Privacy Policy

Basix For Men ("Basix," "we," "us," or "our") is committed to protecting your privacy and safeguarding your personal and health information. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, patient portal, and telehealth services (collectively, the "Services").

By using the Services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

a. Information you provide directly

When you create an account, complete a health questionnaire, or otherwise interact with the Services, we may collect: your name, email address, phone number, date of birth, biological sex, and mailing address; medical history, current medications, known allergies, symptoms, and responses to health questionnaires; a copy of your government-issued photo ID (for identity verification); your electronic signature for informed consent; and payment information (processed and stored by our third-party payment processors — we do not store full credit card numbers).

b. Information collected automatically

When you access the Services, we automatically collect certain technical information, including: your IP address, browser type, operating system, and device identifiers; pages visited, time spent on pages, and navigation paths; and referring URLs and search terms.

We collect this information using cookies, server logs, and similar technologies. You can manage your cookie preferences through your browser settings.

c. Information from third parties

We may receive information about you from our affiliated healthcare providers, partner pharmacies, and payment processors in connection with the Services.

2. How We Use Your Information

We use the information we collect for the following purposes: to facilitate telehealth consultations between you and licensed healthcare providers; to verify your identity and eligibility for services; to process and fulfill prescription orders through our partner pharmacies; to communicate with you about your account, orders, and treatment; to send appointment reminders, onboarding prompts, and service-related notifications; to process payments and prevent fraud; to improve, personalize, and optimize the Services; to comply with legal and regulatory obligations, including state telehealth laws; and to respond to your inquiries and provide customer support.

3. Protected Health Information (PHI) and HIPAA

Certain information you provide through the Services, including your medical history, health questionnaire responses, prescriptions, and communications with healthcare providers, may constitute Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA").

The healthcare providers who treat you through the Services are covered entities under HIPAA and are bound by their own Notice of Privacy Practices, which will be made available to you during the onboarding process. Basix For Men acts as a business associate to these providers and maintains appropriate safeguards for PHI in compliance with HIPAA and applicable state laws.

We will not use or disclose your PHI for marketing purposes without your express written authorization. We will not sell your PHI.

4. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of recipients and only for the purposes described:

Healthcare providers

We share your medical information with licensed healthcare providers who conduct your telehealth consultation and make treatment decisions.

Pharmacies

If a prescription is issued, we share necessary information (including your name, address, prescription details, and allergies) with our partner pharmacies to fulfill and ship your medication.

Service providers

We engage third-party vendors who assist us in operating the Services, including cloud hosting (Vercel), database hosting (Supabase/PostgreSQL), email delivery (SendGrid), payment processing (Shopify Payments), and analytics. These vendors are contractually obligated to protect your information and may only use it to provide services to us.

Legal and regulatory requirements

We may disclose your information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If Basix For Men is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

5. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, or disclosure. These measures include encryption of data in transit (TLS) and at rest, access controls limiting who can view your data, secure authentication mechanisms, and regular security assessments.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal and medical information for as long as your account is active and as needed to provide the Services. After account termination, we retain information as necessary to comply with legal obligations (including medical record retention requirements, which vary by state but are generally 7 to 10 years for adult medical records), resolve disputes, and enforce our agreements.

Government-issued ID images submitted for identity verification are retained only for as long as needed for verification purposes and are then securely deleted, unless a longer retention period is required by law.

7. Your Rights and Choices

Depending on your state of residence, you may have the following rights regarding your personal information:

Access and portability

You may request a copy of the personal information we hold about you. For medical records, you may request copies through your treating healthcare provider or by contacting us.

Correction

You may request that we correct inaccurate personal information. Medical record amendments are handled in accordance with HIPAA procedures.

Deletion

You may request deletion of your personal information, subject to exceptions required by law (such as medical record retention requirements).

Opt-out of marketing

You may opt out of promotional emails by clicking the "unsubscribe" link in any marketing email. Note that you cannot opt out of transactional emails related to your account, orders, or treatment.

Do Not Sell / Do Not Share

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

To exercise any of these rights, contact us at support@basixformen.com. We will respond to verified requests within the timeframe required by applicable law.

8. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and its amendments, including the right to know what personal information we collect, use, and disclose; the right to delete your personal information; the right to opt out of the sale or sharing of personal information; and the right to non-discrimination for exercising your privacy rights.

Note that the CCPA does not apply to PHI that is protected by HIPAA, which is governed separately as described in Section 3 above.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Services, remember your preferences, authenticate your sessions, and analyze usage patterns. We use essential cookies required for the Services to function (session tokens, CSRF protection) and analytics cookies that help us understand how the Services are used (such as page views and navigation paths).

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Services.

10. Third-Party Links

The Services may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party site you visit.

11. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a person under 18, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Services prior to the changes taking effect. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For complaints regarding the handling of your PHI, you may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.