Last Updated: May, 2025

Privacy Policy

Definitions

• Personal Data: Any information relating to an identified or identifiable individual.
• Protected Health Information (PHI): Health data covered under HIPAA.
• Business Associate: Third parties processing PHI on our behalf under a BAA.

1. Information We Collect

• Contact & Account Data: Name, email ([email protected]), phone 718-587-9872) when you submit forms or create an account.
• Health Information (PHI): Prescription details and CGM preferences when you request service (HIPAA-protected).
• Technical & Usage Data: IP address, browser type, device info, and page interactions via cookies and analytics.

2. How We Use Your Information

• To process orders, verify insurance and prescription validity.
• To communicate with you by phone (718-587-9872), email ([email protected]), SMS, or messaging apps.
• To personalize and improve our website, products, and services.
• To comply with legal obligations (e.g., HIPAA, CMS, CCPA).

3. Cookies & Tracking Technologies

We use cookies and similar technologies to remember your preferences and analyze site traffic. You can accept or decline non-essential cookies via our Cookie Policy banner. Disabling cookies may limit certain features.

4. Third-Party Sharing

We share data only with:

• HIPAA-compliant Business Associates under Business Associate Agreements (CRM, email/SMS providers).
• Analytics and advertising partners (for aggregated, non-identifiable data)—see their privacy pages below.

We do not sell your personal information.

• Google Analytics Privacy Policy
• Facebook Pixel Privacy

5. Your Rights & Choices

• Access & Correction: Request your data or corrections by emailing [email protected] or using our Data Request Form.
• Deletion (“Right to be Forgotten”): Ask us to delete your account and PHI (subject to legal retention requirements).
• Data Portability: Receive a copy of your data in machine-readable format.
• Opt-Out Marketing: Unsubscribe from promotional emails or texts at any time.
• Cookie Preferences: Manage via our Cookie Policy banner or browser settings.

6. HIPAA Compliance

All PHI is encrypted in transit and at rest. We perform annual risk assessments, enforce role-based access with multi-factor authentication, and maintain audit logs. Our HIPAA policies cover all staff and vendors.

7. GDPR & CCPA

EU and California residents have additional rights under GDPR and CCPA. You may contact our Data Protection Officer (DPO) at [email protected] or call 718-587-9872 for data-subject requests.

8. Data Retention & Secure Disposal

We retain personal and health data only as necessary under federal and state laws, then securely dispose of it using NIST-compliant methods. Daily encrypted backups are stored off-site, with quarterly restore tests.

9. Incident Response & Enforcement

We maintain a documented Incident Response Plan. In the event of a breach, we follow HIPAA breach-notification rules and notify affected individuals and regulators within required timelines. We cooperate with enforcement bodies such as HHS OCR and state attorneys general.

10. Children’s Privacy

Our site is not intended for children under 18. We do not knowingly collect information from minors. If you believe we have inadvertently done so, please contact us to delete that data.

11. Cookie Policy

We categorize cookies as:

• Essential: Required for site functionality.
• Analytics: Google Analytics to measure traffic.
• Advertising: Facebook Pixel for ads targeting.

You can manage these via our cookie banner or browser settings. For full details, see our Full Cookie Policy.

12. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact:

• Email: [email protected]
• Phone: 718-587-9872
• Data Protection Officer: [email protected]