Legal · Consumer Health Data

Consumer Health Data Privacy Policy

Last updated: May 7, 2026
About this policy. This Consumer Health Data Privacy Policy applies to the extent required by applicable state law, including Washington's My Health My Data Act, Nevada SB 370, and Connecticut's CTDPA, with respect to “Consumer Health Data” as defined by those laws. It does not apply to Protected Health Information (PHI) subject to HIPAA, which is governed by our Notice of Privacy Practices. This policy supplements our general Privacy Policy.
Section 01

Scope and applicability

This Consumer Health Data Privacy Policy (“Policy”) applies to information that constitutes Consumer Health Data under applicable state law. In the event of a conflict between our general Privacy Policy and this Policy, this Policy controls to the extent it is consistent with applicable state law.

This Policy does not apply to:

  • Protected Health Information (PHI) subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which is covered by our Notice of Privacy Practices
  • Information about you that is not used or held in a manner that constitutes Consumer Health Data under applicable law
  • De-identified or publicly available information
Section 02

What is consumer health data

“Consumer Health Data” generally means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. This may include:

Health conditions, treatment, and medications

Including diseases, symptoms, diagnoses, prescriptions, and treatment plans.

Bodily measurements and characteristics

Including weight, height, BMI, body composition, and biometric measurements.

Reproductive or sexual health information

To the extent collected during intake or treatment.

Gender-affirming care information

To the extent collected during intake or treatment.

Use of health-related applications and services

Including the fact of your enrollment, the medications prescribed, and your interactions with the platform.

Precise location information

If used to indicate proximity to a health facility (we do not currently collect this).

The specific categories of Consumer Health Data we collect about you depend on how you interact with us, the services you use, and the choices you make.

Section 03

Categories of consumer health data we collect

We collect the following categories of Consumer Health Data:

CategoryExamples
Health history and intake responsesConditions you've been diagnosed with, medications you take, allergies, family history
Bodily measurementsWeight, height, BMI, blood pressure, target weight goals
Treatment informationPrescribed medications, dose, titration history, refill schedule
Communications about your careMessages with the care team, follow-up survey responses, photo updates if provided
Identifiers and device informationIP address, device type, browser, operating system, mobile identifiers
General location dataState of residence (used for provider licensing and pharmacy fulfillment eligibility)
Usage dataPages viewed, features used, session duration on health-related areas of the platform
Section 04

Sources of consumer health data

We collect Consumer Health Data from the following sources:

  • Directly from you when you complete intake, communicate with the care team, update your account, or provide photos and other materials
  • From your treating provider, including evaluation notes and prescription details
  • From our partner pharmacy, including dispensing and fulfillment records
  • Automatically through cookies, mobile identifiers, and other tracking technologies as you use the platform
  • From third-party service providers we engage to help operate the platform
Section 05

How we use consumer health data

We use Consumer Health Data only as needed to provide the service and as permitted by law:

  • To facilitate clinical evaluation, prescription, and care delivery by licensed providers
  • To coordinate prescription fulfillment with our partner pharmacy
  • To communicate with you about your care, account, and platform
  • To improve and personalize the platform based on aggregated, de-identified usage
  • To comply with legal obligations and protect against fraud or unauthorized access
  • For other purposes for which we obtain your specific consent

We do not sell Consumer Health Data and we do not use Consumer Health Data for cross-context behavioral advertising without your consent.

Section 06

How we share consumer health data

We share Consumer Health Data only with parties necessary to deliver the service or as required by law:

Service providers and processors

We share Consumer Health Data with vendors that provide services on our behalf, including EMR/EHR systems, payment processors, communication tools, hosting providers, and analytics. These vendors are contractually required to protect Consumer Health Data and use it only for the purposes we authorize.

Affiliates

We may enable access to Consumer Health Data across our subsidiaries, affiliates, and related companies where we share common data systems or where access helps us provide our services.

Licensed providers and partner pharmacies

We share Consumer Health Data with the licensed providers who evaluate and prescribe your treatment, and with the partner pharmacy that fulfills your prescription.

Legal and law enforcement

We will access, share, and preserve Consumer Health Data when we believe it is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or government agencies.

With your consent

For any other purpose, we share Consumer Health Data only with your separate, specific consent.

Section 07

How we secure consumer health data

We protect Consumer Health Data with administrative, technical, and physical safeguards including:

  • End-to-end encryption in transit (TLS 1.2 or higher) and encryption at rest
  • Role-based access controls limiting employee access on a need-to-know basis
  • Multi-factor authentication for administrative access
  • Audit logging of access to Consumer Health Data
  • Regular vulnerability scanning, penetration testing, and security audits
  • HIPAA-compliant infrastructure and Business Associate Agreements with vendors that handle health data
  • Documented incident response and breach notification procedures

No system is 100% secure, but we maintain protections aligned with industry standards and applicable law.

Section 08

Retention of consumer health data

We retain Consumer Health Data only as long as necessary to:

  • Provide the service you have requested
  • Comply with legal, regulatory, tax, audit, and pharmacy record-retention obligations (typically 7–10 years for prescription and treatment records, depending on your state)
  • Resolve disputes and enforce our agreements
  • Maintain security, prevent fraud, and protect against unauthorized access

When Consumer Health Data is no longer required, we delete or de-identify it in accordance with our data retention schedule.

Section 09

Your consumer health data rights

Depending on your state of residence, you may have the following rights with respect to your Consumer Health Data. These rights may be subject to certain limitations under law.

Withdraw consent

To the extent we rely on your consent to collect or share your Consumer Health Data, you may withdraw that consent for any future collection or sharing.

Access and confirm

You may ask us to confirm whether we have collected, shared, or sold your Consumer Health Data, and to receive a copy of the Consumer Health Data we have collected, shared, or sold. You may also request a list of all third parties and affiliates with whom we have shared or sold your Consumer Health Data.

Delete

You may request that we delete your Consumer Health Data. We will honor such requests except where retention is required by law (for example, prescription records that pharmacies are required to retain).

Appeal

If we deny your rights request, you may appeal that decision in accordance with applicable state law.

Section 10

How to exercise your rights

To exercise the rights described above, contact us at privacy@reauxhealth.com with the subject line “Consumer Health Data Request,” or write to us at the mailing address in Section 13.

We may need to verify your identity before processing your request. To verify your identity, we may ask you to confirm personal information already on file. If we cannot verify your identity from information on file, we may request additional information (such as a government-issued ID), used only for verification and security purposes.

Heads up: Some Consumer Health Data is necessary for us to provide the service. If you delete it or withdraw consent for its collection, we may not be able to continue providing the service or certain features.
Section 11

Authorized agents

You may use an authorized agent to submit a Consumer Health Data rights request on your behalf. The authorized agent must provide written, signed permission from you. We may verify the identity of both you and the agent before processing the request.

Section 12

Changes to this policy

We may update this Consumer Health Data Privacy Policy from time to time. The “Last updated” date above reflects the most recent revision. We will notify you of material changes by email or by a prominent notice on the platform.

Section 13

Contact us about consumer health data

To exercise your Consumer Health Data rights or ask questions about this policy, contact:

Reaux Health LLC
Privacy Office
privacy@reauxhealth.com
1 E Erie St, Suite 525-3120
Chicago, IL 60611