/privacy
Qualiphy	Telehealth physician services	https://qualiphy.me/terms-of-service-cookies-privacy-policy/
Stripe	Payment processing	https://stripe.com/privacy
Apple Health	Wearable data (iOS)	https://www.apple.com/legal/privacy/

13.2 External Links

Our platform may contain links to external websites (educational resources, partner sites). We do not control these sites and are not responsible for their privacy practices. Review their privacy policies before sharing information.

13.3 Wearable Device Data

When you connect wearable devices (Oura, Whoop, Apple Watch, etc.) via Terra API:

We receive only the data categories you authorize
We use this data to provide health insights and AI coaching
We do NOT share this data with third parties for advertising
You can disconnect devices at any time in app settings

14. CHILDREN’S PRIVACY

14.1 Age Restrictions

Our services are NOT directed to children under 13. We do not knowingly collect personal information from children under 13.

Our services are intended for adults 18 and older. If you are under 18, you must have parental or guardian consent to use our services.

14.2 Parental Rights

If you are a parent or guardian and believe we have collected information from your child without consent, please contact us immediately:

Email: privacy@daybreakerhealth.com

We will promptly delete any such information.

15. INTERNATIONAL USERS

15.1 US-Only Services

Daybreaker Health services are currently available only in the United States.

All data is stored on servers located in the United States. By using our services, you consent to the transfer and storage of your data in the US.

We do not currently accept users from the European Economic Area (EEA), United Kingdom, or other jurisdictions requiring GDPR compliance. If you are located outside the US, please do not use our services.

15.3 Traveling Users

If you are a US resident traveling internationally:

Telehealth services may not be available (physician licensing restrictions)
Your data continues to be stored in the US
Contact us before traveling if you have questions

16. AUTOMATED DECISION-MAKING & AI

16.1 Our AI Coach

Daybreaker Health uses artificial intelligence to provide personalized health insights and recommendations based on your wearable data, lab results, and health information.

Important Limitations:

The AI coach provides informational wellness guidance only
The AI coach does NOT provide medical diagnoses
The AI coach does NOT replace physician consultations
All clinical decisions are made by licensed physicians, not AI

16.2 How AI Is Used

Analyzing wearable data to identify trends and patterns
Generating personalized lifestyle recommendations (sleep, activity, recovery)
Flagging potential areas of concern for physician review
Creating progress reports and health insights

16.3 Human Oversight

Physicians review all clinical decisions
MSO physician monitors workflows and peer-reviews consultations
You can always request human review of any AI-generated recommendation

16.4 Your Rights Regarding Automated Processing

Under CCPA/CPRA, you have the right to opt out of automated decision-making that produces legal or similarly significant effects. Our AI coach does not make decisions with legal or similarly significant effects—all such decisions are made by physicians.

If you have concerns about AI-generated recommendations, contact us at privacy@daybreakerhealth.com.

17. DE-IDENTIFIED DATA

17.1 What Is De-Identified Data?

De-identified data is information that has been processed so it cannot reasonably identify, relate to, describe, or be linked to any individual. De-identified data is not “personal information” under privacy laws.

17.2 How We Use De-Identified Data

We may use de-identified data for:

Research & Development: Improving our algorithms and services
Publications: Contributing to longevity and health science (aggregate statistics only)
Training AI Models: Enhancing our AI coaching capabilities
Business Analytics: Understanding usage patterns and trends

17.3 De-Identification Standards

We follow HIPAA de-identification standards:

Removal of 18 categories of identifiers (names, dates, geographic info, etc.)
No reasonable basis to believe information can re-identify individuals
Commitment not to attempt re-identification

18. DATA BREACH NOTIFICATION

18.1 Our Commitment

If we experience a data breach involving your personal information, we will notify you as required by law.

18.2 Notification Procedures

Timeline:

Email Notification: Within 14 days of discovery
In-App Notification: Within 72 hours of discovery
Regulatory Notification: As required by law (e.g., 60 days for HIPAA, expeditiously for NY)

Content of Notice:

Date of breach (or estimated date range)
Description of types of information involved
Steps we are taking in response
Steps you can take to protect yourself
Contact information for questions

18.3 Regulatory Notifications

HIPAA: Notify HHS Office for Civil Rights if breach affects 500+ individuals
California: Notify CA Attorney General if breach affects 500+ CA residents
New York: Notify NY Attorney General for significant breaches

19. CHANGES TO THIS POLICY

19.1 Right to Update

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

19.2 Notice of Changes

Material Changes: We will provide 30 days’ advance notice via:

Email to your account email address
In-app notification
Prominent notice on our website

Non-Material Changes: Minor updates (formatting, clarifications) may be posted without advance notice.

19.3 Your Choices

If you disagree with changes, you may:

Stop using our services
Delete your account
Contact us with questions or concerns

Continued use of our services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

19.4 Version History

Previous versions of this Privacy Policy are available upon request. Contact privacy@daybreakerhealth.com.

20. CONTACT US

Privacy Questions & Rights Requests

Email: privacy@daybreakerhealth.com

Mail:
Privacy Officer
Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

Phone: (805) 549-4172

Email: privacy@daybreakerhealth.com (include “HIPAA” in subject line)

General Support

Email: care@daybreakerhealth.com

Phone: (805) 549-4172

File a Complaint

If you believe your privacy rights have been violated:

With Daybreaker:
privacy@daybreakerhealth.com

With Federal Regulators:
U.S. Department of Health and Human Services
Office for Civil Rights
https://www.hhs.gov/ocr/complaints

Federal Trade Commission
https://www.ftc.gov/complaint

With State Regulators:
California Attorney General
https://oag.ca.gov/privacy

Colorado Attorney General
https://coag.gov/file-complaint/

New York Attorney General
https://ag.ny.gov/consumer-frauds-bureau/filing-consumer-complaint

ACKNOWLEDGMENT

By using Daybreaker Health services, you acknowledge that you have read and understood this Privacy Policy.

Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405
(805) 549-4172
privacy@daybreakerhealth.com

This Privacy Policy was last updated on April 1, 2025.

APPENDIX: CHANGE LOG FROM CURRENT PRIVACY POLICY

Removed (High-Risk Items)

Item Removed	Risk Level	Reason
“No SSL certificate” language	🔴 CRITICAL	False/outdated; implies no encryption
“Within 14 working days” breach notification	🟡 IMPORTANT	Inconsistent with legal requirements
Reference to “Netherlands law”	🟡 IMPORTANT	Copy-paste error; wrong jurisdiction

Added (Compliance Requirements)

Item Added	Risk Level	Requirement
CCPA/CPRA consumer rights section	🔴 CRITICAL	California law
Sensitive personal information disclosures	🔴 CRITICAL	CPRA requirement
Colorado Privacy Act section	🔴 CRITICAL	Colorado law
Comprehensive data categories	🔴 CRITICAL	CCPA disclosure requirement
Third-party integrations list	🔴 CRITICAL	CCPA/transparency requirement
Data retention periods	🟡 IMPORTANT	CCPA requirement
Security safeguards detail	🟡 IMPORTANT	NY SHIELD Act; best practice
Children’s privacy (COPPA)	🟡 IMPORTANT	Federal requirement
Global Privacy Control	🟡 IMPORTANT	Colorado requirement
AI/automated decision-making	🟡 IMPORTANT	CCPA requirement
Breach notification procedures	🟡 IMPORTANT	HIPAA/state requirements

Rewritten (Clarity & Liability)

Item Rewritten	Reason
Data collection disclosures	Expanded to cover all data types (biometric, wearable, genetic)
Security measures	Replaced vague language with specific safeguards
Third-party sharing	Added specific vendor list with purposes
Consumer rights	Added state-specific rights with exercise procedures

ATTORNEY REVIEW FLAGS

The following sections should be reviewed by legal counsel:

Section 5 (Sharing): Verify all third-party vendors are listed and BAAs are in place
Section 6 (Retention): Confirm retention periods comply with all 50-state medical record laws
Section 8 (CCPA/CPRA): Verify “sensitive personal information” handling complies with CPRA regulations
Section 11 (Security): Confirm security measures accurately reflect current implementation
Section 16 (AI): Verify AI disclaimers are sufficient for FTC/FDA compliance
Section 18 (Breach): Confirm breach notification timelines comply with all applicable state laws

COMPLIANCE CHECKLIST

CCPA/CPRA: Consumer rights, sensitive data disclosures, Do Not Sell statement
Colorado Privacy Act: Universal opt-out, right to appeal
NY SHIELD Act: Security safeguards description
HIPAA: PHI disclosures, BAA references, security measures
FTC: Truthful disclosures, clear language
COPPA: Children’s privacy section
Apple App Store: HealthKit restrictions, privacy policy requirements
Google Play: Data Safety section alignment, health data disclosures
Competitor parity: Matches Wild Health, Parsley Health, Function Health standards

DAYBREAKER HEALTH, P.C.

Effective Date: April 1, 2025
Last Updated: April 1, 2025
Version: 1.0

PLAIN-LANGUAGE SUMMARY

This form authorizes you to receive healthcare services through telehealth (video, phone, and messaging). You’ll learn about the benefits, risks, and limitations of telehealth, your rights as a patient, and what to do in an emergency. Telehealth is NOT for emergencies—call 911. Your physician is licensed in your state and works through Qualiphy Medical Group, not as a Daybreaker employee. You may withdraw consent at any time.

IMPORTANT NOTICE

PLEASE READ THIS CONSENT FORM CAREFULLY BEFORE YOUR FIRST TELEHEALTH CONSULTATION.

This Telehealth Informed Consent Form (“Consent”) explains how telehealth services work, the benefits and risks involved, your rights and responsibilities, and obtains your authorization to receive healthcare via telehealth through Daybreaker Health’s platform.

By signing this Consent (electronically or otherwise), you are agreeing to receive telehealth services as described herein.

Introduction
What Is Telehealth?
Scope of Telehealth Services
Services NOT Provided
Technology Requirements
Benefits of Telehealth
Risks and Limitations of Telehealth
Alternatives to Telehealth
Emergency Protocols
Practitioner Qualifications
Prescribing via Telehealth
Off-Label Prescribing Consent
Supplement Disclaimers
AI Health Coach
Your Rights as a Patient
Your Responsibilities as a Patient
Privacy and Confidentiality
Recordkeeping and Documentation
Billing and Insurance
State-Specific Requirements
Withdrawal of Consent
Consent Statement and Signature
Contact Information

1. INTRODUCTION

This Telehealth Informed Consent Form is required before you receive telehealth services through Daybreaker Health. It ensures you understand:

How telehealth works
The benefits, risks, and limitations
Your rights and responsibilities
Emergency procedures
How your health information is used

1.2 Who Provides Your Care

Daybreaker Health, P.C. is a Medical Services Organization (MSO) that provides:

Technology platform (mobile app and website)
Care coordination services
Administrative and billing support
AI-driven health coaching (informational only)

Qualiphy Medical Group provides:

Licensed physicians who deliver clinical care
Medical diagnoses and treatment decisions
Prescription authority
Clinical documentation

Your treating physician:

Is an independent contractor of Qualiphy Medical Group
Is NOT an employee of Daybreaker Health
Is licensed in the state where you are located
Maintains their own professional liability (malpractice) insurance
Exercises independent medical judgment

Your consent to telehealth is voluntary. You may:

Decline telehealth services without penalty
Request in-person care as an alternative
Withdraw consent at any time

Declining telehealth will not affect your eligibility for other Daybreaker services (though some services may only be available via telehealth).

2. WHAT IS TELEHEALTH?

2.1 Definition

“Telehealth” (also called “telemedicine”) means the delivery of healthcare services using electronic communications and technology when the patient and healthcare provider are not in the same physical location.

2.2 Modalities We Use

Modality	Description	When Used
Synchronous Video	Live, real-time video consultation	Initial consultations, complex discussions, visual assessments
Synchronous Audio	Live phone call	Follow-ups, when video unavailable
Asynchronous Messaging	Secure text-based communication (not in real-time)	Quick questions, non-urgent follow-ups, care coordination
Store-and-Forward	Review of photos, documents, or data submitted by patient	Lab review, skin assessments, mobility scans

2.3 What Telehealth Is NOT

Telehealth is NOT:

A replacement for emergency care (call 911)
A replacement for urgent care (go to ER or urgent care)
Appropriate for all medical conditions
A guarantee of diagnosis or treatment
An in-person physical examination

3. SCOPE OF TELEHEALTH SERVICES

3.1 Services Provided via Telehealth

Through Daybreaker Health’s telehealth platform, you may receive:

Health Assessments & Consultations:

Comprehensive health history review
Symptom evaluation
Preventive health assessments
Chronic condition management
Longevity and health optimization planning

Eight Health Domains:

Movement – Exercise protocols, mobility assessments, fitness recommendations
Nutrition – Dietary guidance, metabolic optimization, meal planning
Sleep & Recovery – Sleep optimization, recovery protocols, stress management
Prescriptions – Medication management, new prescriptions, refills
Therapies – Therapeutic interventions and protocols
Aesthetics – Skin health, anti-aging protocols
Environment – Environmental health optimization
Medical Care – Preventive care, diagnostics, condition management

Clinical Services:

Laboratory test ordering and interpretation
Prescription medication management
Supplement recommendations
Referrals to specialists (when needed)
Health education and counseling
Treatment plan development
Follow-up care coordination

3.2 Wearable Data Integration

With your consent, we integrate data from wearable devices (Apple Watch, Oura Ring, Whoop, CGMs, etc.) to inform your care. This data is used for:

Tracking health trends
Informing clinical discussions
Personalizing recommendations
Monitoring progress

Wearable data limitations: Wearable devices are not medical devices. Data may be inaccurate or incomplete. Your physician will consider wearable data alongside other clinical information.

4. SERVICES NOT PROVIDED

4.1 Emergency Care

WE DO NOT PROVIDE EMERGENCY MEDICAL CARE.

If you are experiencing a medical emergency, HANG UP AND CALL 911 IMMEDIATELY, or go to your nearest emergency room.

Medical emergencies include but are not limited to:

Chest pain, tightness, or pressure
Difficulty breathing or shortness of breath
Severe or sudden headache
Signs of stroke (sudden weakness, numbness, vision changes, difficulty speaking, facial drooping)
Severe bleeding or trauma
Loss of consciousness or fainting
Severe allergic reaction (anaphylaxis)
Seizures
Thoughts of suicide or harming yourself or others
Severe abdominal pain
High fever with confusion or stiff neck
Poisoning or overdose

4.2 Urgent Care

We do not provide same-day urgent care. If you have an urgent (but non-emergency) issue, please visit:

Urgent care clinic
Emergency room
Your local primary care physician (if available same-day)

4.3 Other Excluded Services

Our telehealth services do NOT include:

Surgical procedures
Inpatient hospital care
In-person physical examinations (except at micro-clinics when available)
Obstetric care (prenatal, labor, delivery)
Pediatric care (under 18 without parental consent)
Mental health crisis intervention
Substance abuse detox or rehabilitation
Dental or vision care
Services requiring hands-on evaluation

4.4 Controlled Substances

During our first year of operation, we do NOT prescribe Schedule II-IV controlled substances via telehealth. This includes:

Opioid pain medications
Benzodiazepines (anxiety medications)
Stimulants (ADHD medications)
Sleep medications (Ambien, Lunesta, etc.)

This policy may change in the future with appropriate compliance measures.

5. TECHNOLOGY REQUIREMENTS

5.1 What You Need

To participate in telehealth, you need:

Requirement	Specification
Device	Smartphone, tablet, or computer with camera and microphone
Operating System	iOS 15+ or Android 12+ (for mobile app)
Internet	Reliable broadband connection (minimum 5 Mbps for video)
Browser	Chrome, Safari, Firefox, or Edge (latest version) for web
App	Daybreaker Health mobile app (recommended)
Audio	Working microphone and speakers (or headset)
Camera	Working camera (for video consultations)
Location	Private, quiet space for consultations

5.2 Your Responsibilities

You are responsible for:

Maintaining compatible, functioning equipment
Ensuring reliable internet connectivity
Keeping your app updated
Testing your video/audio before appointments
Being in a private location during consultations
Using a secure internet connection (avoid public WiFi)

5.3 Technical Failures

If technology fails during a consultation:

Video fails: Physician may continue via phone call
Audio fails: Consultation may be rescheduled
Internet drops: Attempt to reconnect; if unable, reschedule
App crashes: Contact support; consultation will be rescheduled

We are not liable for technical failures, including video/audio quality issues, disconnections, or delays caused by your equipment or internet connection.

5.4 Platform Security

Our telehealth platform uses:

End-to-end encryption (TLS 1.3) for video consultations
HIPAA-compliant messaging
Secure data storage (AES-256 encryption)
Multi-factor authentication for provider access

6. BENEFITS OF TELEHEALTH

Telehealth offers several potential benefits:

6.1 Convenience

Access care from home, work, or while traveling (within the US)
Flexible scheduling, including evenings and weekends
No commute or time spent in waiting rooms
Reduced time off work

6.2 Access

Connect with longevity specialists regardless of your location
Access to expertise that may not be available locally
Faster follow-ups for routine matters
Easy access to your care team via messaging

6.3 Continuity

Maintain relationship with same physician over time
Integrated health records accessible to your care team
Coordinated care across multiple health domains

6.4 Safety

Reduced exposure to contagious illnesses
No waiting room exposure
Care available during public health emergencies

6.5 Integration

Wearable data integrated into your care
AI-powered health insights
Comprehensive health tracking in one platform

7. RISKS AND LIMITATIONS OF TELEHEALTH

7.1 Technology Risks

Risk	Description
Connection Issues	Video or audio may freeze, lag, or disconnect
Quality Limitations	Image/sound quality may be insufficient for certain assessments
Technical Failures	Equipment, software, or internet may fail
Security Risks	Despite encryption, no electronic transmission is 100% secure
Data Breaches	Potential (though unlikely) unauthorized access to health information

7.2 Clinical Limitations

Limitation	Description
No Physical Exam	Physician cannot perform hands-on examination (palpation, auscultation, etc.)
Visual Limitations	Camera quality may limit visual assessment
Diagnostic Limitations	Some conditions require in-person evaluation for accurate diagnosis
Treatment Limitations	Some treatments cannot be provided via telehealth
Prescribing Limitations	Some medications require in-person exam before prescribing

7.3 Communication Risks

Risk	Description
Misunderstanding	Important information may be miscommunicated or missed
Nonverbal Cues	Physician may miss subtle nonverbal signs
Language Barriers	Communication challenges if not fluent in English
Distractions	Background noise or interruptions may affect consultation

7.4 Outcome Risks

Risk	Description
Delayed Diagnosis	Conditions may be missed or diagnosis delayed
Delayed Treatment	Need for in-person care may delay treatment
Inappropriate Treatment	Telehealth assessment may lead to treatment that would differ from in-person assessment
No Guaranteed Outcomes	Health results vary; no specific outcomes are guaranteed

7.5 Your Acknowledgment

By signing this Consent, you acknowledge that you understand:

Telehealth has limitations compared to in-person care
Some diagnoses may be missed or delayed
You may need in-person follow-up
Results are not guaranteed
You accept these risks

8. ALTERNATIVES TO TELEHEALTH

8.1 In-Person Care Options

You have the right to request or seek in-person care instead of telehealth:

Primary Care Physician: Establish care with a local PCP for routine and urgent needs
Urgent Care Clinics: For same-day non-emergency issues
Emergency Room: For emergencies
Specialists: For conditions requiring specialized in-person evaluation
Daybreaker Micro-Clinics: In-person care at our physical locations (when available in your area)

8.2 When In-Person Care Is Required

Your physician may recommend in-person care when:

Physical examination is necessary for diagnosis
Procedure or treatment requires hands-on care
Condition is too complex for telehealth evaluation
Urgent/emergency care is needed
Regulatory requirements mandate in-person visit

8.3 Your Right to Choose

You may choose to:

Receive telehealth services as offered
Request in-person care (subject to availability)
Seek care from other providers
Decline services altogether

Declining telehealth does not affect your right to future care, though some Daybreaker services are only available via telehealth.

9. EMERGENCY PROTOCOLS

9.1 What to Do in an Emergency

MEDICAL EMERGENCIES:

CALL 911 IMMEDIATELY or go to your nearest emergency room
Do NOT wait for a telehealth appointment
Do NOT rely on messaging for emergencies
Do NOT attempt to contact Daybreaker for emergency care

MENTAL HEALTH CRISIS:

988 Suicide & Crisis Lifeline: Call or text 988
Crisis Text Line: Text HOME to 741741
Go to nearest emergency room

9.2 Emergency Resources

Resource	Contact
Emergency Services	911
Suicide & Crisis Lifeline	988 (call or text)
Poison Control	1-800-222-1222
Crisis Text Line	Text HOME to 741741
Nearest Emergency Room	[You must know your local ER location]

9.3 Your Emergency Plan

By signing this Consent, you confirm that you:

Know how to contact emergency services (911)
Know the location of your nearest emergency room
Understand that telehealth is NOT for emergencies
Will seek emergency care when needed, regardless of cost or convenience
Will not delay emergency care to wait for a telehealth appointment

9.4 If Emergency Occurs During Consultation

If you experience an emergency during a telehealth consultation:

Inform the physician immediately
The physician will advise you to call 911 or go to ER
The consultation will end so you can seek emergency care
The physician will document the encounter

10. PRACTITIONER QUALIFICATIONS

10.1 Physician Credentials

All physicians providing care through Daybreaker Health’s platform are:

Licensed: Hold active, unrestricted medical license(s)
Board-Certified or Board-Eligible: In appropriate specialty
Credentialed: Through Qualiphy Medical Group
Insured: Carry professional liability insurance (minimum $1M/$3M)
Background-Checked: Passed background verification

10.2 State Licensure

Your physician must be licensed in the state where you are physically located at the time of your consultation. Qualiphy physicians hold licenses in multiple states.

Before each consultation:

Your location will be confirmed
A physician licensed in your state will be assigned
If no physician is available for your state, you will be notified

10.3 Verify Credentials

You may verify your physician’s license through your state medical board:

State	Verification Website
California	https://www.mbc.ca.gov/breeze/
Colorado	https://dpo.colorado.gov/MedicalBoard
New York	https://www.op.nysed.gov/verification-search
Other States	Contact care@daybreakerhealth.com for links

10.4 Physician Information

Before each consultation, you will receive:

Physician’s name
Credentials (MD, DO, etc.)
License number and state(s)
Specialty/board certification

11. PRESCRIBING VIA TELEHEALTH

11.1 Authority to Prescribe

Physicians providing care through our platform have prescriptive authority in the states where they are licensed. They may prescribe medications when clinically appropriate based on their telehealth evaluation.

11.2 Prescribing Limitations

Cannot prescribe via telehealth:

Schedule II-IV controlled substances (first year of operation)
Medications requiring in-person exam per state law
Medications requiring physical assessment (e.g., injections requiring training)

May prescribe via telehealth:

Non-controlled medications
GLP-1 agonists (semaglutide, tirzepatide)
Hormones (testosterone, estrogen, thyroid)
Peptides (BPC-157, etc.)
Most prescription medications appropriate for telehealth

11.3 Prescription Process

Physician evaluates your health via telehealth
If medication is appropriate, physician sends prescription electronically
Prescription sent to pharmacy of your choice (or partner pharmacy)
You pick up or receive medication by mail
Follow-up appointments scheduled as needed

11.4 Your Responsibilities

You agree to:

Provide accurate health history and current medications
Disclose all allergies and adverse reactions
Take medications as prescribed
Report side effects or concerns promptly
Attend follow-up appointments for medication monitoring
Not share or sell prescribed medications

11.5 Medication Costs

Prescription costs are not included in your membership fee. You are responsible for:

Pharmacy costs (medication price)
Shipping costs (if using mail-order pharmacy)
Any applicable copays or insurance costs

12.1 What Is Off-Label Prescribing?

“Off-label” prescribing means using an FDA-approved medication for:

A purpose other than what the FDA approved it for
A different dose than FDA-approved
A different patient population than FDA-approved

Off-label prescribing is legal and common in medical practice. Physicians use their medical judgment to prescribe off-label when they believe it will benefit the patient.

12.2 Off-Label Medications We May Prescribe

Our physicians may prescribe the following medications off-label for longevity and health optimization:

A. GLP-1 Receptor Agonists

Examples: Semaglutide (Ozempic, Wegovy), Tirzepatide (Mounjaro, Zepbound)

Aspect	Details
FDA-Approved For	Type 2 diabetes; Obesity (BMI ≥30, or ≥27 with comorbidities)
Off-Label Use	Metabolic optimization in individuals not meeting obesity criteria
How It Works	Mimics GLP-1 hormone; reduces appetite, improves insulin sensitivity
Common Side Effects	Nausea, vomiting, diarrhea, constipation, abdominal pain
Serious Risks	Pancreatitis (rare), gallbladder disease, thyroid tumors (in animal studies)
Not Appropriate For	Personal/family history of medullary thyroid cancer, MEN 2 syndrome, pregnancy

B. Peptide Therapies

Examples: BPC-157, CJC-1295, Ipamorelin, Sermorelin, PT-141

Aspect	Details
FDA Status	Generally NOT FDA-approved for human use
Off-Label Use	Recovery, healing, growth hormone optimization, longevity
Evidence Base	Limited human clinical trials; mostly animal studies and anecdotal reports
Potential Risks	Unknown long-term effects, potential for contamination, injection site reactions
Important Note	These are research compounds; safety profile not fully established

C. Hormone Therapy

Examples: Testosterone, Estrogen, Progesterone, DHEA, Thyroid hormones

Aspect	Details
FDA-Approved For	Hormone deficiency states (hypogonadism, menopause, hypothyroidism)
Off-Label Use	Optimization in individuals with “normal” but suboptimal levels
Potential Benefits	Energy, libido, body composition, mood, cognitive function
Risks (Testosterone)	Cardiovascular effects, prostate issues, fertility impacts, mood changes
Risks (Estrogen)	Blood clots, stroke, breast cancer (with prolonged use)
Monitoring Required	Regular lab work to monitor hormone levels and side effects

Before prescribing any off-label medication, your physician will:

Explain the FDA-approved use versus the prescribed (off-label) use
Discuss the potential benefits for your specific situation
Review the known risks and side effects
Inform you if there is limited long-term safety data
Discuss alternatives (including not taking the medication)
Answer your questions
Obtain your informed consent

12.4 Your Rights Regarding Off-Label Prescriptions

You have the right to:

Know when a medication is prescribed off-label
Ask questions about risks, benefits, and alternatives
Decline off-label medications without penalty
Request on-label alternatives (if available)
Seek second opinions from other providers
Stop the medication at any time (consult physician first)

12.5 Your Acknowledgment

By signing this Consent, you acknowledge that:

You understand what off-label prescribing means
You understand that some medications may have limited safety data
You will ask questions if you have concerns
You will report side effects promptly
You voluntarily consent to receive off-label medications when prescribed

13. SUPPLEMENT DISCLAIMERS

13.1 FDA Disclaimer

THESE STATEMENTS HAVE NOT BEEN EVALUATED BY THE FOOD AND DRUG ADMINISTRATION. SUPPLEMENTS RECOMMENDED THROUGH OUR PLATFORM ARE NOT INTENDED TO DIAGNOSE, TREAT, CURE, OR PREVENT ANY DISEASE.

13.2 Supplements vs. Medications

Aspect	Supplements	Medications
FDA Approval	Not required before sale	Required before sale
Safety Testing	Not required pre-market	Extensive pre-market testing
Efficacy Proof	Not required	Required for approval
Quality Control	Varies by manufacturer	Strictly regulated
Medical Claims	Cannot claim to treat disease	Can claim to treat disease

13.3 Risks of Supplements

Supplements may:

Vary in quality: No FDA pre-market approval; quality depends on manufacturer
Be contaminated: May contain undisclosed ingredients or contaminants
Interact with medications: May cause dangerous interactions
Cause side effects: May cause allergic reactions or adverse effects
Be ineffective: May not work as claimed
Affect lab tests: May interfere with blood test results

13.4 Your Responsibilities

You are responsible for:

Informing your physician about all supplements you take
Researching supplements before taking them
Purchasing from reputable sources
Reporting any adverse reactions
Stopping supplements if you experience problems (and notifying your physician)

13.5 Third-Party Products

Supplements recommended through our platform are manufactured by third parties. Daybreaker Health:

Does NOT manufacture supplements
Does NOT independently test supplements
Does NOT guarantee supplement quality or efficacy
Is NOT responsible for third-party products

14. AI HEALTH COACH

14.1 What Is the AI Health Coach?

Daybreaker Health’s AI health coach analyzes your data (wearables, labs, health inputs) to provide personalized wellness recommendations.

14.2 What AI Coach Provides

✅ The AI coach DOES provide:

Sleep optimization recommendations
Activity and exercise suggestions
Recovery and stress management tips
Nutrition guidance
Health trend visualization
Goal tracking
General wellness education

14.3 What AI Coach Does NOT Provide

❌ The AI coach does NOT provide:

Medical diagnoses
Clinical treatment decisions
Prescription recommendations
Emergency medical guidance
Mental health therapy
Replacement for physician care

14.4 AI Limitations

The AI coach:

Is based on algorithms that have inherent limitations
May provide recommendations that are not appropriate for your specific situation
Relies on data that may be incomplete or inaccurate
Should not be used as the sole basis for health decisions

14.5 Human Oversight

All clinical decisions are made by licensed physicians, not AI
Physicians review and consider AI insights but are not bound by them
You can always request human review of any AI recommendation

14.6 Your Acknowledgment

By signing this Consent, you acknowledge that:

The AI coach provides informational wellness guidance only
The AI coach is NOT a substitute for medical care
You will verify important recommendations with your physician
You will not rely solely on AI for health decisions

15. YOUR RIGHTS AS A PATIENT

15.1 Right to Information

You have the right to:

Know the name, credentials, and license of your treating physician
Receive information about your diagnosis and treatment options
Understand the benefits, risks, and alternatives before treatment
Ask questions and receive answers you understand
Request your medical records

15.2 Right to Privacy

You have the right to:

Have your health information kept confidential
Know how your information is used and disclosed
Request restrictions on disclosures (though we are not required to agree)
Receive communications through your preferred method
File a complaint if you believe your privacy was violated

15.3 Right to Make Decisions

You have the right to:

Participate in decisions about your care
Accept or refuse treatment
Seek second opinions
Change providers
Withdraw consent at any time

15.4 Right to Quality Care

You have the right to:

Receive care that meets professional standards
Be treated with respect and dignity
Have your concerns heard and addressed
File complaints about your care

15.5 Right to Accommodations

You have the right to request accommodations for disabilities, language barriers, or other needs. Contact accessibility@daybreakerhealth.com.

16. YOUR RESPONSIBILITIES AS A PATIENT

16.1 Provide Accurate Information

You are responsible for providing accurate, complete, and truthful information about:

Your identity and contact information
Your complete medical history
All current medications and supplements
All allergies and adverse reactions
Your current symptoms and health concerns
Lifestyle factors (diet, exercise, sleep, alcohol, tobacco, drugs)
Family medical history

Providing false or incomplete information may result in inappropriate treatment and could endanger your health.

16.2 Update Information Promptly

Notify us promptly when:

Your health status changes
You start or stop medications
You experience side effects
You receive care from other providers
Your contact information changes
You move to a different state

16.3 Follow Treatment Plans

You are responsible for:

Following your physician’s recommendations
Taking medications as prescribed
Completing recommended lab tests
Attending follow-up appointments
Seeking in-person care when recommended

16.4 Communicate

You are responsible for:

Asking questions when you don’t understand
Reporting concerns, side effects, or problems promptly
Responding to messages from your care team
Notifying us if you can’t make an appointment

16.5 Physical Location Compliance

You must:

Be physically located in a US state at the time of each consultation
Accurately disclose your physical location
Notify us if you travel to a different state
Understand services may not be available in all locations

16.6 Emergency Preparedness

You must:

Know how to contact emergency services (911)
Know the location of your nearest emergency room
Seek emergency care when needed
Not use telehealth for emergencies

16.7 Financial Responsibility

You are responsible for:

Paying membership fees on time
Paying for additional services (labs, prescriptions, supplements)
Understanding your financial obligations

17. PRIVACY AND CONFIDENTIALITY

17.1 HIPAA Protection

Your health information is protected under the Health Insurance Portability and Accountability Act (HIPAA). See our HIPAA Notice of Privacy Practices for detailed information about how we use and protect your Protected Health Information (PHI).

17.2 How We Protect Your Information

Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Role-based access; only authorized personnel can view your information
Audit Trails: All access to your information is logged
Business Associates: Vendors handling PHI sign Business Associate Agreements
Training: Staff receive HIPAA training

17.3 Who May Access Your Information

Your PHI may be accessed by:

Your treating physician(s)
Qualiphy Medical Group (physician network)
Daybreaker Health staff (for care coordination and administration)
Lab partners (to conduct tests)
Pharmacy partners (to fill prescriptions)
As required by law

17.4 Privacy During Consultations

To protect your privacy during telehealth consultations:

Use a private, secure location
Use headphones if others are nearby
Ensure no one can see your screen
Close doors and windows
Do not record consultations without consent

17.5 Your Privacy Rights

You have the right to:

Access your medical records
Request corrections to your records
Know who has accessed your information
Request restrictions on disclosures
File a complaint if your privacy is violated

See our Privacy Policy at https://daybreakerhealth.com/privacy-policy for complete details.

Related Documents:

Terms of Service: https://daybreakerhealth.com/terms-of-service
HIPAA Notice: https://daybreakerhealth.com/hipaa-notice
SMS Terms: https://daybreakerhealth.com/sms-terms

18. RECORDKEEPING AND DOCUMENTATION

18.1 What We Document

For each telehealth encounter, we document:

Date, time, and duration of consultation
Names of participants (patient, physician)
Your physical location (city, state)
Technology used (video, phone, message)
Chief complaint and symptoms
Relevant medical history
Assessment and diagnoses (if applicable)
Treatment plan (prescriptions, labs, recommendations)
Follow-up instructions
Patient education provided

18.2 Record Retention

Medical records are retained for a minimum of 7 years from your last date of service (or longer if required by state law). Records may be retained longer for:

Ongoing care relationships
Legal or regulatory requirements
Quality improvement purposes

18.3 Accessing Your Records

To request a copy of your medical records:

In-App: Settings > Medical Records > Request Export
Email: privacy@daybreakerhealth.com
Mail: Privacy Officer, Daybreaker Health, 260 Craig Way, San Luis Obispo, CA 93405

Records will be provided within 30 days. A reasonable fee may be charged for copies.

19. BILLING AND INSURANCE

19.1 Membership Fee

Your $99/month membership includes:

Telehealth consultations (video, phone, messaging)
AI health coaching
Care coordination
Access to all 8 health domains

19.2 Additional Costs

The following are NOT included in your membership:

Service	Cost	Notes
Laboratory tests	$50-$500+	Quest/LabCorp pricing
Prescription medications	Variable	Pharmacy pricing
Supplements	Member discount	Third-party products
Micro-clinic visits	TBD	When available

19.3 Insurance

We do not bill insurance for telehealth services. All services are paid out-of-pocket.

Some insurance plans may reimburse you for telehealth services. You are responsible for:

Checking your insurance coverage
Submitting claims to your insurance (if seeking reimbursement)
Paying any amounts not covered by insurance

19.4 FSA/HSA

Telehealth consultations, labs, and prescription medications generally qualify for FSA/HSA payment. Supplements typically do not qualify. Consult your FSA/HSA administrator.

19.5 No Guarantee of Coverage

We make no guarantees about:

Insurance reimbursement
FSA/HSA eligibility
Coverage for specific services

20. STATE-SPECIFIC REQUIREMENTS

20.1 California

If you are located in California at the time of your telehealth consultation:

Informed Consent: California law (Business & Professions Code §2290.5) requires that you be informed about telehealth before receiving services. This Consent fulfills that requirement.

Consent Method: Consent may be verbal or written. Electronic signature is acceptable.

Standard of Care: The standard of care for telehealth is the same as for in-person care.

Patient-Physician Relationship: A patient-physician relationship may be established via telehealth (not solely via questionnaire or email).

Prescribing: Physicians may prescribe via telehealth when clinically appropriate. Controlled substances have additional requirements.

Emergency: You must be provided with emergency contact information. See Section 9.

Your Rights: California patients have additional privacy rights under the California Consumer Privacy Act (CCPA/CPRA). See our Privacy Policy.

20.2 Colorado

If you are located in Colorado at the time of your telehealth consultation:

Patient-Physician Relationship: Must be established before prescribing medications.

Standard of Care: Same standard of care applies as in-person care.

Informed Consent: Required and documented.

Privacy: Colorado Privacy Act provides additional rights. See our Privacy Policy.

20.3 New York

If you are located in New York at the time of your telehealth consultation:

Written Consent: New York law (Public Health Law §2999-cc) requires informed consent for telehealth services. This Consent fulfills that requirement.

Consent Method: Consent must be in writing or by authenticated electronic signature.

Patient-Physician Relationship: Must exist before prescribing. Can be established via telehealth (but not solely via questionnaire).

Standard of Care: Same duties apply as in-person care.

Emergency Procedures: You must be provided with emergency information. See Section 9.

Controlled Substances: Prescribing controlled substances via telehealth in New York requires an in-person exam within the previous 12 months (with limited exceptions).

SHIELD Act: New York’s SHIELD Act requires enhanced data security. See our Privacy Policy.

20.4 Other States

Telehealth laws vary by state. By signing this Consent, you agree to comply with the telehealth laws of the state where you are located. If you have questions about state-specific requirements, contact care@daybreakerhealth.com.

21.1 Your Right to Withdraw

You may withdraw your consent to telehealth services at any time. Withdrawal:

Must be in writing (email or letter)
Is effective upon our receipt
Does not affect care provided before withdrawal
Does not affect your eligibility for other services

21.2 How to Withdraw

Email: care@daybreakerhealth.com (Subject: “Withdrawal of Telehealth Consent”)

Mail:
Daybreaker Health, P.C.
Attn: Telehealth Consent Withdrawal
260 Craig Way
San Luis Obispo, CA 93405

21.3 Effect of Withdrawal

If you withdraw consent:

You will no longer receive telehealth services
You may need to seek care from other providers
Your medical records will be retained per our retention policy
Your membership may continue (but telehealth services will not be provided)
You may request transfer of records to another provider

By signing below (electronically or otherwise), I confirm that:

☑️ I have read and understand this Telehealth Informed Consent Form.

☑️ I have had the opportunity to ask questions and receive answers.

☑️ I understand the benefits, risks, and limitations of telehealth.

☑️ I understand the alternatives to telehealth (in-person care).

☑️ I understand that telehealth is NOT for emergencies and that I should call 911 for emergencies.

☑️ I understand my rights and responsibilities as a patient.

☑️ I understand that my physician is an independent contractor of Qualiphy Medical Group, not an employee of Daybreaker Health.

☑️ I understand that some medications may be prescribed off-label and I consent to receiving off-label prescriptions when my physician determines it is appropriate.

☑️ I understand that supplements are not FDA-approved and may have risks.

☑️ I understand that the AI health coach provides informational wellness guidance only, not medical advice.

☑️ I understand the fees for membership and additional services.

☑️ I understand that I may withdraw consent at any time.

☑️ I voluntarily consent to receive telehealth services from Daybreaker Health.

22.2 Authorization

I authorize Daybreaker Health and its affiliated physicians to:

Deliver healthcare services via telehealth (video, phone, messaging)
Access, use, and disclose my Protected Health Information (PHI) for treatment, payment, and healthcare operations
Prescribe medications via telehealth when clinically appropriate
Share my PHI with Qualiphy physicians, lab partners, and pharmacies as needed for my care
Use my wearable device data to inform my care

22.3 Electronic Signature

I understand that my electronic signature has the same legal effect as a handwritten signature under the Electronic Signatures in Global and National Commerce Act (ESIGN Act) and applicable state laws.

PATIENT SIGNATURE

Full Legal Name: _______________________________________________

Email Address: _______________________________________________

Date of Birth: _______________________________________________

Physical Location (City, State): _______________________________________________

Signature: _______________________________________________

Date: _______________________________________________

FOR MINORS (If Applicable)

If the patient is under 18, a parent or legal guardian must also sign:

Parent/Guardian Name: _______________________________________________

Relationship to Patient: _______________________________________________

Parent/Guardian Signature: _______________________________________________

Date: _______________________________________________

PHYSICIAN ACKNOWLEDGMENT (Completed at First Consultation)

Physician Name: _______________________________________________

Credentials: _______________________________________________

License Number: _______________________________________________

State(s) Licensed: _______________________________________________

Physician Signature: _______________________________________________

Date: _______________________________________________

23. CONTACT INFORMATION

General Questions & Member Support

Email: care@daybreakerhealth.com
Phone: (805) 549-4172

Privacy Questions

Email: privacy@daybreakerhealth.com

Email: care@daybreakerhealth.com

Complaints

Email: care@daybreakerhealth.com
Phone: (805) 549-4172

If you are not satisfied with our response, you may file a complaint with:

California Medical Board: https://www.mbc.ca.gov/Breeze/Complaint_Form.aspx
HHS Office for Civil Rights (HIPAA): https://www.hhs.gov/ocr/complaints

Address

Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

This Consent is valid from the date of signature until withdrawn by the patient in writing.

This Consent applies to all telehealth services provided through Daybreaker Health’s platform, regardless of the specific physician or consultation.

Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405
(805) 549-4172
care@daybreakerhealth.com

This Telehealth Informed Consent Form was last updated on April 1, 2025.

Retained (Good Elements)

Element	Status
Clear scope of care (8 domains)	✅ Retained and expanded
Technology requirements	✅ Retained and detailed
Benefits articulated	✅ Retained
Risks and limitations	✅ Retained and expanded
Alternatives offered	✅ Retained
Patient rights	✅ Retained and expanded
Patient responsibilities	✅ Retained and expanded
Billing/insurance disclaimers	✅ Retained
State licensing acknowledgment	✅ Retained and expanded

Added (Critical Additions)

Addition	Risk Level	Purpose
Off-label prescribing consent	🔴 CRITICAL	GLP-1, peptide, hormone liability
Detailed off-label drug information	🔴 CRITICAL	Informed consent for specific meds
Supplement FDA disclaimers	🔴 CRITICAL	FDA compliance
AI coach disclaimers	🔴 CRITICAL	AI is informational only
Emergency protocols (detailed)	🔴 CRITICAL	911 and crisis resources
State-specific sections (CA, CO, NY)	🔴 CRITICAL	Multi-state compliance
Practitioner credentials section	🟡 IMPORTANT	Verify physician qualifications
Electronic signature acknowledgment	🟡 IMPORTANT	ESIGN Act compliance
Technology failure disclaimers	🟡 IMPORTANT	Limit tech liability
Withdrawal of consent procedure	🟡 IMPORTANT	Patient autonomy
Physician signature section	🟡 IMPORTANT	Documentation completeness

Compliance Checklist

ATTORNEY REVIEW FLAGS

Section 12 (Off-Label): Verify peptide disclosures meet state medical board standards
Section 20 (State-Specific): Confirm all 50-state telehealth requirements are met
Section 11 (Prescribing): Verify controlled substance policy aligns with Ryan Haight Act
Electronic Signature: Confirm ESIGN/UETA compliance in all states
Minor Consent: Verify parental consent requirements by state

NOTICE OF PRIVACY PRACTICES

DAYBREAKER HEALTH, P.C.

Effective Date: April 1, 2025
Last Updated: April 1, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

PLAIN-LANGUAGE SUMMARY

This Notice explains how we protect your health information under federal law (HIPAA). We use your health information to provide care, process payments, and run our healthcare operations. We will not share your information for marketing or sell it without your permission. You have rights to see your records, request corrections, and know who accessed your information. If you believe your privacy was violated, you can file a complaint without fear of retaliation.

Our Commitment to Your Privacy
Who Must Follow This Notice
How We May Use and Disclose Your Health Information
Uses and Disclosures Requiring Your Written Authorization
Your Rights Regarding Your Health Information
Our Responsibilities
How We Protect Your Information
Breach Notification
Changes to This Notice
Complaints
Contact Information

1. OUR COMMITMENT TO YOUR PRIVACY

1.1 Legal Requirement

We are required by law to:

Maintain the privacy of your Protected Health Information (PHI)
Provide you with this Notice of our legal duties and privacy practices
Follow the terms of this Notice currently in effect
Notify you if a breach of your unsecured PHI occurs

1.2 What Is Protected Health Information (PHI)?

Protected Health Information (PHI) is information that:

Is created or received by a healthcare provider, health plan, or healthcare clearinghouse
Relates to your past, present, or future physical or mental health condition, treatment, or payment for healthcare
Identifies you or could reasonably be used to identify you

Examples of PHI include:

Your name, address, date of birth, Social Security number
Medical history, diagnoses, and conditions
Treatment plans and physician notes
Prescription information
Laboratory results
Insurance and billing information
Communications with your healthcare providers

1.3 Applicable Laws

This Notice is provided pursuant to:

Health Insurance Portability and Accountability Act (HIPAA) – 45 CFR Parts 160 and 164
HIPAA Privacy Rule – 45 CFR §164.500 et seq.
HIPAA Security Rule – 45 CFR §164.300 et seq.
HIPAA Breach Notification Rule – 45 CFR §164.400 et seq.
HITECH Act – Health Information Technology for Economic and Clinical Health Act
Applicable State Laws – Including California, Colorado, New York, and other state privacy laws

Where state law provides greater protection than HIPAA, we follow the more protective standard.

2. WHO MUST FOLLOW THIS NOTICE

2.1 Covered Entities

This Notice applies to:

Daybreaker Health, P.C. – As a healthcare provider that transmits health information electronically
Qualiphy Medical Group – The affiliated physician group providing clinical services
All physicians providing care through our platform
All workforce members with access to PHI (employees, contractors, volunteers)

2.2 Business Associates

We share PHI with “Business Associates” – companies that perform services for us involving PHI. Our Business Associates must:

Sign a Business Associate Agreement (BAA)
Protect your PHI according to HIPAA requirements
Report any breaches to us

Our Business Associates include:

Business Associate	Service Provided
Supabase	Database hosting and storage
Railway	Backend infrastructure
Terra API	Wearable data integration
Stripe	Payment processing
Quest Diagnostics	Laboratory services
LabCorp	Laboratory services
Partner Pharmacies	Prescription fulfillment
Twilio (or similar)	SMS/text message delivery
SendGrid (or similar)	Email delivery services

2.3 Organized Health Care Arrangement

Daybreaker Health and Qualiphy Medical Group participate in an Organized Health Care Arrangement (OHCA) for purposes of joint healthcare activities. This allows us to share PHI with each other for treatment, payment, and healthcare operations without additional authorization.

3. HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION

3.1 Uses and Disclosures for Treatment, Payment, and Healthcare Operations

We may use and disclose your PHI without your written authorization for the following purposes:

A. Treatment

We use your PHI to provide, coordinate, and manage your healthcare. Examples:

Providing care: Your physician reviews your medical history to diagnose and treat you
Consultations: Sharing information with another physician for a second opinion
Referrals: Sending information to a specialist you are referred to
Care coordination: Communicating with labs, pharmacies, and other providers involved in your care
Prescriptions: Transmitting prescription information to pharmacies
Follow-up: Contacting you about appointments, test results, or treatment plans

B. Payment

We use your PHI to obtain payment for services. Examples:

Billing: Submitting claims to you or your payment method
Collections: Following up on unpaid balances
Verification: Confirming your identity and payment information
Receipts: Providing documentation for FSA/HSA reimbursement

Note: We do not currently bill insurance, but if we do in the future, this would include submitting claims to your insurance company.

C. Healthcare Operations

We use your PHI to run our organization and ensure quality care. Examples:

Quality improvement: Reviewing care to improve services
Training: Educating staff and physicians
Auditing: Conducting compliance and financial audits
Credentialing: Verifying physician qualifications
Peer review: Physicians reviewing each other’s work for quality
Business planning: Planning and developing services
Customer service: Resolving complaints and inquiries

3.2 Uses and Disclosures Permitted or Required by Law

We may use or disclose your PHI without your authorization in the following circumstances:

A. As Required by Law

We will disclose PHI when required by federal, state, or local law. Examples:

Mandatory disease reporting
Court orders and subpoenas
Administrative requirements

B. Public Health Activities

We may disclose PHI to public health authorities for:

Preventing or controlling disease, injury, or disability
Reporting births and deaths
Reporting child abuse or neglect
Reporting reactions to medications or medical devices (FDA reporting)
Notifying individuals of recalls or replacements
Notifying workplace of work-related illness or injury

C. Health Oversight Activities

We may disclose PHI to health oversight agencies for:

Audits and investigations
Inspections and licensure
Civil, administrative, or criminal proceedings
Actions necessary for government oversight of healthcare

D. Judicial and Administrative Proceedings

We may disclose PHI in response to:

Court orders
Subpoenas, discovery requests, or other lawful process
We will attempt to notify you or obtain a protective order before disclosure when possible

E. Law Enforcement

We may disclose PHI to law enforcement officials for:

Legal processes (warrants, subpoenas, court orders)
Identifying or locating a suspect, fugitive, witness, or missing person
Reporting certain types of wounds or injuries
Reporting crimes occurring on our premises
Reporting a crime in an emergency

F. Coroners, Medical Examiners, Funeral Directors

We may disclose PHI to:

Coroners or medical examiners for identification or cause of death
Funeral directors to carry out their duties

G. Organ and Tissue Donation

We may disclose PHI to organizations handling organ, eye, or tissue donation and transplantation.

H. Research

We may disclose PHI for research purposes when:

An Institutional Review Board (IRB) approves a waiver of authorization
The research involves only decedents
The information is de-identified
You have provided written authorization

I. Serious Threat to Health or Safety

We may disclose PHI when necessary to prevent or lessen a serious and imminent threat to:

Your health or safety
The health or safety of others
Public health or safety

J. Specialized Government Functions

We may disclose PHI for:

Military and veterans’ activities
National security and intelligence
Protective services for the President
Medical suitability determinations
Correctional institution health and safety

K. Workers’ Compensation

We may disclose PHI as authorized by workers’ compensation laws for work-related injuries or illness.

We may contact you to:

Remind you of appointments
Inform you about treatment alternatives or health-related benefits
Provide information about health-related products or services we offer

3.3 Minimum Necessary Standard

When using or disclosing PHI, or when requesting PHI from another entity, we apply the “minimum necessary” standard. This means we:

Use, disclose, or request only the minimum amount of PHI necessary to accomplish the purpose
Limit access to PHI based on job duties (role-based access)
Do not apply the minimum necessary standard to disclosures for treatment purposes

3.4 De-Identified Information

Information that has been “de-identified” (all identifying information removed according to HIPAA standards) is no longer PHI and may be used or disclosed without restriction. We may use de-identified information for:

Research
Public health activities
Business analytics
Quality improvement

3.5 Incidental Disclosures

Some disclosures of PHI may occur incidentally during otherwise permitted uses or disclosures. For example, other patients in a waiting room may hear your name called. These incidental disclosures are permitted under HIPAA if we have implemented reasonable safeguards.

4. USES AND DISCLOSURES REQUIRING YOUR WRITTEN AUTHORIZATION

4.1 Authorization Required

We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in Section 3. These include:

A. Marketing

We will not use your PHI for marketing purposes without your written authorization, except for:

Face-to-face communications
Promotional gifts of nominal value
Refill reminders and communications about currently prescribed medications
Health-related products and services we provide

If we receive payment from a third party for marketing, we will disclose this and obtain your authorization.

B. Sale of PHI

We will never sell your PHI without your written authorization.

C. Psychotherapy Notes

If we maintain psychotherapy notes (notes recorded by a mental health professional documenting conversations during counseling sessions), we will not disclose them without your written authorization, except as permitted by law.

D. Other Uses

Any other use or disclosure not described in this Notice requires your written authorization.

4.2 Your Right to Revoke Authorization

If you provide written authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer. Revocation does not affect uses or disclosures made in reliance on the authorization before revocation.

4.3 Authorization Form

Authorization forms are available from our Privacy Officer or by contacting privacy@daybreakerhealth.com.

5. YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION

You have the following rights regarding your PHI:

5.1 Right to Access

You have the right to inspect and obtain a copy of your PHI maintained in our designated record set (medical records, billing records, and other records used to make decisions about your care).

How to Request:

In-App: Settings > Medical Records > Request Access
Email: privacy@daybreakerhealth.com
Mail: Privacy Officer, Daybreaker Health, 260 Craig Way, San Luis Obispo, CA 93405

Our Response:

We will respond within 30 days of your request
We may extend by up to 30 additional days with written notice and explanation
We may charge a reasonable, cost-based fee for copies
We will provide records in the format you request if readily producible (e.g., electronic format)

Denial of Access:

In limited circumstances, we may deny access. If we deny your request, we will:

Explain the reason for denial
Inform you of your right to request review (if applicable)
Explain how to file a complaint

Reasons for denial may include:

Information compiled for legal proceedings
Information subject to Clinical Laboratory Improvements Amendments (CLIA)
Information obtained from someone other than a healthcare provider under promise of confidentiality
A licensed healthcare professional determines access would endanger life or safety

5.2 Right to Amend

You have the right to request that we amend your PHI if you believe it is incorrect or incomplete.

How to Request:

Submit a written request to our Privacy Officer
Include the reason for the amendment

Our Response:

We will respond within 60 days of your request
We may extend by up to 30 additional days with written notice

Denial of Amendment:

We may deny your request if:

The information was not created by us (unless the original source is no longer available)
The information is not part of our designated record set
The information is accurate and complete
The information would not be available to you under the right to access

If we deny your request:

We will provide a written denial with reasons
You may submit a statement of disagreement
We may prepare a rebuttal
Future disclosures will include your request, our denial, and your statement (if provided)

5.3 Right to an Accounting of Disclosures

You have the right to receive an accounting of disclosures of your PHI made by us in the six (6) years prior to your request.

Excluded from Accounting:

Disclosures for treatment, payment, or healthcare operations
Disclosures to you or authorized by you
Disclosures for national security or intelligence purposes
Disclosures to correctional institutions or law enforcement (in certain circumstances)
Disclosures made before April 14, 2003

How to Request:

Submit a written request to our Privacy Officer
Specify the time period (up to 6 years)

Our Response:

We will provide the accounting within 60 days
We may extend by up to 30 additional days with written notice
The first accounting in any 12-month period is free
We may charge a reasonable fee for additional requests

Content of Accounting:

Date of disclosure
Name and address of recipient (if known)
Brief description of information disclosed
Brief statement of purpose or copy of authorization

5.4 Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations.

How to Request:

Submit a written request to our Privacy Officer
Specify what information you want restricted
Specify to whom the restriction applies
Specify why you want the restriction

Our Response:

We are not required to agree to your request (except as noted below)
If we agree, we will honor the restriction unless:
- You need emergency care and the restricted information is needed for treatment
- You revoke the restriction in writing

Mandatory Restriction:

We must agree to restrict disclosure to a health plan if:

The disclosure is for payment or healthcare operations (not treatment)
The PHI pertains solely to a service for which you paid out-of-pocket in full

5.5 Right to Request Confidential Communications

You have the right to request that we communicate with you in a certain way or at a certain location to protect your privacy.

Examples:

Requesting calls only to your cell phone, not home phone
Requesting mail to a P.O. Box instead of home address
Requesting communication only via secure email

How to Request:

Submit a written request to our Privacy Officer
Specify your preferred method of communication
Provide alternative contact information

Our Response:

We will accommodate reasonable requests
We will not ask you to explain why
We may require information about how payment will be handled

5.6 Right to a Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.

How to Request:

Email: privacy@daybreakerhealth.com
Phone: (805) 549-4172
In-App: Settings > Legal > HIPAA Notice > Request Paper Copy

5.7 Right to Be Notified of a Breach

You have the right to be notified if a breach of your unsecured PHI occurs. See Section 8 for details.

6. OUR RESPONSIBILITIES

6.1 We Are Required To:

Maintain the privacy of your PHI
Provide you with this Notice of our legal duties and privacy practices
Notify you if a breach of your unsecured PHI occurs
Follow the terms of this Notice currently in effect
Not use or disclose your PHI except as described in this Notice or as otherwise authorized by law

6.2 We Will Not:

Sell your PHI without your authorization
Use your PHI for marketing without your authorization (except as permitted)
Use or disclose psychotherapy notes without your authorization (except as permitted)
Use or disclose your PHI in a way that is prohibited by law

6.3 We Reserve the Right To:

Change the terms of this Notice at any time
Make the new Notice provisions effective for all PHI we maintain, including PHI created or received before the changes

7. HOW WE PROTECT YOUR INFORMATION

7.1 Administrative Safeguards

We implement administrative policies and procedures to protect your PHI:

Safeguard	Description
Privacy Officer	Designated individual responsible for privacy compliance
Security Officer	Designated individual responsible for security compliance
Risk Assessments	Annual security risk assessments to identify vulnerabilities
Workforce Training	Annual HIPAA training for all staff with PHI access
Sanction Policy	Disciplinary procedures for privacy and security violations
Access Management	Role-based access controls (minimum necessary)
Incident Response	Documented procedures for responding to security incidents
Business Associate Agreements	Written agreements with all vendors handling PHI

7.2 Physical Safeguards

We implement physical measures to protect PHI:

Safeguard	Description
Data Center Security	PHI stored in HITRUST-certified, SOC 2 Type II compliant facilities
Device Security	Encryption required for all devices with PHI access
Workstation Security	Automatic screen locks, clean desk policy
Secure Disposal	Secure destruction of PHI (shredding, wiping)
Facility Access	Physical access controls at micro-clinics (when operational)

7.3 Technical Safeguards

We implement technical measures to protect electronic PHI (ePHI):

Safeguard	Description
Encryption at Rest	AES-256 encryption for all stored data
Encryption in Transit	TLS 1.3 encryption for all data transmission
Multi-Factor Authentication	MFA required for administrative access
Unique User IDs	Individual authentication for all system access
Automatic Logoff	Sessions expire after inactivity
Audit Logging	All PHI access logged and monitored
Access Controls	Database row-level security (RLS)
Intrusion Detection	Real-time monitoring for unauthorized access
Vulnerability Management	Regular security patches and updates

7.4 No Absolute Guarantee

While we implement commercially reasonable safeguards, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your PHI.

8. BREACH NOTIFICATION

8.1 What Is a Breach?

A “breach” is the unauthorized acquisition, access, use, or disclosure of unsecured PHI that compromises the security or privacy of the information.

Exceptions (not considered breaches):

Unintentional access by workforce member acting in good faith within scope of authority
Inadvertent disclosure between authorized persons within the same organization
Recipient unable to retain the information

8.2 Our Notification Obligations

If a breach of your unsecured PHI occurs, we will:

Notify You:

Without unreasonable delay and no later than 60 days after discovery of the breach
By first-class mail to your last known address (or email if you prefer electronic notification)
By substitute notice (posting on website, media notice) if contact information is insufficient

Content of Notice:

Description of what happened, including date of breach and date of discovery
Types of PHI involved (e.g., name, diagnosis, treatment information)
Steps you should take to protect yourself
What we are doing to investigate, mitigate, and prevent future breaches
Contact information for questions

Notify Regulators:

HHS Secretary: Breaches affecting 500+ individuals reported within 60 days; smaller breaches reported annually
State Attorneys General: As required by state law (e.g., California, New York)
Media: Breaches affecting 500+ residents of a state reported to prominent media outlets in that state

8.3 Our Commitment

We are committed to:

Prompt investigation of potential breaches
Timely notification when breaches occur
Remediation to prevent future breaches
Cooperation with regulatory investigations

9. CHANGES TO THIS NOTICE

9.1 Right to Change

We reserve the right to change this Notice at any time. Changes may apply to PHI we already have about you, as well as any PHI we create or receive in the future.

9.2 Effective Date of Changes

Changes become effective when posted on our website and in our app. The “Effective Date” at the top of this Notice indicates when it was last revised.

9.3 Notice of Changes

We will:

Post the revised Notice on our website (https://daybreakerhealth.com/hipaa-notice)
Make the revised Notice available in our app
For material changes, send email notification to active patients

9.4 Obtaining Current Notice

You may obtain a copy of the current Notice at any time by:

Visiting https://daybreakerhealth.com/hipaa-notice
Opening the app: Settings > Legal > HIPAA Notice
Emailing privacy@daybreakerhealth.com
Calling (805) 549-4172

10. COMPLAINTS

10.1 Your Right to Complain

If you believe your privacy rights have been violated, you have the right to file a complaint.

You will NOT be retaliated against for filing a complaint.

10.2 How to File a Complaint

A. Complaint to Daybreaker Health

Email: privacy@daybreakerhealth.com

Mail:
Privacy Officer
Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

Phone: (805) 549-4172

What to Include:

Your name and contact information
Description of the privacy concern
Date(s) of the incident
Names of individuals involved (if known)
Any supporting documentation

Our Response:

We will acknowledge your complaint within 5 business days
We will investigate and respond within 30 days
We will take corrective action if warranted

B. Complaint to the U.S. Department of Health and Human Services

You may file a complaint with the HHS Office for Civil Rights (OCR):

Online: https://www.hhs.gov/ocr/complaints

Mail:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201

Phone: 1-800-368-1019 (Toll-Free)
TDD: 1-800-537-7697

Deadline: Complaints must generally be filed within 180 days of when you knew or should have known about the act or omission.

10.3 State Complaints

You may also file complaints with your state’s regulatory agencies:

California:

California Department of Public Health: https://www.cdph.ca.gov/
California Attorney General: https://oag.ca.gov/privacy

Colorado:

Colorado Attorney General: https://coag.gov/file-complaint/

New York:

New York Attorney General: https://ag.ny.gov/
New York State Department of Health: https://www.health.ny.gov/

11. CONTACT INFORMATION

Privacy Officer

The Privacy Officer is responsible for overseeing our privacy practices and receiving complaints.

Name: Privacy Officer
Organization: Daybreaker Health, P.C.
Address: 260 Craig Way, San Luis Obispo, CA 93405
Email: privacy@daybreakerhealth.com
Phone: (805) 549-4172

Security Officer

The Security Officer is responsible for overseeing our security practices.

Email: security@daybreakerhealth.com
Phone: (805) 549-4172

General Inquiries

Email: care@daybreakerhealth.com
Phone: (805) 549-4172
Website: https://daybreakerhealth.com

Mailing Address

Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405

ACKNOWLEDGMENT

I acknowledge that I have received and reviewed this Notice of Privacy Practices. I understand that Daybreaker Health may use and disclose my Protected Health Information as described in this Notice.

Signature: _______________________________________________

Printed Name: _______________________________________________

Date: _______________________________________________

Daybreaker Health, P.C.
260 Craig Way
San Luis Obispo, CA 93405
(805) 549-4172
privacy@daybreakerhealth.com

This Notice of Privacy Practices was last updated on April 1, 2025.

APPENDIX: COMPLIANCE CHECKLIST

HIPAA Privacy Rule Requirements (45 CFR §164.520)

Requirement	Section	Status
Header statement (how info may be used/disclosed)	Header	✅
Uses and disclosures for TPO	3.1	✅
Uses and disclosures permitted by law	3.2	✅
Uses and disclosures requiring authorization	4	✅
Right to access	5.1	✅
Right to amend	5.2	✅
Right to accounting of disclosures	5.3	✅
Right to request restrictions	5.4	✅
Right to request confidential communications	5.5	✅
Right to paper copy of notice	5.6	✅
Right to be notified of breach	5.7, 8	✅
Duties of covered entity	6	✅
Complaint procedures	10	✅
Contact information	11	✅
Effective date	Header	✅
Statement of right to change notice	9	✅

HIPAA Security Rule Alignment (45 CFR §164.300)

Safeguard Category	Section	Status
Administrative safeguards	7.1	✅
Physical safeguards	7.2	✅
Technical safeguards	7.3	✅

HIPAA Breach Notification Rule (45 CFR §164.400)

Requirement	Section	Status
Definition of breach	8.1	✅
Notification to individuals	8.2	✅
Content of notification	8.2	✅
Notification to HHS	8.2	✅
Notification to media	8.2	✅

CHANGE LOG FROM CURRENT HIPAA NOTICE

Retained (Good Elements)

Element	Status
Commitment statement	✅ Retained
TPO disclosures	✅ Retained and expanded
Patient rights	✅ Retained and expanded
Security measures	✅ Retained and expanded
Complaint procedures	✅ Retained

Added (Compliance Enhancements)

Addition	Purpose
Detailed uses/disclosures list	HIPAA compliance
Minimum necessary standard	HIPAA requirement
Authorization requirements	HIPAA requirement
Breach notification procedures	HIPAA Breach Notification Rule
Business Associate list	Transparency
Complaint to HHS instructions	HIPAA requirement
State complaint options	Multi-state compliance
Acknowledgment signature	Documentation
Security safeguards detail	HIPAA Security Rule

ATTORNEY REVIEW FLAGS

Section 2.3 (OHCA): Verify Organized Health Care Arrangement with Qualiphy is properly documented
Section 3.2 (Law Enforcement): Confirm disclosures align with state law variations
Section 5.4 (Restrictions): Verify mandatory restriction implementation for self-pay patients
Section 8 (Breach): Confirm breach notification timelines meet all state requirements
Business Associates: Verify all BAAs are current and comprehensive

Policies

Included Documents

TERMS OF SERVICE

PLAIN-LANGUAGE SUMMARY

IMPORTANT NOTICES

TABLE OF CONTENTS

1. ACCEPTANCE OF TERMS

1.1 Binding Agreement

1.2 Additional Agreements

1.3 Changes to Terms

1.4 If You Do Not Agree

2. ELIGIBILITY & ACCOUNT REQUIREMENTS

2.1 Age Requirement

2.2 Geographic Restrictions

2.3 Account Creation

2.4 Account Security

2.5 One Account Per Person

2.6 Account Verification

3. DESCRIPTION OF SERVICES

3.1 Platform Overview

3.2 Medical Services Organization (MSO) Model

3.3 Services Included in Membership

3.4 What Is NOT Included

4. SERVICES NOT PROVIDED / SCOPE LIMITATIONS

4.1 Emergency Care

4.2 Urgent Care

4.3 Other Excluded Services

4.4 Controlled Substances

4.5 Limitations of Telehealth

5. USER OBLIGATIONS & REPRESENTATIONS

5.1 Accurate Information

5.2 Updating Information

5.3 Following Medical Advice

5.4 Your Location

5.5 Emergency Plan

5.6 Legal Compliance

6. PROHIBITED USES

6.1 You May NOT:

6.2 Consequences

7. MEMBERSHIP & SUBSCRIPTION TERMS

7.1 Membership Fee

7.2 Billing Cycle

7.3 Auto-Renewal

7.4 Renewal Notice

7.5 Payment Methods

7.6 Failed Payments

7.7 Price Changes

7.8 Cancellation

7.9 FTC Click-to-Cancel Compliance

8. ADDITIONAL FEES

8.1 Services Billed Separately

8.2 Lab Costs

8.3 Prescription Costs

8.4 FSA/HSA Eligibility

8.5 Taxes

9. REFUND POLICY

9.1 No Refunds for Services Rendered

9.2 No Partial-Month Refunds

9.3 Exceptions

9.4 Dissatisfaction

9.5 Chargebacks

10. TELEHEALTH CONSENT

10.1 Consent Requirement

10.2 Ongoing Consent

10.3 State-Specific Requirements

11. MEDICAL DISCLAIMERS

11.1 No Guarantee of Results

11.2 Not a Substitute for In-Person Care

11.3 Physician Independence

11.4 Daybreaker’s Role

11.5 Limitations of Remote Care

11.6 Second Opinions

12. SUPPLEMENT DISCLAIMERS

12.1 FDA Disclaimer

12.2 Supplements Are Not Medications

12.3 Third-Party Products

12.4 Potential Risks

12.5 Your Responsibility

13. OFF-LABEL PRESCRIBING DISCLOSURES

13.1 What Is Off-Label Prescribing?