Privacy Policy

Last updated: April 19, 2026

This Privacy Policy describes how Magrack LLC (doing business as “Vitely Health,” “Vitely,” “we,” “us,” or “our”) collects, uses, and discloses information when you visit, use our services at vitely.health, or otherwise communicate with us.

Vitely is an online directory and AI-powered search platform connecting patients with licensed telehealth providers. We are not a healthcare provider. We do not provide medical advice. We are not a HIPAA covered entity, and we do not collect, store, or process protected health information (PHI) as defined under HIPAA.

By using Vitely, you agree to the collection, use, and disclosure of information as described in this policy. If you do not agree, please do not use the service.

1. Information we collect

From patients (search visitors):

  • Search queries you type into the Vitely search
  • Search filters you apply (insurance, state, specialty)
  • Pages you view and providers you click on
  • If you create an account: email address, name, optional saved provider lists
  • Standard usage data: IP address, browser type, device information, referring URL
  • Cookies and similar technologies for session management and analytics

Search queries that don’t match our medical lexicon may be logged in aggregate to help us improve the search algorithm. Before any such query is stored, we run it through an automated PII/PHI sanitizer that strips email addresses, phone numbers, street addresses, names following “Dr.”, first-person identity claims, social security numbers, and dates of birth. Queries flagged as containing multiple PII signals are not logged at all.

From providers (verified members):

  • Public licensure data sourced from the National Provider Identifier (NPI) registry maintained by CMS, including name, NPI, specialty, state licenses, and practice address
  • Information you submit when claiming a profile: contact email, phone, bio, services offered, insurance accepted, booking link, photo
  • Payment information processed by Stripe (we do not store card numbers)
  • Subscription status, plan tier, and billing history
  • Account login credentials (or OAuth tokens if you sign in via Google)

2. How we use information

  • To operate the Vitely search and match patients with providers
  • To process provider subscription payments via Stripe
  • To send transactional emails (claim confirmations, verification approvals, billing notices)
  • To communicate with providers about their account and the service
  • To improve the search algorithm and platform features
  • To detect, investigate, and prevent fraud or abuse
  • To comply with legal obligations

3. Provider-patient communication

Vitely does not facilitate, intermediate, see, store, or read communications between patients and providers. When a patient clicks an email, phone, or booking link on a provider's profile, that communication happens directly between the patient and provider through their own email client, phone, or the provider's external booking system. Vitely is not in the middle of those messages or calls.

The only data Vitely records about contact link interactions is anonymous click counts (e.g., "this provider received 12 email clicks in the last 30 days"). We do not record who clicked, what device they used, what they wrote in any subsequent message, or whether they ultimately became a patient. Provider analytics dashboards show only aggregate counts.

Because we do not handle the content of provider-patient communication, Vitely is not a HIPAA covered entity or business associate with respect to those communications. The provider, as the licensed healthcare professional, is responsible for HIPAA compliance in their own communication channels.

4. How we share information

We share information only with service providers who help us operate Vitely. These include:

  • Stripe — payment processing and subscription management
  • Supabase — database and authentication hosting
  • Vercel — web application hosting
  • Anthropic and OpenAI — AI processing of patient search queries (search queries are sent to these services to interpret intent; we do not send personally identifying information with these queries)
  • Resend — transactional and provider outreach email delivery (claim confirmations, billing notices, “your profile was viewed” emails to unclaimed providers)
  • Cloudflare — DNS, email routing, and security

We do not sell your personal information. We do not share information with advertisers. We do not allow providers to pay for higher search ranking.

We may disclose information if required by law, subpoena, or court order, or to enforce our Terms of Service or protect the rights, property, or safety of Vitely, our users, or others.

If Vitely is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before any such transfer.

5. Provider profile data

Provider data on Vitely originates from the public NPI registry maintained by the federal government. NPI data is publicly available. When you claim and verify your profile, you control what additional information appears (bio, photo, services, insurance, booking link). You can request to update or remove your profile information at any time by emailing [email protected].

6. Payments

Payments are processed by Stripe. We do not see, store, or have access to your full credit card number. Stripe’s privacy practices govern your payment data and are available at stripe.com/privacy.

7. Cookies

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the platform is used. You can disable cookies in your browser settings, but doing so may break parts of the service.

8. Data retention

We retain provider account data for as long as your account is active. After cancellation, we retain billing records as required by tax and accounting laws. Sanitized search query logs (with PII redacted as described in Section 1) are retained in aggregate form for product improvement and may be reviewed by Vitely staff to identify gaps in our medical lexicon. You may request deletion of your account by emailing [email protected].

9. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we have about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Opt out of marketing communications
  • Withdraw consent where processing is based on consent

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

10. Marketing emails

If you are a licensed healthcare provider listed on Vitely, you may receive emails from us about claiming your profile. You can unsubscribe from these emails at any time using the unsubscribe link included in every message, or by emailing [email protected].

11. Children

Vitely is intended for adults (age 18+). We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it. Patients under 18 should use Vitely only with the involvement of a parent or guardian.

12. Security

We use industry-standard security practices including HTTPS, encrypted database connections, and Supabase row-level security. No system is perfectly secure. Use strong passwords and notify us immediately at [email protected] if you suspect unauthorized access to your account.

13. Third-party links

Provider profiles may include links to external booking platforms, websites, or social media. We are not responsible for the privacy practices of those external sites.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version here and update the “Last updated” date. For material changes, we will notify account holders by email.

15. HIPAA stance

As described in Section 3, Vitely is not currently a HIPAA covered entity or business associate. We are a directory service. We do not provide healthcare. We do not transmit, store, or process Protected Health Information on behalf of any provider or health plan.

That said, we operate Vitely with HIPAA-aware engineering practices including encryption at rest and in transit, role-based access controls on patient-adjacent data, audit logging of administrative actions, and the PII sanitizer described in Section 1. As Vitely grows and adds features that may handle PHI (such as direct appointment booking or insurance verification on behalf of patients), we will evaluate whether HIPAA compliance becomes required and update our practices and this policy accordingly.

16. Advertising and tracking on health-related pages

We do not run advertising trackers (Meta Pixel, Google Ads conversion pixels, TikTok Pixel, etc.) on Vitely. We do not share search queries, viewed providers, or other health-adjacent activity with advertising networks for ad targeting. If you have arrived at Vitely through a referral link, that referral source may know you visited our domain, but they do not receive information about which providers you viewed or what conditions you searched for.

17. Contact

Questions about this Privacy Policy or your information? Email [email protected].

Magrack LLC, doing business as Vitely Health