Privacy Policy

Quick Summary — What This Policy Covers

We operate pennsylvaniamarijuanacards.com, a patient education and physician referral platform that connects Pennsylvania residents with licensed physicians for medical marijuana certification evaluations. Our physician evaluations are facilitated through the Heally Telehealth platform (getheally.com). This policy tells you exactly what personal information we collect, why we collect it, who sees it, and how long we keep it.

Our three core commitments: We do not sell your personal information. We do not share your health details with advertisers or data brokers. We collect only what is genuinely necessary to connect you with a licensed Pennsylvania physician.

Who We Are and What We Do

Pennsylvania Marijuana Cards operates pennsylvaniamarijuanacards.com. We are a patient education and physician referral platform. We are not a medical practice, hospital, clinic, or licensed dispensary. Our role is to provide accurate educational information about the Pennsylvania Medical Marijuana Program and to connect qualifying patients with independent licensed Pennsylvania physicians who can evaluate them under the Medical Marijuana Act (Act 16 of 2016).

Medical evaluations conducted through our platform are performed by independent physicians licensed in Pennsylvania and registered with the Pennsylvania Department of Health’s Office of Medical Marijuana. We partner with the Heally Telehealth platform (getheally.com) to facilitate secure telehealth connections between patients and physicians. Heally is an independent company that maintains its own privacy practices.

We primarily serve residents across the Commonwealth of Pennsylvania who are seeking a medical marijuana patient certification.

Information We Collect

1 Information You Provide Directly

When you use our website to request an evaluation or get in touch with us, you may provide the following information:

• Full legal name
• Email address
• Phone number
• Date of birth (to verify you meet Pennsylvania’s age requirement for the medical marijuana program)
• General description of your qualifying medical condition — for scheduling purposes only
• Your preference for a new certification or annual renewal
• Payment information — processed entirely by our third-party payment processor; we never store card details on our own servers
• Any messages or questions submitted through our contact form

Important: We do not collect full medical records, detailed prescription histories, or clinical notes through our website. That information is gathered directly and privately by the physician during your telehealth session on the Heally platform.

2 Automatically Collected Information

Like all websites, ours automatically collects certain technical data when you visit, including your IP address, browser type, device type, pages visited, time spent on each page, referring URL, and visit timestamps. We use this data in aggregate form only — to understand traffic patterns and improve the user experience. This data does not identify you personally on its own.

3 Cookies and Analytics

We use cookies — small text files stored on your browser — for two purposes. Essential cookies keep the site functioning correctly. Analytics cookies, provided by Google Analytics 4, help us understand how visitors use our site in aggregate, anonymized form. We do not use advertising cookies, remarketing pixels, or behavioral tracking cookies of any kind.

You can manage or disable cookies at any time through your browser settings. Disabling all cookies may affect certain site features. To opt out of Google Analytics tracking specifically, use the Google Analytics Opt-Out Browser Add-On.

How We Use Your Information

We use the information you provide only for the following specific purposes:

• To schedule and confirm your telehealth consultation with a licensed Pennsylvania physician
• To connect your booking to the Heally telehealth platform used by our physician partners
• To send appointment reminders, booking confirmations, and follow-up information related to your consultation
• To process your consultation fee payment securely through our third-party payment processor
• To respond to questions, refund requests, or support inquiries you send us
• To send educational emails about the Pennsylvania medical marijuana program, if you opted in to receive them
• To analyze anonymized website usage patterns and improve our content and user experience
• To comply with applicable Pennsylvania and federal law, including the Pennsylvania Breach of Personal Information Notification Act (BPINA) and HIPAA where applicable

We will never: Sell your personal information to any third party. Share your health information with advertisers, data brokers, or marketing companies. Use your data for any purpose beyond what is described in this policy.

Heally Telehealth Partnership and Affiliate Disclosure

We have a referral and affiliate partnership with Heally Inc. (getheally.com), a telehealth technology platform. When you book a consultation through our website, your appointment is scheduled and conducted through the Heally platform. Heally acts as a technology intermediary connecting you with an independent licensed Pennsylvania physician.

We receive compensation when a patient completes a consultation through our referral. This does not affect the price you pay or the care you receive. The physician’s clinical judgment is entirely independent — we have no influence over whether any physician certifies any patient.

Heally maintains its own privacy policy and data practices, which we encourage you to review at getheally.com before completing your booking. Your use of the Heally consultation platform is governed by Heally’s own terms of service in addition to ours.

FTC Disclosure: As required by the FTC Endorsement Guidelines (16 CFR Part 255), we disclose that we receive financial compensation from our affiliate relationship with Heally Telehealth. This is a material connection and you have a right to know about it.

Information Sharing and Third Parties

We share your information only with the parties described below, and only to the extent necessary to deliver our services. We do not sell, rent, or trade your personal information to anyone.

1 The Certifying Physician

Your name and contact information are shared with the independent licensed Pennsylvania physician who will conduct your evaluation. All participating physicians are registered with the Pennsylvania Department of Health’s Medical Marijuana Program and have completed the required state training under Act 16 of 2016. Each physician handles your health information according to their own HIPAA-compliant practices as an independent medical professional.

2 Heally Telehealth Platform

Booking and consultation data is processed through the Heally platform. Heally receives the information necessary to schedule and conduct your appointment. They operate under their own privacy policy and HIPAA Business Associate Agreement standards.

3 Payment Processor

Consultation fees are processed by a secure third-party payment processor operating under PCI-DSS compliance standards. We never see, receive, or store your full credit card number or sensitive payment details.

4 Google Analytics

We use Google Analytics 4 for anonymous website traffic analysis. Google receives no personally identifiable information through this tool. You may opt out at any time using the Google Analytics Opt-Out Add-On.

5 Legal Disclosure

We may disclose your information if required by valid law, court order, or subpoena. When legally permitted and practical to do so, we will notify you before disclosing. We will always challenge requests we believe are overbroad or unlawful. Violations of our data practices may be reported to the Pennsylvania Office of Attorney General.

Medical Information and HIPAA

We recognize that health information is among the most sensitive personal data that exists and we treat it accordingly. While Pennsylvania Marijuana Cards operates as a patient referral platform rather than a covered healthcare entity under HIPAA, we voluntarily apply HIPAA-consistent privacy standards to all health-related data we handle.

The independent licensed physicians conducting your evaluation through our platform are covered healthcare providers who operate under full HIPAA compliance in their clinical capacity. All medical information you share during your telehealth session is governed by that physician’s HIPAA Notice of Privacy Practices.

On our end, we maintain SSL/TLS encrypted connections on all pages of our Website, restrict access to personal data to authorized personnel only, and store any collected data on secured, access-controlled systems.

Data Retention

We keep your information only for as long as it is genuinely needed:

• Booking and contact records: 3 years from the date of service, consistent with Pennsylvania healthcare documentation standards
• Payment transaction records: 7 years, as required by tax and financial regulations
• Email marketing records: Retained until you unsubscribe, then deleted within 30 days
• Google Analytics data: 14 months (Google’s default retention period)
• Contact form messages: 12 months from the date of submission

After these retention periods expire, we permanently delete or anonymize your data. We do not archive personal information indefinitely or beyond what is required by law.

Your Privacy Rights

Depending on your circumstances, you have the following rights regarding your personal information held by us:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Ask us to correct any inaccurate or outdated information
• Right to Deletion: Request deletion of your personal data, subject to any legal retention requirements
• Right to Portability: Receive your data in a machine-readable format
• Right to Restrict Processing: Ask us to limit how we use your data in certain circumstances
• Right to Withdraw Consent: Unsubscribe from marketing emails at any time — every email includes an unsubscribe link

To exercise any of these rights, email us at [email protected] with the subject line “Privacy Rights Request.” We will respond within 30 calendar days. We may verify your identity before processing the request to protect against unauthorized access.

Pennsylvania residents may also have rights and protections under the Pennsylvania Unfair Trade Practices and Consumer Protection Law. We are happy to help you understand your rights.

Data Security and Breach Notification

We implement industry-standard security measures to protect your personal information, including:

• SSL/TLS encryption on all data-collecting pages of our Website
• Cloudflare security and DDoS protection
• Access controls limiting personal data to authorized personnel only
• Regular reviews of our data handling and security practices

No online system is completely immune from security risks. In the event of a data breach that materially affects your personal information, we will act in accordance with Pennsylvania’s 

Breach of Personal Information Notification Act (BPINA), as amended by Senate Bill 824 (effective September 26, 2024). Under this law, if a breach affects more than 500 Pennsylvania residents, we are required to notify both the affected individuals and the Pennsylvania Attorney General’s Office without unreasonable delay (generally within 60 days of discovery). We will also notify consumer reporting agencies as required. Our breach notification to you will describe what happened, what information was affected, and the steps we are taking in response.

Children’s Privacy

Our services are intended for adults 18 years of age and older, or for parents and legal guardians of minor patients who may qualify for the Pennsylvania medical marijuana program with appropriate caregiver registration (as permitted under Act 16 of 2016). We do not knowingly collect personal information from children under 13 without verified parental consent.

If we learn that we have inadvertently collected data from a child under 13 without parental consent, we will delete it immediately. If you believe this has occurred, please contact us at [email protected] right away.

EMERGENCY NOTICE: If a minor is experiencing a medical emergency, call 911 immediately. This website is not for emergency medical services of any kind.

Third-Party Links

Our Website contains links to third-party websites, including the Pennsylvania Department of Health, the PA Medical Marijuana Program Registry, the Heally platform, and licensed Pennsylvania dispensaries. These third-party websites operate under their own privacy policies and are not under our control.

We provide links for informational convenience only and are not responsible for the privacy practices, accuracy, or content of any external website. We encourage you to read the privacy policy of any third-party site you visit through a link on our Website.

Changes to This Policy

We may update this Privacy Policy when Pennsylvania law changes, our services evolve, or our data practices are updated. When we make updates, we will revise the “Last Updated” date at the top of this page. For significant changes that affect how we collect or use your personal data, we will provide additional notice — such as a prominent on-site notice or an email to users who have provided contact information.

Your continued use of our Website after an updated Privacy Policy is posted constitutes your acceptance of the changes. If you do not agree with any update, please stop using our Website.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or want to report a concern about how your data is being handled, please reach out to us:

• Business: Pennsylvania Marijuana Cards
• Website: pennsylvaniamarijuanacards.com
• Email: [email protected]
• Phone:
• Address: Pennsylvania
• Response time for privacy requests: 30 calendar days

To file a complaint about a potential violation of Pennsylvania’s data protection laws, you may also contact the Pennsylvania Office of Attorney General, Bureau of Consumer Protection directly.