Your Privacy Policy
Transparency & Trust

We collect information in several ways to provide you with safe, efficient pharmacy services. Here's a complete breakdown:

When you create an account, place an order, or contact us, you may provide:

• Account Information: Full name, email address, phone number, date of birth, and password to create and manage your UsarxMeds account.
• Shipping & Billing Addresses: Complete physical mailing address for order delivery and billing address associated with your payment method.
• Prescription Information: Details from your prescriptions including medication name, dosage, prescribing physician's information, and prescription number.
• Health Information: Allergies, current medications, medical conditions, and other health data necessary for safe prescription dispensing and drug interaction checks.
• Insurance Information: Health insurance provider details, policy numbers, and group numbers if applicable for insurance billing purposes.
• Communication Records: Chat logs, email correspondence, phone call records, and support ticket details from your interactions with our customer service team.

When you visit our website, our systems automatically collect certain technical information:

• Device Information: Device type, operating system, browser type and version, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, time spent on each page, click patterns, search queries on our site, and navigation paths through our website.
• Network Information: IP address, internet service provider, referring URLs, and approximate geographic location (city/state level, not precise GPS).
• Cookies & Similar Technologies: Session cookies, persistent cookies, web beacons, and pixel tags as described in our Cookies section below.

We use the information we collect for specific, legitimate purposes related to providing you with safe and effective pharmacy services:

We do NOT sell, rent, or trade your personal information to any third party for marketing or any other purpose. We only share information in the following limited circumstances:

• Healthcare Providers: We may share prescription and health information with your prescribing physician or other healthcare providers involved in your care, as necessary for safe medication dispensing.
• Insurance Companies: If you provide insurance information, we share relevant prescription data with your insurance provider for billing and coverage verification purposes only.
• Payment Processors: We share payment data with our PCI DSS-compliant payment processors (Stripe, PayPal) solely to process your transactions. They cannot use your data for any other purpose.
• Shipping Partners: We share your name and shipping address with our delivery partners (USPS, UPS, FedEx) solely for order delivery. No health or prescription information is shared.
• Legal Requirements: We may disclose information when required by law, court order, subpoena, or government investigation — including FDA, DEA, or state pharmacy board inquiries.
• Emergency Situations: We may share information to prevent serious harm or protect safety in genuine emergency situations, in accordance with HIPAA emergency disclosure provisions.
• With Your Consent: We may share information with other parties when you give us explicit, informed, written consent to do so.

We implement comprehensive technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

• 256-Bit SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3 — the latest and most secure encryption protocol available.
• AES-256 Encryption at Rest: All stored personal data, health records, and financial information is encrypted at rest using AES-256 encryption within our secure data centers.
• Payment Tokenization: Credit card data is never stored on our servers. We use tokenization technology that replaces sensitive card data with unique, encrypted tokens.
• Web Application Firewall (WAF): Enterprise-grade firewall protection against SQL injection, cross-site scripting (XSS), DDoS attacks, and other web-based threats.
• Intrusion Detection & Prevention: Real-time monitoring systems detect and block unauthorized access attempts, suspicious activity, and potential security breaches.

• Employee Access Controls: Strict role-based access controls ensure employees can only access the minimum data necessary for their job functions. All access is logged and audited.
• Employee Training: All employees complete mandatory HIPAA training, security awareness training, and annual privacy refresher courses.
• Background Checks: All employees with access to sensitive data undergo thorough background checks before being granted system access.
• Third-Party Audits: Independent third-party security audits are conducted quarterly to identify vulnerabilities and verify our security controls are effective.
• Incident Response Plan: A comprehensive incident response plan ensures rapid detection, containment, investigation, and notification in the event of a data breach.

We use cookies and similar technologies to enhance your browsing experience, analyze site traffic, and ensure security. Here's a complete breakdown:

• Cookie Consent: When you first visit our website, you'll be presented with a cookie consent banner allowing you to accept or decline optional cookies. Essential and security cookies cannot be disabled.
• Managing Cookies: You can manage or delete cookies through your browser settings at any time. Note that disabling essential cookies may affect site functionality.
• Do Not Track: We honor "Do Not Track" (DNT) browser signals. If your browser sends a DNT signal, we will not load optional analytics or tracking cookies.
• No Advertising Cookies: We do NOT use advertising cookies, retargeting pixels, or any cookies that track your browsing activity across other websites.

As a licensed pharmacy, we are a HIPAA Covered Entity and are bound by strict federal regulations regarding the handling of Protected Health Information (PHI):

• HIPAA Privacy Rule: We follow all requirements of the HIPAA Privacy Rule, which governs the use and disclosure of PHI. Your health information is only used for treatment, payment, and healthcare operations unless you provide written authorization.
• HIPAA Security Rule: We implement all required administrative, physical, and technical safeguards mandated by the HIPAA Security Rule to protect electronic PHI (ePHI).
• Minimum Necessary Standard: We apply the "minimum necessary" standard, meaning we only access, use, or disclose the minimum amount of PHI needed for the specific task at hand.
• Business Associate Agreements: All third-party vendors who may access PHI on our behalf are required to sign HIPAA Business Associate Agreements (BAAs) before receiving any access.
• Breach Notification: In the unlikely event of a PHI breach, we will notify affected individuals within 60 days (as required by HIPAA Breach Notification Rule), the Department of Health and Human Services, and, if applicable, prominent media outlets.
• Notice of Privacy Practices: A detailed HIPAA Notice of Privacy Practices (NPP) is provided to all patients, explaining how we may use and disclose your PHI and your rights regarding your health information.

We believe in empowering you with full control over your personal data. Regardless of your location, we provide the following rights to all our customers:

• Right to Access: You can request a complete copy of all personal data we hold about you. We will provide this information within 30 days of your verified request, free of charge.
• Right to Correction: You can request that we correct any inaccurate or incomplete personal information in our records. We will process corrections within 15 business days.
• Right to Deletion: You can request deletion of your personal data, subject to legal retention requirements (e.g., prescription records must be retained per state and federal law).
• Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format (JSON or CSV) that can be transferred to another service.
• Right to Opt-Out: You can opt out of marketing communications at any time by clicking "unsubscribe" in any email, updating your account preferences, or contacting us directly.
• Right to Restrict Processing: You can request that we limit how we use your personal data while a dispute or verification is being resolved.
• Right to Non-Discrimination: We will never discriminate against you or provide inferior service for exercising any of your privacy rights.

• California Residents (CCPA/CPRA): You have additional rights including the right to know what data is collected and sold, the right to delete, opt-out of sale (note: we never sell data), and the right to non-discrimination. Designate an authorized agent to exercise rights on your behalf.
• Virginia, Colorado, Connecticut, Utah Residents: Similar comprehensive privacy rights are provided under your respective state privacy laws, including access, correction, deletion, portability, and opt-out rights.
• Nevada Residents: You have the right to opt out of the sale of your personal information. As stated, we do not sell personal information, but you may submit an opt-out request for added assurance.

We work with carefully vetted third-party service providers who assist us in operating our business. Each provider is contractually bound to protect your data:

We take children's privacy extremely seriously and comply fully with the Children's Online Privacy Protection Act (COPPA):

• Age Restriction: Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age.
• Age Verification: We implement age verification checks during account registration to prevent minors from creating accounts or placing orders.
• Discovery & Deletion: If we discover that we have inadvertently collected personal information from a minor under 18, we will delete that information immediately and close the associated account.
• Parent/Guardian Contact: If you are a parent or guardian and believe your child under 18 has provided personal information to us, please contact us immediately at privacy@usarxmeds.com and we will take prompt action.

We retain your data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law:

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Here's how we handle updates:

• Notification of Material Changes: For significant changes that affect how your data is collected, used, or shared, we will notify you via email and a prominent notice on our website at least 30 days before the changes take effect.
• Last Updated Date: The "Last Updated" date at the top of this policy will always reflect the date of the most recent revision.
• Version History: We maintain a complete version history of this Privacy Policy. You can request previous versions by contacting our privacy team.
• Your Continued Use: By continuing to use our services after changes become effective, you acknowledge and agree to the updated Privacy Policy. If you disagree with any changes, you may close your account.
• Review Encouragement: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, we encourage you to reach out. Our dedicated privacy team is here to help:

• Privacy Officer Email: privacy@usarxmeds.com — for all privacy-related inquiries, data access requests, and HIPAA concerns.
• General Support Email: support@usarxmeds.com — for general questions about our services and your account.
• Phone: +1 (561) 905-4006 — available 24/7 for urgent privacy concerns or data rights requests.
• Mailing Address: UsarxMeds Privacy Officer, Boston, Massachusetts, United States. Available for formal written correspondence and legal notices.
• HIPAA Complaints: If you believe your HIPAA rights have been violated, you may file a complaint with us directly or with the U.S. Department of Health and Human Services at hhs.gov/hipaa/filing-a-complaint.
• Response Time: We aim to respond to all privacy inquiries within 2 business days and fulfill data rights requests within 30 calendar days.