Privacy Policy

The Latch Link

Effective Date: June 18, 2026

Last Updated: June 18, 2026

The Latch Link Inc. and Nourished Roots Lactation LLC (together, “The Latch Link,” “we,” “us,” or “our”) respect your privacy and are committed to protecting the personal information you share with us. The Latch Link Inc. operates the “The Latch Link” brand and Services, and Nourished Roots Lactation LLC provides billing and related services; both entities are responsible for the information practices described in this Policy. This Policy applies to our websites, including thelatchlink.com and our booking and intake pages hosted on subdomains such as get.thelatchlink.com (collectively, the “Sites”), and to the virtual lactation services we provide (the “Services”).

Please read this Policy carefully. By using our Sites or Services, or by submitting information through our forms, you acknowledge that you have read and understood this Policy and agree to the practices described in it. If you do not agree, please do not use our Sites or Services.

1. Who We Are

The Latch Link provides virtual lactation support delivered by International Board Certified Lactation Consultants (IBCLCs) and related staff. We offer consultations that, for many clients, are covered by health insurance. The Services are operated under the “The Latch Link” brand by The Latch Link Inc., and insurance verification, billing, and claims are handled by Nourished Roots Lactation LLC and/or The Latch Link Inc. We operate primarily in the United States and our Sites and Services are intended for users located in the United States.

If you are accessing our Sites from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your location.

2. Scope of This Policy

This Policy covers personal information we collect through our Sites and through the marketing, scheduling, and intake tools we use. It explains both:

Information that is not protected health information (“PHI”) for example, general website usage data and marketing inquiries; and

Information that is PHI, which is also governed by the Health Insurance Portability and Accountability Act (“HIPAA”) and our HIPAA Notice of Privacy Practices (see Section 9).

Where this Policy and our HIPAA Notice of Privacy Practices both apply to the same information, the HIPAA Notice of Privacy Practices controls with respect to PHI.

3. Information We Collect

3.1 Information You Provide to Us

We collect information you choose to give us, including when you complete a form, request a consultation, verify insurance benefits, communicate with us, or use our Services. This may include:

Contact information: your name, email address, and phone number.

Insurance information: your insurance carrier and related coverage details you provide so we can verify benefits and bill your plan.

Service-related information: the type of visit requested and other details you share about your breastfeeding or lactation needs.

Health information: information about you and your baby that you share before, during, or after a consultation, which we treat as PHI (see Section 9).

Communications: the contents of messages you send us by form, text message, email, or other channels.

You are not required to provide this information, but if you do not, we may be unable to provide some or all of the Services.

3.2 Information Collected Automatically

When you visit our Sites, certain information is collected automatically through cookies, pixels, tags, software development kits, and similar technologies. This may include:

Your device type, operating system, and browser type;

Your IP address and general location inferred from it;

Pages or screens you view, links you click, and the dates and times of your visits;

The website or source that referred you to us; and

Basic interaction data, such as whether a particular page loaded.

We use this information for website analytics, security, troubleshooting, and advertising measurement as described in Sections 4 and 5.

3.3 Information From Third Parties

We may receive limited information from service providers that help us operate, such as advertising and analytics platforms, our scheduling and customer relationship management (“CRM”) provider, and insurance verification or billing partners. We combine this only as needed to operate our Sites and Services.

4. How We Use Your Information

We use the information we collect to:

Provide, schedule, and deliver our Services, including connecting you with an IBCLC;

Verify your insurance benefits and process billing and claims with your health plan;

Communicate with you about appointments, intake, follow-up care, resources, and customer support;

Send you service messages and, where permitted, marketing messages by SMS and email (see Section 6);

Operate, maintain, secure, and improve our Sites and Services;

Measure and improve the performance of our advertising and understand how visitors find and use our Sites;

Detect, prevent, and respond to fraud, abuse, security incidents, and technical issues; and

Comply with our legal, regulatory, and professional obligations, including HIPAA and insurance requirements.

5. Cookies, Analytics, and Advertising Technologies

5.1 What We Use

Our Sites use cookies and similar technologies, including:

Essential and functional technologies that make our Sites and forms work;

Analytics tools (such as Google Analytics) that help us understand site traffic and usage; and

Advertising technologies (such as the Meta/Facebook pixel and Google advertising tags) that help us measure the effectiveness of our advertising and reach people who may benefit from our Services.

On our advertising and intake pages, our advertising tags are intended to record limited, non-health events for example, that a page was viewed. We take reasonable steps designed to avoid transmitting your name, your insurance carrier, the type of care you are seeking, your health information, or other directly identifying intake responses to advertising platforms, and designed to avoid including such information in the web addresses (URLs) of those pages. We do not sell your personal information, and we do not intend to share your health information with advertising platforms for marketing purposes.

Despite these efforts, advertising and analytics providers may automatically receive standard technical information, such as your IP address and online identifiers, as a normal part of how cookies and pixels operate on websites generally. These providers act under their own privacy policies for that activity. We cannot guarantee that these technologies will operate without error, and no system can be guaranteed to work perfectly at all times.

5.2 Your Cookie Choices

Because our Sites are directed to users in the United States, and because we take reasonable steps designed to limit the health-related and directly identifying information shared through our advertising technologies, we do not currently display a cookie consent banner. You can still control cookies and tracking in the following ways:

Browser controls: Most browsers let you block or delete cookies and clear stored data through their settings.

Device controls: Mobile devices often offer settings to limit ad tracking or reset advertising identifiers.

Advertising opt-outs: You can learn about and opt out of certain interest-based advertising through industry tools such as the Digital Advertising Alliance (optout.aboutads.info) and the Network Advertising Initiative (optout.networkadvertising.org).

Platform settings: You can adjust ad and data settings directly within your Google and Meta/Facebook accounts.

If you disable certain cookies, some features of our Sites may not function properly.

5.3 Do Not Track

Some browsers offer a “Do Not Track” signal. There is no common industry standard for how to respond to these signals, and our Sites do not currently respond to them. We will update this Policy if that changes.

6. Text Messages and Email Marketing

6.1 SMS / Text Messaging

When you provide your phone number and agree to receive text messages, you consent to receive recurring informational and marketing SMS messages from The Latch Link to support you on your breastfeeding journey, including appointment, intake, and service messages. Consent to receive marketing texts is not a condition of purchasing any product or service. Message frequency varies. Message and data rates may apply. You can opt out at any time by replying STOP, and you can reply HELP for help.

Text messaging originator opt-in data and consent are not shared with any third parties except aggregators and providers that deliver the text messaging service on our behalf. No mobile information is shared with third parties or affiliates for their own marketing or promotional purposes. Sharing with subcontractors that support our Services, such as customer service providers, is permitted solely to deliver the Services. All other use-case categories exclude text messaging originator opt-in data and consent; this information is not shared with any third parties.

6.2 Email

When you provide your email address, you agree to receive service-related emails (such as appointment, intake, and account messages) and, where permitted by law, marketing emails about our Services and resources. You can unsubscribe from marketing emails at any time using the unsubscribe link in those emails or by contacting us. We will still send you non-marketing service messages necessary to provide care you have requested.

7. How We Share Information

We do not sell or rent your personal information, and we do not share it for cross-context behavioral advertising in a way that requires consent under applicable law beyond the cookie and advertising activity described in Section 5. We share information only as described below:

With our lactation consultants and care team, to provide your Services;

With your insurance plan and our billing partners, to verify benefits and process claims;

With service providers and vendors that operate our Sites and business under contract for example, our website host, our CRM and scheduling platform, communications providers, analytics and advertising providers, and payment or billing processors. Where these providers handle PHI as our business associates, we seek to put Business Associate Agreements in place as required by HIPAA;

For legal and safety reasons, when we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our terms; or to protect the rights, property, or safety of our clients, our team, or others; and

In connection with a business transaction, such as a merger, acquisition, financing, or sale of assets, subject to the protections in this Policy and applicable law.

8. How We Protect Your Information

We use administrative, technical, and physical safeguards designed to protect your information, including:

Storing personal information and PHI in systems that use encryption and other industry-standard security measures;

Maintaining our PHI and client records in a HIPAA-compliant CRM and care platform;

Limiting access to personal information and PHI to authorized personnel who need it to do their jobs; and

Seeking to enter into Business Associate Agreements with vendors that handle PHI on our behalf.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You share information with us at your own risk, and you are responsible for keeping your account and device credentials confidential.

9. Protected Health Information and HIPAA

Some of the information we collect including information about your and your baby’s health that you share in connection with a consultation is protected health information under HIPAA. We handle PHI in accordance with HIPAA and applicable state law.

We take reasonable steps designed so that our advertising and analytics technologies do not transmit PHI or directly identifying intake responses to advertising platforms (see Section 5.1). PHI is maintained in our HIPAA-compliant systems and is shared only as permitted by HIPAA for example, for treatment, payment, and health care operations, with vendors under Business Associate Agreements, or as otherwise authorized by you or required by law.

Your rights with respect to PHI, and our duties regarding PHI, are described in our HIPAA Notice of Privacy Practices. If there is any conflict between this Privacy Policy and our HIPAA Notice of Privacy Practices regarding PHI, the HIPAA Notice of Privacy Practices controls. To request a copy of our HIPAA Notice of Privacy Practices, contact us using the details in Section 14.

10. Your Choices and Rights

Regardless of where you live, you may:

Access and update your personal information by contacting us;

Opt out of marketing texts (reply STOP) and emails (use the unsubscribe link);

Manage cookies and advertising as described in Section 5.2; and

Request deletion of personal information, subject to legal, professional, insurance, and recordkeeping obligations that may require us to retain certain records (including medical and billing records) for a period of time.

Depending on your state of residence, you may have additional rights. For example, residents of certain states may have the right to know what personal information we collect, to request access or deletion, to correct inaccurate information, and to opt out of the “sale” or “sharing” of personal information or certain targeted advertising. We do not sell personal information. To exercise any available right, contact us using the details in Section 14. We will not discriminate against you for exercising your rights, and we will verify your identity before fulfilling a request as required by law.

11. Data Retention

We retain personal information and PHI for as long as needed to provide the Services, to comply with our legal, professional, insurance, tax, and recordkeeping obligations, to resolve disputes, and to enforce our agreements. Medical and billing records are retained for the periods required by applicable law. When information is no longer needed, we take reasonable steps to delete or de-identify it.

12. Children’s Privacy

Our Sites and Services are intended for use by adults (generally parents and caregivers) seeking lactation support. They are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13. We do collect health information about infants and children as part of providing lactation care to a parent or guardian; that information is provided by the adult client and is handled as PHI. If you believe a child has provided us personal information improperly, please contact us and we will take appropriate steps.

13. Third-Party Links

Our Sites may contain links to third-party websites, products, or services that we do not control. This Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. Please review the privacy policies of any third-party site you visit.

14. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Last Updated” date above and post the updated Policy on this page. If we make material changes, we will take additional steps to notify you where required by law. Your continued use of our Sites or Services after an update means you accept the revised Policy.

15. Contact Us

If you have questions about this Policy or how your information is handled, or if you wish to exercise any of your rights, please contact us:

The Latch Link Inc. / Nourished Roots Lactation LLC

211 W. Wacker Drive, Ste 120 PMB 2053

Chicago, IL 60606

United States

Email: admin@thelatchlink.com