Privacy Policy
Effective Date: May 16, 2026 Last Updated: May 16, 2026
1. Introduction
Hexidus Labs ("Hexidus Labs," "we," "us," or "our"), a sole proprietorship operating under Robert Piedra and based in Miami-Fort Lauderdale, Florida, operates the website hexiduslabs.com (the "Site") and provides professional services related to website development, patient intake systems, online booking integration, AI tool integration, payment integration, and operational support for independent healthcare and wellness practices (the "Services").
This Privacy Policy describes how we collect, use, share, and protect information about visitors to the Site and individuals who engage us for Services ("you," "your"). By visiting the Site or engaging our Services, you agree to the practices described in this Policy.
2. Important Healthcare Disclaimer
Hexidus Labs is NOT a HIPAA-covered entity. We do not provide medical care, treatment, diagnosis, or clinical services. The Services we provide are limited to technology, design, and business operations support for healthcare and wellness practices.
We do NOT collect, store, transmit, or process Protected Health Information ("PHI") on the Site or through our marketing channels. If a Client engages us to build a system that handles PHI on the Client's own infrastructure, we will execute a separate Business Associate Agreement ("BAA") before any PHI is touched. The Site itself does not collect PHI.
3. Information We Collect
3.1 Information You Provide
We collect information you voluntarily provide when you:
- Submit a contact form on the Site
- Schedule a discovery call via our booking link (e.g., Cal.com)
- Subscribe to a newsletter or content list
- Engage us as a Client (business name, contact information, billing information processed by Stripe)
- Communicate with us by email, chat widget, or phone
Categories of information may include: name, email address, business name, role or title, practice type, phone number, and free-text descriptions of your needs or goals.
3.2 Automatically Collected Information
When you visit the Site, we and our third-party service providers may automatically collect:
- IP address (approximate, used for analytics; not stored long-term)
- Browser type, device type, operating system
- Referring URL, pages viewed, time on page
- Cookies and similar tracking technologies (see Section 7)
3.3 Information We Do NOT Collect
- We do not collect Protected Health Information on the Site
- We do not request or store payment card numbers directly — all payment processing is handled by Stripe (see Section 5)
- We do not request or store social security numbers, government identification numbers, or other sensitive identifiers from Site visitors
4. How We Use Information
We use the information we collect to:
- Respond to inquiries and provide requested information
- Schedule and conduct discovery calls and consultations
- Provide, maintain, and improve the Services
- Send transactional communications (proposal sent, contract sent, invoice issued, payment received, etc.)
- Send marketing communications (only with your consent — you can opt out at any time)
- Comply with legal obligations
- Analyze Site usage to improve the Site
5. Third-Party Service Providers
We use the following third-party services that may collect or process information on our behalf:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing, recurring billing, customer portal | stripe.com/privacy |
| DocuSign | Electronic contract signing | docusign.com/company/privacy-policy |
| Vercel | Site hosting and infrastructure | vercel.com/legal/privacy-policy |
| Cal.com | Discovery call scheduling | cal.com/privacy |
| Google Analytics (if enabled) | Aggregate Site usage analytics | policies.google.com/privacy |
| Email provider (Resend, Gmail, or similar) | Transactional and marketing email | varies by provider |
These providers have their own privacy policies governing their use of information. We recommend reviewing their policies for details on their data handling practices.
6. How We Share Information
We do NOT sell your information. We share information only as follows:
- With service providers (listed in Section 5) acting on our behalf, under contractual obligations limiting use of the information to providing the relevant service
- To comply with law if required by court order, subpoena, regulatory request, or other legal process
- In connection with a business transaction (sale of business assets, merger, etc.), with appropriate confidentiality protections
- With your explicit consent when you direct us to share information with a specific third party
7. Cookies and Tracking Technologies
The Site uses cookies and similar technologies for:
- Essential functionality (remembering your preferences and session state)
- Analytics (understanding aggregate Site usage to improve the Site)
You can control cookies through your browser settings. Disabling cookies may affect Site functionality.
8. Data Retention
We retain information only as long as necessary for the purposes described in this Policy:
- Inquiry and contact form submissions: 24 months unless you become a Client
- Client business records: 7 years after final engagement (for tax and legal compliance)
- Marketing email lists: until you unsubscribe
- Site analytics: aggregated and anonymized after 14 months
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the information we hold about you
- Correct inaccurate information
- Delete your information (subject to legal retention requirements)
- Opt out of marketing communications at any time
- Withdraw consent previously given
- Data portability — request a copy of your information in a machine-readable format
To exercise any of these rights, contact us at robert@hexiduslabs.com. We will respond within 30 days.
10. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including:
- The right to know what personal information we collect and how it is used
- The right to delete your personal information
- The right to opt out of the sale of personal information (we do not sell personal information)
- The right to non-discrimination for exercising these rights
To exercise these rights, contact us at robert@hexiduslabs.com.
11. European Residents (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR, including those described in Section 9. The legal bases on which we process personal information include:
- Consent (when you opt in to communications or specific data uses)
- Performance of a contract (when processing is necessary to provide Services)
- Legitimate interests (such as improving the Site, preventing fraud, securing our systems)
- Legal obligation (when processing is required by law)
12. Children's Privacy
The Site and Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will delete it promptly.
13. Security
We use commercially reasonable physical, technical, and administrative safeguards to protect information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. No method of transmission over the internet or storage is 100% secure, however, and we cannot guarantee absolute security.
14. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this Policy and may notify you by email or a notice on the Site. Continued use of the Site after changes constitutes acceptance of the revised Policy.
15. Contact Us
Questions about this Policy?
Hexidus Labs Robert Piedra, Founder Miami-Fort Lauderdale, Florida, USA
- Email: robert@hexiduslabs.com
- Website: hexiduslabs.com
This Privacy Policy was last reviewed and updated on May 16, 2026.