Privacy Policy

Effective Date: October 7, 2025

Introduction

Herbly, LLC. ("Herbly," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, www.herbly.org, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the "Platform"). Please read this privacy policy carefully. By using the Platform, you agree to the terms of this Privacy Policy.

This policy applies to information we collect on this Platform and in email, text, and other electronic messages between you and this Platform. It is designed to help you understand your privacy rights, including those granted under the Virginia Consumer Data Protection Act (VCDPA).

Information We Collect

We collect several types of information from and about users of our Platform, including information that can be used to identify you ("Personal Data").

1. Information You Provide to Us: We collect Personal Data you voluntarily provide to us when you register for an account, make a purchase, book a consultation, or otherwise contact us. This information may include:

Contact and Identity Data: Name, email address, phone number, mailing address, and date of birth.
Payment Data: Payment information such as credit or debit card details, and billing address. This information is typically processed directly by our third-party payment processors.
Health Information: To facilitate consultations with Practitioners, you may choose to provide health-related information, such as health history, symptoms, and other relevant details. This is considered sensitive data, and we handle it with additional care. This information is collected and managed through our secure telehealth service provider.

2. Information We Collect Automatically: As you navigate through and interact with our Platform, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns. This includes:

Usage Data: Information about how you access and use the Platform, such as your computer's Internet Protocol (IP) address, browser type, browser version, the pages of our Platform that you visit, the time and date of your visit, and the time spent on those pages.
Device Information: Information about your computer or mobile device, including device identifiers.
Tracking Data: Information collected through cookies, web beacons, and other tracking technologies.

How We Use Your Information

We use the information we collect for various purposes, including:

To Provide and Manage Our Services: To create and manage your account, process transactions for consultations and product sales, and facilitate telehealth sessions between you and Practitioners.
To Fulfill Orders: To arrange for shipping and delivery of products purchased from our e-commerce store.
To Communicate With You: To send you order confirmations, appointment reminders, and respond to your inquiries. We may also send you marketing communications, which you can opt-out of at any time.
To Improve Our Platform: To perform analytics, monitor usage trends, and improve the user experience and functionality of our Platform.
For Security and Legal Compliance: To screen for potential risk and fraud, and to comply with applicable legal obligations, court orders, or governmental requests.

How We Share and Disclose Your Information

We do not sell, rent, or lease your Personal Data to third parties. We may share your information in the following circumstances:

With Practitioners: When you book a consultation, we share your name and any health information you provide with your chosen Practitioner to enable them to provide their services to you. This sharing occurs within our secure telehealth platform.
Our Telehealth Platform Provider (Jane.app): To provide our telehealth services, Herbly partners with Jane App Inc. ("Jane.app"), a secure, third-party practice management platform. When you book a consultation and interact with a Practitioner, your Personal Data, including sensitive Health Information, is collected, stored, and processed by Jane.app to facilitate these services. In this relationship, your Practitioner is the "data controller," and Jane.app acts as the "data processor," meaning they process your data on behalf of and under the instruction of your Practitioner. Jane.app is designed to be compliant with privacy legislation such as the Health Insurance Portability and Accountability Act (HIPAA). They are committed to protecting your data through robust security measures, including encrypting all data both in transit and at rest. For more detailed information, we encourage you to review the Jane.app Privacy Policy.
With Other Third-Party Service Providers: In addition to our telehealth platform provider, we share information with other vendors and service providers who perform services for us, such as payment processing, order fulfillment and shipping, data analytics, and website hosting. These third parties are contractually obligated to protect your data and are prohibited from using it for any other purpose.
For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
During Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your Personal Data may be transferred to the new owner.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Platform and hold certain information. Cookies are small data files stored on your device that help us improve our Platform and your experience. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Platform.

Data Security

We have implemented reasonable administrative, technical, and physical security measures designed to protect the security of any personal information we process. We use technologies like Secure Sockets Layer (SSL) to protect sensitive data exchange. Furthermore, we select third-party service providers, such as our telehealth platform Jane.app, that demonstrate a strong commitment to security, including SOC 2 certification and the encryption of data in transit and at rest. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure.

Your Privacy Rights and Choices

In accordance with the Virginia Consumer Data Protection Act (VCDPA) and other applicable laws, you have certain rights regarding your Personal Data. These rights include:

Right to Access: You have the right to request a copy of the Personal Data we hold about you.
Right to Correct: You have the right to request the correction of inaccurate information.
Right to Delete: You have the right to request the deletion of your Personal Data, subject to certain exceptions (for example, we may need to retain data to complete transactions or comply with legal obligations).
Right to Opt-Out: You have the right to opt-out of the processing of your data for targeted advertising and to opt-out of marketing communications by following the "unsubscribe" link in our emails.

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below.

Children's Privacy

Our Platform is not intended for or directed at children under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.