Privacy Policy
Last Updated: November 6, 2025
This Privacy Policy explains how KindleeRx, LLC ("KindleeRx", "Kindlee", "we", "us", "our"), together with independent healthcare providers ("Provider Entities"), collects, uses, discloses, and protects information about you when you use our websites, mobile applications, and official social media accounts (together, the "Platform").
By using the Platform, you agree to this Privacy Policy and any additional terms we reference (for example, when you receive clinical care, our Consent to Telehealth). Capitalized terms not defined here have the meanings set forth in those documents.
1. Introduction & HIPAA Notice
When Kindlee handles information on behalf Provider Entities or pharmacies in connection with your treatment or dispensing, that information constitutes Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws. Such PHI is used and disclosed only as permitted by HIPAA and our business-associate agreements and is not subject to all consumer privacy rights set out in this Policy.
2. Children and minors
The Platform is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18 without verifiable parental consent. For clinical services provided to minors ages, a parent or legal guardian must be the account holder, provide required consents (including Consent to Telehealth & Treatment), and participate as required by applicable state law.
If you are a California resident under 18 and cannot remove publicly posted content, you (or your parent/guardian) may request removal by emailing legal@kindleerx.com with the URL(s) and description of the content. Removal from public view does not guarantee full deletion from all systems (including backups).
3. Information we collect
We collect information:
- directly from you;
- automatically through cookies and similar technologies; and
- from third parties, such as payment processors, analytics/advertising partners, pharmacies, and Provider Entities.
3.1 Identifiers & Account Data: For example, name, alias, email address, phone number, billing/shipping address, date of birth where required, username/password, IP address, device IDs.
3.2 Demographics & Sensitive Personal Information (SPI): Categories defined under applicable state law may include health data, precise geolocation, government IDs, racial or ethnic origin, sexual orientation, and other categories. We collect health-related data when you seek care (see Section 3.5). We do not collect government ID numbers except when legally required (for identity verification) or for fraud prevention.
3.3 Commercial & Financial Information: Orders, subscriptions, item views/purchases, refund/return records, and payment method tokens (we do not store full card numbers).
3.4 Internet/Network Activity & Device Data: Log files, pages viewed, links clicked, referring/exit pages, time on page, crash or diagnostic reports, device/browser settings. See Section 4 for cookies/tracking.
3.5 Health/Medical Information (PHI and non-PHI): If you complete a clinical intake or consult, you may submit symptoms, medical history, medications, allergies, photos/videos, and other health data. When used for treatment, payment, or health-care operations, the data is PHI (see above). Health-related data collected outside of formal care (for example, browsing health topics) may be regulated under state consumer health laws.
3.6 Geolocation: We infer general location from your IP address. If you enable device location services, we may collect precise geolocation for features such as state-specific compliance or pharmacy routing.
3.7 User contributions & communications: Content you post (reviews, photos, messages) and communications with support or clinicians (which may become part of your medical record if used for care).
3.8 Information from other sources: We may obtain information about you from pharmacies, Provider Entities, fraud-prevention partners, analytics/advertising partners, and social-media platforms, subject to your settings or consents.
4. Cookies, Pixels & Analytics
We and our service-partners use cookies, SDKs, pixels/web beacons, session-replay tools, local storage, and similar technologies to:
- operate the Platform;
- remember your preferences;
- measure performance; and
- personalize content and, where permitted, advertising.
You may control cookies in your browser or device settings; however, some features may not function without certain cookies.
Analytics & session replay: We use tools such as Google Analytics and LogRocket, configured not to capture PHI and not deployed on authenticated care flows where PHI is created or viewed. LogRocket is configured to mask inputs and block network/request recording in medical-intake and messaging areas.
Advertising pixels: We use Meta and Google Ads tags on non-care marketing pages to measure conversions and optimize our ads. We do not display third-party ads on authenticated care flows and do not deploy advertising tags where PHI may appear.
5. How We Use Information
We use collected information to:
- provide, secure, troubleshoot, and improve the Platform and our services;
- operate clinical workflows with Provider Entities and partner pharmacies (including scheduling, communications, e-prescribing, dispensing, and fulfillment);
- personalize your experience and present content relevant to your location and interests;
- process orders, payments, returns, and customer support;
- prevent fraud, abuse, or security incidents; and
- comply with law, enforce our terms, and protect our rights and those of users.
We may create de-identified or aggregated data for analytics and business purposes and do not attempt to re-identify it.
6. How We Share Information
We share information with:
- Provider Entities and pharmacies to deliver your care and fulfill prescriptions (PHI under HIPAA where applicable);
- Service providers (hosting, cloud storage, analytics, email/SMS, identity verification, payment processors) bound by contract to use data only to provide services to us;
- Payment processors that process payments on our behalf (we do not store full card numbers);
- Affiliates and partners where needed to operate the Platform;
- Law enforcement or regulators when required by law or to protect rights, safety or security; and
- Successors in a corporate transaction (subject to this Policy's protections).
Sale/Share for targeted advertising: We do not sell your personal information. We may share personal information (as defined under California law) with Meta and Google for cross-context behavioral advertising on non-care pages to measure conversions and improve our ads. We do not use PHI or SPI for targeted advertising. You can opt out of sharing via our "Do Not Sell or Share My Personal Information" link, and we honor Global Privacy Control (GPC) signals.
7. Account Communications & Marketing
We send transactional communications (such as receipts, order updates, clinical follow-ups) and, where permitted, marketing messages. You may opt out of marketing communications at any time (unsubscribe links or account settings). Transactional messages related to your account or care will continue and cannot be opted out.
8. Data Security & Retention
We implement administrative, technical, and physical safeguards (for example, encryption in transit, access controls, logging). However, no system is 100% secure. If we discover a security incident affecting your information, we will notify you as required by law.
Retention: We retain information as long as needed to provide services and for legitimate business, legal, tax, and medical-record retention purposes. Certain records may be retained indefinitely where permitted by law. You may request deletion (see Section 9) subject to legal, regulatory, or medical-record obligations.
9. Your Privacy Choices & Rights
Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal information and to opt out of targeted advertising, sales/shares, or profiling.
Submit a request: legal@kindleerx.com
Postal address: 1012 Goodlette-Frank Rd, Suite 100, Naples, FL 34102
Global Privacy Control (GPC): We honor browser-based opt-out signals where required.
Appeal: If we deny your request, you may appeal by replying to our decision email.
For marketing emails/SMS: Use the unsubscribe link or reply "STOP" to SMS. Some transactional messages (e.g., order updates or clinical follow-ups) cannot be opted out.
10. State-Specific Notices
California (CCPA/CPRA): California residents may request access, deletion, or correction; opt out of sale/share and certain profiling; and limit use/disclosure of SPI.
Other states (CO, CT, VA, UT, OR, TX, MT, DE, etc.): Residents may have similar rights. We will honor requests consistent with local law. A detailed table of categories, sources, purposes, and disclosures appears in Appendix A.
11. Consumer Health Data Laws (WA & NV)
For non-HIPAA health-data covered by Washington's My Health My Data Act or Nevada's consumer-health-data law (for example, browsing health topics without formal care), we will:
- obtain required consents for collection and separate consent for sharing of consumer health data;
- publish a Consumer Health Data Notice describing categories collected, sources, purposes and disclosures;
- honor rights to access, delete, and withdraw consent; and
- prohibit geofencing around health-care facilities.
We do not sell consumer health data and do not deploy advertising pixels on authenticated care flows.
12. International Users
We are based in the United States and currently serve U.S. residents only. By using the Platform, you understand that your information will be processed in the U.S. If we expand outside the U.S., we will update this Policy and implement any required cross-border measures.
13. Changes to This Policy
We may update this Policy from time to time. If a change is material (for example, affecting how we use your information), we will notify you (for example, by email or in-product message) and the update will take effect no sooner than 7 days after notice, unless a shorter period is required by law. Continued use after the effective date means you accept the updated Policy.
14. Contact Us
Email: legal@kindleerx.com
Postal Address: KindleeRx, LLC: Privacy, 1012 Goodlette-Frank Rd, Suite 100, Naples, FL 34102
Appendix A — Categories, sources, purposes, and disclosures (CCPA/CPRA)
| Category | Examples | Source | Purpose of use | Disclosed to | Sold/Shared? |
|---|---|---|---|---|---|
| Identifiers | Name, email, IP, device IDs | You; device; partners | Account, service delivery, security | Service providers (AWS, WordPress, Drip, Stripe, PayPal, Google Analytics, LogRocket); providers/pharmacies | No sale; may Share for ads on non-care pages |
| Sensitive PI | Health data; precise geolocation | You; device | Care delivery; compliance | Provider Entities/pharmacies; service providers | No |
| Commercial info | Orders, transaction history | You | Fulfillment; support; analytics | Service providers; pharmacies | No |
| Internet activity | Pages viewed, events, logs | Device; cookies | Security; analytics; personalization | Analytics/session-replay (Google Analytics, LogRocket) | No sale; may Share for ads on non-care pages |
| Geolocation | IP-derived location; precise (if enabled) | Device | Compliance; content | Service providers | No sale; may Share IP as part of ad/analytics requests on non-care pages |
| Inferences | Preferences | Our analytics | Personalization | Service providers | No |
Note: PHI used for treatment, payment, or health-care operations is governed by HIPAA and is not subject to certain consumer-privacy rights.
Appendix B — CCPA/CPRA category checklist (last 12 months)
| CCPA Category | Examples (per statute) | Collected? | Notes |
|---|---|---|---|
| A. Identifiers | Real name, alias, postal address, unique ID, IP address, email, account name | Yes | We collect contact and account identifiers; IP/device IDs via analytics. |
| B. Customer Records (Cal. Civ. Code §1798.80(e)) | Name, signature, SSN, physical description, address, phone, bank acct/payment info, medical or health insurance info | Yes | We collect contact and payment tokens (not full card numbers). Medical/insurance info may be collected during care; PHI handled under HIPAA. |
| C. Protected classifications | Age (40+), race, color, ancestry, national origin, citizenship, religion/creed, marital status, medical condition, disability, sex/gender (incl. pregnancy), sexual orientation, veteran/military, genetic info | Yes (limited) | Age/DOB and sex may be collected for care; other attributes only if you choose to provide them. |
| D. Commercial information | Records of products/services purchased or considered, histories/tendencies | Yes | Orders, returns, preferences. |
| E. Biometric information | Fingerprints, faceprints, voiceprints, iris/retina, keystroke/gait, sleep/health/exercise data used for identification | No | We may collect photos for dermatology, but not to create identifiers/faceprints. |
| F. Internet/network activity | Browsing/search history; interactions with a site/app/ad | Yes | Logs/analytics, session replay (configured to avoid PHI). |
| G. Geolocation data | Physical location/movements | Yes (approx.) | IP-derived general location. No precise GPS unless you enable it. |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, similar info | Yes | Photos you upload; visual/electronic data via session replay (no audio capture). |
| I. Professional or employment info | Current/past job history, evaluations | No | Not collected in ordinary course. |
| J. Non-public education info (FERPA) | Student records | No | Not collected. |
| K. Inferences | Profiles about preferences, characteristics, behavior | Yes | Basic preferences for personalization; no sensitive inferences. |
External links (third-party sites)
The Platform may link to third-party websites and services (including social media). We are not responsible for their content or privacy practices. Any data you provide to those sites is governed by their privacy notices.
Online tracking choices (DNT & GPC)
Some browsers send Do Not Track (DNT) signals. Our Platform does not respond to DNT at this time. Where required by law, we honor Global Privacy Control (GPC) signals as an opt-out of sale/share for targeted advertising.