Privacy Policy

This Policy applies to data collected via our website (levamedical.com), electronic messages (including SMS/text), telephone calls, in-clinic interactions, and patient records. It also covers data processed by our automated and AI-assisted systems used for appointment scheduling, patient communication, and practice operations. This Policy does not govern unaffiliated third-party sites.

We collect the following categories of information:

• Identifiers — name, phone, email, address, date of birth
• Protected Health Information (PHI) — treatment history, medical records, appointment data
• Payment & Financing Data — credit card details, financing applications (e.g., Cherry), insurance info
• Marketing Preferences — opt-in/opt-out status, communication history
• Usage & Device Data — IP address, browser type, pages visited, session behavior (including mouse movements and clicks via session replay tools)
• Location Data — approximate location derived from IP address
• Biometric/Sensory Data — recorded telephone calls (with notice) and voicemail transcripts
• Communication Content — text/SMS messages, chat messages, and email correspondence exchanged with our practice

We use your information for the following purposes:

• Care Delivery — scheduling, treatment planning, follow-up coordination, appointment reminders
• AI-Assisted Communication — generating and reviewing text/SMS responses, classifying message intent, detecting language preference, and routing urgent inquiries (see Section 05)
• Billing & Financing — processing payments, submitting financing applications
• Customer Support — responding to inquiries, resolving complaints
• Legal Compliance — HIPAA, state licensing, record retention requirements
• Marketing — promotional messages (with your prior opt-in consent)
• Advertising — interest-based advertising, offline conversion tracking, audience matching
• Analytics — website performance, session replay analysis, service quality measurement
• Fraud Prevention — detecting and preventing unauthorized access

We use first- and third-party cookies, pixels, and tracking technologies for preferences, analytics, and advertising. These include:

• Google Analytics (GA4) — website traffic and behavior analytics
• Google Tag Manager — tag deployment and event tracking
• Meta Pixel — Facebook/Instagram ad conversion tracking
• Google Ads tags — search ad conversion tracking and remarketing
• Microsoft Clarity — session replay and heatmap analysis (records mouse movements, clicks, and scrolls to help us improve the website experience; no PHI is captured)

Opt-out: You may disable cookies via your browser settings, use the Global Privacy Control (GPC) signal, or contact us directly. Note that disabling cookies may affect website functionality.

Leva Medical uses artificial intelligence (AI) and automated systems to assist with patient communication and practice operations. This includes:

• Communication Assistance — AI tools help draft responses to patient inquiries such as appointment scheduling, procedure questions, and directions. All AI-generated messages are subject to automated quality checks and fact-verification before delivery.
• Message Routing — automated systems help route incoming messages to the appropriate team member or department.
• Language Support — automated detection of preferred language to respond in English or Spanish.
• Scheduling & Follow-up — AI-assisted appointment coordination and follow-up reminders.

These systems process communication content through third-party AI service providers under strict data processing agreements with zero-data-retention policies — your data is not used to train AI models. No automated system makes final medical decisions — clinical decisions are always made by our licensed healthcare providers. You may request that your communications be handled without AI assistance by contacting us at 718-699-9737.

By providing your phone number and opting in to receive text messages from Leva Medical, you consent to receive automated and AI-assisted SMS/text messages related to:

• Appointment scheduling, reminders, and confirmations
• Pre- and post-procedure care instructions
• Responses to your inquiries
• Promotional offers and practice updates (marketing messages, with separate opt-in)

Message frequency: Message frequency varies based on your interaction with our practice. You may receive multiple messages per day during active scheduling conversations.

Message and data rates may apply. Your carrier's standard messaging rates apply.

Opt-out: Reply STOP to any message to unsubscribe from all non-essential text communications. You will receive a confirmation of your opt-out. Essential care-related messages (e.g., appointment confirmations you initiated) may still be sent.

Help: Reply HELP for assistance, or contact us at 718-699-9737.

Consent to receive text messages is not a condition of purchasing any service. We do not share your phone number with third parties for their marketing purposes.

We work with the following categories of service providers, all operating under appropriate data processing agreements or HIPAA Business Associate Agreements (BAAs) where applicable:

• CRM & Patient Communication — customer relationship management and marketing automation
• Telephony & Messaging — phone call handling, SMS delivery, and call recording
• AI Processing — third-party AI service providers for communication assistance, operating under zero-data-retention policies (your data is not used to train AI models)
• Patient Financing — third-party financing and payment processing
• Analytics & Advertising — website analytics, session replay, and ad conversion measurement
• Electronic Health Records — appointment and patient record management
• Hosting & Infrastructure — website hosting, application hosting, and workflow automation

We do not sell personal data for money. We may share hashed identifiers (email, phone) with advertising platforms for ad measurement and audience matching (see Section 08). A complete list of sub-processors is available upon request by contacting us at 718-699-9737 or levamedical@gmail.com.

We may hash your email address or phone number to create matched audiences on advertising platforms (Google Ads, Meta/Facebook) for ad targeting and conversion measurement. We also upload offline conversion data (e.g., consultation bookings) to advertising platforms to measure ad effectiveness. This data is transmitted in hashed form and matched against platform users.

Opt-out options:

• Use the “Do Not Sell or Share My Personal Information” link in our website footer
• Email levamedical@gmail.com with the subject “Opt-Out”
• Call or text 718-699-9737
• Use your browser’s Global Privacy Control (GPC) signal

We implement the following security measures to protect your information:

• TLS/HTTPS encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication (MFA) for staff system access
• Annual HIPAA security training for all staff
• Regular security assessments
• Network intrusion prevention systems (IPS) with active threat blocking
• Video surveillance with encrypted storage at all practice locations

Retention periods:

• Protected Health Information (PHI): minimum 6 years per NYS regulations
• Marketing and communication data: until opt-out or 3 years of inactivity
• Session replay data: 30 days
• Call recordings: retained per applicable law and business need

You have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of non-PHI personal data (PHI subject to medical record retention laws)
• Restriction — request limitation of certain data processing
• Opt-out of marketing/advertising — unsubscribe from promotional communications
• Opt-out of AI processing — request that your communications be handled without AI assistance
• Opt-out of session recording — disable Microsoft Clarity via browser settings or GPC signal

To exercise any of these rights, contact us at levamedical@gmail.com or 718-699-9737. We will respond within 30 days (45 days for complex requests, with notice).

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know — what personal information we collect, use, disclose, and sell/share
• Right to Delete — request deletion of personal information (subject to exceptions)
• Right to Correct — request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing — opt out of the sale or sharing of personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Information — limit use of sensitive personal information to purposes necessary for providing services
• Non-Discrimination — we will not discriminate against you for exercising your rights

We do not sell personal information for monetary consideration. We may share hashed identifiers with advertising platforms, which may constitute “sharing” under the CPRA. You may opt out using the methods described in Section 08. We do not knowingly sell or share the personal information of individuals under 16.

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately and we will promptly delete it.

Our website may contain links to third-party websites. Leva Medical is not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any third-party sites you visit.

Your information may be processed by service providers located outside of your state or country of residence (e.g., cloud-hosted AI processing services). We ensure appropriate safeguards are in place through contractual obligations and data processing agreements with all service providers.

We honor the Global Privacy Control (GPC) signal as a valid opt-out of the sale or sharing of personal information under applicable law. If your browser sends a GPC signal, we will treat it as a request to opt out of cross-context behavioral advertising. Some browsers also send a “Do Not Track” (DNT) signal; while there is no universal standard for DNT, we respect GPC as described above.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be announced via a website banner, email, or SMS notification. The “Last Updated” date at the top of this page indicates when this Policy was last revised. Your continued use of our services after any changes indicates your acceptance of the updated Policy.

Last Updated: April 10, 2026

For privacy-related inquiries or to exercise your rights, contact us through any of the following:

• Phone/Text: 718-699-9737
• Email: levamedical@gmail.com
• Mail: Leva Medical PC, 94-06 59th Ave, Suite E9, Elmhurst, NY 11373

For HIPAA-related requests, please specify that your request concerns Protected Health Information so we can route it appropriately.

By engaging with Leva Medical PC, you confirm that you have read, understood, and agree to this Privacy Policy.