Privacy policy

MEDIC PARADISE PRIVACY NOTICE

LAST UPDATED: May 5, 2026

1.        OVERVIEW AND SCOPE

This Privacy Notice explains how Carpe Diem CA, LLC dba Medic Paradise (“Medic Paradise,” “MP,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit www.medicparadise.com or related sites or apps (the “Site”), communicate with us, or use our marketplace services to discover and book services offered by independent wellness and medical facilities (“Service Providers”). This Notice applies to consumers, visitors, account holders, and Service Providers using the Site and complements our Terms of Service and Cookie Policy.

Role clarification: MP operates a marketplace as an independent intermediary and merchant of record for bookings. We do not practice medicine or provide clinical oversight. Care is delivered solely by independent Service Providers.

Controller status: For data we collect to run the Site (for example, accounts, bookings, payments, support), MP acts as an independent “controller” under EU/UK GDPR and a “business” under U.S. state privacy laws. When we transmit necessary booking details to Service Providers to fulfill services, MP and the receiving Service Provider generally act as independent controllers for their respective processing.

2.        PERSONAL DATA WE COLLECT

Depending on your use of the Site, we may collect:

  • Identifiers and contact data: name, email, phone, postal address, country/region, account ID, cookie/advertising IDs, IP address.
  • Account and communications: login credentials, profile preferences, support inquiries, call/chat or email records.
  • Booking and logistics: requested services, dates/times, location, language, non‑diagnostic suitability notes you choose to share (for example, allergies), and other scheduling details. We instruct users not to upload clinical records through the Site.
  • Government ID/verification (where required): for fraud prevention or pre‑appointment identity checks (for example, driver’s license, passport).
  • Payment and transaction data: payment method tokens, last four digits, billing details, transaction dates/amounts (processed primarily by our payment processors).
  • Device/usage data: log files, IP/MAC, device identifiers, browser type, operating system, app version, pages viewed, links clicked, time on page, referral/exit pages, crash/error data.
  • Marketing and preferences: newsletter/SMS opt‑ins, interests, cookie/consent choices (see Cookie Policy).
  • Inferences/segments: high‑level audience categories to improve services or personalize marketing (for example, “interested in wellness retreats”); never diagnoses or clinical conclusions.
  • Sensitive personal data (limited): only as strictly necessary and permitted by law (for example, identity documents for verification; precise geolocation only if you enable it). MP does not request or store clinical charts via the Site.

3.        SOURCES OF PERSONAL DATA

  • Directly from you (account, forms, bookings, chat/support).
  • Automatically from your devices and browsers (cookies, pixels, SDKs, server logs).
  • From Service Providers (for example, appointment status, completion confirmations).
  • From vendors (payments, fraud/security, analytics, advertising).
  • From lawful third‑party data providers and public sources (for example, contact validation, fraud prevention).

4.        HOW WE USE PERSONAL DATA (PURPOSES)

We use personal data to:

  • Operate, secure, and improve the Site and marketplace.
  • Create and manage accounts; authenticate and maintain sessions.
  • Facilitate discovery and complete bookings as merchant of record; transmit necessary booking details to Service Providers you select.
  • Provide support (typical response 24–48 hours) and service communications.
  • Process payments, refunds, credits; prevent fraud, chargebacks, abuse.
  • Personalize content and communications; perform analytics and A/B testing.
  • Send transactional messages and, with consent or as permitted by law, marketing communications (email/SMS) with opt‑out options.
  • Enforce terms; comply with laws; respond to lawful requests; protect safety, rights, and property.
  • Produce de‑identified or aggregated insights for product and business development.

5.        LEGAL BASES (EU/UK GDPR)

Where GDPR/UK GDPR applies, our legal bases include:

  • Performance of a contract: accounts, bookings, support.
  • Legitimate interests: Site security, fraud prevention, product improvement, limited direct marketing to existing users (with balancing tests).
  • Consent: non‑essential cookies/analytics/advertising; certain marketing; precise geolocation; some international transfers where required.
  • Legal obligations: tax, accounting, KYC/AML where applicable.
  • Vital interests: disclosures necessary to help avert serious harm (rare).

6.        HOW WE DISCLOSE PERSONAL DATA

We disclose personal data as follows (we do not “sell” sensitive personal data):

  • Service providers (processors): payment processing, cloud hosting, storage, security/fraud detection, analytics, communications (email/SMS), consent management, ad tech (for permitted purposes).
  • Service Providers (independent controllers): independent wellness/medical facilities receive booking details to deliver services under their own privacy and healthcare obligations.
  • Advertising/analytics: to measure performance and, with consent where required, for interest‑based advertising (see Cookie Policy for choices).
  • Corporate transactions: in connection with mergers, acquisitions, financing, or sale of assets (subject to confidentiality and lawful safeguards).
  • Legal/safety: to comply with law or protect rights, safety, and security (for example, investigating fraud or abuse).

7.        CHILDREN

The Site is not directed to children under 16 (or the higher age where local law requires consent for online services). We do not knowingly collect or profile children for targeted advertising. If you believe a child provided personal data, contact us to request deletion.

8.        RETENTION

We retain personal data no longer than necessary for the purposes described or as required by law. Illustrative periods:

  • Accounts/bookings: retained while your account is active and a reasonable period thereafter (for example, 3–7 years) to address disputes, tax, and compliance.
  • Payments/financial records: retained as required by financial and tax laws.
  • Marketing preferences and analytics events: retained according to consent status, technical limits, and Cookie Policy lifetimes. We de‑identify or aggregate data where feasible.

9.        SECURITY

We use administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption in transit (TLS 1.2+) and at rest (for applicable systems), least‑privilege access, network segmentation, logging/monitoring, and vendor due diligence. No system is perfectly secure; keep your credentials confidential and notify us of any suspected unauthorized activity.

10.  YOUR RIGHTS AND CHOICES

  • Communications: Unsubscribe links in emails; reply STOP to SMS where available. Transactional messages may still be sent.
  • Cookies/ad tech: Manage via our banner/preferences center and browser settings; see our Cookie Policy (including Global Privacy Control (GPC) handling).
  • Data subject/consumer rights: Depending on your jurisdiction, you may have rights to access, delete, correct, restrict, object, or port data; withdraw consent; and appeal a denial. See Sections 11 and 12 for regional details and how to exercise rights.

11.  EU/UK DISCLOSURES (GDPR/UK GDPR)

  • Controller: Carpe Diem CA, LLC dba Medic Paradise is the controller for the Site. Where legally required, our EU/UK representative details will be provided in this Notice or upon request.
  • International transfers: When transferring personal data outside the EEA/UK to countries without an adequacy decision, we implement appropriate safeguards (for example, EU Standard Contractual Clauses (2021/914) and/or the UK IDTA/Addendum) and supplementary measures where necessary.
  • Rights: You have rights to access, rectify, erase, restrict, object (including to direct marketing), and data portability; and to withdraw consent without affecting prior processing. You may lodge a complaint with your supervisory authority (for example, your EU DPA or the UK ICO).
  • Special categories: MP does not seek special‑category medical records via the Site. If you voluntarily share limited suitability notes (for example, allergies) to assist logistics, we process them only as necessary to fulfill your request and as permitted by law (for example, with explicit consent where required).

12.  U.S. STATE PRIVACY NOTICES

  • Categories collected: identifiers (name, email, IP, IDs), customer records (contact/billing), commercial information (bookings), internet/network activity (usage logs, analytics), geolocation (coarse; precise only if enabled), inferences (preferences), sensitive PI (limited, government ID for verification; precise geolocation only with permission). We do not collect clinical charts/diagnoses via the Site.
  • Purposes and sources: as described in Sections 3–6.
  • Disclosure for “business purposes: to processors/service providers (for example, payments, hosting, analytics) and to independent Service Providers to fulfill bookings.
  • “Sale”/“sharing” and targeted advertising: Some advertising/analytics disclosures may be “sales” or “sharing” under state laws. Opt out via the cookie preferences center and any “Do Not Sell or Share My Personal Information” link; we endeavor to honor recognized opt‑out signals (for example, GPC).
  • Retention: see Section 8.
  • Your rights: right to know/access, delete, correct, portability, and to opt out of sale/sharing/targeted advertising; limit use/disclosure of sensitive PI where applicable; non‑discrimination; and a right to appeal a denial in certain states. We will verify requests and may deny where an exemption applies or verification fails. Authorized agents must provide proof of authorization; we may require direct verification.

13.  PAYMENTS, FRAUD PREVENTION, AND KYC

As merchant of record, MP works with payment processors who collect and process payment data subject to their privacy terms. To protect our community, we may use vendors and internal tools to detect fraud/abuse and, where lawful and proportionate, to perform identity validation (for example, government ID checks for certain bookings).

14.  HEALTH INFORMATION AND HIPAA

MP is not a HIPAA “covered entity.” MP does not request clinical records through the Site. If HIPAA‑regulated information is processed in connection with a provider arrangement, it is handled by the Service Provider or under a separate business associate agreement where legally required. Direct questions about medical records to your Service Provider.

15.  INTERNATIONAL USERS

If you access the Site from outside the U.S., your data may be processed in the U.S. and other countries with different data‑protection laws. We apply appropriate safeguards for cross‑border transfers as described in Sections 9 and 11 and in our Cookie Policy.

16.  DO NOT TRACK AND GLOBAL PRIVACY CONTROL

Because there is no common Do Not Track (DNT) standard, we generally do not respond to DNT signals. Where required by law, we process recognized browser‑based opt‑out signals (for example, GPC) for relevant activities.

17.  CHANGES TO THIS NOTICE

We may update this Notice to reflect changes in our practices, technologies, or laws. When we do, we will update the “Last Updated” date and, where required, provide additional notice or obtain consent.

18.  CONTACTING US AND EXERCISING RIGHTS

  • Requests: Email admin@medicparadise.com or use any privacy webform available on the Site. Specify the right you wish to exercise and your jurisdiction. We will respond as required by law and provide appeal instructions where applicable.
  • Contact: Carpe Diem CA, LLC dba Medic Paradise, 31583 Castaic Rd, Suite C #112, Castaic, CA 91384, USA; admin@medicparadise.com.
  • EU/UK representative and Data Protection Officer (if appointed): Details will be provided in this Notice or upon request.