Pills2Me AI Now in beta: Click here to try it out — The pharmacy OS of the future.

Legal

Privacy Policy

How Pills2Me, Inc. ("Pills2Me," "we," "us," "our") collects, uses, shares, and protects your information — written to comply with HIPAA and the strictest U.S. state privacy laws, including CCPA/CPRA and Washington's My Health My Data Act.

Effective date: June 17, 2026 · Last updated: June 17, 2026

Plain-language summary. Pills2Me delivers prescriptions and supports pharmacies, telehealth, health plans, and health systems. We treat your health information as Protected Health Information ("PHI") under HIPAA when we handle it on behalf of a pharmacy or health system. We never sell PHI, and we do not sell or share personal information for cross-context behavioral advertising. You have strong rights over your data — see Section 7 to exercise them.

1. Introduction & Scope

This Privacy Policy describes how Pills2Me collects, uses, and shares information when you (i) use the Pills2Me consumer app, websites, and on-demand prescription delivery service, or (ii) interact with Pills2Me through our pharmacy, pharmacy benefit manager (PBM), telehealth, or health-system partner platforms. By using our services, you agree to this policy.

Pills2Me was founded during the COVID-19 pandemic to deliver prescriptions to seniors and immunocompromised patients, and has since expanded to power last-mile pharmacy logistics for partners across the United States.

2. HIPAA Notice

When Pills2Me handles health information on behalf of a pharmacy, health plan, or health system, we act as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). In that role we handle Protected Health Information ("PHI") under written Business Associate Agreements (BAAs) and in accordance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule (45 C.F.R. Parts 160 and 164).

Our Notice of Privacy Practices appears as an Appendix at the end of this policy and describes uses and disclosures of PHI and your rights as a patient.

3. Information We Collect

3.1 Protected Health Information (PHI)

  • Prescription details (drug name, strength, quantity, prescriber, Rx number)
  • Dispensing, delivery, and chain-of-custody records
  • Demographic and contact information collected for treatment, payment, or healthcare operations
  • Insurance, payer, and copay information

3.2 Personal Information

  • Identifiers: name, email, phone number, postal address, account credentials
  • Payment information processed by our PCI-DSS-compliant payment processors
  • Device and usage data: IP address, device identifiers, browser type, app interactions, approximate geolocation
  • Cookies and similar technologies (see Section 12)
  • Communications with our support team, including chat transcripts and call recordings where permitted by law

3.3 Sensitive & Consumer Health Data

Some information we collect is "sensitive personal information" under CPRA or "consumer health data" under the Washington My Health My Data Act and similar laws — including precise geolocation, account credentials, and information that identifies a past, present, or future physical or mental health status, diagnosis, or treatment. We process sensitive data only for the purposes described in this policy and, where required, with your consent.

4. Sources of Information

We collect information from:

  • You, when you create an account, place an order, or contact us
  • Pharmacies, health systems, prescribers, and payers involved in your care
  • Telehealth and PBM partners whose platforms integrate with Pills2Me
  • Service providers (couriers, payment processors, cloud and analytics vendors) acting on our behalf
  • Public sources and fraud-prevention databases, where lawful

5. How We Use Information

5.1 PHI — Treatment, Payment, and Healthcare Operations

We use PHI only as permitted by HIPAA and our BAAs: to facilitate dispensing, delivery, and billing of prescriptions; to coordinate care; to perform quality assurance; and as otherwise allowed or required by law.

5.2 Personal Information

  • Provide, operate, and improve the Pills2Me service
  • Authenticate users and prevent fraud, abuse, and security incidents
  • Communicate with you about your order, account, customer support, and (with your permission) marketing
  • Analyze service performance and usage
  • Comply with legal obligations and enforce our terms

We do not use PHI or sensitive personal information for cross-context behavioral advertising or for "profiling" that produces legal or similarly significant effects about you.

6. How We Share Information

We share information only with the following categories of recipients:

  • Pharmacy, health-system, telehealth, and PBM partners involved in your prescription
  • Couriers and delivery personnel who fulfill your delivery (limited to the minimum necessary information)
  • Payment processors for transaction processing
  • Cloud hosting, IT, and analytics vendors bound by written data protection agreements (and BAAs where PHI is involved)
  • Legal, regulatory, and safety recipients where required by law, court order, or to protect rights, property, or safety
  • Successors in a merger, acquisition, or similar transaction, subject to this policy

We do not sell PHI. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. We do not sell or share consumer health data covered by the Washington My Health My Data Act without your valid authorization.

7. Your Rights

7.1 HIPAA Rights

If we hold PHI about you, you may request to:

  • Access or obtain a copy of your PHI
  • Amend PHI that is inaccurate or incomplete
  • Receive an accounting of certain disclosures
  • Request restrictions on certain uses or disclosures
  • Request confidential communications by alternative means or at alternative locations
  • File a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR)

7.2 State Privacy Rights

Depending on your state of residence (including California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others), you may have the right to:

  • Know what personal information we hold about you and how it is used
  • Access and obtain a portable copy of that information
  • Correct inaccurate personal information
  • Delete personal information, subject to legal exceptions
  • Opt out of the "sale" or "sharing" of personal information and of targeted advertising
  • Opt out of profiling that produces legal or similarly significant effects
  • Limit our use and disclosure of sensitive personal information
  • Appeal a denial of a privacy request
  • Be free from discrimination for exercising these rights

7.3 Washington My Health My Data Act

Washington residents may withdraw consent to processing of consumer health data, request access to or deletion of consumer health data we hold, and obtain a list of third parties with whom we have shared consumer health data.

7.4 Global Privacy Control

We honor browser-based Global Privacy Control (GPC) signals as a valid opt-out of "sale" and "sharing" where required by law.

7.5 How to Submit a Request

To exercise any of these rights, email info@pills2me.com with "Privacy Request" in the subject line. We will verify your identity using information already in our records and respond within the timeframes required by applicable law (generally 30–45 days). Authorized agents may submit requests on your behalf with written authorization.

8. Data Retention

We retain PHI for the period required by HIPAA and applicable state pharmacy record-retention laws (generally a minimum of six years from creation or last effective date, longer where state law requires). Non-PHI personal information is retained only as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements, after which it is deleted or de-identified.

9. Security

We maintain administrative, physical, and technical safeguards designed to protect personal information and PHI in accordance with the HIPAA Security Rule, including role-based access controls, audit logging, workforce training, encryption in transit (TLS 1.2+) and at rest (AES-256), and incident-response procedures. In the event of a breach of unsecured PHI or personal information, we will notify affected individuals and regulators as required by HIPAA and applicable state breach notification laws.

10. Children's Privacy

The Pills2Me service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. Where a minor patient receives prescription delivery, the account and ordering is conducted by a parent or legal guardian.

11. International Users & Data Location

Pills2Me services are intended for use within the United States, and information is processed and stored on infrastructure located in the United States.

12. Third-Party Links & SDKs

Our service may link to third-party websites and may include analytics SDKs (e.g., for crash reporting and product analytics) configured to avoid the transmission of PHI. Third-party sites are governed by their own privacy policies, which we do not control.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice (such as an in-app banner or email). Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

Privacy Officer: Ian Andrus
Email: info@pills2me.com
Mail: Pills2Me, Inc., 300 S 4th St, Ste 180, Las Vegas, NV 89101

HIPAA complaints may be submitted to our Privacy Officer at the address above. You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, 200 Independence Avenue SW, Washington, D.C. 20201, or at hhs.gov/ocr/complaints. We will not retaliate against you for filing a complaint.

Appendix — Notice of Privacy Practices (HIPAA)

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Pledge Regarding PHI

When Pills2Me acts as a Business Associate of a covered entity (a pharmacy, health plan, or health system), we are committed to protecting PHI we receive, create, or maintain on their behalf.

Permitted Uses & Disclosures of PHI

  • Treatment: to facilitate dispensing and delivery of your medications and to coordinate with prescribers and pharmacies.
  • Payment: to process payment, copay, and insurance information for your prescriptions.
  • Healthcare operations: for quality assurance, safety monitoring, fraud detection, and similar operational purposes.
  • As required by law: including for public-health activities, law enforcement, judicial proceedings, and reporting of abuse or neglect.

Uses & Disclosures That Require Your Authorization

Most uses and disclosures of PHI for marketing purposes, sales of PHI, and most uses and disclosures of psychotherapy notes require your written authorization. You may revoke an authorization at any time, in writing, except to the extent we have already relied on it.

Your Rights Under HIPAA

  • Right to inspect and copy your PHI
  • Right to request an amendment
  • Right to an accounting of certain disclosures
  • Right to request restrictions on uses and disclosures
  • Right to request confidential communications
  • Right to a paper copy of this Notice
  • Right to be notified following a breach of unsecured PHI

Changes to This Notice

We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have about you, as well as any PHI we receive in the future. The current Notice will always be posted on this page with its effective date.

This Privacy Policy is provided for transparency and does not constitute legal advice. For questions about how this policy applies to your situation, contact our Privacy Officer.