TEMPLE OF HERBS PRIVACY POLICY

Temple of Herbs ("Company," "we," "us," or "our") is committed to maintaining robust privacy protections for its users. Our Privacy Policy is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.

DEFINITIONS

"Site" refers to Temple of Herbs website at www.templeofherbs.com and our mobile application

"Service" refers to our AI-powered herbal analysis and supplement recommendation services

"You" refers to you as a user of our Site or Service

"PHI" or "Protected Health Information" means health information that can identify you

By accessing our Site or using our Service, you accept this Privacy Policy and our Terms of Use, and you consent to our collection, storage, use and disclosure of your information as described in this Privacy Policy.

I. INFORMATION WE COLLECT

A. Health Information (Protected Health Information - PHI)

We collect health-related information that you voluntarily provide, including:

Personal Health Data:

• Age, gender, height, weight, body type
• Medical history and chronic conditions
• Current symptoms and health concerns
• Current medications and supplements
• Allergies and adverse reactions
• Family medical history
• Sleep patterns and stress levels
• Lifestyle factors (diet, exercise, substance use)

AI Analysis Data:

• Health questionnaire responses
• AI-generated herbal recommendations
• Progress tracking information
• Communication preferences

B. Personal Information

Registration Information:

• Name, email address, phone number
• Mailing address for product delivery
• Payment information (processed securely by third-party processors)
• Account username and encrypted password

Communication Data:

• Customer service interactions
• Email correspondence
• Chat logs and support tickets

C. Technical Information

Automatically Collected Data:

• IP address, browser type, device information
• Website usage data and navigation patterns
• Cookies and similar tracking technologies
• Log files and analytics data

II. HOW WE USE YOUR INFORMATION

A. Health Information Uses

For AI Analysis and Recommendations:

• Analyze your health data using artificial intelligence
• Generate personalized herbal supplement recommendations
• Track your progress and adjust recommendations
• Improve our AI algorithm accuracy

For Service Delivery:

• Process and fulfill product orders
• Provide customer support
• Send order confirmations and shipping notifications
• Communicate important health-related updates

For Quality Assurance:

• Review recommendations for appropriateness
• Train and improve our AI systems
• Conduct research to enhance service quality
• Ensure compliance with health regulations

B. Personal Information Uses

Account Management:

• Create and maintain your user account
• Authenticate your identity
• Manage your subscription and preferences
• Process payments and handle refunds

Communication:

• Respond to your inquiries
• Send service-related notifications
• Provide customer support
• Send educational content (with consent)

C. Technical Information Uses

Site Optimization:

• Improve website performance and functionality
• Analyze usage patterns and trends
• Troubleshoot technical issues
• Enhance user experience

III. HEALTH INFORMATION SHARING AND DISCLOSURE

A. HIPAA-Compliant Disclosures

We may disclose your PHI in the following circumstances:

For Treatment Purposes:

• To licensed healthcare professionals who review our AI recommendations
• To medical consultants who provide oversight of our service
• For emergency medical situations (with your consent when possible)

For Payment Operations:

• To process insurance claims (if applicable)
• To payment processors for order fulfillment
• For billing and account management

For Healthcare Operations:

• Quality assurance and improvement activities
• Training healthcare professionals
• Compliance audits and regulatory reporting

B. Required by Law

We may disclose PHI when required by:

• Federal, state, or local law
• Court orders or legal proceedings
• Public health authorities for disease prevention
• FDA for adverse event reporting
• Law enforcement for specific legal purposes

C. With Your Authorization

We will obtain written authorization before using or disclosing PHI for:

• Marketing purposes
• Research studies
• Sharing with family members or friends
• Any purpose not described in this policy

IV. NON-HEALTH INFORMATION SHARING

A. Service Providers

We share non-health personal information with trusted third parties who provide services for us:

Technology Partners:

• Cloud hosting and data storage providers
• Payment processing companies
• Email and communication service providers
• Analytics and website optimization tools

Business Partners:

• Shipping and logistics companies
• Customer service platforms
• Marketing and advertising partners (for non-health information only)

B. Business Transactions

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

C. Legal Requirements

We may share non-health information to:

• Comply with legal obligations
• Protect our rights and property
• Ensure user safety and security
• Prevent fraud and abuse

V. AI SYSTEM AND DATA PROCESSING

A. AI Analysis Transparency

How Our AI Works:

• Analyzes patterns in your health information
• Compares with traditional herbal medicine databases
• Generates recommendations based on established principles
• Continuously learns from aggregate (non-identifiable) data

AI Limitations:

• Cannot replace professional medical diagnosis
• Recommendations are educational, not prescriptive
• Accuracy depends on information quality you provide
• System may evolve and produce different results over time

B. Data Training and Improvement

Aggregate Data Use:

• We use de-identified, aggregated health data to improve our AI
• Individual health information is never used for training without explicit consent
• Research partnerships require additional authorization

VI. DATA SECURITY AND PROTECTION

A. Security Measures

Technical Safeguards:

• End-to-end encryption for data transmission
• Encrypted storage of all health information
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Secure backup and disaster recovery systems

Administrative Safeguards:

• Employee training on privacy and security
• Limited access to health information (need-to-know basis)
• Background checks for employees with PHI access
• Incident response and breach notification procedures

Physical Safeguards:

• Secure data centers with restricted access
• Workstation and device security controls
• Secure disposal of hardware containing PHI

B. Data Retention

Health Information:

• Retained for minimum 7 years as required by law
• Longer retention for ongoing treatment relationships
• Secure deletion when no longer needed

Account Information:

• Retained while your account is active
• Deleted within 30 days of account closure (unless legally required to retain)

VII. YOUR PRIVACY RIGHTS

A. HIPAA Rights

Access Rights:

• Inspect and obtain copies of your health information
• Request amendments to incorrect health information
• Receive accounting of disclosures for certain purposes

Control Rights:

• Request restrictions on use or disclosure of PHI
• Request confidential communications by alternative means
• Receive copy of our HIPAA Privacy Notice

Complaint Rights:

• File complaints with us or the Department of Health and Human Services
• No retaliation for filing complaints

B. General Privacy Rights

Account Control:

• Update or correct your personal information
• Delete your account and associated data
• Download your data in portable format
• Opt out of marketing communications

Consent Management:

• Withdraw consent for certain uses of your information
• Update communication preferences
• Modify data sharing permissions

C. State-Specific Rights

California Residents (CCPA):

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising privacy rights

Other State Rights:

• Additional rights may apply based on your state of residence
• Contact us for information about your specific rights

VIII. COOKIES AND TRACKING TECHNOLOGIES

A. Types of Cookies

Essential Cookies:

• Required for basic website functionality
• Authentication and security features
• Cannot be disabled

Analytics Cookies:

• Track website usage and performance
• Help us improve user experience
• Can be disabled in browser settings

Marketing Cookies:

• Used for advertising and promotional purposes
• Track effectiveness of marketing campaigns
• Can be disabled through cookie preferences

B. Managing Cookies

You can control cookie settings through:

• Browser preferences and settings
• Our cookie consent banner
• Third-party opt-out tools

IX. INTERNATIONAL USERS AND DATA TRANSFERS

A. Data Processing Location

• Primary data processing occurs in the United States
• Some service providers may process data internationally
• All transfers comply with applicable privacy laws

B. International Privacy Laws

GDPR Compliance (EU Users):

• Lawful basis for processing: consent and legitimate interests
• Right to portability, erasure, and restriction of processing
• Data Protection Officer contact information available upon request

X. CHILDREN'S PRIVACY

A. Age Restrictions

• Our Service is not intended for children under 18
• We do not knowingly collect information from minors
• Parental consent required for users under 18

B. Parental Rights

If we discover we have collected information from a minor:

• We will delete the information promptly
• Parents may request access to and deletion of their child's information
• Contact us immediately if you believe we have collected information from your child

XI. CHANGES TO THIS PRIVACY POLICY

A. Notification of Changes

Material Changes:

• Email notification to your registered address
• Prominent notice on our website
• 30-day notice period before changes take effect

Non-Material Changes:

• Updated effective date on policy
• Notice on website homepage

B. Continued Use

Continued use of our Service after changes become effective constitutes acceptance of the updated Privacy Policy.

XII. CONTACT INFORMATION

A. Privacy Questions

B. Specific Requests

• HIPAA Requests: ethan@templeofherbs.com
• Data Subject Requests: ethan@templeofherbs.com
• Security Concerns: ethan@templeofherbs.com
• General Support: ethan@templeofherbs.com

C. Regulatory Contacts

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to outside parties except as described below:

4.1 Service Providers and Business Partners

We may share your information with trusted third-party service providers who assist us in operating our website, conducting our business, or providing services to you, including:

• Payment processors: To process transactions securely
• Shipping partners: To fulfill and deliver orders
• Cloud hosting providers: To store and manage data
• Email service providers: To send communications
• Analytics providers: To analyze website usage (Google Analytics, etc.)
• Customer support tools: To provide technical support
• Marketing platforms: To deliver targeted advertisements (with consent)

These parties are contractually obligated to keep your information confidential and use it only for the specific purposes for which it was disclosed.

4.2 Healthcare Professionals

With your explicit consent, we may share relevant health information with qualified healthcare professionals for:

• Collaborative treatment planning
• Medical consultation and second opinions
• Referrals to appropriate specialists
• Emergency medical situations

4.3 Legal Requirements

We may disclose your information when required by law, court order, or other legal process, or when we believe disclosure is necessary to:

• Comply with applicable laws and regulations
• Respond to legal requests from government authorities
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Prevent or investigate fraud or security issues

4.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.5 Aggregated and De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, or marketing purposes.

4.6 With Your Consent

We may share your information for any other purpose with your explicit, informed consent.

5. Data Retention and Storage

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law.

5.1 Retention Periods

• Account Information: Retained until account deletion or 3 years of inactivity
• Transaction Records: 7 years for tax and financial compliance
• Health Information: 5 years from last consultation or until consent withdrawal
• Marketing Data: Until unsubscribe or consent withdrawal
• Website Analytics: 26 months (Google Analytics default)
• Security Logs: 12 months for fraud prevention and security
• Customer Support Records: 3 years for service improvement

5.2 Data Storage and Location

Your information is stored on secure servers located in:

• United States (primary data centers)
• European Union (for EU customer data)
• Other jurisdictions as necessary for service delivery

We ensure that all international transfers comply with applicable data protection laws and include appropriate safeguards.

5.3 Data Deletion

When personal information is no longer needed, we securely delete or anonymize it. You may request early deletion of your data subject to legal and business requirements.

6. Data Security and Protection

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

6.1 Technical Safeguards

• Encryption: SSL/TLS encryption for data in transit, AES-256 encryption for data at rest
• Firewalls: Network firewalls and intrusion detection systems
• Secure Hosting: SOC 2 Type II certified cloud infrastructure
• Access Controls: Role-based access with multi-factor authentication
• Data Backup: Regular encrypted backups with secure recovery procedures
• Vulnerability Management: Regular security scanning and penetration testing

6.2 Administrative Safeguards

• Employee Training: Regular privacy and security training for all staff
• Background Checks: Screening for employees with access to personal information
• Confidentiality Agreements: Legal obligations for all personnel handling data
• Incident Response Plan: Documented procedures for security breach response
• Regular Audits: Internal and external security assessments

6.3 Physical Safeguards

• Secure Facilities: Controlled access to data centers and offices
• Equipment Security: Secure storage and disposal of hardware
• Environmental Controls: Climate and power protection for servers

6.4 Health Information Security (HIPAA Compliance)

For health-related information, we implement additional safeguards including:

• HIPAA-compliant data handling procedures
• Business associate agreements with vendors
• Audit logs for all health information access
• Secure messaging for health communications

6.5 Breach Notification

In the event of a data security incident affecting your personal information, we will:

• Assess the incident within 24 hours
• Notify affected individuals within 72 hours (or as required by law)
• Report to relevant regulatory authorities as required
• Provide clear information about the incident and protective measures
• Offer credit monitoring services if appropriate

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

• Right to access your personal information
• Right to receive a copy of your data in a portable format

7.2 Correction and Deletion

• Right to correct inaccurate personal information
• Right to request deletion of your personal information

7.3 Processing Restrictions

• Right to restrict or object to processing of your personal information
• Right to withdraw consent for processing based on consent

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at ethan@templeofherbs.com. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website usage.

8.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality
• Analytics Cookies: Help us understand how visitors use our website
• Marketing Cookies: Used to deliver relevant advertisements
• Preference Cookies: Remember your settings and preferences

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country. We ensure appropriate safeguards are in place to protect your information during such transfers.

12. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

13. Regulatory Compliance

We are committed to complying with applicable privacy laws and regulations, including but not limited to:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Health Insurance Portability and Accountability Act (HIPAA) where applicable
• Personal Information Protection Act (PIPA) of South Korea

13.1 HIPAA Compliance

For health-related information, we maintain HIPAA-compliant practices where applicable. You have the right to:

• Access your health information
• Request corrections to your health information
• Request restrictions on use and disclosure
• File complaints regarding our handling of your health information

To file a HIPAA-related complaint, you may contact the U.S. Department of Health and Human Services at www.hhs.gov/ocr/privacy/hipaa/complaints

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Acknowledgment and Consent

By using our Service, you acknowledge that:

• You have read and understood this Privacy Policy
• You consent to the collection, use, and disclosure of your information as described
• You understand your rights regarding your personal information
• You agree to receive communications from us in accordance with this policy

If you do not agree with this Privacy Policy, please do not use our Service or provide any personal information to us.