Privacy Policy

RxMDShop, LLC — Last Updated: [EFFECTIVE DATE]

This Privacy Policy describes how RxMDShop, LLC ("RxMDShop," "we," "our," or "us") collects, uses, and discloses personal information when you visit RxMDShop.com or any RxMDShop website that links to this Privacy Policy, use our applications and APIs, or otherwise interact with us (collectively, the "Services").

THIS PRIVACY POLICY DOES NOT APPLY TO INFORMATION ABOUT OUR CUSTOMERS' PATIENTS, INCLUDING ANY PROTECTED HEALTH INFORMATION ("PHI") THAT OUR CUSTOMERS INPUT INTO THE SERVICES OR OTHERWISE SHARE WITH US. Information about our Customers' patients is governed by the Customer's own privacy policy and Notice of Privacy Practices, and by the Business Associate Agreement between RxMDShop and the Customer. If you are a patient and have questions about your information, please contact the health or wellness brand that is your point of care directly.

1. Personal Information We Collect

Information you provide

Contact information, such as first and last name, business name, business address, phone number, and email address
Account information, such as username, password, profile photo, and account preferences
Identification information, such as date of birth, government identification, business registration details, EIN, and beneficial-ownership information collected for KYC and anti-fraud purposes
Payment information, such as bank account, debit/credit card details, and billing address (collected by our payment processors and shared with us in tokenized form)
Commercial information, such as your products and pricing, transaction history, fees, and refund history
Communications, such as the content of messages you send us, customer-support inquiries, demo requests, and survey responses
Marketing preferences

Information collected automatically

When you use the Services, we automatically collect:

Device and connection information, such as IP address, browser type and version, device identifiers, operating system, and language preference
Usage data, such as pages viewed, features used, links clicked, referring/exit pages, and timestamps
Cookies and similar technologies, including first- and third-party cookies, pixels, web beacons, SDKs, and local storage

Information from third parties

Identity-verification and KYC vendors, who help us verify Customers and screen for fraud and sanctions
Payment processors and underwriters, who provide transaction and risk data
Marketing and analytics partners, who provide audience and engagement data
Publicly available sources, such as professional licensing databases, government registers, and business directories
Referrers and partners, who may share information about Customers and prospects with us

2. How We Use Personal Information

We use personal information to:

Provide, maintain, and operate the Services
Create and manage Customer accounts and authenticate users
Process payments, fees, and chargebacks
Verify identity, conduct KYC and anti-fraud screening, and assess risk
Communicate about the Services, including notices, updates, and support
Send marketing communications about RxMDShop products and offerings (you may opt out at any time)
Personalize your experience and develop new features
Conduct analytics, research, and product development
Generate aggregated and de-identified data
Protect the security and integrity of the Services and investigate suspected fraud, abuse, or violations of our Terms
Comply with applicable law and respond to lawful requests
Establish, exercise, or defend legal claims

We may combine information collected from different sources for these purposes.

3. How We Disclose Personal Information

We disclose personal information:

To service providers and processors that help us operate the Services, including hosting, database providers, identity verification, payment processing, customer support, communications, analytics, fraud prevention, and security
To Customers of which you are an authorized user
To third-party Healthcare Providers, pharmacies, and partners as necessary for the operation of the Services and at the Customer's direction
To advertising and marketing partners, subject to applicable opt-outs
In a corporate transaction, such as a merger, acquisition, financing, reorganization, or sale of all or part of our business
For legal and protective reasons, such as to comply with subpoenas, court orders, or government requests; to enforce our agreements; and to protect the rights, property, safety, and security of RxMDShop, our Customers, and others
With your consent or at your direction

We do not sell personal information for monetary consideration. We may share certain online identifiers with advertising partners, which may be considered a "sale" or "share" under California law.

4. Cookies, Analytics, and Interest-Based Advertising

We use cookies, pixels, SDKs, and similar technologies to operate the Websites, remember your preferences, measure performance, and tailor advertising. Categories include:

Strictly necessary for site functionality (cannot be disabled)
Performance and analytics, such as Google Analytics
Functional, to remember settings and preferences
Advertising, including retargeting and interest-based advertising

You can manage cookies through your browser settings, our cookie banner (where available), or through opt-out tools described in Section 10.

5. Your Privacy Rights

California (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we have collected, used, disclosed, and sold or shared, and the categories of sources and recipients
Access and portability: receive a copy of your personal information in a portable format
Deletion: request deletion of personal information we have collected
Correction: request correction of inaccurate personal information
Opt out of sale or sharing: direct us not to sell or share your personal information for cross-context behavioral advertising
Limit use of sensitive personal information to specified purposes
Non-discrimination: not be discriminated against for exercising your rights

California "Shine the Light": California residents may request information about disclosures we have made to third parties for their direct-marketing purposes during the prior calendar year. Requests should be sent to [PRIVACY EMAIL] with "Shine the Light Request" in the subject line.

Other U.S. states

Residents of states with comprehensive privacy laws, including Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia, may have rights similar to those described above (with state-specific variations). Some states require operators to recognize universal opt-out signals, such as Global Privacy Control; we honor such signals where required.

Health-data laws

Washington's My Health My Data Act, Nevada SB 370, and similar state consumer-health-data laws may provide additional rights with respect to certain consumer health data. For information collected in your capacity as a patient through a Customer's storefront, please contact that Customer.

Appeals

If we deny your request, you may appeal by contacting [PRIVACY EMAIL] with "Privacy Appeal" in the subject line.

6. Children

The Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at [PRIVACY EMAIL] and we will take appropriate steps to delete it.

7. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, role-based access controls, multi-factor authentication, logging and monitoring, and routine security testing. No system is perfectly secure, however, and we cannot guarantee absolute security.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and purpose. When personal information is no longer needed, we will securely delete or de-identify it.

9. International Transfers

We are based in the United States, and our service providers may operate in the United States and other countries. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where data-protection laws may differ from those in your country. By using the Services, you consent to such transfers.

10. Cookies and Tracking

We and our partners use cookies, pixels, SDKs, and similar technologies to:

Provide and operate the Services
Authenticate you and prevent fraud
Remember your preferences
Measure traffic, performance, and engagement
Deliver and measure interest-based advertising

You can manage these technologies through browser cookie settings, our cookie banner (where applicable), industry opt-outs, and mobile-device settings.

11. How to Contact Us / Submit a Request

To exercise privacy rights or to ask questions about this Privacy Policy, contact us:

Email: [PRIVACY EMAIL]
Mail: RxMDShop, LLC, Attn: Privacy Officer, [BUSINESS ADDRESS]

For California-specific inquiries: [CALIFORNIA-PRIVACY EMAIL].

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date above reflects the most recent revision. We will provide additional notice of material changes as required by law. You are responsible for periodically reviewing this Privacy Policy.