Limited time: First month $197 (save $100). Your transformation starts here.

ZenOryva.
ZenOryva.
Take the Assessment

Privacy Policy

Last updated:

ZenOryva ("ZenOryva," "we," "us," or "our") operates the website ZenOryva.com and provides direct-to-consumer telehealth services including access to licensed healthcare providers, compounded semaglutide, and weight-loss coaching. This Privacy Policy explains what information we collect, how we use and share it, and the rights you have regarding your data.

By using our website or services, you agree to the practices described in this policy. If you do not agree, please do not use our services.

1. Information We Collect

Personal Identification Information

When you create an account, complete a health intake quiz, or purchase a subscription, we collect:

  • Full name
  • Email address
  • Phone number
  • Mailing and shipping address
  • Date of birth and biological sex (required for clinical eligibility)

Health and Medical Information

Our intake quiz and ongoing check-ins collect health data necessary for safe clinical evaluation, including:

  • Current weight, height, and body mass index (BMI)
  • Weight-loss goals and history
  • Current medications and supplement use
  • Relevant medical history and conditions
  • Responses to contraindication screening questions
  • Progress updates and coaching check-in data

Payment Information

Payments are processed by Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment credentials on our servers. We receive only a tokenized reference and limited billing details (name, last four digits, billing zip) from Stripe for record-keeping purposes.

Device and Usage Data

When you visit ZenOryva.com, we automatically collect:

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Pages visited, time on page, and navigation paths
  • Referral source (e.g., search engine, paid ad, social media)
  • Device identifiers and screen resolution

Analytics and Advertising Data

We use third-party analytics and advertising tools including Google Analytics 4 (GA4) and the Meta Pixel. These tools collect behavioral data to help us understand how visitors use our site and to measure the effectiveness of advertising campaigns. This data may be associated with identifiers (such as cookies or device IDs) that are also used by those platforms for their own purposes. See Section 5 for cookie details and opt-out options.

2. How We Use Your Information

We use the information we collect to:

  • Provide telehealth services -- transmit your health intake data to licensed healthcare providers for clinical evaluation and prescribing decisions
  • Process prescriptions -- share necessary clinical information with our compounding pharmacy partners to fulfill your medication orders
  • Facilitate coaching -- enable our coaching team to review your progress and provide personalized guidance
  • Process payments -- complete subscription and one-time purchases through Stripe
  • Communicate about your account -- send order confirmations, shipping notifications, refill reminders, and support responses
  • Improve our services -- analyze aggregated usage patterns, quiz completion rates, and outcomes data to improve our product and clinical protocols
  • Comply with legal obligations -- retain records as required by applicable state and federal law, including telehealth and pharmacy regulations
  • Marketing communications -- send promotional emails or SMS messages about our services. You may opt out of marketing communications at any time (see Section 8)

3. How We Share Your Information

We do not sell your personal information to third parties. We share your data only as described below.

  • Licensed healthcare providers -- independent physicians and nurse practitioners on our affiliated telehealth platform receive your health intake data solely to conduct clinical evaluation and, where appropriate, issue a prescription
  • Compounding pharmacy partners -- licensed 503A compounding pharmacies receive your prescription, name, and shipping address to prepare and ship your medication
  • Payment processors-- Stripe processes all payment transactions. Stripe's use of your payment data is governed by Stripe's own privacy policy
  • Analytics and advertising providers -- Google and Meta receive behavioral and device data as described in Sections 1 and 5. This data does not include protected health information (PHI)
  • Legal and regulatory requirements -- we may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of ZenOryva, our users, or the public
  • Business transfers -- in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email prior to any such transfer becoming subject to a materially different privacy policy

4. HIPAA and Protected Health Information

Certain health information we collect -- including information that could identify you and relates to your health condition, treatment, or healthcare payment -- may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).

ZenOryva functions as a business associate with respect to PHI transmitted between our platform and the covered entities (healthcare providers and pharmacies) involved in your care. Where required, we maintain a Business Associate Agreement (BAA) with our infrastructure partners.

PHI is stored exclusively in HIPAA-compliant systems. Our primary data infrastructure is built on Supabase, with which we maintain a signed BAA. Database contents are encrypted at rest and accessible only to authorized personnel.

Our marketing and communication platforms -- including HubSpot and GoHighLevel -- do not store PHI. These systems receive only non-clinical identifiers such as your name, email address, phone number, and subscription status. Email and SMS communications sent through these platforms never reference specific medications, dosages, diagnoses, or health conditions.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate our site, analyze usage, and measure advertising performance.

Google Tag Manager

We use Google Tag Manager (GTM) as a container to deploy and manage tracking scripts including GA4 and the Meta Pixel. GTM itself does not collect personal data but facilitates data collection by the tags it fires.

Google Analytics 4 (GA4)

GA4 collects pseudonymous data about how visitors interact with our website, including pages viewed, session duration, and conversion events (such as quiz completions and purchases). This data is used to understand traffic patterns and improve our services. GA4 data is retained for 14 months by default in our property settings.

To opt out of GA4 tracking, you may install the Google Analytics Opt-out Browser Add-on or adjust your browser's cookie settings. You may also manage your Google ad personalization settings at adssettings.google.com.

Meta Pixel

The Meta Pixel is used to measure the effectiveness of our advertising campaigns on Facebook and Instagram, and to build custom and lookalike audiences for advertising purposes. The Pixel may track actions such as page views, quiz initiations, and purchase completions. This data is transmitted to Meta Platforms, Inc. and is subject to Meta's own privacy policy.

To opt out of interest-based advertising by Meta, visit your Meta Ad Preferences. You may also opt out via the Digital Advertising Alliance opt-out tool.

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to refuse new cookies, delete existing cookies, and set preferences for specific websites.

6. Data Security

We implement technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption in transit -- all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest -- databases containing personal and health information are encrypted at rest using AES-256
  • Access controls -- access to personal and health data is limited to authorized personnel on a need-to-know basis. All access is logged and auditable
  • Security reviews -- we conduct regular reviews of our security practices and third-party integrations
  • Incident response -- we maintain a documented incident response procedure and will notify affected users in accordance with applicable data breach notification laws

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account and health data -- retained for the duration of your active account and for a minimum of seven (7) years following your last interaction with our telehealth services, as required by applicable state medical records laws
  • Payment records -- retained for seven (7) years for tax and accounting purposes
  • Marketing communications data -- retained until you unsubscribe or request deletion, subject to our legal retention obligations
  • Analytics data-- retained for up to 14 months in GA4 and subject to Meta's own retention policies

You may request deletion of your personal data at any time (see Section 8). Note that we may be required to retain certain information to comply with legal or regulatory obligations even after a deletion request.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access -- request a copy of the personal information we hold about you
  • Correction -- request that we correct inaccurate or incomplete information
  • Deletion -- request that we delete your personal information, subject to our legal retention obligations
  • Opt out of marketing-- unsubscribe from marketing emails by clicking the "unsubscribe" link in any promotional email, or reply STOP to any marketing SMS. You may also contact us directly at privacy@ZenOryva.com
  • Data portability -- request your data in a structured, machine-readable format where technically feasible

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, disclose, and sell or share
  • The right to delete personal information we have collected, subject to exceptions
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information. We do not sell personal information. We do share certain behavioral data with Google and Meta for advertising purposes; you may opt out as described in Section 5
  • The right to limit the use of sensitive personal information, including health data, to what is necessary for providing services
  • The right not to be discriminated against for exercising your CCPA rights

To exercise any of these rights, contact us at privacy@ZenOryva.com. We will respond to verifiable requests within 45 days as required by applicable law.

9. Children's Privacy

Our services are intended for adults 18 years of age and older. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@ZenOryva.com and we will promptly delete that information from our systems.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last updated" date.

For material changes -- such as new categories of data collection, new sharing partners, or changes to how we handle health information -- we will notify you by email to the address associated with your account at least 30 days before the changes take effect, where feasible. Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

ZenOryva

9017 Reseda Blvd, Suite 210

Northridge, CA 91324

Email: privacy@ZenOryva.com

Phone: (TBD)

We aim to respond to all privacy-related inquiries within five (5) business days.

← Back to ZenOryva