Last updated: April 19, 2026
Phlex Meds collects information you provide directly, including: name, email address, phone number, date of birth, gender, medical history and symptoms, shipping address, and payment information. We also collect health questionnaire responses, lab results, and prescription information as part of your care.
We use your information to: (a) facilitate your telehealth consultations with licensed physicians; (b) process prescriptions and coordinate medication fulfillment; (c) communicate with you about your treatment plan; (d) send appointment reminders and health-related notifications; (e) process payments; and (f) comply with legal and regulatory requirements.
Your medical information is Protected Health Information (PHI) under HIPAA. We maintain administrative, technical, and physical safeguards to protect your PHI. We do not sell your health information. We share PHI only with: your prescribing physician, our licensed pharmacy partners for medication fulfillment, laboratory providers for specimen processing, and as required by law.
We use 256-bit TLS/SSL encryption for all data transmitted to and from our platform. Data at rest is encrypted using AES-256 encryption. We conduct regular security audits and maintain SOC 2 compliance standards. Access to patient data is restricted to authorized personnel on a need-to-know basis.
We use third-party services to operate our platform, including: cloud hosting (Google Cloud Platform), database management (Supabase), payment processing, and communication tools. All third-party providers are HIPAA-compliant and bound by Business Associate Agreements (BAAs) where applicable.
We use essential cookies for site functionality and analytics cookies to understand how visitors use our website. You can control cookie preferences through your browser settings. We use analytics data in aggregate form to improve our services.
You have the right to: access your health records; request corrections to your information; request deletion of your account; opt out of marketing communications; receive a copy of your data in a portable format; and file a complaint if you believe your privacy rights have been violated.
We retain medical records for a minimum of 7 years as required by applicable state and federal regulations. Non-medical account data is retained for the duration of your account plus 3 years. You may request deletion of non-medical data at any time.
Phlex Meds does not provide services to individuals under 18 years of age. We do not knowingly collect information from minors.
California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what data we collect, the right to delete your data, and the right to opt out of the sale of personal information. Phlex Meds does not sell personal information.
We may update this policy from time to time. We will notify you of material changes via email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.
For privacy-related questions or requests: privacy@phlexmeds.com