Privacy Policy

Updated: November 29, 2025

This Privacy Policy explains how Innerstill (“Innerstill”, “we”, “us”, or “our”) collects, uses, and protects personal information when individuals complete our online consent forms and when we use Google services (such as Google Forms, Google Sheets, and Google Apps Script) to process that information.

By submitting information through our forms or otherwise providing us with your personal information, you agree to the practices described in this Privacy Policy.

1. Who We Are

Within Health LLC dba Innerstill is a company that provides wellness and cognitive support services.

Contact details

  • Email: info@innerstillhealth.com

    Mailing address: 8 The Green Ste B, Dover, Delaware 19901

If you have any questions about this Privacy Policy or how we handle your information, you can contact us using the email above.

2. What Information We Collect

When you complete our online consent forms or interact with our services, we may collect:

Information you provide directly

  • Identification details (e.g., name, date of birth, contact information)

  • Consent-related information (e.g., your agreement to participate in services, preferences, acknowledgments)

  • Health- and wellness-related information you choose to share in the form fields

  • Other information you voluntarily provide in free-text fields

Technical and usage information

When our forms are used, Google may collect:

  • IP address and device information

  • Browser type and general usage data

These are collected and processed according to Google’s own privacy policies.

We do not intentionally collect information from children under 13 without appropriate parental or guardian consent.

3. How We Use Your Information

We use the information collected through our forms and related systems for the following purposes:

  • To record and manage your consent for services or programs

  • To deliver, coordinate, and improve the services you have requested

  • To communicate with you and (where appropriate) your provider or care team

  • To comply with legal, regulatory, or professional obligations

  • For internal administration, quality assurance, and security

We do not sell your personal information.

4. Legal Bases (if applicable under GDPR / similar laws)

Where applicable, we rely on one or more of the following legal bases to process your information:

  • Your consent (for example, when you explicitly agree to participate in services)

  • Performance of a contract (providing services you requested)

  • Compliance with legal obligations

  • Legitimate interests (such as improving our services and ensuring security), provided these are not overridden by your rights and interests

5. How We Use Google Services and Apps Script

We use Google Forms, Google Sheets, and Google Apps Script to collect and process consent information:

  • When you submit a form, your responses are stored in a Google Sheet in our Google account.

  • A Google Apps Script runs inside our Google Workspace environment to:

    • Read the form responses in the associated Sheet

    • Determine the appropriate location based on your selected location field

    • Send an email notification containing the form data to:

      • Designated Innerstill HQ email addresses; and

      • The email address associated with the location you selected.

Key points:

  • The script runs entirely within Google’s infrastructure and does not send data to any external servers other than via email to the specified Innerstill addresses.

  • Access to the Google Sheet and Apps Script project is limited to authorized Innerstill personnel.

  • We use reasonable administrative, technical, and physical safeguards to protect these accounts (see Security section below).

Use of Google services is also governed by Google’s own terms and privacy policy.

6. When We Share Your Information

We may share your information:

  • With authorized Innerstill staff and contractors who need the information to provide services and handle your consent

  • With the specific location you select in the consent form (e.g., a particular clinic or site) for scheduling and care coordination

  • With service providers that support our operations (for example, secure email, IT, or hosting providers), under appropriate confidentiality and data protection obligations

  • When required by law, regulation, court order, or to respond to lawful requests from authorities

  • In connection with a business transfer, reorganization, or merger, subject to appropriate safeguards

We do not sell your personal information to third parties.

If we share data with any third party for service delivery, we seek to ensure they provide a level of protection that is consistent with this Privacy Policy and applicable law.

7. Data Retention

We retain personal information for as long as necessary to:

  • Maintain a record of your consent and services

  • Comply with legal, regulatory, and professional obligations

  • Resolve disputes and enforce our agreements

After this period, data may be securely deleted, anonymized, or archived in accordance with our internal policies and applicable laws.

8. Security

We take reasonable and appropriate measures to protect your information, including:

  • Limiting access to personal information to authorized personnel only

  • Using secure Google accounts with enforced authentication measures

  • Restricting access to the Google Sheets and Apps Script projects that process consent forms

  • Employing standard technical and organizational safeguards to protect against unauthorized access, loss, or misuse

No system is completely secure, and we cannot guarantee absolute security. However, we continuously review and improve our safeguards.

9. International Data Transfers

Depending on where you are located and where our services are hosted, your information may be processed in countries that may have different data protection laws than your own.

Where required, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) to protect your personal information when it is transferred internationally.

10. Your Rights

Your rights depend on your jurisdiction, but may include:

  • Access – to ask whether we hold your personal information and obtain a copy

  • Correction – to request correction of inaccurate or incomplete information

  • Deletion – to request deletion of your personal information in certain circumstances

  • Restriction or objection – to ask us to limit or stop certain processing

  • Withdrawal of consent – where processing is based on your consent, you may withdraw that consent at any time (this will not affect prior processing)

To exercise these rights, contact us at: [privacy@innerstill.com]. We may need to verify your identity before responding.

If you are in a jurisdiction with a data protection authority (e.g., EU/EEA, UK), you may also have the right to lodge a complaint with that authority.

11. Children’s Privacy

Our services and consent forms are generally intended for adults. Where minors participate, consent may be collected from a parent or legal guardian in accordance with applicable law.

If you believe we have collected personal information from a child without appropriate consent, please contact us and we will take appropriate steps to address it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date at the top and, where appropriate, notify you through our website or other communication channels.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

  • Email: info@innerstillhealth.com

  • Mailing address: 8 The Green Ste B, Dover, Delaware 19901