Privacy Policy

Privacy Policy

This Privacy Policy explains how NextGen Concierge Medicine (“NextGen,” “we,” “us,” “our”) collects, uses, discloses, and safeguards personal information when you visit our website, purchase a membership, contact us, or otherwise interact with us (together, the “Services”).

Important: This Policy covers consumer/personal information collected via our website and ecommerce. It does not govern your medical information protected by HIPAA (“PHI”). For PHI, please see our Notice of Privacy Practices (NPP).

Quick navigation

1) Information we collect

We collect information you provide directly, information collected automatically, and information from third parties.

A. Information you provide

  • Identifiers & contact — name, email, phone number, account details.
  • Account & purchase — plan selections, order history, subscription details, communications preferences.
  • Payment — processed by our payment processor (e.g., Shopify Payments/partners); we receive limited details (e.g., last four digits, status) but not full card numbers.
  • Support & messages — inquiries, feedback, and any information you include.

B. Information collected automatically

  • Device & usage — IP address, browser type, operating system, pages viewed, referring/exit pages, timestamps.
  • Cookies & similar tech — pixels, tags, SDKs for analytics, performance, personalization, and advertising. See Cookies, analytics & ads and your Privacy Choices.
  • Approximate location — derived from IP address for fraud prevention and localization.

C. Information from third parties

  • Ecommerce platform & processors — store & checkout functionality (e.g., Shopify), payment processing, fraud tools.
  • Analytics & marketing partners — aggregated or pseudonymous data for traffic measurement and ads effectiveness.

PHI collected and used for your clinical care is handled under our HIPAA Notice of Privacy Practices, not this Policy.

2) How we use information

  • Provide Services — operate the site, process orders, manage memberships (annual/monthly), authenticate and secure accounts.
  • Customer support — respond to questions, schedule welcome calls, handle requests and complaints.
  • Communications — send transactional messages (receipts, account notices, policy updates). Marketing only with your consent or as permitted by law.
  • Personalization — remember preferences, present relevant content.
  • Analytics & improvement — measure traffic, diagnose issues, improve usability and performance.
  • Security & fraud prevention — detect, investigate, and prevent fraudulent or malicious activity.
  • Legal & compliance — comply with laws, enforce terms, and protect rights, safety, and property.

3) How we disclose information

We may disclose personal information with:

  • Service providers & processors — ecommerce platform, payment processors, hosting, analytics, email/SMS tools, and support providers under contract.
  • Business transfers — during a merger, acquisition, financing, or sale of assets (subject to standard protections).
  • Legal requirements — to comply with law, lawful requests, or to protect rights and safety.
  • With your direction or consent — when you ask us to share or otherwise consent to a disclosure.

We do not disclose PHI under this Policy; PHI sharing is covered by our NPP.

4) Cookies, analytics & advertising

We and our partners use cookies and similar technologies to operate the site, measure performance, and (if enabled) deliver or measure advertising.

  • Essential — required for core functionality (security, checkout).
  • Analytics — understand how visitors use the site (aggregate reporting).
  • Personalization — remember preferences and improve experience.
  • Advertising — show relevant ads and measure their effectiveness (may qualify as “selling” or “sharing” under some state laws).

Manage non-essential cookies via Cookie Preferences. We honor Global Privacy Control (GPC) signals as an opt-out for the browser that sends the signal.

Cookie summary (example)

Category Purpose Examples
Essential Checkout, login, security Session ID, cart, CSRF
Analytics Traffic & usage measurement Page views, events
Advertising Ad delivery & measurement Ad pixels/tags

5) Your privacy choices

Depending on your location, you may have certain privacy rights. See our detailed Your Privacy Choices page for:

Note: These choices apply to personal information covered by consumer privacy laws. PHI choices are handled under the NPP.

6) Security

We employ administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7) Retention

We retain personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Typical examples:

  • Account & orders — while your account is active and for a reasonable period thereafter (e.g., 3–7 years) for tax, audit, and compliance.
  • Marketing — until you unsubscribe or your request is honored, then retained only to maintain suppression lists.

PHI retention is governed by healthcare laws and our NPP.

8) Minors

Our ecommerce site is not directed to children under 13, and we do not knowingly sell or share personal information of consumers under 16. For clinical care to minors, PHI is handled under our NPP and applicable laws.

9) International data transfers

If you access the Services from outside the United States, your information may be processed in the U.S. or other countries that may have different data protection laws than your jurisdiction. Where required, we implement appropriate safeguards.

10) Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy on this page with a new “Last updated” date and, when appropriate, notify you by email or in-account notice.

11) Contact us

Questions about this Policy or your personal information? Email us at info@ngcmedicine.com.