Speak with an Advisor

PRIVACY POLICY

Journey Health 

Effective Date: April 16, 2026  |  Last Updated: April 16, 2026

Journey Health (“Journey,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains what information we collect, how we use and share it, how we protect it, and the choices you have when you visit journeyhealthadvisors.com (the “Site”), use our services, or communicate with us by phone, email, SMS, chat, web form, or through our AI-powered onboarding assistant.

Please read this Policy carefully. If you do not agree with it, please do not use the Site or our services.

1. About Journey Health

Journey Health is a marketing and advisory company headquartered in Charlotte, North Carolina. We help individuals, families, and employers access alternatives to traditional health insurance, including:

  • Direct Primary Care (DPC) memberships through affiliated or third-party DPC physician practices;
  • Health cost-sharing programs administered by our partners (see Section 2); and
  • Employer benefits consulting and related services.

Important: Journey Health is not an insurance company, and the cost-sharing programs we market are not insurance and are not regulated as insurance.

2. Our Services and Partners

Several of the programs Journey Health markets are delivered in partnership with third parties. Although these programs may carry Journey branding, information you provide in connection with them is shared with, and administered by, those partners:

  • Sedera, Inc. is a medical cost-sharing community that administers the cost-sharing programs we offer. When you enroll, Sedera receives the information necessary to establish and administer your membership.
  • Health Access Solutions provides administrative services supporting our programs. Information is shared with Health Access Solutions as necessary to enroll and serve members.
  • Direct Primary Care (DPC) practices are independent physician practices you select (or bring to us) for your primary-care relationship. DPC practices are healthcare providers; information you share with them about your health is governed by their own privacy practices and, where applicable, by HIPAA.

Each of these partners has its own privacy practices. We encourage you to review their privacy notices, which are available upon request or from the partner directly. This Policy describes how Journey handles information; it does not replace the privacy practices of our partners.

3. Our Approach to Health Information and HIPAA

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) applies to “covered entities” (healthcare providers, health plans, and healthcare clearinghouses) and their Business Associates. 

Journey Health is generally not a HIPAA covered entity or Business Associate in the ordinary course of its marketing and advisory activities. We do not provide medical care, operate a health plan, or process healthcare claims. The cost-sharing programs we market are not health insurance, and DPC practices maintain their own patient records.

In the ordinary course of business, Journey does not collect or store health data. However, during sales conversations, inquiries, and intake — by phone, email, SMS, chat, or through our AI onboarding assistant — you may voluntarily share information about your health (for example, asking whether a particular condition is addressed by a program). We refer to information of this type as Incidental Health Information.

Although Journey Health is generally not subject to HIPAA, we have chosen to treat Incidental Health Information with HIPAA-aligned safeguards where it makes sense, including:

  • Limiting access to Incidental Health Information to personnel with a legitimate need to know;
  • Encrypting Incidental Health Information in transit and at rest;
  • Training personnel who may handle Incidental Health Information on privacy and security practices;
  • Not using Incidental Health Information for marketing or advertising purposes without your explicit consent;
  • Applying the “minimum necessary” principle — we ask only for information reasonably needed to help you, and we do not retain unnecessary health information;
  • Entering into confidentiality and, where appropriate, Business Associate Agreements with service providers who may encounter Incidental Health Information on our behalf.

Where Journey Health actually does act as a HIPAA Business Associate — for example, under a written Business Associate Agreement with a DPC practice or other covered entity — we comply with the HIPAA Privacy, Security, and Breach Notification Rules with respect to protected health information we handle under that agreement.

4. Information We Collect

Depending on how you interact with us, we may collect the following categories of information across all of our collection channels — including the Site, web forms, phone calls, voicemail, SMS/text, email, live chat, our AI-powered onboarding assistant, paper forms, in-person conversations, events, webinars, and referral or affiliate programs.

4.1 Information You Provide Directly

  • Contact information: first and last name, email address, phone number, mailing address, preferred contact method.
  • Account and enrollment information: date of birth, household size, employment status, state of residence, and information needed to evaluate program eligibility or match you with a DPC provider.
  • Incidental Health Information: health-related information you voluntarily share during inquiries, consultations, or enrollment conversations (see Section 3).
  • Payment information: when you enroll, payment card or bank details are collected and processed by our third-party payment processor. We do not store full card numbers on our systems.
  • Communications: messages, voicemails, chat transcripts, SMS/text exchanges, call recordings, AI assistant conversations, and webinar registrations.
  • Referral and testimonial information: information you share if you refer someone to us, are referred by someone, or participate in a testimonial or case study program.
  • Event and community information: registrations for broker/CPA breakfasts, webinars, employer consultations, or community events.

4.2 Information Collected Automatically

  • Site usage data: IP address, browser type, device identifiers, operating system, pages viewed, referring URLs, search terms, and time spent on pages.
  • Cookies and tracking technologies: we use cookies, pixels, SDKs, and similar technologies, including Google Analytics 4 and advertising pixels such as Google Ads and Meta Pixel, to measure traffic, understand use of the Site, and assess the effectiveness of our marketing.
  • Call recordings and transcripts: telephone communications with our teams may be recorded and transcribed through our Vonage-integrated customer relationship management (“CRM”) system for quality, training, compliance, and service purposes, where permitted by law. You are informed at the start of a recorded call.

4.3 Information From Third Parties

  • Our partners: Sedera, Health Access Solutions, and affiliated DPC practices may share information with us as needed to enroll or serve you.
  • Referral and affiliate partners: if you were referred to us by a creator affiliate, broker, CPA, existing member, or other referral partner, we receive information about that referral.
  • Service providers: analytics, advertising, CRM, AI, and marketing-automation vendors may provide information about your interactions with our advertisements or digital content.

5. How We Use Your Information

We use your information to:

  • Respond to your inquiries and requests;
  • Evaluate your eligibility for DPC membership, cost-sharing programs, or employer solutions;
  • Enroll you in, and administer, programs you select;
  • Communicate with you about your account, enrollment, programs, or inquiries via phone, email, SMS, or mail;
  • Send you marketing communications consistent with your preferences and applicable law (you may unsubscribe at any time);
  • Operate our referral program and, where applicable, our creator affiliate program;
  • Improve the Site, our services, and the member experience;
  • Train personnel and improve our internal processes, including quality assurance for AI-assisted workflows (see Section 7);
  • Detect and prevent fraud, abuse, or unauthorized access;
  • Comply with legal obligations and respond to lawful requests.

5.1 How We Use Incidental Health Information

We use Incidental Health Information only to help you understand whether a Journey Health program is appropriate for your situation and to route you to the right partner or resource. We do not use Incidental Health Information for marketing purposes, for targeted advertising, or for building member profiles for sale or sharing, at any time or under any circumstance, unless you provide explicit, written, program-specific consent.

6. How We Share Your Information

We do not sell your personal information. We share information only as described below.

6.1 With Our Program Partners

As described in Section 2, when you engage with a program we market, we share the information reasonably necessary to enroll you and deliver the program with Sedera, Health Access Solutions, and/or the DPC practice you select.

6.2 With Our Service Providers

We use trusted third-party service providers who need access to information to perform services on our behalf, including:

  • Our CRM and Vonage-based telephony, voice-recording, and transcription infrastructure;
  • Email and marketing-automation providers;
  • Website hosting providers;
  • Analytics and advertising platforms (see Section 9);
  • Payment processors;
  • AI and cloud providers, including Anthropic (Claude), for powering our conversational onboarding assistant and other AI-assisted workflows;
  • Referral-tracking platforms;
  • Legal, accounting, and compliance advisors.

These service providers are contractually obligated to protect your information and to use it only for the purposes we authorize. Where they may access Incidental Health Information on our behalf, we seek Business Associate Agreements or equivalent confidentiality commitments.

6.3 With Creator Affiliates and Referral Partners

If you were referred by a creator affiliate or an existing member, we share limited information (such as the fact of enrollment — not health information) with the referring party as needed to administer our referral and affiliate programs.

6.4 For Legal and Safety Reasons

  • To comply with applicable law, court orders, subpoenas, or other lawful government requests;
  • For public-health activities as permitted by law;
  • To prevent or address fraud, security, or technical issues;
  • To prevent or lessen a serious and imminent threat to the health or safety of any person;
  • To protect Journey’s rights, property, or safety, or that of our members, employees, or others.

6.5 In Connection With a Business Transaction

If Journey Health is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will require the receiving party to honor the commitments in this Policy or provide notice and choice where required by law.

7. AI-Powered Tools and Automated Processing

Journey Health uses artificial intelligence to support activities such as:

  • A conversational AI onboarding assistant on our Site that helps you explore our programs and collects intake information;
  • Summarization of recorded customer-service calls to improve follow-up and service quality;
  • Drafting marketing content, internal reports, and responses to common questions;
  • Analyzing aggregated, de-identified patterns to improve our services.

We do not permit our AI service providers to use your information to train their underlying models. We do not use Incidental Health Information for AI model training. Human oversight is maintained for any material decision affecting your enrollment, partner referral, or service experience. You can always request to speak with a human representative instead of interacting with our AI assistant.

8. How We Protect Your Information

We maintain administrative, technical, and physical safeguards designed to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of information in transit and at rest;
  • Role-based access controls limiting access to personnel with a legitimate need;
  • Multi-factor authentication on systems that handle sensitive information;
  • Privacy and security training for personnel;
  • Vendor due diligence and contractual privacy and security obligations for service providers;
  • Routine review of our security practices and incident-response procedures.

No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8.1 Data Breach Notification

Journey Health commits to notify affected individuals and, where required, regulators in the event of a data breach affecting personal information we hold about you. We will provide such notification in accordance with HIPAA (where applicable), the North Carolina Identity Theft Protection Act, and the breach-notification laws of your state of residence. Our notification will include, to the extent known: the nature of the incident, the categories of information affected, the steps we are taking in response, and the steps you can take to protect yourself. Where required by law, notification will be made without unreasonable delay and within statutorily mandated timeframes.

9. Cookies, Analytics, and Advertising

We and our service providers use cookies, pixels, SDKs, and similar technologies to:

  • Remember your preferences and keep the Site functioning properly;
  • Measure Site traffic, performance, and usage through Google Analytics 4;
  • Serve advertising on third-party platforms and measure its effectiveness (e.g., Google Ads, Meta/Facebook Pixel, YouTube);
  • Track conversions from our creator affiliate and referral programs.

You can control cookies through your browser settings and through any cookie-consent banner we display. Disabling certain cookies may affect Site functionality. Where required by applicable state law, we honor browser-based opt-out signals such as the Global Privacy Control (GPC).

9.1 Do Not Track

“Do Not Track” (DNT) is a browser setting that signals to websites that a user does not wish to be tracked. There is no industry or legal standard for how to interpret DNT signals, and Journey Health’s Site does not currently respond to DNT signals. However, you can exercise choices about analytics and advertising through the cookie-consent controls on our Site and through the opt-out mechanisms described in Section 10.

10. Your Privacy Rights

10.1 State Privacy Rights

Depending on where you live, you may have rights under state law — including under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act, and similar laws. These rights may include:

  • The right to know or access the personal information we collect about you;
  • The right to correct inaccurate personal information;
  • The right to request deletion of your personal information;
  • The right to opt out of the “sale” or “sharing” of personal information, or of targeted advertising;
  • The right to limit the use of sensitive personal information;
  • The right to non-discrimination for exercising privacy rights;
  • The right to appeal a denial of a privacy request.

We do not sell personal information for money. Some uses of advertising cookies and pixels may be considered “sharing” or “targeted advertising” under certain state laws. You can opt out of such activity as described in Section 9.

10.2 HIPAA Rights (Where Applicable)

If Journey Health is acting as a HIPAA Business Associate with respect to specific information we handle on behalf of a covered entity (such as a DPC practice), you have the HIPAA rights applicable to that information, including rights of access, amendment, restriction, accounting of disclosures, and revocation of prior authorization. Those rights are generally exercised through the covered entity; we will cooperate with the covered entity as required by HIPAA and our Business Associate Agreement.

10.3 How to Exercise Your Rights

To exercise any of these rights, contact our Privacy Officer using the information in Section 14. We will respond within the time frames required by applicable law (typically 30–45 days). We may need to verify your identity before fulfilling certain requests, and an authorized agent may submit a request on your behalf with proper authorization. We will not retaliate against you for exercising any privacy right.

11. Email, SMS, and Phone Communications

11.1 Email

If you receive marketing email from us, you can unsubscribe at any time using the link in any marketing message or by contacting us. Transactional messages about your account or services will continue as needed.

11.2 SMS / Text Messaging

Journey Health’s SMS program is provided in compliance with the Telephone Consumer Protection Act (TCPA), Federal Communications Commission rules, and CTIA messaging guidelines.

  • Program name: Journey Health Advisors.
  • Consent: By providing your mobile number and opting in through one of our consent channels, you expressly consent to receive SMS messages from or on behalf of Journey regarding your inquiry, account, enrollment, or services. Consent to receive SMS messages is not a condition of any purchase.
  • Program description: account, enrollment, and customer-service messages, plus program updates you have opted in to receive.
  • Message frequency: varies based on your interaction with us. Typical frequency is not more than several messages per week.
  • Message and data rates may apply. Check with your mobile carrier.
  • HELP: Reply HELP to any message for assistance, or contact us as described in Section 14.
  • STOP: Reply STOP to any message to opt out at any time. After opting out, you will receive one confirmation message and then no further SMS messages from that program.
  • Carrier disclaimer: Carriers are not liable for delayed or undelivered messages. Journey is not responsible for outages or delays attributable to mobile carriers.
  • Eligible carriers: major U.S. carriers including AT&T, T-Mobile, Verizon Wireless, and others.
  • SMS is not for emergencies or sensitive health information. Do not send personally identifying or sensitive health information via SMS. For medical emergencies, dial 911.

11.3 Phone Calls

Calls between you and Journey Health personnel may be recorded and transcribed for quality, training, and compliance purposes, in accordance with applicable state law. You are informed at the beginning of a recorded call. If you prefer not to be recorded, please tell the representative and we will accommodate your request to the extent possible.

12. Data Retention

We retain your information only as long as reasonably necessary to provide our services, meet legal obligations, resolve disputes, and enforce our agreements. The table below reflects our standard retention periods. Where law, a partner agreement, or an open legal matter requires a longer period, we follow that longer period. Where you exercise a valid deletion right under applicable law, we delete information as required by that law.

12.1 Standard Retention Periods

  • Website inquiry / contact form submissions (no enrollment): up to 24 months from your last interaction.
  • AI onboarding assistant conversations (no enrollment): up to 24 months from the conversation.
  • Marketing contact records: until you unsubscribe or request deletion, subject to suppression-list retention for compliance purposes.
  • Active member records: for the duration of your membership.
  • Former member records: up to 7 years after termination, consistent with general business-records and financial-audit standards.
  • Call recordings and transcripts: up to 24 months unless a longer period is required for compliance or a specific business or legal reason.
  • Payment and transaction records: up to 7 years, consistent with tax, accounting, and anti-fraud requirements.
  • Incidental Health Information: removed or minimized as soon as reasonably practicable after it is no longer needed, subject to overriding legal or business-records obligations.
  • Creator affiliate and referral records: for the duration of the partnership plus up to 4 years for audit and chargeback purposes.
  • Employer-program records: for the duration of the employer relationship plus up to 7 years.
  • Website and analytics data: retained consistent with our analytics provider defaults (Google Analytics 4 default: 14 months).
  • Legal, compliance, and dispute records: retained for as long as necessary to address the matter and for the applicable statute of limitations.

When information is no longer needed, we securely delete or de-identify it. De-identified and aggregated information may be retained indefinitely.

13. Children’s Privacy

Our Site and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. We comply with the Children’s Online Privacy Protection Act (COPPA). If you believe we have collected information from a child under 13, please contact our Privacy Officer (Section 14) and we will promptly delete it.

When a parent or legal guardian enrolls a family in one of our programs, information about minor family members is provided by the parent or guardian and is handled consistent with this Policy and applicable law. Parents and guardians may review, update, or delete their child’s information by contacting us.

14. Contact Us

If you have questions, concerns, complaints, or requests regarding this Privacy Policy or our privacy practices, please contact:

Privacy Officer

Journey Health Advisors

8810 Blakeney Professional Drive, Suite 100

Charlotte, NC 28277

Email: info@JourneyHealthAdvisors.com

Phone: 704-412-1916

You may also file a complaint with the attorney general or privacy regulator of your state of residence, or — where HIPAA applies — with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

15. Jurisdiction and Service Availability

Journey Health’s services are offered in the United States. Our cost-sharing programs are not available in all states. If you access the Site from outside the United States, you acknowledge that your information will be processed in the United States, which may have privacy protections that differ from those in your country. By using our services, you consent to this transfer.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this Policy and, where required by law or where changes are material, provide additional notice (such as a banner on the Site or an email to registered members). Your continued use of the Site or our services after the effective date of an updated Policy indicates your acceptance of the updated terms.

17. Your Acknowledgment and Consent

By checking the acknowledgment box on any Journey Health web form or intake flow, typing or stating your agreement in our AI onboarding assistant, clicking “I agree,” or otherwise enrolling in a Journey Health program, you affirm that:

  • You have read and understood this Privacy Policy;
  • You are at least 18 years of age (or the parent/legal guardian of any minor whose information you provide);
  • You consent to Journey Health’s collection, use, storage, and sharing of your information as described in this Policy;
  • You understand that SMS messages, calls, and marketing communications you receive from Journey are subject to the terms in Sections 11 and 5, and that you may opt out of marketing communications at any time;
  • You understand that some programs are administered by our partners (Sedera, Health Access Solutions, or DPC practices) and that information you provide in connection with those programs will be shared with them as described in Section 6; and
  • You understand you may withdraw your consent, request access to or deletion of your information, or exercise other rights as described in Section 10 by contacting our Privacy Officer.

If you do not agree with any part of this Policy, do not provide your information, check the acknowledgment box, or proceed with enrollment.

Journey Health Advisors — Whole Care, not just Health Care.

8810 Blakeney Professional Drive, Suite 100  •  Charlotte, NC 28277  •  journeyhealthadvisors.com