Effective as of November 12, 2025

Desert Bloom Health & Wellness (“we,” “us,” or “our”) values your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. Our goal is to be transparent, simple, and clear about how your information is handled—especially your health information.

Information We Collect

Personal Information

Information you provide directly, such as your name, date of birth, address, phone number, and email.

Payment Information

Billing details required to complete your purchase. Payments are processed securely through third-party processors. We do not store full credit card numbers.

Health Information (Protected Health Information or “PHI”)

Any medical history, health concerns, progress notes, prescriptions, and information you provide during consultations, intake forms, or through OptiMantra.
This information is treated as PHI and protected under HIPAA.

Technical Information

IP address, device type, browser data, and general usage analytics collected automatically when you visit our website.

Communications

Messages, emails, scheduling requests, and other interactions you send to us.

How We Use Your Information

We use your information to:

Provide consultations and weight-management services

Support prescription approvals and pharmacy coordination

Communicate with you about appointments, orders, and shipping

Process payments and prevent fraud

Improve our website and services

Meet legal, regulatory, and record-keeping requirements

We do not use PHI for marketing.

HIPAA & PHI Handling

We treat all health-related information as Protected Health Information (PHI). PHI is handled only through HIPAA-aligned systems, including:

OptiMantra (scheduling, messaging, intake forms)

Compounding pharmacy partners

Authorized providers and designated Desert Bloom Health & Wellness staff

Only individuals with a legitimate need to access PHI may do so.

Our store platform (Shopify) and website host (Showit) are not used for storing or transmitting PHI.

Order & Payment Processing

When you place an order:

Payment details go directly to our secure payment processor (e.g., Authorize.net or other approved partners)

We receive confirmation of payment status only

We do not store or have access to your complete credit card information

Prescription orders are transmitted to our licensed pharmacy partner for fulfillment.

Shipping Information

Shipping information (name, address, chosen product) is shared only with:

The compounding pharmacy preparing your medication

USPS or approved carriers delivering your order

We ship to all 50 U.S. states. A signature may be required for certain prescriptions.

Cookies & Tracking

We use cookies and basic analytics to:

Improve performance

Maintain security

Understand general usage

Cookies never store PHI or sensitive medical details. You may disable cookies in your browser settings.

Information Sharing

We never sell or rent your information.

We share information only with:

Licensed pharmacies fulfilling prescriptions

HIPAA-aligned platforms like OptiMantra

Payment processors

Shipping carriers

Service providers who help us operate our website or store

Regulatory agencies when required by law

All partners are expected to handle your information responsibly and in compliance with applicable regulations.

Data Retention

We retain medical records, PHI, and clinical documentation in accordance with federal and state medical record laws.
General account information and order history may be kept as required for tax, security, and compliance purposes.

You may request deletion of certain non-PHI data, but we may be required to retain some information for legal or regulatory reasons.

Your Rights

Depending on the type of information and applicable law, you have the right to:

Access your PHI

Request corrections

Request copies of your records

Request certain deletions (when legally allowed)

Ask who your information has been shared with

HIPAA gives you additional rights related specifically to PHI.
To exercise these rights, contact us using the email below.

Data Security

We take reasonable safeguards to protect your information, including:

HIPAA-aligned clinical platforms

Encrypted transmissions where appropriate

Limited PHI access to authorized individuals

Secure payment processing

We use reputable, industry-standard systems to safeguard your information, including HIPAA-aligned clinical platforms and PCI-compliant payment processors such as Authorize.net. These partners maintain strong encryption and security controls to protect sensitive data. While no digital system can be guaranteed completely secure, we follow best practices and work only with trusted vendors to keep your information protected.

Children’s Privacy

We do not knowingly collect personal information from individuals under 18. If we learn that information was provided by a minor without proper authorization, it will be deleted.

State-Specific Notices

Some states provide additional privacy rights related to personal information that is not considered Protected Health Information (PHI) under HIPAA. While Arizona does not currently have its own consumer privacy law, we will honor any privacy rights that apply under the law of your state of residence. If you live in a state with additional rights and would like to request access, correction, or deletion of certain non-medical information, you may contact us at the email listed below.

Changes to This Policy

We may update this Privacy Policy as needed. When we make changes, we will update the “Effective” date at the top of this page. Continued use of our services means you accept the updated policy.

Contact Us

For privacy questions, PHI requests, or concerns, contact:
desertbloomhealthandwellness@gmail.com

Desert Bloom Health & Wellness
desertbloomhealthandwellness.com

desertbloomhealthandwellness.com