Privacy Policy
Last Updated: June 1, 2026
This Privacy Policy describes how Medifoodz, Inc. ("Medifoodz," "we," "us," or "our") collects, uses, stores, and shares information in connection with the Glyvance meal program, connected device integrations, the Vance AI coaching platform, the Glyvance mobile application, and all related services (collectively, the "Services"). By enrolling in or using the Services, you agree to the practices described in this Privacy Policy.
This Privacy Policy should be read together with the Glyvance Terms of Service, which governs your use of the Services and is incorporated herein by reference.
1. Information We Collect
1.1 Account and Contact Information
When you create an account or enroll in the Glyvance program, we collect:
Full name
Email address
Phone number
Mailing and delivery address
Account login credentials
Payment information (processed by our payment processor; Medifoodz does not store full card numbers)
1.2 Health and Biometric Data
The Glyvance program involves the collection of health and biometric data through connected devices and program participation. This data is stored in identified form and protected under our HIPAA-compliant data security program. We currently collect the following data through third-party device connections:
Continuous glucose readings through user-authorized CGM device connections
Body composition metrics including weight through user-authorized body composition scale connections
We also collect the following data directly through program participation:
Program participation data including meal selections, program phase, and engagement history
Communications with the Vance AI coach
1.3 Device and Technical Data
When you use the Glyvance application or website, we automatically collect:
Device type, operating system, and browser information
IP address and approximate location
Pages viewed, features used, and interaction data
App performance and crash data
Cookies and similar tracking technologies
1.4 Data from Third-Party Devices and Platforms
Medifoodz currently receives continuous glucose readings and body composition metrics including weight through user-authorized device connections via Apple Health, Android Health Connect, and direct device API integrations. When you connect a device through any of these mechanisms, you authorize Medifoodz to receive the data transmitted through that connection. You may contact the manufacturer of any device you connect directly using the contact information in that device's product documentation. The collection and handling of data by device manufacturers on their own platforms is governed solely by each manufacturer's privacy policy. Medifoodz is not responsible for third-party data practices.
1.5 Communications and User-Generated Content
We collect information you submit through customer support inquiries, feedback forms, surveys, testimonials, and social sharing features within the Glyvance application.
1.6 Vance AI Coach Interactions
When you interact with the Vance AI coach, we collect and store your conversation logs. These logs include questions, responses, and any health-related information you choose to share during coaching sessions. The following describes how this data is handled:
Conversation logs are stored in identified form and protected under our HIPAA-compliant data security program
Health-related Vance interactions that identify your physical health status constitute consumer health data under applicable state law and are subject to the rights described in Section 12 of this Privacy Policy
Vance is powered by a third-party AI infrastructure provider. Your conversation content is processed by that provider to generate responses, subject to their applicable terms and privacy policy. Medifoodz takes reasonable steps to ensure third-party AI providers maintain appropriate data security standards
Conversation logs may be retained for program delivery, safety monitoring, and product improvement purpose• You should not share sensitive personal health information, financial information, or other highly sensitive personal data with Vance beyond what is necessary for program coaching purposes
2. How We Use Your Information
2.1 Program Delivery
We use your information to deliver and operate the Glyvance program, including meal fulfillment, device integration, Vance AI coaching, provider portal access (where authorized by you), performance program administration, and customer support.
2.2 Communications
We use your contact information to send order confirmations, delivery updates, program guidance, account notifications, and where you have opted in, marketing communications. You may opt out of marketing communications at any time.
2.3 Product Development and Regulatory Submissions
We use de-identified, aggregated data derived from program participation for product improvement, product development, and regulatory submissions. De-identification is performed in accordance with applicable HIPAA standards prior to any such use. Your identity will not be disclosed in connection with any such use without your separate written consent. All intellectual property developed by Medifoodz using de-identified data is owned exclusively by Medifoodz as set forth in the Terms of Service.
2.4 Safety and Compliance
We use your information to monitor program safety, respond to adverse events, comply with applicable laws and regulations, and protect the rights and safety of Medifoodz, our customers, and others.
2.5 Provider Portal
If you authorize a healthcare provider to access your program data through the Glyvance provider portal, we share your identified program data with that provider as directed by you. This authorization may be revoked at any time through your account settings. Medifoodz is not responsible for clinical decisions made by your provider based on data accessed through the portal.
3. HIPAA and Health Data
3.1 HIPAA Compliance Program
Medifoodz, Inc. maintains a formal HIPAA compliance program governing the collection, storage, use, and disclosure of health information. This includes administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of protected health information ("PHI") in accordance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations.
3.2 Business Associate Agreements
Where required by HIPAA, Medifoodz enters into Business Associate Agreements with vendors and service providers who access, process, or store PHI on our behalf. Vendors in our data chain who handle health data are required to maintain appropriate HIPAA-compliant safeguards.
3.3 Data Storage
Identified health data is stored on Medifoodz systems protected under our HIPAA compliance program. Health data is retained in identified form for as long as your account is active and for a period following account closure as required by applicable law or our data retention policy. De-identified data may be retained indefinitely for product development and regulatory purposes.
3.4 No Sale of Health Data
Medifoodz does not sell, rent, or license your health data or personal information to third parties for their own commercial purposes.
4. How We Share Your Information
4.1 Service Providers
We share information with trusted third-party service providers who perform services on our behalf, including payment processing, meal fulfillment, application hosting, data storage, analytics, and customer communications. All service providers are required to maintain appropriate confidentiality and security safeguards and are prohibited from using your information for their own independent purposes.
4.2 Healthcare Providers
We share your program data with healthcare providers you have authorized through the Glyvance provider portal. This sharing is entirely at your direction and may be revoked at any time.
4.3 Device Manufacturers
Data flows between Medifoodz and third-party device manufacturers occur through user-authorized connections. Medifoodz receives data from device platforms with your consent. We do not share your identified data with device manufacturers beyond what is necessary to establish and maintain your authorized device connections.
4.4 Legal and Regulatory Disclosures
We may disclose your information where required by law, regulation, legal process, or governmental request, or where necessary to protect the rights, safety, or property of Medifoodz, our customers, or others.
4.5 Business Transactions
In connection with a merger, acquisition, financing, or sale of substantially all of our assets, your information may be transferred as part of that transaction. We will provide notice of any such transfer and any material changes to this Privacy Policy.
4.6 Social Sharing
The Glyvance application may include features that allow you to share program updates or data to third-party social media platforms. Any sharing through these features is entirely at your direction. Medifoodz is not responsible for any personally identifiable or health information you choose to share publicly. Once shared externally, Medifoodz has no ability to retract or control that information.
5. Cookies and Tracking Technologies
We use cookies and similar technologies on our website and application to enable core functionality, understand how users interact with our Services, and improve performance and user experience. You may adjust your browser or device settings to refuse cookies. Some features of the Services may not function properly if cookies are disabled.
6. Your Rights and Choices
6.1 Access and Correction
You may access, review, and update your account information at any time through your account settings or by contacting us at privacy@medifoodz.com.
6.2 Data Deletion
You may request deletion of your personal information by contacting us at privacy@medifoodz.com. Upon verified request, we will delete your identified data subject to retention obligations required by law. Note that de-identified data, which cannot be linked back to you, is not subject to deletion requests.
6.3 Marketing Opt-Out
You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at privacy@medifoodz.com. Operational communications related to your active program enrollment are not subject to opt-out.
6.4 Provider Authorization Revocation
You may revoke any healthcare provider's access to your program data at any time through your account settings.
6.5 Florida Residents
Medifoodz operates under the Florida Information Protection Act (FIPA), which governs data security and breach notification obligations for businesses operating in Florida. In the event of a breach of security involving your personal information, Medifoodz will notify you in accordance with FIPA requirements. Florida residents may also exercise the general rights described in Sections 6.1 through 6.4 of this Privacy Policy by contacting us at privacy@medifoodz.com.
6.6 State Privacy Rights
Medifoodz serves customers across the United States and is committed to honoring applicable state privacy rights. The following describes our approach for residents of states with specific privacy requirements:
California. Although Medifoodz may not currently meet the thresholds that trigger mandatory compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), we voluntarily extend the following rights to California residents: the right to know what personal information we collect and how it is used; the right to request deletion of personal information; the right to correct inaccurate personal information; and the right to non-discrimination for exercising privacy rights. Medifoodz does not sell or share personal information for cross-context behavioral advertising purposes. To exercise these rights, contact us at privacy@medifoodz.com.
Washington, Nevada, and Connecticut. Medifoodz collects consumer health data as defined under the Washington My Health My Data Act, Nevada SB 370, and Connecticut Data Privacy Act, which apply to businesses collecting health data from residents of those states regardless of revenue or data volume thresholds. We collect consumer health data only with your affirmative consent or as necessary to provide the Services you have requested. We do not sell consumer health data. Residents of Washington, Nevada, and Connecticut have the right to confirm whether we collect their health data, to access that data, to withdraw consent, and to request deletion. To exercise these rights, contact us at privacy@medifoodz.com.
Other States. Many other states have enacted or are enacting comprehensive data privacy laws. Where those laws apply to Medifoodz, we will honor the rights they provide. Medifoodz monitors state privacy law developments on an ongoing basis and updates its practices and this Privacy Policy accordingly. To exercise any privacy rights under applicable state law, contact us at privacy@medifoodz.com.
7. Data Security
Medifoodz, Inc. maintains a formal HIPAA-compliant data security program incorporating administrative, physical, and technical safeguards appropriate to the sensitivity of the data we handle. These safeguards include access controls, encryption, audit logging, and vendor security requirements. However, no method of data transmission or storage is completely secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from circumstances beyond our reasonable control.
In the event of a data breach affecting your health information, we will notify you in accordance with applicable HIPAA breach notification requirements and applicable state law.
8. Data Retention
We retain identified personal and health data for as long as your account is active and for a period following account closure as required by applicable law or our internal data governance policy. Upon account closure, identified data is scheduled for deletion within a defined retention window unless retention is required by law.
De-identified, aggregated data is retained indefinitely and may be used for product development and regulatory purposes as described in Section 2.3.
Device data received through third-party connections is retained in accordance with the data governance terms applicable to each device integration.
9. Children's Privacy
The Glyvance program does not accept direct enrollment from individuals under the age of 18. A parent or legal guardian may enroll a minor in the program on their behalf. By enrolling a minor, the parent or legal guardian represents that they have legal authority to do so and consents to the collection, use, and processing of the minor's personal and health data for program delivery purposes as described in this Privacy Policy. All rights and obligations under the Terms of Service apply to the enrolling parent or guardian.
10. Third-Party Links and Platforms
Our website and application may contain links to third-party websites, applications, or platforms. Medifoodz is not responsible for the privacy practices or content of those third parties. This Privacy Policy does not apply to any third-party platform, including device manufacturer applications, social media platforms, or healthcare provider systems.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. Material changes will be communicated to your registered email address with reasonable advance notice. The updated policy will be posted at medifoodz.com/privacy with a revised effective date. Continued use of the Services after the effective date of any update constitutes acceptance of the revised policy.
12. Consumer Health Data Privacy Policy
This section constitutes the Consumer Health Data Privacy Policy required under the Washington My Health My Data Act (MHMDA), Nevada SB 370, the Connecticut Data Privacy Act (CTDPA), and similar state consumer health data laws. It applies to residents of Washington, Nevada, Connecticut, and any other state with applicable consumer health data privacy requirements. This section is also accessible directly at medifoodz.com/privacy#consumer-health-data and is linked from the Medifoodz homepage.
12.1 What Is Consumer Health Data
For purposes of this section, "consumer health data" means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. Medifoodz currently collects the following consumer health data in connection with the Glyvance program:
Continuous glucose readings received through user-authorized CGM device connections
Body composition metrics including weight received through user-authorized body composition scale connections
Program participation data that identifies your dietary health goals or health-related behaviors
Communications with the Vance AI coach that relate to your physical health status
Consumer health data does not include data that has been de-identified such that it cannot reasonably be used to identify you. This section will be updated as additional data streams are added to the platform.
12.2 How We Collect Consumer Health Data
We collect consumer health data only in the following circumstances:
With your affirmative consent for a specified purpose, obtained prior to collection; or
To the extent necessary to provide a product or service that you have requested from us.
Consent to collect and consent to share are obtained separately. We do not collect consumer health data through geofencing, location tracking near healthcare facilities, or any passive surveillance mechanism.
12.3 How We Use Consumer Health Data
We use consumer health data to deliver the Glyvance program, operate the Vance AI coaching platform, share with healthcare providers you have authorized, fulfill orders, maintain platform security, comply with legal obligations, and in de-identified form, for product improvement and regulatory submissions. We do not use consumer health data for targeted advertising. We do not sell consumer health data.
12.4 How We Share Consumer Health Data
We share consumer health data only with: healthcare providers you have authorized through the provider portal; service providers bound by written contracts limiting their use to performing services on our behalf; third-party device manufacturers whose devices you connect to the platform through Apple Health, Android Health Connect, or direct API integrations, through your user-authorized connections; and as required by law. You may contact the manufacturer of any connected device directly using the contact information in that device's product documentation.
12.5 Your Rights
You have the following rights with respect to your consumer health data:
Right to confirm whether we collect, share, or sell your consumer health data and to access that data, including a list of all third parties with whom it has been shared
Right to withdraw consent to collection and sharing at any time through your account settings
Right to request deletion of your consumer health data
Right to non-discrimination for exercising these rights
To exercise any of these rights, contact us at privacy@medifoodz.com. We will respond to verified requests within 45 days.
12.6 Security
We maintain administrative, technical, and physical data security practices appropriate to the volume and nature of the consumer health data we process, consistent with our HIPAA compliance program and applicable industry standards.
12.7 Data Retention
We retain consumer health data for as long as your account is active and for a period following account closure as required by applicable law. Upon a verified deletion request, we will delete your consumer health data subject to any conflicting legal retention obligations. De-identified data derived from consumer health data is not subject to deletion requests and may be retained indefinitely for product development and regulatory purposes.
12.8 Consent
Where required by applicable law, we obtain your affirmative consent before collecting or sharing consumer health data. Consent to collect and consent to share are obtained separately at enrollment. You may withdraw consent at any time through your account settings. Withdrawal of consent may affect our ability to deliver the Glyvance program to you.
12.9 Connected Device Third Parties
Medifoodz currently receives continuous glucose readings and body composition metrics including weight through user-authorized device connections via Apple Health, Android Health Connect, or direct device API integrations. When you connect any device through these mechanisms, data flows between that device manufacturer's platform and Medifoodz through your authorization. You may contact the manufacturer of any device you connect directly using the contact information in that device's product documentation. This section will be updated as additional device integrations are added to the platform.
13. Contact Us
For questions, concerns, or to exercise your privacy rights, please contact:
Medifoodz, Inc.
Privacy inquiries: privacy@medifoodz.com
General support: support@medifoodz.com
Website: https://www.medifoodz.com
Tampa, Florida
Glyvance provides a structured nutrition plan. If you have a medical condition or take any medication, use with guidance from a licensed healthcare professional.