Last Updated: June 24, 2026
Introduction
EDS Connective, LLC (“EDS Connective,” “we,” “us,” or “our”) operates a virtual health platform that facilitates evaluation and diagnosis of hypermobile Ehlers-Danlos Syndrome and related hypermobility spectrum disorders as well as screening for other forms of Ehlers-Danlos Syndrome and heritable connective tissue disorders with referrals for genetic testing where indicated. This Privacy Policy (“Policy”) describes how we collect, use, disclose, retain, and protect personal information when you visit our website (the “Site”), use our intake platform, interact with our services provided through a third-party telehealth provider or otherwise engage with us (collectively, the “Services”).
This Policy applies to all individuals who access or use the Services, including visitors to our Site, users on our waitlist, users who complete our intake process, and users who receive diagnostic services facilitated through a third-party telehealth provider. This Policy does not apply to the practices of third parties that we do not own or control, including a third-party telehealth provider, which maintains its own privacy policy governing data collected directly on its platform.
We are committed to transparency regarding our data practices. Because we collect sensitive personal information, including health information, genetic data, and potentially biometric identifiers, we maintain prescriptive consent mechanisms that allow you to make informed, specific choices about how your data is used. Where this Policy states that a particular use requires your “Separate Consent, ” that means we will present you with a standalone disclosure and obtain your affirmative consent for that specific purpose before proceeding. You will not be required to consent to all uses as a condition of using the Services. Please read this Policy carefully. By accessing or using the Services, you acknowledge that you have read and understood this Policy.
We do not knowingly collect personal information from individuals under the age of 18. Our Services are intended solely for users who are 18 years of age or older. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information promptly.
Information We Collect
We collect the following categories of personal information in connection with the Services:
Information You Provide Directly
Account and Registration Information. When you create an account, join our waitlist, or register for our Services, we collect your name, email address, phone number, date of birth, mailing address, and other contact information.
Health and Medical Information. Through our intake process, we collect detailed information about your medical history, symptoms, prior diagnoses, medications, treatments, and other health-related information you provide in response to our intake questionnaire. This information constitutes sensitive personal information under applicable state privacy laws.
Photographs and Images. We collect photographs that you upload depicting your joints in specific positions and other physical features as part of the diagnostic evaluation process. These photographs are used to assess hypermobility, and in addition to being viewed by an independent provider on a third-party telehealth platform, these photographs may be processed using artificial intelligence and machine learning technologies for measurement, comparison, or analysis. Such processing may create biometric identifiers or biometric information as defined under applicable state laws.
Genetic Testing Results. Where indicated, we may collect genetic testing results that you upload or that are provided to us by third-party testing laboratories at your direction. Genetic data constitutes sensitive personal information under applicable state and federal law.
Medical Records and Documents. You may upload medical records, prior diagnostic reports, imaging results, and other documentation to support your evaluation.
Healthcare Provider Information. You may provide the name, contact information, and specialty of your primary care physician and other healthcare providers so that we may communicate diagnostic results and other information to them at your direction.
Payment Information. We collect payment card information and billing details necessary to process transactions. Payment processing is handled by third-party payment processors, and we do not store complete payment card numbers on our systems.
Communications. We collect the content of communications you send to us, including emails, messages through the platform, and customer support inquiries.
User-Generated Content. If you submit testimonials, reviews, blog posts, videos, or other content for publication on our Site or social media channels, we collect that content along with any personal information it contains.
Information Collected Automatically
Device and Usage Information. When you access the Site, we automatically collect information about your device, browser type, operating system, IP address, referring URLs, pages viewed, links clicked, and other usage data.
Cookies and Tracking Technologies. We use cookies, pixels, web beacons, and similar tracking technologies to collect information about your interactions with the Site. This includes first-party cookies for site functionality and third-party cookies and pixels from advertising partners including Meta (Facebook) and Google. For more information, please see the “Cookies and Tracking Technologies” section below.
Geolocation Information. We may infer your approximate geographic location based on your IP address. We do not collect precise geolocation data from your device without your consent.
Information from Third Parties
A THIRD-PARTY TELEHEALTH PROVIDER). We may receive information about your telehealth encounter, diagnostic results, and provider communications from a third-party telehealth provider in connection with the Services you have requested.
Advertising Partners. We may receive information from advertising platforms about your interactions with our advertisements on third-party sites.
CRM and Marketing Platforms. We use HubSpot and other customer relationship management tools to manage waitlist, user evaluations and interest, marketing, and communications data, as well as other functions EDS requires.
How We Use Your Information
We use the personal information we collect for the following purposes:
To Provide the Services. We use your information to facilitate the intake process, enable diagnostic evaluation through a third-party telehealth provider, communicate results, and provide related services.
To Communicate with You. We use your contact information to send service-related communications, respond to inquiries, provide customer support, and send administrative notices.
For Purposes Requiring Separate Consent. Certain uses of your personal information require your Separate Consent before we may proceed. Each of the following purposes is presented and consented to individually; you may grant or withhold consent for each independently:
For Marketing and Advertising. We use your information to send promotional communications (where you have consented or where otherwise permitted by law), to deliver targeted advertising through third-party platforms, and to measure the effectiveness of our marketing campaigns.
To Send Marketing Communications to Your Healthcare Providers. We may send marketing information, educational resources, and referral information to the healthcare providers whose contact information you provide. Such communications are subject to applicable law, including the federal Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”).
For Legal Compliance and Protection. We use your information as necessary to comply with applicable laws, respond to legal process, protect our rights, and enforce our Terms of Service.
How We Share Your Information
We may share your personal information with the following categories of recipients:
Service Providers. We share information with third-party vendors who perform services on our behalf, including but not limited to hosting providers (such as Cloudflare and Amazon Web Services), payment processors (such as Stripe), CRM platforms (such as HubSpot), analytics providers, and customer support tools. These providers are contractually obligated to use your information only for the purposes of providing services to us.
MD Integrations. We share your intake data with a third-party telehealth provider to facilitate the telehealth encounter and diagnostic evaluation you have requested.
Recipients Requiring Separate Consent. We share personal information with the following recipients only when you have granted the corresponding Separate Consent described in “How We Use Your Information” above: your designated healthcare providers, third-party research organizations, and commercial purchasers (data sale). For details on your rights regarding data sales, see “Your Rights Regarding the Sale of Your Personal Information” below.
Advertising Partners. We share information with advertising platforms, including but not limited to Meta and Google, through pixels, cookies, and other tracking technologies for purposes of delivering targeted advertising and measuring campaign performance. See “Cookies and Tracking Technologies” below.
Legal and Safety Purposes. We may disclose your information to law enforcement, government authorities, or other third parties where required by law, in response to valid legal process, or where necessary to protect the safety, rights, or property of EDS Connective, our users, or the public.
Business Transfers. In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction.
Sensitive Personal Information
Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other applicable state privacy laws, certain categories of information we collect constitute “sensitive personal information.” For EDS Connective, these include:
We process sensitive personal information only for the purposes disclosed in this Policy, including to provide the Services, to fulfill the purposes for which it was collected, and pursuant to the Separate Consent mechanisms described in “How We Use Your Information” above, or as otherwise permitted by law. We do not use or disclose sensitive personal information for purposes beyond those identified in California Civil Code § 1798.121, unless you have provided Separate Consent for such use. You may limit our use and disclosure of your sensitive personal information as described in “Your Privacy Rights” below.
Biometric Information
Our Services may involve the processing of photographs you upload using artificial intelligence and machine learning technologies. This processing, which may include measurement, comparison, pattern recognition, or identification of physical characteristics, may create biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), Washington's biometric privacy statute, and similar state laws.
Purpose and Retention. Biometric information derived from your photographs is used to assess joint hypermobility and improve diagnostic accuracy. We retain biometric identifiers only for as long as necessary to fulfill the purpose for which they were collected. Upon expiration of the retention period, or upon your request, we will permanently destroy biometric data using commercially reasonable methods.
Disclosure and Consent. We will not sell, lease, trade, or otherwise profit from your biometric identifiers, nor disclose them to any third party, unless: (a) you provide written consent specific to the disclosure; (b) disclosure is required by law or valid legal process; or (c) disclosure is necessary to complete a transaction you have requested. Before collecting biometric identifiers, we will provide you with a standalone Biometric Information Consent form stating the specific purpose and retention period, and will obtain your written release as a condition of using the photographic assessment features.
Cookies and Tracking Technologies
We use the following categories of cookies and tracking technologies on the Site:
Strictly Necessary Cookies. These cookies are essential for the Site to function and cannot be switched off. They include cookies that enable you to log in, navigate the Site, and use its features.
Performance and Analytics Cookies. These cookies help us understand how visitors interact with the Site by collecting information about pages visited, time spent on pages, errors encountered, and other activity. We use Google Analytics and similar tools for this purpose.
Advertising and Targeting Cookies. We use third-party cookies and pixels, including the Meta Pixel and Google advertising tags, to deliver targeted advertisements, measure advertising campaign effectiveness, and build audience profiles for advertising purposes. These technologies may collect and transmit information about your browsing activity on our Site and across other websites and devices to those third-parties.
Your Cookie Choices. When you first visit the Site, you will be presented with a cookie consent mechanism that allows you to accept or decline non-essential cookies. You may update your cookie preferences at any time through the cookie settings link on our Site. Certain state laws require opt-in consent for non-essential cookies, particularly when health-related browsing data may be collected. We honor these requirements based on your location.
You may also control cookies through your browser settings. However, disabling cookies may affect the functionality of the Site.
Your Privacy Rights
Depending on your state of residence, you may have some or all the following rights regarding your personal information:
Right to Know / Right of Access. You have the right to request that we disclose what personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we have shared your information.
Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.
Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Portability. You have the right to receive a copy of your personal information in a portable, readily usable format.
Right to Opt-Out of Sale. You have the right to opt out of the sale of your personal information. Because we use an opt-in model, no sale will occur unless you have granted Separate Consent, which you may withdraw at any time.
Right to Opt-Out of Targeted Advertising. You have the right to opt out of the processing of your personal information for purposes of targeted advertising.
Right to Limit Use of Sensitive Personal Information. You have the right to direct us to limit our use and disclosure of your sensitive personal information to only those uses that are necessary to perform the Services you have requested, or as otherwise authorized by law. When you exercise this right, we will restrict processing of your sensitive personal information to: (i) providing the Services and fulfilling your requests; (ii) ensuring security and integrity; (iii) detecting and preventing fraud; (iv) short-term transient use; and (v) performing services on our behalf, such as maintaining your account, providing customer service, and processing your transactions. We will not use your sensitive personal information for purposes requiring Separate Consent unless you have affirmatively granted such consent.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.
Right to Appeal. If we deny your privacy request, you may appeal that decision by contacting us at the information provided below. If your appeal is denied, you may contact your state attorney general's office.
To exercise any of these rights, please contact us using the information provided in the “Contact Us” section below. We will verify your identity before processing your request and will respond within the timeframe required by applicable law (generally 45 days, with the possibility of a 45-day extension where necessary).
Your Rights Regarding the Sale or Sharing of Your Personal Information
Under the CCPA and other state privacy laws, “sale” is broadly defined and may include transfers of personal information for monetary or other valuable consideration. “Sharing” includes making personal information available to third parties for cross-context behavioral advertising, whether or not for monetary consideration. We will not sell your personal information, including health information, genetic data, or biometric information, without your Separate Consent. We may share certain personal information (such as device identifiers and browsing activity) with advertising partners through cookies and tracking technologies for targeted advertising purposes. You may opt out of this sharing at any time by using the “Do Not Sell or Share My Personal Information” link on our Site or by transmitting a Global Privacy Control (GPC) signal.
Data Broker Obligations
Certain state laws, including those in California and Texas, impose registration and compliance obligations on businesses that qualify as “data brokers”, generally defined as businesses that sell the personal information of consumers with whom they do not have a direct relationship. If EDS Connective engages in data sales or data-sharing arrangements that trigger data broker classification under any applicable state law, we will comply with all registration, disclosure, and consumer-rights obligations required by that jurisdiction. This may include enhanced deletion rights, additional opt-out mechanisms, and periodic regulatory filings. We will update this Policy to reflect any such obligations as they become applicable.
California Residents - Additional Disclosures
If you are a California resident, the CCPA provides you with the following additional rights and protections:
Right to Know Specific Pieces of Information. In addition to the general right of access described above, California residents may request that we disclose the specific pieces of personal information we have collected about them.
Right to Opt-Out of Sharing for Cross-Context Behavioral Advertising. You have the right to opt out of the sharing of your personal information for cross-context behavioral advertising. We share certain information with advertising partners (including Meta and Google) through pixels and tracking technologies for this purpose. You may opt out by using the “Do Not Sell or Share My Personal Information” link on our Site or by transmitting a Global Privacy Control (GPC) signal through your browser.
Right to Limit Use of Sensitive Personal Information. As described in “Your Privacy Rights” above, you have the right to direct us to limit our use of your sensitive personal information. We provide a “Limit the Use of My Sensitive Personal Information” mechanism on our Site as required by the CCPA.
Authorized Agents. California residents may designate an authorized agent to submit privacy requests on their behalf. We may require the authorized agent to provide proof of written authorization and may verify your identity directly before processing the request.
Categories of Personal Information Collected, Disclosed, and Sold or Shared. The following table describes, for the preceding twelve months, the categories of personal information we have collected, the sources of that information, the business or commercial purposes for which it was collected, and the categories of third parties to whom it was disclosed, sold, or shared:
Identifiers (e.g., name, email address, phone number, date of birth, mailing address, IP address, account credentials). Sources: Directly from you; automatically collected. Purposes: Provide the Services; communicate with you; marketing and advertising; legal compliance. Disclosed to: Service providers; a third-party telehealth provider; advertising partners. Sold or shared: Not sold; shared with advertising partners for cross-context behavioral advertising (subject to opt-out).
Personal Information Under Cal. Civ. Code § 1798.80 (e) (e.g., name, address, telephone number, health insurance information, medical information). Sources: Directly from you. Purposes: Provide the Services; facilitate diagnostic evaluation; communicate results. Disclosed to: Service providers; a third-party telehealth provider; healthcare providers (with Separate Consent). Sold or shared: May be sold to, or shared with, commercial third parties with your Separate Consent.
Protected Classification Characteristics (e.g., age, date of birth). Sources: Directly from you. Purposes: Verify eligibility (18+ age requirement); provide the Services. Disclosed to: Service providers. Sold or shared: Not sold or shared.
Commercial Information (e.g., transaction history, payment records, services purchased). Sources: Directly from you; payment processors. Purposes: Process transactions; maintain account records. Disclosed to: Service providers (payment processors). Sold or shared: Not sold or shared.
Internet or Other Electronic Network Activity (e.g., browsing history, search history, interactions with the Site, device information, cookies, pixel data). Sources: Automatically collected; advertising partners. Purposes: Site functionality; analytics; targeted advertising. Disclosed to: Service providers; advertising partners (Meta, Google). Sold or shared: Not sold; shared with advertising partners for cross-context behavioral advertising (subject to opt-out).
Geolocation Data (approximate location inferred from IP address). Sources: Automatically collected. Purposes: Comply with state-specific privacy requirements; deliver location-appropriate content. Disclosed to: Service providers. Sold or shared: Not sold or shared.
Sensory Data (photographs of joints uploaded for diagnostic evaluation). Sources: Directly from you. Purposes: Facilitate diagnostic evaluation; internal research (with Separate Consent). Disclosed to: Service providers; a third-party telehealth provider; research organizations (with Separate Consent). Sold or shared: May be sold to commercial third parties with your Separate Consent.
Professional or Employment-Related Information (healthcare provider name, specialty, and contact information submitted by users). Sources: Directly from you. Purposes: Communicate diagnostic results to designated providers; marketing communications to providers. Disclosed to: Service providers. Sold or shared: Not sold or shared.
Inferences (diagnostic assessments, health risk profiles, and other conclusions drawn from information collected through the intake process and photographic assessment). Sources: Derived from information you provide and AI/ML processing. Purposes: Facilitate diagnostic evaluation; internal research (with Separate Consent). Disclosed to: a third-party telehealth provider; healthcare providers (with Separate Consent); research organizations (with Separate Consent). Sold or shared: May be sold to commercial third parties with your Separate Consent.
Sensitive Personal Information (health and medical information; genetic data; biometric identifiers; account login credentials). Sources: Directly from you; derived from AI/ML processing of photographs. Purposes: Provide the Services; purposes requiring Separate Consent as described in this Policy. Disclosed to: Service providers; a third-party telehealth provider; recipients requiring Separate Consent. Sold or shared: May be sold to, or shared with, commercial third parties with your Separate Consent. You have the right to limit our use and disclosure of sensitive personal information as described above.
Financial Incentives. We do not currently offer financial incentives or price or service differences in exchange for the retention, sale, or sharing of your personal information. If we offer any such program in the future, we will provide the material terms and obtain your opt-in consent before enrolling you.
Retention. We retain each category of personal information for the periods described in the “Data Retention” section of this Policy. Retention periods are determined based on the business or commercial purpose for which the information was collected, our legal obligations, and whether the information is subject to a Separate Consent with a specific retention commitment.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Specific retention periods include:
When personal information is no longer needed for its collected purpose, we will securely delete or de-identify it.
Data Security
We implement commercially reasonable administrative, technical, and physical security measures designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Given the sensitivity of the health, genetic, and potentially biometric data we collect, our security program includes encryption at rest and in transit, access controls, employee training, and regular security assessments.
However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your personal information.
Health Breach Notification
In the event of a breach of unsecured personally identifiable health information, we will notify affected individuals and applicable regulatory authorities in accordance with the FTC Health Breach Notification Rule, applicable state breach notification laws, and other applicable legal requirements. Most state breach notification laws require notification within 30 to 60 days of discovering a breach.
Third-Party Links and Services
The Site and Services may contain links to third-party websites, products, and services, including those of healthcare providers, treatment resources, product sellers, and advisors. This Policy does not apply to the practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.
Email Marketing and Communications
We send commercial email communications in compliance with the federal CAN-SPAM Act and applicable state laws. You may opt out of receiving promotional emails at any time by clicking the “unsubscribe” link included in each email or by contacting us using the information in the “Contact Us” section below. Please note that even if you opt out of promotional emails, we may continue to send you service-related communications necessary for the provision of the Services.
Do Not Track Signals
Some browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no common industry standard for interpreting DNT signals, we do not currently respond to DNT signals. However, we honor opt-out preference signals recognized under applicable state laws, including the Global Privacy Control (GPC).
Changes to This Privacy Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will provide notice by posting the updated policy on the Site with a revised “Last Updated” date and, where appropriate, by sending notice to your registered email address. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Policy.
Contact Us
If you have questions, concerns, or requests regarding this Policy or our data practices, please contact us at:
EDS Connective Email: privacy@edsconnective.com
EDS Connective Mailing Address: 1400 Walnut Street, Suite 108, Des Moines, Iowa 50309
If you are not satisfied with our response to your inquiry, you may contact your state attorney general's office or other applicable regulatory authority.
