Privacy Policy

Last updated: 1/16/2025

Privacy Policy

Pacific Heights Health, Inc. dba Oana Health (“Oana Health,” “,”“we,” or “us”) provides websites, information, online resources, and access to treatments and services for women with PCOS (the “Services”). This Privacy Policy describes how we handle the personal information we collect when you visit any of our websites that link to this Privacy Policy (the “Sites”) or otherwise access or use our Services.

Please note that as part of the Services, we may process information that is subject to various federal and state law protections. We are required by law to maintain the privacy and security of your health information in accordance with federal and state law. For more information, please see the “How We Use Health Information” Section below.

Personal Information We Collect

We may collect the following categories of personal information:

Personal Information You Provide to Us

  • Contact and account information, such as your name, email, mailing address, phone number, and account credentials. 

  • Health screening information that you provide in response to surveys within the Services, including information about your health, health history, allergies, medications you take, symptoms you are experiencing, images, and pregnancy status.  

  • Payment information needed to complete any purchases you make on the Site or within the Services (including payment card information and billing information) and your transaction history. Payment card information is processed by our payment service provider in accordance with its privacy policies and terms.

  • Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.

  • Marketing information, such as your preferences for receiving communications about our Services and publications, and details about how you engage with our communications.

Personal Information from Other Sources

  • Social media information. We may maintain pages on social media platforms, such as Instagram and X. When you visit or interact with our pages on those platforms, you or the platforms may provide us with information through the platform. 
  • Medical providers, pharmacies, and lab testing providers. We may receive information from affiliated medical groups and pharmacies in connection with the Services, including your treatment plans and information about your prescriptions. If you request lab tests in connection with the Services, we may receive information about your test results from our lab testing partners to facilitate your use of the Services. 

Automatically-Collected Data

  • Device data, such as your computer’s or mobile device’s operating system, manufacturer and model, browser type, IP address, unique identifiers, language settings, mobile device carrier, and general location information such as city, state or geographic area; and

  • Usage data, such as pages or screens you viewed, how long you spent on a page, browsing history, and access times.

How We Use Personal Information

We use personal information for the following purposes:

Service delivery. We use personal information to provide, operate and administer the Services. This includes:

  • Creating and maintaining your account on the Services;
  • Analyzing health screening information to help you decide on treatment options;
  • Facilitating access to treatments and lab testing;
  • Processing your payments and completing transactions with you;
  • Communicating with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages;
  • Understanding your needs and interests to personalize your experience with the Services; and
  • Providing support for the Services and responding to your requests, questions and feedback.

Research and development. We may use and analyze personal information for research and product development purposes, including to develop aggregated or de-identified statistics, to analyze and improve the Services, to identify usage trends, and to operate and expand our business activities. 

Marketing and advertising. Where permitted by applicable laws, we may use personal information for marketing and advertising purposes, including:

  • Direct marketing. We may send you newsletters and email marketing in accordance with your preferences, and we may tailor our communications with you to accommodate your interests and use of the Services; 
  • Interest-based advertising. We may engage third-party advertising companies to display ads promoting our services across the web. These companies may use cookies and similar technologies to collect information about interactions over time across the Internet and use that information to serve online ads that they think will be of interest. 

To comply with law. We may use personal information as we believe necessary or appropriate to comply with lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

Compliance, fraud prevention, and safety. We may use personal information to protect our or others’ rights, privacy, safety or property (including by making and defending legal claims), enforce the terms and conditions that govern the Services; and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

How We Use Health Information

As part of the Services, we may receive sensitive information about your health, including your responses to health screening questionnaires and information we receive from medical groups, pharmacies, and lab testing providers (collectively, “Health Information”). We use this information for the Service Delivery purposes described above and as required for legal and compliance purposes. We may also aggregate and anonymize Health Information for research and development purposes, provided such information cannot be linked to you.

Some of the Health Information we receive may constitute “protected health information” or “PHI” pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”). For example, we may receive PHI from licensed pharmacies or medical groups as a “business associate” to such pharmacies or medical groups for the provision of the Services to you. Our receipt of PHI is governed by HIPAA and our agreements with the pharmacies and medical groups that provide such PHI to us. For more information about your rights under HIPAA, please contact the pharmacy or medical group directly.

How We Share Personal Information

We may share personal information with:

Health care partners. Our affiliated medical groups may receive and analyze your Health Information to provide you with treatment options. We also share information with lab testing partners, pharmacies, and other healthcare professionals to facilitate the delivery of our Services.

Service providers. We share personal information with companies and individuals that provide services on our behalf or help us operate our Services or our business, including cloud hosting, analytics, customer relationship management, marketing, IT support, and other services.

Advertising partners. We may share personal information that we collect on our Sites with third party advertising companies, where permitted by applicable laws.

Professional advisors. We share personal information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. We may share personal information with law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate.

Business transferees. We may share personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Oana Health or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Your Choices

Unsubscribe from direct marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication we send you. You may continue to receive service-related and other non-marketing communications. 

Update your account. You may contact us at any time to delete your account or update your account information.

Opt-out of interest-based advertising. You may limit online tracking by:

  • Blocking cookies in your browser. Most browsers let you remove or reject third-party cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit

  • Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

  • Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at:  

  • Platform opt outs. The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:

  • Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:

Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit

Data Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.


Our Services are not intended for use by children without the consent of their parents or guardians. If we learn that we have collected personal information through our Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner.