GAB Medical Group
GAB Medical Group
Primary Care Network
Back to home

Privacy Policy

Last updated: April 2026

GAB Medical Group ("we", "us") respects your privacy. This Privacy Policy explains what information we collect when you use our website and the GLP-1 program, how we use it, and the choices you have.

1. Information we collect

  • Contact details (name, email, phone, shipping address) you provide at checkout.
  • Health information you submit through the medical intake form (medical history, current medications, weight history).
  • Payment information processed by Stripe — we never store full card numbers on our servers.
  • Appointment data when you schedule a visit through Zoho Bookings.
  • Technical data such as IP address, browser type, language preference, and pages visited.

2. How we use your information

  • To process your order and deliver the GLP-1 program (consultation, prescription, shipping).
  • To allow a licensed clinician to review your case and determine eligibility.
  • To send transactional emails (receipts, intake reminders, appointment confirmations).
  • To improve the website and detect fraud or abuse.
  • To comply with legal and regulatory obligations.

3. Sharing with service providers

We share information only with the providers needed to deliver the service: Stripe (payments), Zoho Bookings (scheduling), Jotform (intake), our hosting and email infrastructure, and the accredited compounding pharmacies that fulfill prescriptions. These providers are contractually bound to protect your data.

4. Protected Health Information (PHI)

Health information you share with our clinicians is treated as PHI under HIPAA. See our HIPAA Notice of Privacy Practices for details on uses, disclosures and your rights.

5. Data retention

We retain medical records for the period required by applicable state law (typically at least 7 years). Marketing and technical data are kept only as long as needed for the purposes described above.

6. Your rights

  • Access, correct, or request a copy of your data.
  • Request deletion, subject to medical record retention requirements.
  • Opt out of marketing emails at any time via the unsubscribe link.
  • California residents have additional rights under the CCPA; contact us to exercise them.

7. Security

We use TLS encryption in transit, encrypted databases at rest, and access controls limiting PHI to authorized clinical staff. No method is 100% secure, but we work to protect your information.

8. Changes to this policy

We may update this policy. Material changes will be posted here with a new 'Last updated' date.

Questions about this policy? Contact us at info@gabmedicalgroup.com or visit gabmedicalgroup.com/contact. This document is provided for general information and does not constitute legal advice.