This Privacy Policy explains how Dangond Direct LLC (“Dangond Direct,” “we,” “our,” or “us”) collects, uses, discloses, and protects personal information.

It applies to:

• Our public website (including any embedded forms and content)
• Our patient portal (powered by Atlas.md)
• Telehealth / virtual visits
• In-person care at our clinic
• Related online tools we use to support these services (such as Calendly and email communications)

Dangond Direct LLC is a Florida medical practice located at 7000 SW 62nd Ave, Suite 515, South Miami, FL 33143. We provide direct primary care services and manage sensitive personal and health information, including Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”).

We are committed to protecting your privacy and complying with applicable federal law (including HIPAA), Florida law, and any relevant local requirements in Miami-Dade County.

We use third-party vendors, including Atlas.md (our electronic health record and practice management system) and Stripe (for payments). These vendors generally act as our “Business Associates” under HIPAA and process PHI on our behalf pursuant to Business Associate Agreements (BAAs).

By using our website, portal, telehealth services, or receiving care from us, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our online Services and contact us with any questions instead.

1. Information We Collect

We collect information in several ways: directly from you, from your use of our Services, and from third-party tools we use to operate our practice.

a. Account and Contact Information

When you become a patient or contact us, we may collect:

• Name, date of birth, and contact information (address, email, phone)
• Emergency contact information (if provided)
• Information about your insurance, if applicable (even though our practice is membership-based and does not bill insurance in the traditional way)
• Login credentials for the patient portal (email, password or other login method)
• Information you provide through our contact forms, Calendly meet-and-greet bookings, or email (e.g., preferred appointment time, questions, concerns)

If you are a visitor to our website (for example, filling out a “contact us” or “meet & greet” form), we may collect your name, email address, phone number, and any message you submit.

b. Patient Health Information (PHI)

As a medical practice, we maintain medical records and other health information about you in our electronic health record (EHR) system, powered by Atlas.md. This may include:

• Personal identifiers:full name, date of birth, sex/gender, address, contact information, emergency contacts, and other demographic details
• Medical history and records:symptoms, diagnoses, treatment plans, medications, allergies, immunizations, surgical history, family history, social history, and any uploaded documents (e.g., prior records, imaging reports, photos uploaded for clinical purposes)
• Visit information:progress notes, telehealth visit notes, in-person visit notes, vitals, and care plans
• Lab orders and results:lab tests ordered and results reported from partner laboratories
• Prescriptions and medication data:medications prescribed, dosage, frequency, refill history, and pharmacy information
• Communication content related to your care:secure messages, text messages (SMS) sent through our communication tools, clinical emails, portal messages, and notes from phone/video visits (we generally do not record visits by default; if we ever do, we will obtain appropriate consent)
• Billing and membership information:invoices, payments, membership details (e.g., membership start/end, plan type), and related notes necessary to manage your account and comply with law

This information is considered PHI under HIPAA and is handled with a high level of confidentiality and security.

c. Financial Information

We use Atlas.md/Stripe to process payments for memberships and other services.

• When you enter payment details (such as a credit or debit card) through our online system, that information is sent directly toStripe via Atlas.md.
• Dangond Direct itself doesnot store your full credit card number or full bank account number on our own servers.
• We may store limited details provided by Stripe or Atlas.md, such as the last four digits of your card, card brand, expiration date, transaction IDs, payment amounts, and payment dates, to manage billing, receipts, refunds, and membership status.

d. Usage Data and Technical Information

When you use our website, patient portal, or telehealth tools, we and our vendors may collect:

• IP address, browser type, device type, operating system
• Pages or features you access, links you click, and the date/time of your visit
• Basic diagnostic and error information (for troubleshooting and security)
• Audit logs in our EHR (e.g., which user accessed which patient record and when), as required by HIPAA and good medical practice

This information is used for security, auditing, and improving our Services.

e. Cookies and Similar Technologies

Our website and portal may use cookies or similar technologies (such as local storage) to:

• Keep you logged in during a session
• Remember preferences
• Improve site performance and usability

We do not use cookies to sell your information to advertisers. If you disable cookies in your browser, some features (like staying logged in) may not work properly.

We may also use privacy-conscious analytics tools to understand general usage patterns (for example, how many visitors view certain pages). We aim to avoid including PHI in analytics data.

f. Support and Feedback

If you contact us by phone, email (including Google Workspace), portal message, or via our website for support or questions, we will collect:

• Your contact information (name, email, phone)
• The content of your message or call (including any screenshots or attachments you send)

If your message includes PHI, we treat it with the same protections as your medical record.

2. How We Use Your Information

Dangond Direct uses your information for the following purposes:

a. Providing Medical Care and Practice Services

We use PHI and other personal information to:

• Provide in-person and telehealth medical care
• Maintain and update your medical record
• Coordinate care, including referrals and communication with other providers (when authorized)
• Schedule and manage appointments (including Calendly meet-and-greets, telehealth visits, and follow-ups)
• Send appointment reminders and follow-up communications
• Manage billing, membership, and payment processing through Atlas.md and Stripe
• Operate our patient portal and secure messaging systems

b. Practice Operations and Improvement

We may use de-identified or limited data to:

• Monitor how our clinic systems are used (e.g., which features patients use most)
• Improve workflow, usability, and patient experience
• Enhance security and reliability of our systems
• Evaluate and improve the quality of care and services we provide

When we use data for internal analysis or quality improvement, we strive to remove or minimize identifiable patient information whenever possible.

c. Communication With You

We use your contact information to:

• Send appointment confirmations and reminders
• Notify you about lab results or secure messages (often via email or text that prompts you to log into a secure portal)
• Communicate about your membership status, billing, or administrative matters
• Respond to your questions and requests

We may also occasionally send:

• Educational information about preventive care or clinic updates
• Invitations to schedule meet-and-greets or informational events

You can opt out of non-essential marketing-type communications at any time (see Section 6). We cannot, however, stop sending necessary clinical or legal communications, such as notices about your care or billing.

d. Legal, Regulatory, and Safety Purposes

We may use and disclose information as needed to:

• Comply with HIPAA, other federal requirements, and applicable Florida laws
• Respond to subpoenas, court orders, or other lawful requests
• Investigate and help prevent fraud, abuse, or security incidents
• Protect the rights, property, or safety of patients, staff, or the public

We also maintain audit logs and other records required by law and medical standards of care.

SMS / Text Message Communications

If you provide your mobile phone number and consent, Dangond Direct LLC may send you text messages (SMS) for administrative and patient care coordination purposes only, including appointment reminders, scheduling, follow-ups, membership or billing notifications, and general office-related communications.

How You Opt In:
You opt in to receive SMS messages by providing your mobile phone number and signing a paper or electronic intake, onboarding, or consent form that includes SMS authorization. SMS consent is not a condition of purchase or receiving services.

Message Frequency:
Message frequency varies based on your interactions with our office and your care or scheduling needs.

Opt-Out and Help Instructions:
You may opt out of SMS messages at any time by replying STOP to any message.
For assistance, you may reply HELP or contact us at 78656795 46  or info@dangonddirect.com.

Message & Data Rates:
Message and data rates may apply depending on your mobile carrier and plan.

Privacy and Sharing:
SMS consent is not shared with third parties or affiliates for marketing purposes. We use SMS only to communicate directly with you in connection with our services.

Important Notices:
Text messaging is not a guaranteed secure method of communication and should not be used for emergencies or urgent medical concerns. In an emergency, please call 911 or go to the nearest emergency facility.

3. How We Share and Disclose Information

Dangond Direct shares personal information only as needed to provide care, operate our practice, and comply with law.

a. Within Dangond Direct

Your information is shared among authorized members of our clinical and administrative team who need it to:

• Provide or support your care
• Perform scheduling, billing, and operations tasks
• Maintain records and comply with documentation requirements

Access is based on job role and is limited to what is reasonably necessary.

b. With Your Consent or at Your Direction

We may share your information if you ask us to or clearly authorize us to do so. Examples:

• Sending records to another provider or specialist
• Sharing information with a family member or caregiver (with appropriate authorization)
• Coordinating with an employer or school when you request documentation

We may ask you to sign a written authorization where required by law.

c. Service Providers and Business Associates

We use third-party vendors to help us operate our practice. These vendors are contractually obligated to protect your information and, when handling PHI, to sign Business Associate Agreements (BAAs) as required by HIPAA. Key vendors include:

• md (Electronic Health Record & Practice Management)
  We use Atlas.md to store and manage your medical records, appointments, communications, and billing data. Atlas.md hosts this data on secure cloud infrastructure and acts as our HIPAA Business Associate.
• Stripe (Payment Processing)
  Stripe processes payments for memberships and other services. When you enter card information online, it is sent directly to Stripe via Atlas.md. Stripe may store card tokens and transaction history as needed for recurring billing and refunds. We receive confirmation of payments and related non-sensitive details. Stripe is responsible for its own privacy practices, and we contract with Stripe to protect your data.
• Calendly (Scheduling for Meet & Greets and Other Appointments)
  We may use Calendly to allow prospective or current patients to book informational calls or visits. Calendly will receive the information you enter into the scheduling form (e.g., name, email, time preference) so it can place the appointment on our calendar.
• Google Workspace (Email, Calendar, Drive)
  We use Google Workspace for clinic email, calendar, and document management. Google acts as a service provider for us under our agreement. When you email us, your message is stored in Google’s infrastructure. We recommend not sending highly sensitive information (like full medical histories) by unsecured email; instead, we prefer secure portal messaging whenever possible.
• Telehealth and Communication Platforms
  For telehealth visits, phone calls, SMS messages, and possibly faxing, we may use services integrated through Atlas.md (e.g., Twilio or similar communication providers). These services handle the technical delivery of messages, calls, or video sessions and are bound by agreements to protect PHI.
• Other Vendors
  We may also use secure tools for support tickets, website hosting, or performance monitoring, always with the aim of limiting PHI disclosure and ensuring appropriate protections.

These service providers are not allowed to use your information for their own independent marketing purposes and may only use it as necessary to perform services for Dangond Direct.

d. Labs, Pharmacies, and Other Healthcare Partners

To provide care, we may share information with:

• Laboratories(e.g., large reference labs or local labs) for test orders and results
• Pharmaciesand e-prescribing networks when we send prescriptions
• Imaging centers or specialistswhen we refer you for additional services

These entities are often “covered entities” under HIPAA themselves and have their own privacy obligations. We share only the information necessary to fulfill the clinical purpose (e.g., ordering a test or filling a prescription).

e. Legal Requirements and Safety

We may disclose personal information when required or permitted by law, such as:

• In response to a court order, subpoena, or other legal process
• To report certain diseases, injuries, or public health events to appropriate authorities
• To report suspected abuse, neglect, or domestic violence, consistent with Florida law
• To prevent or lessen a serious and imminent threat to the health or safety of a person or the public, consistent with applicable law

Whenever feasible and permitted, we will attempt to notify you of such disclosures, especially where your records are subject to legal process.

f. Business Transfers

If Dangond Direct LLC is involved in a merger, acquisition, sale of assets, or similar transaction, your information may be transferred as part of that transaction. Any new owner will be required to protect your information in accordance with HIPAA, applicable Florida law, and this Privacy Policy (or a policy with substantially similar protections). Your medical records will remain subject to applicable medical record and privacy laws regardless of ownership changes.

g. Aggregated or De-Identified Information

We may use and share information that has been de-identified or aggregated so that it cannot reasonably identify you. For example:

• General statistics about our patient population
• Trends in appointment types or health conditions (without identifiers)

This information does not include your name or contact details and is not treated as PHI under HIPAA.

h. No Sale of Personal Information

We do not sell or rent your personal information or patient lists to third-party marketers, advertising networks, or pharmaceutical companies.

4. Data Security: How We Protect Your Information

We take the security of your personal and health information seriously and use administrative, technical, and physical safeguards to protect it.

These measures include, either directly by Dangond Direct or through our Business Associates such as Atlas.md:

• Encryption:Data transmitted between your browser and our systems (or Atlas.md) uses TLS (HTTPS). Sensitive data stored in our EHR and related systems is encrypted or otherwise protected to prevent unauthorized access.
• Access Controls:Access to medical records is limited to authorized personnel who need it for their clinical or operational roles. User accounts are password-protected, and we encourage strong, unique passwords. Administrative access to systems is restricted and monitored.
• Secure Development & Configuration:Our EHR vendor follows secure development and configuration practices, applies security updates, and conducts internal testing to identify and remediate vulnerabilities.
• Monitoring & Logging:Systems we use maintain logs of access and certain actions (for example, viewing a patient chart). Logs help us detect suspicious activity, respond to incidents, and meet compliance obligations.
• Backups & Disaster Recovery:Medical records and associated data are regularly backed up and can be restored in the event of system failure, subject to our vendors’ disaster recovery procedures.
• Training & Policies:Our staff are trained on privacy, HIPAA, and security responsibilities, including Florida-specific obligations. Staff sign confidentiality agreements and are required to handle PHI with care.
• Physical Security:Our office is physically secured. Electronic health records and other systems are hosted in secure data centers controlled by our vendors (e.g., cloud providers), which have their own robust physical and environmental security measures.

No system can guarantee absolute security, and the healthcare sector can be a target for cybercrime. We take reasonable steps to reduce risks and will respond quickly to any suspected incident, including notifying affected individuals and regulators as required by HIPAA, Florida law, and other applicable rules.

You also play a role in security. Please:

• Use strong, unique passwords for the patient portal and do not share them
• Log out or close your browser when using shared or public devices
• Contact us promptly if you suspect unauthorized access to your account or records

5. Data Retention

We retain personal information as long as necessary to provide care, operate our practice, and comply with legal requirements.

a. Medical Records

We retain your medical records in accordance with:

• HIPAA
• ApplicableFlorida medical record retention laws
• Professional standards of care

In practice, this typically means keeping records for several years after your last encounter (and longer in some cases, such as for minors). We do not delete clinical records on a short schedule because they may be needed for future care, continuity, or legal purposes.

b. Administrative and Billing Information

We keep billing records, membership details, and related financial documentation for the periods required by:

• Federal and state law (including tax and accounting rules)
• Payer and banking requirements where applicable

c. Website, Portal, and Logs

Usage logs and technical records are generally kept for a limited time (for example, months to a few years), unless longer retention is needed for security, troubleshooting, or legal reasons. Backups may retain copies of data for a longer period as part of normal backup cycles.

d. De-Identified Data

We may retain de-identified or aggregated data indefinitely, as it no longer identifies individual patients.

When information is no longer needed and no law requires its retention, we will dispose of it securely (for example, by secure deletion of electronic data).

6. Individual Rights and Choices

You may have certain rights with respect to your personal information and PHI. Many of these rights are governed by HIPAA and Florida law.

a. Access to Medical Records

As a patient, you generally have the right to:

• Access and obtain a copy of your medical records
• Inspect your records in person or electronically (for example, via the patient portal, where available)

To request access, please contact us using the information in Section 10. We may require written authorization and verification of your identity. Reasonable fees may apply as allowed by law (for copying, mailing, or certain electronic formats).

b. Requesting Corrections

If you believe any information in your medical record is inaccurate or incomplete, you may request that we amend it. We will:

• Review your request
• Make appropriate corrections if warranted
• Document your request and our response, as required by law

If we do not agree with an amendment, we will let you know why and explain your options (including adding a statement of disagreement to your record).

c. Requesting Restrictions

You may request that we:

• Limit certain uses or disclosures of your information (for example, not sharing certain details with a particular individual)
• Restrict disclosures to a health plan or insurer when you pay out-of-pocket in full for a particular service, as permitted by HIPAA and Florida law

We will consider all reasonable requests, although we are not always required to agree to them, particularly when such restrictions would interfere with treatment, payment, or healthcare operations, or conflict with legal obligations.

d. Confidential Communications

You may request to receive communications from us in a specific way (for example, at a different address or phone number). We will accommodate reasonable requests when feasible.

e. Right to an Accounting of Disclosures

In certain circumstances, you may request an accounting of certain disclosures of your PHI (for example, non-routine disclosures not made for treatment, payment, or healthcare operations). We will provide such an accounting as required by HIPAA.

1. f. Right to Opt Out of Some Communications
   You may opt out of general informational or marketing-type emails.
   You may also opt out of SMS communications at any time by replyingSTOPto a text message or contacting our office.

You cannot opt out of communications that are:

Required by law

• Necessary for your care or our operations (e.g., appointment reminders, billing communications)

g. State-Specific and Other Rights

Some state privacy laws (beyond HIPAA) give additional rights related to access, deletion, or data portability. While we are primarily governed by HIPAA and Florida law, we will consider and, where applicable, honor rights under other state laws for patients who qualify.

To exercise any privacy right, please contact us (see Section 10). We may need to verify your identity and may ask that you submit your request in writing.

7. Children’s Privacy

Dangond Direct provides care to adults and may also see children/minors in a family medicine or pediatric context.

• A minor’s health information is entered into our EHR by our clinicians and is used solely for the purpose of providing medical care.
• Parents or legal guardians generally have rights to access a child’s records, subject to HIPAA and Florida law (which may grant certain privacy rights to minors in specific situations, such as reproductive or behavioral health services).

We do not knowingly allow children under 13 to independently create accounts through public-facing online forms without the involvement of a parent or guardian. If you are a parent or guardian and believe we have collected personal information from a child inappropriately, please contact us so we can address the issue.

8. International Users

Our practice is based in South Miami, Florida, and we primarily serve patients located in Florida (and, where permitted, in other U.S. states).

Our systems and vendors generally store and process data in the United States. If you access our Services from outside the U.S., you acknowledge that your information will be transferred to, stored, and processed in the U.S., where privacy laws may differ from those of your country.

We are not marketing services directly to individuals in the European Union or other regions with comprehensive data protection regulations. However, if such individuals receive care from us (for example, while temporarily in Florida), we will treat their information with the same level of care and security described in this policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as our practices, technology, or legal requirements change.

• When we make significant changes, we will update the version displayed on our website and may notify patients through email, portal messages, or posted notices in our clinic.
• Any changes will apply to information we already hold and to new information collected after the revised policy is posted, unless otherwise required by law.

Your continued use of our website, patient portal, telehealth services, or in-person services after changes are posted indicates your acceptance of the updated policy, to the extent allowed by law.

If you would like a prior version of this policy for reference, you may request it from us.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

Dangond Direct LLC
7000 SW 62nd Ave, Suite 515
South Miami, FL 33143

📧 Email: info@dangonddirect.com
📞 Phone: 786-567-9546

You may also raise privacy concerns with relevant regulators, including the U.S. Department of Health and Human Services Office for Civil Rights (for HIPAA issues) or appropriate Florida state authorities. However, we encourage you to contact us first so we can try to resolve any concerns directly.

If you believe that your privacy rights have been violated, you should call the matter to our attention by sending a letter describing the cause of your concern to the same address. You will not be penalized or otherwise retaliated against for filing a complaint.