Effective Date: 12/1/2025

This Privacy Policy explains how your information is collected, used, and protected when you use this website and related services offered by your physician.

Your physician is responsible for your medical care and maintains their own Notice of Privacy Practices (NPP), which applies to your medical information. This Privacy Policy describes how the systems supporting your physician’s site handle personal and health information in accordance with HIPAA, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable laws.

1. Information We Collect

When you use this site, we collect information needed to provide services, support your physician, and keep the site secure. This may include:

• Personal Information such as your name, email address, phone number, mailing address, and payment details.
• Health Information (PHI) provided by your physician, such as Letters of Medical Necessity (LMNs), diagnosis codes, or eligibility details. This health information is used only for your treatment, payment, and healthcare operations, and is not shared with merchants such as Snap Kitchen.
• Account & Usage Data including login credentials, device and browser type, IP address, and site activity.
• Support Interactions such as emails, phone calls, or chats with the support team.
• Commercial Information such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Internet or Network Activity including browsing history, search history, or interactions with this website or platform.
• Geolocation Data such as your approximate location based on your IP address, when needed for delivery or regional compliance.
• Inferences drawn from the above categories to personalize your experience or improve the service.
  
   

2. How We Use Your Information

The information we collect is used to support your physician in delivering care and to make the site work as intended. Specifically, we use it to:

• Support your physician in providing care and managing eligibility for services.
• Process orders, payments, and deliveries with approved food merchants, such as Snap Kitchen, to ensure meals are properly fulfilled.
• Provide customer support.
• Monitor performance, maintain security, and improve the platform.
  
   

Marketing Communications

When you opt in to receive marketing communications (email or SMS) through this site, you are consenting to receive communications from your physician or their authorized team. Snap Kitchen does not independently market to patients in this program and will not send direct marketing emails or SMS messages unless you separately opt in through a Snap Kitchen–managed channel.

All marketing for this program flows through the physician’s branded site and is governed by this Privacy Policy.

Your health information (PHI) is used exclusively for treatment, payment, and healthcare operations, unless you provide written permission for another use. Your physician may also offer targeted health-related communications, such as educational resources or promotional content. These will only be sent if you explicitly opt in, and you may unsubscribe at any time.

3. Sharing Your Information

We share information only in limited circumstances that are necessary to support your care and operate the site. This may include:

• Your Physician and Their Staff, to support treatment and care.
• Service Providers that host, process payments, manage messaging, or provide analytics. These providers are bound by strict security obligations.
• Merchants (Food Providers), including Snap Kitchen, who receive only the order and delivery details necessary to fulfill your meals—such as your name, delivery address, selected menu items, and delivery schedule.
  
  
  • No medical, diagnostic, or HIPAA-protected health information (PHI) is shared with Snap Kitchen or any other merchant.
  • Merchants act solely as fulfillment partners and do not have access to your medical records, LMNs, diagnosis codes, or eligibility data.
    
     
• Legal Authorities, if disclosure is required by law.
• Business Transfers, if we are involved in a merger, acquisition, or similar transaction.
  
   

Partner Information

Snap Kitchen Investments, LLC
1700 S Lamar Blvd Suite 300
Austin, TX 78704
Website: www.snapkitchen.com

Snap Kitchen serves as a food merchant and fulfillment partner on the Prado platform. It receives only order and delivery data required to prepare and deliver meals to customers. Snap Kitchen does not have access to, or retain, any medical or HIPAA-protected information.

4. Your Choices and Rights

You have choices and rights with respect to your information:

• You may opt out of promotional emails at any time by clicking “unsubscribe.”
• You may request access to, or deletion of, your personal account information by contacting us.
• For medical records and other PHI, you have rights under HIPAA, including the ability to request access, amendments, or an accounting of disclosures through your physician’s office.
  
   

5. Information for California Residents

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Your Rights

You have the right to:

• Access the categories and specific pieces of personal information collected about you.
• Request Deletion of personal information, subject to legal and contractual retention obligations.
• Correct inaccurate personal information.
• Limit Use or Opt Out of the sale or sharing of personal information.
• Non-Discrimination for exercising your privacy rights.
  
   

We do not sell or share your personal information for cross-context behavioral advertising.

Exercising Your Rights

To exercise these rights, please submit a request using the contact information provided at the end of this Policy. For verification purposes, you may be asked to provide limited identifying information (e.g., name, email, or delivery address). You may also authorize an agent to act on your behalf.

California “Shine the Light” Law

California residents may also request information regarding our practices related to disclosing certain types of personal information to third parties for their direct marketing purposes. Requests may be sent to: [email protected].

6. How We Protect Your Information

We use technical, administrative, and physical safeguards to protect your information, including:

• Encryption at rest and in transit.
• Secure hosting on Microsoft Azure’s HIPAA-compliant environment.
• SOC 2 and HIPAA compliance programs, which are currently in progress.
  
   

7. Data Retention

We keep health-related records for at least ten years, or longer if required by law. For minors, records are kept until they reach adulthood plus the additional years required under state law.

8. Cookies and Tracking

This site uses cookies and similar technologies to maintain security and improve your experience. Advertising or retargeting cookies are not used by default. If a physician or merchant customizes their site to include such technologies, additional disclosures and opt-out options will be provided as required by law.

9. Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without parental consent.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will update the effective date and post the revised version on this site.