Privacy Policy

Last Updated: July 13, 2026

Update Notice

This Privacy Policy has been updated to include additional information regarding our compliance with the General Data Protection Regulation (GDPR) and the United Kingdom Data Protection Act 2018. These updates provide greater transparency on how we handle personal data for individuals located in the European Economic Area (EEA), Switzerland, and the United Kingdom.

01Introduction

This privacy policy (“Privacy Policy”) describes how Timeless Medical Systems® and its affiliates (“Timeless Medical,” “we,” “us,” or “our”) collect, use, and disclose your personal data when you interact with our websites, online platforms, events, and business promotion activities.

This Privacy Policy applies to instances where Timeless Medical acts as a controller of your personal data. It does not apply to situations where Timeless Medical processes personal data on behalf of our customers in the context of providing our products and services. Our handling of personal data to include personal health information (PHI) is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and our agreements with those customers as detailed in our company’s Privacy, Use, and Disclosure Policy (HIPAAA). This Privacy Policy does not apply to our processing of PHI as a Business Associate. If you have questions about how a Timeless Medical customer processes your personal data, please contact them directly.

Capitalized terms used in this Privacy Policy that are not defined (such as “Site,” “Services,” etc.) have the meanings given to them in our Terms of Service or applicable agreement. If you are located in EEA, Switzerland, or the U.K., please refer to Section 13 for specific information about which entity or entities act as a controller of your personal data.

02Definitions

For the purposes of this Privacy Policy:

Account
means a unique account created for You to access our Service or parts of our Service.
Affiliate
means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Applicable Law
laws and regulations that govern how you collect, use, and store personal data (e.g., GDPR, CCPA, HIPAA if applicable).
Company
(referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Timeless Medical Systems®.
Controller
the party that determines the purposes and means of processing personal data.
Cookies
are small text files stored on a user’s device to collect information about browsing behavior.
Country
refers to: your country of residence or domicile of the Company.
Device
means any device that can access the Service such as a computer, a cellphone or a digital tablet.
Non-Personal data
is information that cannot reasonably be used to identify an individual (e.g., aggregated statistics, de-identified data).
Personal data
is any information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to an individual (e.g., name, email address, phone number, IP address, device identifiers).
Processing
any operation performed on data, such as collecting, recording, organizing, storing, sharing, or deleting.
Processor
the third party that processes data on behalf of a controller/business.
Service
refers to the Website.
Service Provider
means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
Third-party
Companies or individuals who are not part of your organization but who may receive personal data (e.g., service providers, partners).
Usage Data
refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website
refers to Timeless Medical Systems, accessible from https://www.timelessmedical.com/
You
means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

03Personal Data We Collect

When we use the term “personal data” in this Privacy Policy, we mean information that relates to an identified or identifiable natural person. This includes information that, alone or in combination with other information, can be used to identify, locate, or contact you. It does not include aggregated or de-identified data that cannot be reasonably associated with a specific individual, or information excluded from privacy protections under applicable law.

We collect personal data in the following ways:

Personal Data You Provide:

  • Contact and Inquiry Information: When you contact us with inquiries, requests, or for support, we may collect your name, email address, phone number, postal address, and any information you provide in your communication (e.g., questions, comments, or feedback).
  • Account Information: If you create an account on our website or online platform, we may collect your username, password, and other registration details.
  • Marketing and Event Information: If you register for events, webinars, or participate in surveys, promotions, or marketing campaigns, we may collect your name, email address, phone number, organization, title, and any other information you provide.
  • Transaction Information: When you make purchases or engage in transactions with us, we may collect information necessary to process the transaction, such as contact information, purchase details, and payment information.

Automatically Collected Personal Data:

  • Website Usage Information: When you interact with our websites and online platforms, we automatically collect certain information about your device and usage. This may include your IP address, browser type, operating system, referring URLs, pages visited, dates and times of access, and other browsing activity.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities on our websites. This helps us to personalize your experience, remember your preferences, and analyze website traffic. For more information, please see our Cookie Policy. We will obtain your consent for cookies as required by law.

Personal Data from Third Parties:

  • Business Partners: We may receive personal data from our business partners, such as those we collaborate with on events or marketing initiatives.
  • Third-Party Services and Platforms: If you interact with our services through third-party platforms (e.g., social media networks), we may receive information about you from those platforms, depending on your privacy settings.
  • Other Sources: We may obtain personal data from other sources, such as public databases or data aggregators, to supplement the information we collect.

04How We Use Your Personal Data

We use your personal data for various purposes related to our business operations, including:

  • Providing Services and Support: To provide you with information, products, and services that you request, including responding to inquiries, processing transactions, and providing customer support.
  • Communication: To communicate with you regarding your account, transactions, or our services, including sending important notices, updates, and administrative messages.
  • Marketing and Promotion: To send you marketing communications, such as newsletters, promotional offers, and information about our products, services, and events. We will provide you with the option to opt out of marketing communications.
  • Website Improvement and Personalization: To analyze website usage, trends, and effectiveness, and to personalize your experience on our websites and online platforms.
  • Business Operations: To operate and improve our business, conduct research and development, and for internal purposes such as auditing, reporting, and business planning.
  • Legal Compliance and Security: To comply with applicable laws and regulations, protect our rights and property, and prevent fraud, security incidents, or illegal activities.
  • Other Purposes: For any other purposes disclosed to you at the time of collection or with your consent.

05Sharing Your Personal Data

We may share your personal data with the following categories of recipients:

  • Service Providers: We may share your personal data with third-party service providers who perform services on our behalf, such as website hosting, data analysis, payment processing, marketing, and customer support. These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Business Partners: We may share your personal data with business partners with whom we collaborate on projects, events, or offerings.
  • Affiliates: We may share your information with our affiliates, subsidiaries, or parent company for internal business purposes.
  • Legal Authorities: We may disclose your personal data to law enforcement, government agencies, or other legal authorities when required by law or in response to a valid legal request.
  • Corporate Transactions: In the event of a merger, acquisition, sale of assets, or other corporate transaction, we may disclose your personal data to the acquiring or successor entity.
  • With Your Consent: We may share your personal data with third parties for any other purpose with your consent.

06Data Handling Clarifications

To provide further transparency, we clarify the following regarding our data practices:

Data We Do Not Collect:

  • Geolocation Data: We do not knowingly collect geolocation data. This means we do not collect information that pinpoints your exact location, such as GPS coordinates. We may collect general location information, such as your city or region, to provide relevant content or services.
  • Financial Information (Beyond Transactions): We do not collect financial information beyond what is necessary to complete transactions. This means we do not collect information such as your credit score, investment portfolio, or detailed financial history. We do collect payment information (e.g., credit card details) to process purchases you make from us.
  • Biometric Information: We do not collect biometric information. This includes data derived from biological measurements, such as fingerprints, facial recognition data, voiceprints, or other unique physical characteristics.

Data We Will Not Share:

We will not share your mobile opt-in data (e.g., phone numbers collected for SMS messaging) with third parties for their own marketing or promotional purposes. This restriction does not apply to service providers who process data on our behalf or disclosures required by law.

08Your Data Protection Rights

Depending on your location and applicable law, you may have certain rights regarding your personal data, including the following:

  • Right to Access: You have the right to request access to your personal data that we hold.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request that we delete your personal data under certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object: You have the right to object to the processing of your personal data under certain circumstances, including for direct marketing purposes.
  • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority in your jurisdiction.

To exercise your rights, please contact us as described in the “Contact Information” section below. We will respond to your request in accordance with applicable law.

09Data Security and Retention

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, use, disclosure, alteration, or destruction. We regularly review and update our security measures to maintain an appropriate level of security.

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period will vary depending on the type of personal data and the purpose for which it is processed.

10International Data Transfers

We may transfer your personal data to countries outside of your jurisdiction, including to countries where data protection laws may differ from those in your jurisdiction. When we transfer personal data internationally, we implement appropriate safeguards to ensure an adequate level of protection for your data, such as:

  • Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of protection by relevant authorities.
  • Standard Contractual Clauses: Using standard contractual clauses approved by the European Commission or other appropriate authorities.
  • Other Appropriate Safeguards: Implementing other legally recognized mechanisms for international data transfer.

11Data & Storage (GDPR Compliance)

Within this Clause the terms “Controller,” “Data Controller,” “Processor,” “Data Processor,” “Data,” “Personal Data,” “Processing,” and “Sub-Processor” shall have the meanings assigned to them under the United Kingdom Data Protection Act 2018 (“Data Protection Legislation”). For the purposes of this Privacy Policy, Timeless Medical Systems is the “Processor,” and you (the Customer) are the “Controller.”

Our Commitment to Client Data (Processor Transparency)

When Timeless Medical Systems® provides our advanced nutrition management software to our hospital and healthcare clients, we handle data strictly in the capacity of a Data Processor (or Business Associate under HIPAA), while our clients act as the Data Controller.

To provide full transparency to our clients and their patients, our data handling commitments include:

  • Strict Usage Boundaries: We process hospital and patient data exclusively to provide, maintain, and support our software services based on the explicit instructions of our clients.
  • Zero Monetization: We never sell, share, or use the personal data or health information processed within our SaaS platform for our own marketing or promotional purposes.
  • Robust Security & Confidentiality: We implement industry-standard technical and organizational measures to safeguard all client data. Furthermore, all personnel and authorized sub-processors engaged by us are bound by strict confidentiality agreements and are required to uphold equivalent data protection obligations.
  • Client Support & Compliance Assistance: We actively assist our hospital clients in meeting their regulatory obligations. This includes cooperating with patient data subject rights requests (such as access, deletion, or correction) and providing the information necessary for our clients to demonstrate compliance with data protection laws.
  • Data Lifecycle Management: Upon the termination of our services, we ensure that all personal data is securely returned or deleted according to our clients’ instructions, subject to any legally required retention periods.
  • Prompt Notifications: We commit to notifying our clients as soon as reasonably practicable regarding any legally binding requests for data disclosure from law enforcement, or any correspondence from data protection authorities concerning their data.
  • Contractual Deferral: The specific legal frameworks, retention periods, authorized sub-processors, and compliance obligations governing our SaaS platform data are explicitly defined in mutually executed Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs) with our clients.

Note: For all data processed within our software platform, the terms of our signed DPAs and BAAs govern and supersede this public-facing Privacy Policy.

12Supplemental Terms for California Residents

This section provides additional information for California residents as required by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected, Sold, or Shared:

  1. We may have collected the categories of personal information in the preceding 12 months as outlined in section 3.
  2. We have not sold or shared any personal information in the preceding 12 months.

Purposes for Collecting and Disclosing Personal Information:

We collect and disclose personal information for the purposes described in Section 4.

California Consumer Rights:

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You have the right to request the deletion of your personal information.
  • Right to Correct: You have the right to request the correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the sale or sharing of your personal information, as defined under California law.
  • Right to Limit the Use and Disclosure of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information, as defined under California law, for purposes other than those permitted.

Exercising Your California Rights:

To exercise your California rights, please contact us as described in the “Contact Information” section. We will respond to your request in accordance with CCPA/CPRA requirements.

Non-Discrimination:

We will not discriminate against you for exercising your California privacy rights.

13Supplemental Information for the EEA, Switzerland, and the U.K.

This section provides additional information for individuals in the EEA, Switzerland, and the U.K. regarding our processing of personal data.

Legal Basis for Processing:

We process your personal data based on the legal bases described in Section 7.

Your Data Protection Rights:

  1. You have the rights outlined in Section 8, and you can exercise those rights by contacting us as noted in Section 17.
  2. You also have the right to lodge a complaint with a supervisory authority. You can find the contact information for your respective National Data Protection Authority on the EDPB website.

International Data Transfers:

We may transfer your personal data to countries outside the EEA, Switzerland, and the U.K. If we do, we will comply with applicable data protection laws, including by implementing appropriate safeguards, such as:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Other approved transfer mechanisms

14Supplemental Information for Other Regions

For individuals in other regions, we comply with applicable local data protection laws. This section may include specific information about how Timeless Medical complies with data protection laws in countries such as:

  • Australia (Privacy Act 1988)
  • Canada (PIPEDA)
  • Bermuda’s Personal Information Protection Act (PIPA)
  • Other Relevant Jurisdictions

15Children’s Privacy

Our websites and online services are not intended for children under the age of 16. We do not knowingly collect personal data from children under that age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us, and we will take steps to delete that information.

17Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at privacy@timelessmedical.com.

18English Version Controls

This Privacy Policy is written in English. In the event of any inconsistency or discrepancy between the English version and any translated version of this Policy, the English version shall prevail.

Login

Register