top of page

Privacy Policy

Z&Z WELLNESS PRIVACY POLICYEffective Date: January 17, 2026

1. Introduction

Z&Z Wellness (“Z&Z Wellness,” “we,” “us,” or “our”) operates the website https://www.zzketamineivhydra.com (the “Site”) and provides in‑person and telehealth clinical services, including ketamine‑assisted therapy, weight management, and related wellness services (collectively, the “Services”).

This Privacy Policy describes how we collect, use, disclose, and safeguard personal information, including, where applicable, protected health information (“PHI”), and how we comply with applicable privacy and data protection laws in the United States and in the state where our patients are located, including Virginia, where we are licensed to practice.

​

2. Scope and Relationship to HIPAA / Health Privacy Laws

This Privacy Policy applies to information collected through our Site, our telehealth platforms, electronic communications, and offline interactions related to our Services.

To the extent we are a “covered entity” or “business associate” under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), PHI is used and disclosed in accordance with HIPAA and applicable state health privacy laws. If there is any conflict between this Privacy Policy and a separate HIPAA Notice of Privacy Practices that we provide to you with respect to PHI, the HIPAA Notice of Privacy Practices will control.

​

Information We Collect

3.1 Information You Provide Directly

We may collect the following types of information that you voluntarily provide:

  • Identification and contact information, such as your name, mailing address, email address, phone number, and date of birth.

  • Account and registration information, such as username, password, and any security credentials used to access telehealth or patient portals.

  • Health and medical information, including PHI, submitted through intake forms, telehealth visits, medical history, treatment information, medication information, and communications with your clinician.

  • Payment and billing information, such as payment card details processed by our payment processor, billing address, and transaction history.

  • Communications and feedback, such as messages, emails, support requests, or information you submit through contact forms or surveys.

 

3.2 Information Collected Automatically

When you visit or interact with our Site, we may automatically collect:

  • Device and usage data, such as IP address, browser type, operating system, referring URLs, pages viewed, time and date of visits, and other standard web log data.

  • Information through cookies and similar tracking technologies (e.g., web beacons, pixels, local storage) to remember your preferences, analyze Site traffic, and improve our Services.

You can usually modify your browser settings to decline cookies, but some features of the Site may not function properly if you do so.

 

3.3 Information from Third Parties

We may receive information about you from:

  • Telehealth platforms, electronic medical record systems, laboratories, pharmacies, or other healthcare providers involved in your care.

  • Payment processors and financial service providers that handle billing and payment transactions on our behalf.

  • Analytics and marketing service providers, as permitted by applicable law and your choices.

 

4. How We Use Your Information

We may use your information for the following purposes:

  • To provide, coordinate, and manage your clinical care, including scheduling, diagnosis, treatment, and follow‑up.

  • To operate, maintain, secure, and improve our Site, telehealth platforms, and Services.

  • To communicate with you about appointments, treatment plans, test results, prescriptions, administrative updates, and other service‑related information.

  • To process payments, verify identity, and prevent fraud or abuse.

  • To comply with applicable legal, regulatory, licensing, and auditing requirements, including responding to subpoenas, court orders, or lawful requests from government authorities.

  • To conduct internal analytics, quality assurance, training, and service improvement, using de‑identified or aggregated data where feasible.

  • With your consent, to send educational materials, newsletters, or marketing communications, which you may opt out of at any time as described below.

​

5. Legal Bases / Authority for Processing

Where required by law (for example, in certain U.S. state privacy regimes or if we serve patients in other jurisdictions), we process personal information based on one or more of the following legal grounds:

  • Your consent, such as when you agree to certain uses of cookies or to receive marketing communications.

  • The necessity to provide healthcare and related Services at your request, including telehealth care.

  • Compliance with legal obligations, including health, safety, and medical record‑keeping requirements.

  • Our legitimate interests in operating, securing, and improving our practice and Site, provided those interests are not overridden by your rights and interests.

​

6. How We Disclose Information

We may disclose personal information, including PHI where permitted by law, to:

  • Healthcare providers, staff, and contractors involved in your treatment, payment, or healthcare operations.

  • Third‑party service providers who perform functions on our behalf, such as electronic medical records vendors, telehealth platforms, IT hosting and support, secure messaging services, payment processors, and analytics providers, subject to appropriate contractual safeguards and, where applicable, business associate agreements.

  • Pharmacies, laboratories, or other healthcare entities involved in your care or medication dispensing.

  • Law enforcement, regulators, courts, or other third parties when required by law or to protect our rights, safety, or property, or that of our patients or others.

  • Successors or assigns in the event of a business transition such as a merger, acquisition, or sale of assets, in accordance with applicable law.

  • Other parties with your explicit authorization or as otherwise allowed under HIPAA and applicable privacy laws.

We do not sell your personal information or PHI as that term is defined under applicable law, nor do we share PHI for third‑party marketing purposes without your authorization. Virginia Privacy Law Compliance: As a healthcare provider subject to HIPAA, we are exempt from certain provisions of the Virginia Consumer Data Protection Act (VCDPA) with respect to protected health information. We do not sell personal information as defined under Virginia law. To the extent any information we collect falls outside of HIPAA's scope (such as general website visitor data or non-patient inquiries), we do not sell such information to third parties for monetary consideration. We do not process personal information for targeted advertising purposes without appropriate consent. Your VCDPA Rights (for non-PHI data): If you are a Virginia resident and we process personal information about you that is not protected health information under HIPAA, you have the right to:

  • Confirm whether we are processing your personal information and access such information

  • Correct inaccuracies in your personal information

  • Delete personal information you have provided

  • Obtain a copy of your personal information in a portable format

  • Opt out of the processing of personal information for targeted advertising or the sale of personal information

To exercise these rights for non-health information, please contact us using the information in Section 15.

 

7. Cookies and Tracking Technologies

We may use first‑party and third‑party cookies and similar technologies to:

  • Enable core Site functionality and security.

  • Analyze Site usage and performance (for example, through analytics tools) to understand how visitors use our Site and to improve user experience.

  • Support limited marketing or informational campaigns, in compliance with applicable laws and your preferences.

Where required, you may see a cookie banner or consent mechanism when you visit the Site. You can manage cookies through your browser settings or applicable consent tools, but disabling cookies may affect certain features of the Site.

 

8. Data Security

We implement reasonable and appropriate administrative, technical, and physical safeguards designed to protect personal information and PHI against unauthorized access, use, alteration, or disclosure.

These measures may include encryption in transit, access controls, secure hosting environments, regular monitoring, workforce training, and internal policies designed to limit access to those with a legitimate need to know. However, no system can be guaranteed to be completely secure, and you share information with us at your own risk.

 

9. Data Retention

We retain personal information and PHI for as long as necessary to:

  • Provide the Services you have requested.

  • Comply with legal, regulatory, and professional obligations, including medical record retention laws in Virginia 

  • Resolve disputes and enforce our agreements.

Retention periods may vary depending on the type of information, the purpose of use, and applicable legal requirements.

 

10. Your Rights and Choices

Depending on your location and the specific laws that apply to you, you may have certain rights regarding your personal information, which may include:

  • The right to access and obtain a copy of certain information we hold about you.

  • The right to request correction or update of inaccurate or incomplete information.

  • The right to request deletion of certain information, subject to legal and clinical record‑keeping obligations.

  • The right to request restrictions on the use or disclosure of your information in certain circumstances.

  • The right to object to certain types of processing, including direct marketing where applicable.

  • The right to receive certain information in a portable format, where required by law.

  • The right to withdraw consent where processing is based on consent, without affecting prior lawful processing.

Patients may exercise certain rights related to PHI under HIPAA through the process described in our HIPAA Notice of Privacy Practices, which can be requested from us at any time. To exercise your rights, please contact us using the information in the “Contact Information” section below. We may need to verify your identity before responding.

If you are a resident of a jurisdiction with specific privacy laws (for example, certain U.S. states that have enacted consumer privacy laws), we will honor any additional rights afforded to you under those laws to the extent required.

You may opt out of non‑essential marketing emails by using the “unsubscribe” link provided in those emails or by contacting us directly.

 

11. Children’s Privacy

Our Services are generally not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18 without appropriate parental or guardian consent as required by law.

If you believe we have collected information from a child in violation of applicable law, please contact us so that we can investigate and take appropriate action.

 

12. International Transfers

Our practice is primarily located in the United States and our Site is intended for users located in the United States. If you access the Site or use the Services from outside the United States, information you provide may be transferred to, stored in, and processed in the United States or other countries that may have privacy laws different from those in your jurisdiction.

Where required by law, we will implement appropriate safeguards to protect your information in connection with such transfers.

 

13. Third‑Party Websites and Services

Our Site may contain links to third‑party websites, applications, or services that are not controlled by us.

This Privacy Policy does not apply to those third‑party properties, and we are not responsible for their content, privacy practices, or security. You are encouraged to review the privacy policies of any third‑party site or service you visit.

 

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will update the “Effective Date” at the top of this page and, where required by law, provide additional notice or obtain consent. Your continued use of the Site or Services after any changes have been posted signifies your acceptance of the revised Privacy Policy.

​

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or our privacy practices, please contact:

 

Z&Z Wellness
Attn: Privacy Officer

1451 Belle Haven Road Ste 230

Alexandria, VA 22307

Phone: 703-988-5362

Email: transformation@zzketamineivhydra.com

​

​

​

bottom of page