Privacy Policy

Effective date: May 21st, 2026 Last updated: May 21st, 2026

1. About this Policy

bVital Inc (“bVital,” “we,” “us,” or “our”) operates bvital.com, brainregen.com, and related digital properties (collectively, the “Sites”) and provides health, wellness, and regenerative medicine services (collectively, the “Services”). This Privacy Policy explains how we collect, use, share, and protect personally identifiable information (“PII”) about you when you visit our Sites, interact with our marketing, register for events, purchase products, or otherwise engage with us outside of a treating relationship.

For purposes of this Policy, “PII” means any information that identifies, relates to, describes, or could reasonably be linked with you — including name, email, phone number, address, IP address, and similar identifiers — as well as inferences drawn from that information.

This Policy does not cover Protected Health Information (“PHI”). PHI is a category of health information protected by the Health Insurance Portability and Accountability Act (“HIPAA”). We do not collect PHI through our Sites, marketing channels, or other public-facing properties. PHI is collected only after you become a patient of bVital and complete our patient intake and HIPAA authorization/consent process. The use and disclosure of PHI is governed by our separate Notice of Privacy Practices (“NPP”), available by emailing in**@****al.com. The NPP controls over this Policy for any conflict involving PHI.

If you voluntarily share health-related information with us through a Site form, chat, webinar, or marketing channel (for example, mentioning a condition you’d like help with), we treat that information as sensitive PII under this Policy. It does not become PHI unless and until you become a patient and complete our HIPAA intake process.

NOTICE TO U.S. STATE RESIDENTS: Please see Section 14 (State-specific privacy disclosures) for additional rights and information specific to your state.

2. Guiding Privacy Principles

We built bVital around the people we serve. Your privacy is core to that mission. While we may operate as a “business associate” under HIPAA in certain contexts, HIPAA does not apply to all of the information we process — so we hold ourselves to the following principles regardless:

  • We do not sell your PII for money. In the ordinary course of business, we do not exchange your information for monetary consideration.
  • We collect only what we need. We retain information only as long as needed to deliver our Services, protect our patients and customers, and meet legal obligations.
  • We limit how we share health information. We do not transmit health-condition information, symptoms, or treatment data to advertising platforms in a way that personally identifies you (see Section 9).
  • You are in control. You can access, correct, delete, and opt out of most uses of your information at any time.

3. Information we collect

A. Information you provide directly

When you fill out a form, register for a webinar, download a guide, schedule a consultation, subscribe to a newsletter, purchase a book or product, or otherwise interact with us, you may provide:

  • Identifiers: name, email address, phone number, mailing address.
  • Demographic information: age, gender, location, and (if you choose to provide it) other demographic context.
  • Wellness interests: conditions or topics you’d like help with, goals, family history context, lifestyle information. We treat this as sensitive PII (see Section 4). This is not PHI and does not become PHI unless and until you become a patient and complete our HIPAA intake.
  • Commercial information: products, programs, or services purchased; payment information (processed by our payment processor — we do not store full credit card numbers); transaction history.
  • Communications: the contents of emails, text messages, voice messages, chat conversations, webinar Q&A, and form submissions.
  • User-generated content: testimonials, reviews, comments, photos, videos, and other content you submit to us or post on our Sites or social channels, along with associated metadata. If you provide a testimonial, you grant us permission to use it on our Sites and in our marketing as described at the time of submission.
  • Audiovisual recordings: when you participate in a recorded call (inbound or outbound), webinar, or video consultation, we collect audio and (where applicable) video recordings of that interaction. We will inform you before recording where required by law.

B. Information collected automatically

When you visit our Sites or interact with our communications, we and our service providers collect:

  • Device information: IP address, browser type and version, operating system, device identifiers, screen resolution, language settings.
  • Usage information: pages viewed, time on site, referring URLs, search terms, click activity, navigation paths, and how you interact with our content.
  • Approximate location: geographic location (typically city-level) derived from IP address.
  • Email engagement: whether you open our emails and click links, captured via tracking pixels embedded in marketing emails sent through our customer relationship management platform.
  • Communication metadata: call logs, SMS delivery records, and similar metadata from our phone and messaging systems.

This automatic collection is facilitated by cookies, pixels, web beacons, tag managers, and similar technologies. See Section 10 for details and your choices.

C. Information from third parties

We may receive information about you from:

  • Advertising and analytics partners (e.g., Google, Meta) about your interactions with our ads, conversion events, and aggregate audience data.
  • Lead generation and content partners who have your consent to share your information with us.
  • Service providers who help us operate our Sites, CRM, communications, and analytics.
  • Joint marketing or co-branded partners (for example, partners involved in our book launches or events) who share registration or attendance data with us.
  • Publicly available sources.
  • Business transaction partners, in the context of an actual or prospective transaction involving bVital (see Section 5).

D. Derived data

We generate inferences and analytical data from the categories above — for example, lead scores, audience segments, engagement levels, and behavior-based tags used to personalize the content and offers we send you. We treat derived data with the same protections as the source information from which it was derived.

4. Sensitive personal information and consumer health data

Some of the information we collect qualifies as “sensitive personal information” under California law or “consumer health data” under the Washington My Health My Data Act and similar laws in other states. This includes:

  • Contact details (name, email, phone) when combined with a health-related interest.
  • Information from which a health condition, symptom, or treatment interest could be inferred — including topics you research on our Sites, programs you express interest in, conditions you mention in a form or chat, and content you engage with in our communications.
  • City-level geolocation information.
  • Account login credentials.
  • Audiovisual recordings that may contain health-related discussion.

We apply heightened protections to this information. We use it only for purposes you would reasonably expect — providing the Services you request, communicating with you about programs you’ve shown interest in, conducting internal analytics, and complying with law. We do not sell consumer health data. We do not share consumer health data with advertising platforms for cross-context behavioral advertising. Residents of Washington and certain other states have additional rights described in Section 14.

5. How we use your information

We use the PII we collect to:

  • Provide, maintain, improve, and personalize our Services.
  • Respond to inquiries and provide customer support.
  • Schedule, confirm, and remind you about appointments, events, and consultations.
  • Process payments and manage your account.
  • Send marketing and educational communications you’ve opted in to receive, including personalized content and offers based on your interests.
  • Administer webinars, promotions, contests, book launches, and other events.
  • Record calls, webinars, and video consultations for quality assurance, training, and (where you’ve granted permission) for later use in educational or marketing content.
  • Conduct internal research and analytics to understand how our Services are used and to improve them.
  • Create aggregated, de-identified, or anonymized data that no longer identifies you, which we may use and share for our lawful business purposes.
  • Detect, prevent, and address fraud, security incidents, abuse, and technical issues.
  • Defend ourselves in legal claims and audit our internal processes for compliance with law and contractual obligations.
  • Comply with legal obligations and enforce our Terms & Conditions.

We do not use your PII to make automated decisions that produce legal or similarly significant effects about you. Automated tools we use (such as lead scoring, audience segmentation, and email sequence routing) affect only marketing and sales workflows — they do not determine your pricing, program eligibility, or access to healthcare.

6. How we share your information

We share PII with the categories of recipients listed below. We do not share more than is necessary for the purpose.

  • Service providers. Third parties that provide services on our behalf — including our CRM and communications platform (GoHighLevel), email and SMS delivery, dialing and call recording (Kixie), website hosting, analytics (Google Analytics), tag management, customer support tooling, and IT and security services. These providers are contractually limited to using your information only to provide services to us.
  • Payment processors. Our payment processor collects and processes your payment card information directly. Their use of your information is governed by their own privacy policy.
  • Advertising partners and ad networks. We share limited information (such as hashed email addresses) with advertising platforms (Meta and Google) to create custom audiences and lookalike audiences for prospecting. We do not transmit health-condition information to advertising platforms in a manner that personally identifies you. Some of this sharing may constitute “sharing” or “sale” under California and other state laws; you can opt out as described in Section 12.
  • Lab and provider partners. Third-party laboratory services providers, healthcare services providers, and other medical and medical-adjacent providers that we work with to deliver requested products or services. We share only the information necessary to fulfill those services.
  • Joint marketing and co-branded partners. Partners with whom we co-host events, book launches, webinars, or programs (for example, our book marketing partner The Gab Company) may receive limited registration or attendance data. We tell you who the partner is at the point of collection where applicable.
  • Professional advisors. Lawyers, accountants, auditors, insurers, and other professional advisors, where necessary in the course of services they render to us.
  • Authorities and others. Law enforcement, government authorities, regulators, and private parties where we believe in good faith that disclosure is necessary to comply with law, respond to lawful requests, protect rights, safety, or property, or enforce our terms.
  • Business transferees. In connection with an actual or prospective merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your PII may be transferred to the relevant counterparty, successor, or assignee — and to their professional advisors evaluating the transaction.
  • With your consent or at your direction. We share PII for other purposes when you specifically ask us to or otherwise consent.

We do not currently share PII with corporate affiliates, research partners, enterprise/B2B customers, or linked wearable or IoT devices. If that changes, we will update this Policy.

We may also disclose aggregated, de-identified, or anonymized data — which by definition does not identify you — for any lawful purpose.

7. Health-related advertising and tracking — our commitments

Given the sensitivity of health information and active FTC enforcement in this area, we hold ourselves to specific commitments:

  • We do not transmit information about specific health conditions, symptoms, treatments, or page views of health-content pages to third-party advertising platforms in a manner that personally identifies you.
  • Our advertising pixels (Meta Pixel / Conversions API) are configured to fire on specific conversion events (such as form submissions and purchases) rather than on health-content page views.
  • We do not use health-related information or consumer health data for interest-based advertising or to build advertising audiences.
  • We audit our tracking technologies on an ongoing basis for compliance with the FTC Health Breach Notification Rule and Section 5 of the FTC Act.
  • If you opt out of marketing or advertising-related processing, we apply that opt-out across our platforms within a reasonable period.

8. Communications, recordings, and your choices

bVital communicates with you across multiple channels and records or logs certain communications. The following practices apply:

Email. We send marketing, educational, and transactional emails. Our marketing emails include tracking pixels that tell us whether you opened the email and which links you clicked. You can unsubscribe from marketing emails using the unsubscribe link in any email or by emailing in**@****al.com. Transactional emails (appointment confirmations, account notices, receipts) cannot be unsubscribed.

SMS. We send appointment reminders, transactional messages, and (with your opt-in consent) marketing messages, registered under A2P 10DLC requirements. SMS conversations are logged and may be reviewed for quality and training. You can opt out of marketing SMS by replying STOP to any text. For full SMS terms, see our SMS Terms.

Phone calls. Outbound calls placed through our dialing platform (Kixie) and inbound calls to our main line may be recorded for quality assurance, training, and follow-up. Where required by state law (including California, Florida, and other two-party consent states), we provide notice at the start of the call. You may request that a call not be recorded; you may also request to be added to our internal do-not-call list by calling or emailing us.

Webinars and live events. We record our webinars, live trainings, and certain events and may use the recordings as replays, course material, or in our marketing. If you are visible or audible in a recording in a way that identifies you, we will obtain your consent before using that portion publicly.

Video consultations. Zoom and other video consultations may be recorded for quality assurance, training, and patient-facing purposes. We inform you before recording begins.

9. Cookies, pixels, and online tracking

We and our service providers use cookies, pixels, web beacons, local storage technologies, and tag managers to operate the Sites, remember your preferences, measure performance, and support our marketing.

Technologies currently in use on our Sites include:

  • GoHighLevel native tracking, chat widget, and forms.
  • Google Analytics (GA4) for website analytics.
  • Google Tag Manager for tag deployment.
  • Meta Pixel and Conversions API for conversion measurement (configured for event-based tracking only).

We are in the process of deploying a cookie consent banner that will allow you to set granular preferences. In the interim, you can manage cookies and similar technologies through:

  • Your browser settings — most browsers let you block or delete cookies and prevent images from loading.
  • Browser-level Global Privacy Control (GPC) signals — we honor GPC as an opt-out of “sale” and “sharing” of PII for users whose state law provides for GPC recognition. To learn more, visit globalprivacycontrol.org.
  • Ad-industry opt-outs at the Network Advertising Initiative (networkadvertising.org/managing/opt_out.asp) and the Digital Advertising Alliance (optout.aboutads.info).
  • Platform-specific opt-outs at adssettings.google.com and facebook.com/about/ads.
  • Mobile device settings that limit use of your advertising ID.

We do not currently respond to “Do Not Track” browser signals, as there is no consistent industry standard. We do honor GPC signals as described above.

10. Your privacy choices

In addition to the communication opt-outs in Section 8 and the cookie/tracking choices in Section 9, you have the following choices:

  • Access or update your account. If you have an account with us, you can review and update your information by logging in and navigating to your account settings.
  • Decline to provide information. Some of our Services require certain information. If you choose not to provide it, we may not be able to provide that Service.
  • Privacy rights. Depending on where you live, you may have additional rights described in Sections 13 and 14.

11. How long we keep your information

We retain PII for as long as needed to provide the Services and comply with our legal obligations. Specific retention periods include:

  • Marketing contacts: until you unsubscribe or request deletion, plus a reasonable suppression-list period to prevent re-mailing.
  • Customer accounts: for the duration of the customer relationship, plus up to seven (7) years for tax and accounting purposes.
  • Consent records (TCPA / marketing consent): at least four (4) years from the date consent was given or withdrawn.
  • Call recordings, webinar recordings, and video consultation recordings: retained for the period necessary for the purpose for which they were collected (quality assurance, training, content production), then deleted or de-identified.
  • Patient records (PHI): retained under our NPP as required by federal and Utah state law. PHI retention is separate from this Policy.
  • Aggregated or de-identified data: retained indefinitely.

When we no longer need PII, we delete it, anonymize it, de-identify it, or isolate it from further processing.

12. Sale, sharing, and your opt-out rights

We do not sell PII for monetary consideration. However, our use of advertising platforms to create custom audiences and lookalike audiences (described in Section 6) may constitute “sharing” or, under some state laws, “sale” of PII for cross-context behavioral advertising purposes.

You can opt out of this sharing at any time by:

  • Emailing in**@****al.com with the subject “Do Not Share My Information.”
  • Using a browser configured to broadcast the Global Privacy Control (GPC) signal — we will honor GPC for that browser/device and for any account associated with it.
  • Once our cookie consent banner is live, adjusting your preferences directly on our Sites.

We do not share consumer health data, sensitive personal information, or information about minors under 18 for cross-context behavioral advertising under any circumstances.

13. Security

We use reasonable administrative, technical, and physical safeguards designed to protect your PII, including access controls, encryption in transit, and vendor due diligence. No system is completely secure, however, and we cannot guarantee the security of your information.

14. Your privacy rights

Depending on where you live, you may have some or all of the following rights regarding your PII:

  • Right to know / access. Request to know whether we process your PII, the categories of PII we collect, the sources, purposes, and recipients, and a portable copy of the PII we hold about you.
  • Right to correct. Ask us to correct inaccurate or incomplete information.
  • Right to delete. Ask us to delete the PII we collected from or about you (subject to legal exceptions).
  • Right to opt out of sale or sharing for cross-context behavioral advertising (see Section 12).
  • Right to limit the use of sensitive PII to purposes necessary to provide the Services or as otherwise permitted by law.
  • Right to opt out of profiling or automated decisions with legal or similarly significant effects. As described in Section 5, we do not engage in such profiling.
  • Right to withdraw consent previously given.
  • Right to appeal a denial of your request.
  • Right to non-retaliation. We will not deny services, charge different prices, or provide a different quality of service because you exercised a privacy right.

To exercise any of these rights, email us at in**@****al.com with details about your request. We will respond within the time required by applicable law (typically 45 days, with one possible extension).

Verification. To protect your information, we may need to verify your identity before processing access, correction, deletion, or appeal requests. We may ask for information sufficient to confirm that the person making the request is the person about whom we hold the PII.

Authorized agents. You may designate an authorized agent to make a request on your behalf. We may require the agent to provide written authorization signed by you, and we may require you to verify your own identity directly. For deletion requests, we may ask you to confirm the request before we act on it.

15. State-specific privacy disclosures

California (CCPA / CPRA)

California residents have the rights described in Section 14. In the preceding 12 months, we have not sold PII for monetary consideration. We have “shared” certain PII for cross-context behavioral advertising as described in Section 6 and Section 12; you can opt out as described in Section 12.

We do not knowingly sell or share the PII of consumers under 16 years of age.

Categories of PII we collect, use, and disclose. The table below summarizes our practices currently and during the 12 months preceding the effective date of this Policy.

PII CategoryCCPA Statutory CategorySourcesBusiness PurposeCategories of Recipients (Disclosure)Shared for Cross-Context Advertising?Sold?
Contact data (name, email, phone, address)Identifiers, Customer recordsDirect from you; lead/marketing partnersService delivery, marketing, support, transactions, complianceService providers, payment processors, lab/provider partners, ad partners, professional advisors, authorities, business transfereesYes (hashed)No
Demographic data (age, gender, location)Customer records, Protected characteristicsDirect from youService delivery, personalization, analyticsService providers, ad partners, professional advisorsYes (limited)No
Account data (login credentials, profile)Identifiers, Sensitive PIIDirect from youService delivery, securityService providers, professional advisorsNoNo
Wellness / health-interest dataCustomer records, Sensitive PIIDirect from youService delivery, personalized communicationsService providers, lab/provider partners, professional advisorsNoNo
Commercial / transaction dataCommercial informationDirect from you; payment processorService delivery, transactions, analytics, complianceService providers, payment processors, professional advisors, authorities, business transfereesNoNo
Communications and content (emails, SMS, chat, form submissions, testimonials, social posts)Commercial information, Internet activity, Audio/visual dataDirect from youService delivery, support, marketing, trainingService providers, professional advisorsNoNo
Audiovisual recordings (calls, webinars, video consults)Audio/visual dataDirect from you (recorded with notice)Quality assurance, training, content productionService providers, professional advisorsNoNo
Device, usage, and online activity dataIdentifiers, Internet activity, GeolocationAutomatic collectionSite operation, analytics, marketing measurementService providers, ad partners, professional advisorsYesNo
Approximate geolocation (city-level)Geolocation, Sensitive PIIAutomatic collectionSite operation, analytics, marketingService providers, ad partnersYes (limited)No
Email engagement data (opens, clicks)Internet activityAutomatic collectionMarketing analytics, personalizationService providersNoNo
Inferences / derived data (lead scores, segments, tags)InferencesGenerated internallyPersonalization, marketing, analyticsService providers, professional advisorsLimitedNo

Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states

You have rights under your state’s comprehensive privacy law similar to those described in Section 14. Contact us at in**@****al.com to exercise these rights.

Washington (My Health My Data Act)

Washington residents have additional rights regarding consumer health data. See our separate Consumer Health Data Privacy Policy at https://brainregen.com/bvital-consumer-health-data-privacy-policy/

Nevada

Nevada law gives residents the right to opt out of certain sales of PII. While we do not currently sell PII as Nevada defines that term, Nevada residents may submit an opt-out request to in**@****al.com.

16. Automated decision-making

We do not use your PII to make automated decisions that produce legal or similarly significant effects about you, your healthcare, your pricing, or your eligibility for our programs. Automated systems we use — including lead scoring, audience segmentation, and marketing automation — affect only our internal marketing and sales workflows and do not determine the care, pricing, or programs you are offered.

17. Other sites and services

Our Sites may link to third-party websites, services, or platforms. This Policy does not apply to those third parties. We do not control them and are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party sites or services you use.

18. International users

bVital is based in the United States, and our Services are primarily intended for U.S. residents. We do not block access to our Sites, newsletter, book audience, or general content from outside the U.S. If you access our Sites from outside the United States, your PII will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

EEA, UK, and Switzerland residents. If you are located in the European Economic Area, the UK, or Switzerland, we process your PII based on our legitimate interests, your consent, or as necessary to perform a contract with you. You have rights under the GDPR or UK GDPR, including the rights to access, correct, delete, port, restrict, or object to processing of your PII, and to lodge a complaint with your local supervisory authority. To exercise these rights, contact us at in**@****al.com.

19. Children’s privacy

Our Sites and Services are intended for adults aged 18 and older. We do not knowingly collect PII from anyone under 18 except where a parent or legal guardian has provided express written consent (for example, an adult child managing care for a parent, or a guardian enrolling a minor in a program with our prior written agreement).

If we learn we have collected PII from a person under 18 without the required guardian consent, we will delete it. If you are the parent or guardian of a minor and believe your child has provided us with information without your consent, contact us at in**@****al.com.

20. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email (if we have your email on file) or by prominent notice on our Sites at least 30 days before the change takes effect. The “Last updated” date at the top reflects the most recent change.

21. How to contact us

bVital Inc Attn: Privacy 1755 Prospector Ave #100 Park City, UT 84060

Email: in**@****al.com Phone: 435-962-6363