SendMyDrugs

Privacy Policy

Effective Date: January 1, 2025

1. Introduction

SendMyDrugs (“we,” “us,” or “our”), a platform operated by Antigravity Labs LLC, is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, mobile application, or use our telehealth marketplace services (collectively, the “Platform”).

By accessing or using the Platform, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Platform.

2. Information We Collect

We collect information you provide directly, information collected automatically, and information from third parties:

Information You Provide

  • Account information: Name, email address, phone number, date of birth, and login credentials when you create an account.
  • Health information: Medical history, symptoms, prescriptions, and other health-related data you provide during consultations or treatment requests.
  • Provider credentials: For healthcare providers — NPI number, licensing information, practice details, and DEA registration where applicable.
  • Payment information: Billing address and payment method details (processed securely through our payment partners; we do not store full card numbers).
  • Communications: Messages, support requests, and feedback you send through the Platform.

Information Collected Automatically

  • Device and usage data: IP address, browser type, operating system, referring URLs, pages viewed, and interaction patterns.
  • Cookies and tracking technologies: See the Cookies section below for details.
  • Log data: Server logs recording access times, features used, and error reports.

Information from Third Parties

  • Identity verification: Data from identity verification services to confirm provider credentials.
  • Payment processors: Transaction confirmation data from Stripe and CaptureHealth.

3. How We Use Your Information

  • Provide, operate, and improve the Platform and our services.
  • Facilitate telehealth consultations and treatment fulfillment between consumers and licensed providers.
  • Process payments and manage subscriptions.
  • Verify healthcare provider credentials and maintain regulatory compliance.
  • Send transactional communications (order confirmations, shipping updates, appointment reminders).
  • Provide customer support and respond to inquiries.
  • Detect, prevent, and address fraud, security issues, and technical problems.
  • Comply with legal obligations, including healthcare regulations.
  • Generate de-identified, aggregated analytics to improve our services (never sold to third parties).

4. HIPAA Compliance

SendMyDrugs operates as a technology platform that connects consumers with licensed healthcare providers. Where applicable, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations:

  • Protected Health Information (PHI) is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • We maintain Business Associate Agreements (BAAs) with all subprocessors that handle PHI.
  • Access to PHI is limited to authorized personnel on a need-to-know basis with role-based access controls.
  • We conduct regular security assessments and maintain audit logs of PHI access.
  • In the event of a breach involving unsecured PHI, we will notify affected individuals and the Department of Health and Human Services as required by the HIPAA Breach Notification Rule.

5. Third-Party Services

We work with trusted third-party partners to deliver our services. These partners have their own privacy policies governing their use of your information:

  • CaptureHealth: Handles medication fulfillment, pharmacy operations, and medication-related payment processing.
  • Stripe: Processes platform subscription payments and provider SaaS billing. Stripe is PCI DSS Level 1 certified.
  • Analytics providers: We use privacy-respecting analytics tools to understand how the Platform is used.
  • Cloud infrastructure: Our Platform is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification.

6. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and multi-factor authentication for staff access.
  • Regular vulnerability assessments and penetration testing.
  • Automated monitoring and alerting for suspicious activity.
  • Incident response procedures and disaster recovery plans.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential cookies: Required for Platform functionality, authentication, and security. Cannot be disabled.
  • Analytics cookies: Help us understand usage patterns and improve the Platform. Can be opted out of.
  • Preference cookies: Remember your settings and display preferences.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may impair Platform functionality.

8. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Account data: Retained while your account is active and for 30 days after deletion request to allow recovery.
  • Health records: Retained in accordance with applicable state and federal healthcare record retention laws (typically 6-10 years depending on jurisdiction).
  • Transaction records: Retained for 7 years to comply with tax and financial reporting requirements.
  • Server logs: Retained for up to 90 days for security and debugging purposes.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a structured, commonly used, machine-readable format.
  • Opt-out: Opt out of marketing communications at any time via unsubscribe links or account settings.
  • Non-discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact us at privacy@sendmydrugs.com. We will respond within 30 days.

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Effective Date” at the top of this page and, where appropriate, sending you an email notification. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

12. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

SendMyDrugs (a platform by Antigravity Labs LLC)

Email: privacy@sendmydrugs.com

General Support: support@sendmydrugs.com