1. Introduction and Overview

HealthBlendRX LLC (“HealthBlendRX”, “we”, “our”, or “us”) is a telehealth services provider. This Privacy Policy describes the types of information we collect about you, how we use and share that information, and the choices you have with respect to your information when you use our telehealth platform (including our website and mobile applications. We are committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy should be read alongside any Notice of Privacy Practices or other disclosures that apply to patient healthcare information. By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. Information Collected

We collect various types of information about you in connection with providing telehealth services. This may include:

• • Personal Identification Data: Information by which you may be personally identified, such as your name, postal address, email address, telephone number, date of birth, gender, occupation, account login information, insurance details, or any other identifier under applicable law (“Personal Information”).
  • Protected Health Information (PHI): Health-related information such as your medical history, treatment records, diagnostic information, prescriptions, and any other communications between you and your healthcare providers. We handle PHI in compliance with HIPAA and other health privacy regulations.
  • Payment and Billing Data: Billing and payment information you provide (such as insurance or credit/debit card information) to arrange and pay for services. (We do not store full payment card details; payments are processed through secure third-party payment processors.)
  • Usage and Technical Data: Information about your interactions with the Services, including IP address, device type, browser type, operating system, software versions, and details about how and when you use our Services. This includes data collected through cookies, web beacons, and other tracking technologies, such as session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted).
  • Communications Data: Records of your correspondence with us (for example, emails, chats, or support requests) and any feedback or testimonials you provide on our platform.

We collect this information directly from you (when you provide it through registration, forms, or communication), automatically as you navigate or use our Services (for example, via cookies and log files), and from third parties (such as healthcare providers, pharmacies, laboratories, or business partners. For example, third-party sources may include your healthcare providers and partners such as analytics or payment companies (e.g. Google Analytics, Stripe).

3. How Information Is Used

HealthBlendRX uses the information we collect for various purposes related to providing our telehealth services:

• • Service Delivery: To complete any registration or transaction you request, to process payments, and to provide you with medical treatment, healthcare services, and patient support. We use your information for treatment, payment, and healthcare operations as permitted by law.
  • Communication: To communicate with you about your health care, appointments, prescription refills, and any Services or information you have requested. This may include telephone calls, text messages, email, or in-app notifications.
  • Account Administration: To create and manage your account, administer your user profile, and fulfill orders or prescriptions resulting from the use of our Services.
  • Service Improvement: To operate, maintain, and improve our Services. This includes analyzing usage trends, conducting system administration, improving service features, and ensuring our platform remains reliable and user-friendly.
  • Research and Analytics: To create de-identified or aggregated data for analytics, research, and reporting purposes (for example, studying usage patterns or health outcomes) without identifying you personally.
  • Marketing and Notifications: To send you information and updates about our Services, and (with your consent where required) promotional materials. You may opt out of promotional communications at any time.
  • Safety and Security: To verify your identity, maintain the security of our Services, prevent fraud or abuse, and comply with security standards (including the HIPAA Security Rule. We may also use information to comply with legal or regulatory requirements.

4. Disclosure of Information to Third Parties

We do not sell your personal information. We only disclose information about you as described below, and always under strict confidentiality:

• • Healthcare Providers and Partners: We may share PHI with healthcare professionals, pharmacies, laboratories, and health plans as necessary for treatment, payment, or healthcare operations (e.g., to fill prescriptions or bill insurance).
  • Service Providers: We engage third-party service providers (such as hosting companies, IT service providers, billing processors, analytics and email services) to perform business operations on our behalf. These providers are bound by confidentiality obligations and may only use your information to perform services for us. For example, we share information with technology vendors and security partners that help us run and maintain the platform.
  • Business Transfers: In the event HealthBlendRX is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, but only if the acquiring entity agrees to this Privacy Policy.
  • Legal Requirements: We may disclose your information if required by law or in response to legal process (such as subpoenas, court orders, or government investigations). We may also disclose information to protect the rights, property, or safety of HealthBlendRX, our users, or others, as permitted or required by law.
  • User Consent: We may share your information with anyone else you specifically authorize.

Any information we disclose is the minimum necessary to accomplish the stated purpose. When we share de-identified or aggregate data that does not identify you,

5. HIPAA Compliance and PHI

HealthBlendRX complies with the Health Insurance Portability and Accountability Act (HIPAA) and related regulations. We treat Protected Health Information in accordance with HIPAA’s Privacy and Security Rules. For example, we handle all health-related information under strict confidentiality and use it only for permitted purposes. We maintain policies and safeguards (administrative, physical, and technical) as required by HIPAA to protect your PHI. The HealthBlendRX Notice of Privacy Practices (a separate document available upon request) provides more detail on how we use and disclose your PHI.

5.1 Patient Rights Regarding Protected Health Information

In accordance with HIPAA and applicable Florida privacy regulations, you have the following rights regarding your PHI:

• You have the right to inspect and obtain a copy of your PHI maintained in your designated record set, subject to certain exceptions, upon written request which Company will respond to within 30 days from receipt of request;
• You may request amendments to your PHI if you believe it is incorrect or incomplete;
• You may request an accounting of disclosures of your PHI made by Company, excluding disclosures for treatment, payment, or healthcare operations. This right is limited to disclosures made within six years prior to date of request;
• You may request restrictions on the use or disclosure of your PHI for treatment, payment, or healthcare operations. Company is not required to agree to all such requests, but shall comply with requests to restrict disclosure to health plan if the disclosure is for payment or healthcare operations and pertains solely to a healthcare item for which the you have paid in full out-of-pocket;
• You may request to receive communications containing PHI by alternative means;
• You have the right to receive Company Notice of Privacy Practices, which detail how PHI may be used or disclosed;
• You may file a complaint with Company or the Secretary of the US Department of Health and Human Services if you believe your privacy rights have been violated;
• You have the right to be notified in the event of a breach of you unsecured PHI as defined by HIPAA;
• Except as otherwise permitted or required by law, Company shall obtain a valid, written authorization from you before using or disclosing PHI for purposes other than treatment, payment, or healthcare operations;
• You may revoke an authorization to use or disclose PHI at any time, provided the revocation is in writing. Such revocation shall be effective immediately upon receipt by Company, except to the extent that Company has already taken action in reliance on the authorization;

In addition to HIPAA requirements, Company shall comply with all applicable Florida privacy laws, including Florida Statutes §456.057 regarding confidentiality of medical records.

6. Data Security Measures

We maintain physical, technical, and administrative safeguards to protect your information. For example, we implement secure data storage, encryption of data in transit and at rest where feasible, access controls, and employee training on privacy and security. As noted by a similar telehealth provider, “we have implemented measures designed to reasonably secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure”. You are responsible for keeping your account credentials confidential. Despite our efforts, no security system is impenetrable; transmissions over the Internet are at your own risk. We cannot guarantee absolute security of any information.

7. User Rights and Choices

You have certain rights and choices regarding the personal information we hold about you. Depending on applicable law, these may include:

• • Account Access and Correction: You may review, update, or correct your account information and PHI by logging into your account or contacting us.
  • Data Portability and Deletion: You may request a copy of the personal data we have about you, or ask us to delete your personal information, subject to legal requirements (for example, record retention laws) and our legitimate business needs.
  • Opt-Out of Marketing: You may opt out of receiving promotional or marketing communications from us. For example, you can unsubscribe from emails or texts by following the instructions provided in those communications or by contacting us directly.
  • Cookies and Tracking: You can control cookies and similar tracking technologies through your web browser settings. You may set your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some parts of our Services may not function properly. We do not respond to “Do Not Track” signals at this time.
  • Right to Restrict Processing: Where applicable, you can ask us to restrict processing of your personal data or withdraw your consent for certain uses (to the extent such consent was relied upon for processing).
  • California Privacy Rights: If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA), such as the right to request disclosure of personal information collected about you and the right to request deletion of personal information. (Note: these rights do not apply to PHI governed by HIPAA.) For more information, please see our California Privacy Notice or contact us for details.

To exercise any rights or make any requests, please contact us as set forth in Section 14. We will verify and respond to legitimate requests in accordance with applicable law.

8. Retention of Data

We retain your information only as long as necessary to provide our Services and for legitimate business and legal purposes. As a general rule, we “retain records only as long as necessary and as required for our business operations, for archival purposes, and/or to satisfy legal requirements”. In determining the retention period, we consider the sensitivity of the information, our ability to achieve business purposes, and legal obligations (for example, HIPAA requires healthcare providers to retain medical records for a minimum period). When your information is no longer needed, we securely delete, anonymize, or destroy it in accordance with our data disposal policies.

9. Minors and Children’s Privacy

HealthBlendRX’s Services are intended for adults. We do not knowingly provide telehealth services to children under the age of 18. We also do not knowingly collect Personal Information from children under 16. If we discover that we have inadvertently obtained information from a child under 16, we will promptly delete that information. Children under 16 should not use our Services, and parents or guardians should supervise minors’ internet use.

10. Third-Party Services and Integrations

Our platform may integrate with or link to third-party services and websites (for example, payment processors, telehealth video providers, analytics services, laboratories, pharmacies, or social login features). We may provide information to these third parties only as necessary to fulfill Services or as required by law, and we require that they maintain privacy and security standards. For instance, we may use vendors such as analytics tools (e.g. Google Analytics), payment platforms (e.g. Stripe), and social media logins, which collect data according to their own privacy policies. Note that this Privacy Policy does not apply to content, services, or websites operated by other parties. When you click on a link or use an integrated service, you will be subject to that third party’s policies. As noted by a similar telehealth provider, “our Platform may contain links or references to other websites outside of our control” and “we encourage you to read the privacy statements and terms of service of linked or referenced websites”.

11. International Users and Data Transfers

HealthBlendRX’s Services are operated from the United States. If you are accessing our Services from outside the U.S., please be aware that your information may be transferred to, stored in, and processed in the United States or other countries. These countries may not have the same data protection laws as your home country. As one telehealth company explains, your information “may be stored and processed, transferred between and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside”. We will handle your Personal Information in accordance with this Privacy Policy regardless of where it is processed. Where required by law (for example, GDPR for EU residents), we will implement appropriate safeguards such as data export agreements.

12. Indemnification and Limitation of Liability

TO THE EXTENT PERMITTED BY APPLICABLE LAW, HEALTHBLENDRX SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF YOUR USE OF THE SERVICES OR ANY FAILURE TO PROTECT YOUR DATA. ALL INFORMATION AND SERVICES PROVIDED HEREIN ARE PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND. You agree to indemnify, defend, and hold harmless HealthBlendRX and its affiliates, officers, directors, employees, and agents from and against any claims, damages, liabilities, costs, and expenses arising from your violation of this Privacy Policy, your misuse of our Services, or any claim that your content or usage of our Services violates the rights of a third party. This indemnification provision survives the termination of this Privacy Policy.

13. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically. We will post any changes on this page and update the “Last Modified” date accordingly. Your continued use of the Services following the posting of changes to this Privacy Policy will constitute your acceptance of those changes. If we make material changes, we will notify you (for example, by email or a notice on the website) before the changes take effect.

14. Contact Information

If you have any questions or concerns about this Privacy Policy or our practices, please contact HealthBlendRX LLC at support@healthblendrx.com