Privacy Policy & Data Governance Standards

Effective Date: January 17, 2026 Entity: Sequoia Medical 360 Jurisdiction: State of New York / Federal (HIPAA)

Governance & Scope

At Sequoia Medical 360, we recognize that data discretion is the foundation of our Clinical Partnership. This Privacy Policy governs the digital experience of visitors to sqmed360.com & SequoiaMed360.com & TonyMathewsMD.com (the “Site”)

Important Distinction: This policy applies to your digital interaction with our public website and enrollment funnel. Your clinical medical records, physiological data, and care coordination are governed separately by our Notice of Privacy Practices (NPP) and the institutional policies of our clinical affiliate, New York Presbyterian & Columbia University Medical Center (CUMC).

SMS Communication & Consent

By providing your mobile number and opting in via our website forms, you agree to receive text messages from Sequoia Medical 360.

  • Purpose: We only use text messages to respond to your direct inquiries or provide transactional information regarding your enrollment.
  • No Marketing: We do not send unsolicited or marketing messages, nor do we share your information with third parties for marketing purposes
  • Opt-Out: You may opt-out at any time by replying “STOP” to any message.
  • Assistance: You may reply “HELP” or call 914.292.0300 for assistance.
  • Terms: Message frequency varies, and standard message and data rates may apply. Consent is not a condition of purchase for any goods or services.
  • SMS Privacy & Data Protection Sequoia Medical 360 values your privacy. We do not sell, rent, or monetize your data. Specifically, mobile information, SMS opt-in data, and consent status will not be shared with any third parties or affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Clinical Infrastructure & The Patient Portal

Sequoia Medical 360 is a private medical practice operates as a designated Community Provider affiliated with the New York-Presbyterian / Columbia University Medical Center network.

The “Patient Portal” Link: The “Patient Portal” button located in the site header acts as a direct gateway to the NYP “Connect” / Epic MyChart system.

External Hosting: By clicking “Patient Portal,” you acknowledge that you are navigating away from the Sequoia Medical 360 digital environment and entering the secure servers of New York-Presbyterian.

Data Sovereignty: Your credentials, medical history, and clinical messages are hosted, secured, and encrypted by NYP/Columbia. Sequoia Medical 360 does not store, process, or have access to your portal login credentials on this website.

Data Collection: The Enrollment Funnel

The “Request Enrollment” process is a secure intake vector designed to assess eligibility for our Retainer. We collect:

Identity Verification: Legal name, secure contact information, and billing details required to maintain your Retainer.

Preliminary Eligibility: Information submitted voluntarily to determine if your profile aligns with our longevity and metabolic mandates.

Security Metadata: Device integrity checks and IP geolocation to prevent fraudulent access to our application funnel.

Data Transmission: All enrollment data is transmitted using institutional-grade TLS 1.3 encryption. Upon receipt, this data is segregated for review by our Membership Committee and is not stored on public-facing web servers.

Digital Tracking & Analytics

Our digital presence prioritizes discretion. We utilize Google Tag Manager to manage our digital infrastructure efficiently and secure our forms.

Traffic Analysis (Google Analytics): We utilize Google Analytics to measure the effectiveness of our marketing channels (e.g., understanding if members found us via search or referral).

Privacy Controls: We have implemented IP Anonymization protocols, ensuring your specific IP address is masked before processing. We do not use “User-ID” features or track individual behavior across third-party websites.

Portal Isolation: Because the Patient Portal is hosted externally, our analytics tools have zero visibility into your clinical records, appointment history, or medical queries.

We do not sell, rent, or trade visitor data. We do not monetize our waitlist. Your digital footprint is shared strictly with:

Infrastructure Partners: Hosting and security vendors (e.g., AWS Healthcare Competency Partners) who are contractually bound by Data Processing Addendums (DPAs) and Business Associate Agreements (BAAs) to maintain our security standards.

Legal Compliance: We may disclose connection logs if compelled by a New York State court order or to prevent an imminent security threat to our physical or digital infrastructure.

Third-Party Disclosure

We do not sell, rent, or monetize your data. Your information is shared only within the Sequoia Ecosystem and our institutional partners:

Clinical Partners: Data is shared with specialists and diagnostic partners at NYP/Columbia strictly for the purpose of Integrated Clinical Strategy and coordinated care.

Infrastructure Vendors: Hosting and security providers bound by Business Associate Agreements (BAAs).

Legal Mandates: We may disclose information if required by New York State Public Health Law or a valid court order.

Security Protocols (New York SHIELD Act)

In compliance with the New York SHIELD Act, we maintain a “Reasonable Security Program” to protect the private information of our visitors. This includes:

Encryption: All data in transit is encrypted.

Access Controls: Enrollment requests are accessible only by the Membership Committee and Compliance Officer.

Vulnerability Management: Regular audits of our web infrastructure.

Children’s Privacy

Our services are reserved for adults or families under a specific Family Office Retainer. We do not knowingly collect digital data from individuals under the age of 18 through this website.

Contact & Rights

Under HIPAA and New York State law, members retain rights regarding their data, including the right to inspect records, request amendments, and request an accounting of disclosures.

To exercise these rights, or to inquire about our data governance, please contact:

Sequoia Medical 360 Attn: Privacy Officer [116 Kraft Ave, STE 4, Bronxville NY`0708 | admin@sqmed360.com | 914.292.0300

(FUTURE USE ONLY) 4. Digital Analytics & Marketing Measurement

To maintain the vitality of our Clinical Partnership, we utilize digital tools to measure the effectiveness of our outreach.

Site Analytics (Google): We utilize Google Analytics to monitor site stability and traffic sources with IP Anonymization enabled.

Campaign Measurement (Meta Pixel): We utilize the Meta (Facebook) Pixel to measure the performance of our digital marketing campaigns. This allows us to understand how visitors interact with our public website after viewing an advertisement.

Privacy Safeguards: The Meta Pixel is strictly blocked from accessing clinical data or the external Patient Portal. We do not use “Advanced Matching” tools that share PII (name/email) with Meta.

Scroll to Top