Privacy Policy

1. Overview

Teddy Meds ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and safeguard your personal and health information when you access or use our telehealth platform at teddymeds.com (the "Platform").

By using this Platform, you agree to the practices described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Name, date of birth, and contact information (email, phone, address)
• Health history, current medications, and symptoms provided in intake forms
• Payment information (processed by PCI-compliant third-party processors)
• Government-issued identification for identity verification
• Communications with our support team

2.2 Information Collected Automatically

• IP address, browser type, device identifiers
• Pages visited and interaction data (via analytics tools)
• Cookies and similar tracking technologies (see Section 8)

3. How We Use Your Information

We use your information to:

• Facilitate connections between you and licensed healthcare providers
• Facilitate the fulfillment of valid prescriptions from licensed pharmacies
• Verify your identity and eligibility for services
• Process payments and manage your account
• Communicate with you about your care, account, and service updates
• Comply with applicable laws, regulations, and legal requests
• Improve our Platform and services

4. HIPAA and Protected Health Information

To the extent applicable, we handle Protected Health Information ("PHI") in compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations. Your PHI is shared only with:

• Licensed healthcare providers involved in your care
• Pharmacies fulfilling valid prescriptions (DEA-registered, 503A-certified facilities)
• Business associates who have signed HIPAA-compliant Business Associate Agreements
• Government authorities when required by law

For a complete description of your rights under HIPAA, see our HIPAA Notice of Privacy Practices.

5. Information Sharing

We do not sell your personal information or PHI to third parties. We share information only as described in this policy, including:

• Healthcare Providers: Licensed physicians and nurse practitioners assigned to your case
• Pharmacies: DEA-registered compounding pharmacies fulfilling prescriptions
• Service Providers: Technology, payment, and communications vendors under data processing agreements
• Legal Compliance: Courts, regulators, or law enforcement when legally required

6. Data Security

We implement industry-standard technical and administrative safeguards to protect your information, including:

• TLS/SSL encryption for all data transmission
• Encryption of stored health information
• Access controls limiting PHI access to authorized personnel
• Regular security audits and monitoring

No method of electronic transmission or storage is 100% secure. In the event of a security breach affecting your PHI, we will notify you as required by HIPAA and applicable state law.

7. Data Retention

We retain your information for as long as necessary to provide our services, comply with legal obligations, and fulfill the purposes described in this policy. Specific retention periods include:

• Protected Health Information (PHI): Retained for a minimum of six (6) years from the date of creation or last effective date, in accordance with HIPAA requirements and applicable state medical record retention laws.
• Account and personal data: Retained for the duration of your account and for up to three (3) years after account closure, unless a longer period is required by law.
• Payment records: Retained for seven (7) years in compliance with IRS and financial record-keeping requirements.
• Automatically collected data: Analytics and usage data is retained for up to twenty-four (24) months from the date of collection.
• Communications: Support correspondence is retained for three (3) years after the last interaction.

After the applicable retention period expires, your data is securely deleted or de-identified in accordance with industry-standard data destruction practices. You may request earlier deletion of your personal data by contacting us at support@teddymeds.com, subject to any legal obligations that require us to retain certain records.

8. Your Rights

Depending on your location, you may have rights to:

• Access, correct, or delete your personal information
• Receive a copy of your data in a portable format
• Restrict or object to certain processing
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with a data protection authority

To exercise your rights, contact us at support@teddymeds.com.

9. Cookies

We use cookies and similar technologies for session management, analytics, and functionality. You can manage cookie preferences through your browser settings. Disabling cookies may affect certain features of the Platform.

10. Minors

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn we have collected information from a minor, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy with a new "Last Updated" date. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or our data practices, contact our Privacy Officer: