Privacy Policy

VeinLife Direct, LLC ("VeinLife Direct," "we," "us," or "our") is committed to protecting your privacy and the security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website (veinlifedirect.com) and use our telehealth platform services (collectively, the "Platform").

This Privacy Policy applies to information we collect through the Platform and does not apply to information collected offline or through other channels. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

For information about how your protected health information (PHI) is handled in the context of your healthcare, please review our separate HIPAA Notice of Privacy Practices.

We collect several types of information from and about users of the Platform:

Personal Identification Information: Name, email address, phone number, date of birth, billing address, and shipping address collected during account creation and checkout.

Health Information: Medical history, current medications, known allergies, biological sex, and responses to medical screening questionnaires. This information is collected for the purpose of facilitating your telehealth consultation and is treated as protected health information (PHI) under HIPAA where applicable.

Payment Information: Credit card numbers, billing addresses, and transaction history. Payment card data is processed directly by Stripe and is not stored on our servers. We retain only transaction identifiers and amounts.

Technical Information: IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, and other usage data collected automatically through cookies and similar tracking technologies.

Communications: Records of your communications with us, including emails, support tickets, and chat messages.

We use the information we collect to:

• Process your orders and facilitate your telehealth consultation with licensed healthcare providers
• Transmit your prescription to our licensed compounding pharmacy partners for fulfillment
• Send you order confirmations, shipping notifications, and prescription status updates
• Communicate with you about your account, orders, and any issues that arise
• Send promotional communications (with your consent, and you may opt out at any time)
• Improve and optimize the Platform's performance and user experience
• Detect, prevent, and address fraud, security breaches, and other prohibited activities
• Comply with legal obligations, including HIPAA, applicable state telehealth laws, and DEA regulations
• Enforce our Terms & Conditions and other agreements

We do not sell your personal information to third parties for their marketing purposes.

We may share your information with the following categories of third parties:

Healthcare Providers: Your intake information, medical screening responses, and personal details are shared with the independent licensed healthcare providers affiliated with NXRX PLLC who review your case and issue prescriptions. These providers are bound by HIPAA and their professional obligations.

Pharmacy Partners: Upon prescription approval, your name, shipping address, prescription details, and relevant health information are transmitted to our licensed compounding pharmacy partners for fulfillment.

GEN-Health Platform: We use GEN-Health as our electronic health record (EHR) and patient management platform. Your patient profile, order details, and prescription status are stored and managed within GEN-Health. By using our Platform, you consent to the sharing of your information with GEN-Health and its administrative and technical support staff as necessary for the operation of the Platform.

Payment Processors: Payment information is processed by Stripe, Inc. Stripe's privacy policy governs the use of your payment data.

Service Providers: We may share information with vendors and service providers who perform services on our behalf, such as email delivery, analytics, customer support, and IT services. These parties are contractually obligated to use your information only as directed by us.

Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

We use cookies, web beacons, and similar tracking technologies to collect information about your use of the Platform. Cookies are small data files stored on your device that help us improve the Platform and your experience.

Essential Cookies: Required for the Platform to function properly, including maintaining your session and processing payments.

Analytics Cookies: Used to understand how visitors interact with the Platform, which pages are most visited, and how users navigate through the checkout process. We use anonymized analytics data to improve the Platform.

Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. You may opt out of marketing cookies by adjusting your browser settings or using the opt-out mechanisms provided by our advertising partners.

Most web browsers allow you to control cookies through browser settings. Disabling cookies may affect the functionality of the Platform.

We implement industry-standard technical, administrative, and physical security measures to protect your personal and health information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your browser and our servers
• Encrypted storage of sensitive data at rest
• Access controls limiting employee access to personal and health information on a need-to-know basis
• Regular security assessments and vulnerability testing
• Business Associate Agreements (BAAs) with all vendors who handle PHI

Despite these measures, no security system is impenetrable. We cannot guarantee the absolute security of your information. In the event of a data breach affecting your PHI, we will notify you as required by HIPAA and applicable state law.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including providing services, complying with legal obligations, resolving disputes, and enforcing our agreements.

Medical records and PHI are retained in accordance with applicable state and federal law, which typically requires retention for a minimum of 7 years from the date of the last service, or longer for minors.

You may request deletion of your non-health personal information by contacting us at [email protected]. Note that we may be required to retain certain information for legal compliance purposes even after a deletion request.

Depending on your state of residence, you may have the following rights regarding your personal information:

Access: The right to request a copy of the personal information we hold about you.

Correction: The right to request correction of inaccurate personal information.

Deletion: The right to request deletion of your personal information, subject to certain exceptions (e.g., legal retention requirements).

Opt-Out of Marketing: The right to opt out of receiving promotional communications. You may unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing email.

California Residents (CCPA/CPRA): California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights.

To exercise any of these rights, please contact us at [email protected].

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a new effective date. Your continued use of the Platform after the effective date of the revised policy constitutes your acceptance of the changes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

VeinLife Direct, LLC Email: [email protected] Phone: (941) 217-1132

For HIPAA-specific requests regarding your protected health information, please refer to our HIPAA Notice of Privacy Practices.