Legal

Privacy Policy

Last updated: May 22, 2026

1. Who we are

EMPWRD Patient is operated by Matt Toresco, LLC ("EMPWRD Patient," "we," "us," "our"). This policy explains how we handle personal information collected through empwrdpatient.com (the "Site").

The EMPWRD Patient mobile and web application available at empwrdpatient.app is a separate product with its own privacy notice. If you use the app to track health information, that activity is governed by the app's notice, not this one.

2. What this policy covers

This policy covers personal information you give us, or that we collect, when you visit or interact with empwrdpatient.com. It does not cover:

  • The EMPWRD Patient app (see its in-app privacy notice)
  • Third-party websites we link to
  • Information you share with us in private channels (email, phone, social media) outside the Site forms

3. What we collect

When you fill out a form on the Site (for example to join an early-access list, the Founding Member list, or to receive Collective updates) we collect:

  • Your first and last name
  • Your email address
  • A "condition" field, if you choose to share it
  • An "organization" field, if you choose to share it

Form submissions are routed to our customer-relationship platform, GoHighLevel (LeadConnectorHQ), which stores this information on our behalf.

When you visit the Site, our hosting provider (Vercel) and any analytics tooling we may use can collect:

  • Your IP address
  • Browser and device information
  • Pages viewed and time on page
  • Approximate geographic region

We do not knowingly collect Social Security numbers, payment card numbers, or government IDs through the Site.

4. How we use your information

We use the information you give us to:

  • Send you the communications you signed up for (early-access updates, TestFlight invites, Collective updates)
  • Let you know when the EMPWRD Patient Collective opens
  • Improve the Site and our outreach
  • Respond to questions or requests you send us
  • Comply with legal obligations

We do not sell your personal information. We do not share it for cross-context behavioral advertising.

5. HIPAA — a note on scope

EMPWRD Patient's marketing Site (empwrdpatient.com) is not itself a HIPAA-Covered Entity. The information collected through Site forms is contact information, not Protected Health Information (PHI) in the HIPAA sense, even when a "condition" field is filled in.

The EMPWRD Patient application at empwrdpatient.app is operated under HIPAA-aligned policies — meaning we follow the security and privacy practices HIPAA requires of Covered Entities and Business Associates, even where strict legal applicability is debated. The app's own privacy notice explains those practices in detail.

We use the phrase "HIPAA aligned" rather than "HIPAA compliant" intentionally. "Compliant" is a legal status that requires specific audits and contracts. "Aligned" describes our operational posture and standard of care.

6. Who we share it with

We share your information with:

  • GoHighLevel (LeadConnectorHQ) — our customer-relationship and email platform, used to store contacts and send communications
  • Vercel — our hosting provider, which processes Site traffic
  • Other service providers we may engage to send email, run analytics, or operate the Site — each bound by written agreements that restrict their use of your information

We may also share information if we are legally required to (subpoena, court order, regulatory request) or to protect the rights, property, or safety of EMPWRD Patient, our users, or others.

If EMPWRD Patient is acquired, merged, or sold, your information may be transferred as part of that transaction. We will notify you if that happens.

7. Cookies and tracking

The Site uses a small number of cookies and similar technologies for security, hosting performance, and basic measurement. We do not use third-party advertising cookies, and we do not participate in cross-site behavioral advertising.

You can disable cookies in your browser settings; some Site features may not work as expected if you do.

8. Your rights

Depending on where you live, you may have specific rights over your personal information.

California residents (CCPA / CPRA)

  • The right to know what categories of personal information we collect, where we got it, what we use it for, and whom we share it with
  • The right to request a copy of the personal information we have about you
  • The right to ask us to delete your information
  • The right to correct inaccurate information
  • The right to opt out of the sale or sharing of your personal information (we do not sell or share for cross-context behavioral advertising)
  • The right not to receive discriminatory treatment for exercising any of these rights

Other US state residents

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Delaware, and other states with comprehensive privacy laws have similar rights — access, deletion, correction, and the right to opt out of targeted advertising and the sale of personal information.

EU / UK residents (GDPR / UK GDPR)

  • Access, rectification, erasure, restriction, portability, and objection rights
  • The right to withdraw consent at any time
  • The right to lodge a complaint with a supervisory authority

To exercise any of these rights, email privacy@empwrdpatient.com with the request and a way for us to verify it's you. We respond within the legal time frames applicable to your jurisdiction.

9. How to opt out of email

Every email we send includes an unsubscribe link in the footer. You can also reply to any email asking to be removed, or email privacy@empwrdpatient.com directly.

Removing yourself from email lists does not delete your record entirely — to delete the record, request deletion under Your rights.

10. Children's information

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, email us at the address below and we will delete it.

11. Data retention

We keep your information for as long as you remain on our communications lists, plus a reasonable period afterward for legal, audit, and recordkeeping needs. You can request deletion at any time.

12. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your information. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

13. International data transfers

We are based in the United States. If you visit the Site from outside the US, your information will be transferred to and processed in the US. By using the Site, you understand and consent to this transfer.

14. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced on the Site or by email to people on our communications lists.

15. Contact

Questions, requests, or concerns about this policy or your information:

Matt Toresco, LLC
1121 Park Ave Blvd, Suite B #151
Mount Pleasant, SC 29466
privacy@empwrdpatient.com

This Privacy Policy is provided for general informational purposes. It is not legal advice. If you have specific questions about how privacy law applies to your situation, please consult a qualified attorney.