Scope
This Privacy Policy describes how MedRX-One Online Pharmacy ("MedRX-One," "we," "us," or "our") collects, uses, discloses, and safeguards personal information in connection with medrx-one.com, related mobile or connected services, and any online features that link to this Policy (collectively, the "Services"). This Policy applies to information collected from individuals in the United States. By using the Services, you acknowledge that you have read and understand this Policy.
This Policy does not apply to third-party websites, services, or applications that we do not control, nor to information processed by us as a covered entity or business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which is governed by a separate Notice of Privacy Practices, as further described below.
Controller and Contact Information
MedRX-One Online Pharmacy is owned and operated by Elara Hargrove (the "Controller").
Postal Address: 250 Granite St, Braintree, MA 02184, United States
Email: [email protected]
Definitions
For purposes of this Policy: "Personal Information" means information that identifies, relates to, describes, or can reasonably be linked to an individual or household. "Sensitive Personal Information" includes, for example, health-related information, precise geolocation, government identifiers, and financial account credentials. "Process" or "Processing" means any operation performed on Personal Information, such as collection, use, storage, disclosure, and deletion.
Information We Collect
Information You Provide
- Identifiers and contact details, such as name, mailing address, email address, telephone number.
- Account credentials, such as username and password.
- Profile and communications, including inquiries, feedback, reviews, survey responses, and customer support communications.
- Order and transaction information, such as items purchased, billing/shipping details, and limited payment information (processed by our payment processors).
- Health and medication-related information you choose to provide, such as medical history, prescription details, symptoms, allergies, and insurance information when requesting pharmacy-related services.
- Professional information if you interact as a healthcare professional.
Information Collected Automatically
- Device and usage data, including IP address, browser type, device identifiers, operating system, app version, pages viewed, links clicked, and referring/exit pages.
- Approximate location derived from IP address or device settings.
- Cookies, pixels, SDKs, and similar technologies to remember preferences, authenticate sessions, perform analytics, and personalize content.
Information from Third Parties
- Service providers and partners, such as analytics providers, advertising partners, payment processors, identity verification services, and customer support tools.
- Healthcare providers, pharmacies, and telehealth partners in connection with services you request, where permitted by law and applicable agreements.
- Publicly available sources and data enrichment partners.
Sensitive Personal Information
We may process Sensitive Personal Information, including health-related information you provide, precise geolocation (if you enable it), and financial account information (processed by our payment providers). We do not use or disclose Sensitive Personal Information for purposes other than those permitted by applicable law, such as providing requested services, ensuring security and integrity, short-term transient use, and compliance.
How We Use Information
- Provide, maintain, and improve the Services, including processing orders and facilitating pharmacy-related requests.
- Operate accounts, authenticate users, and secure the Services.
- Respond to inquiries, provide customer support, and communicate about transactions, updates, and policy changes.
- Conduct research, analytics, and develop new features and offerings.
- Personalize and optimize content, recommendations, and user experience.
- Market our Services, including interest-based advertising where permitted by law (see Your Privacy Choices and Rights).
- Detect, investigate, and prevent security incidents, fraud, and illegal activities.
- Comply with legal obligations, enforce terms, and protect our rights and the rights of others.
Cookies and Tracking Technologies
We use cookies, web beacons, tags, SDKs, and similar technologies to operate the Services, remember your preferences, analyze traffic, and personalize content. You can manage cookies through your browser or device settings; however, disabling cookies may impact the functionality of the Services. We may also use local storage and similar technologies where supported.
Analytics, Advertising, and Do Not Track
We may work with analytics providers to help us understand how the Services are used and with advertising partners to deliver, measure, and improve ads. These partners may set their own cookies and similar technologies. We do not respond to browser-based Do Not Track signals. Where required by law, we honor Global Privacy Control (GPC) signals as a request to opt out of targeted advertising and the sale/sharing of Personal Information.
Disclosure of Information
- Service providers and processors who perform services on our behalf (e.g., hosting, payment processing, analytics, customer support, security).
- Healthcare providers, pharmacies, and telehealth partners to fulfill your requests and as permitted by applicable law.
- Affiliates and subsidiaries for purposes consistent with this Policy.
- Advertising and analytics partners to support marketing and measurement where permitted by law.
- Law enforcement, regulators, and other parties for legal reasons, such as to comply with law, legal process, or lawful requests; to protect rights, safety, or property; or to enforce our terms.
- Business transfers in connection with mergers, acquisitions, financing, or sale of assets, subject to standard confidentiality obligations.
We do not knowingly sell or share Personal Information of individuals under 16 years of age.
HIPAA and Health Information
MedRX-One may, in some contexts, operate as or on behalf of a covered entity or business associate under HIPAA. When we collect, receive, or create protected health information (PHI) in such contexts, our use and disclosure of PHI is governed by HIPAA and our Notice of Privacy Practices (available upon request), not this Privacy Policy. Information collected through our general website features that is not PHI is governed by this Privacy Policy.
Data Retention
We retain Personal Information for as long as necessary to fulfill the purposes described in this Policy, including to provide the Services, comply with legal and regulatory obligations (such as pharmacy and recordkeeping requirements), resolve disputes, and enforce agreements. We may retain de-identified or aggregated information for analytics and business purposes.
Data Security
We implement administrative, technical, and physical safeguards designed to protect Personal Information, including encryption in transit where appropriate, access controls, and security monitoring. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Your Privacy Choices and Rights
- Account and profile: You may review and update certain account information by logging into your account.
- Marketing communications: You may opt out of marketing emails by following the unsubscribe instructions in the email or contacting us at [email protected]. We may still send non-promotional messages related to transactions or the Services.
- Cookies and tracking: Manage cookies via browser/device settings. Some choices may be browser- or device-specific.
- Targeted advertising and sale/share opt-out: Where applicable law defines and regulates the “sale,” “sharing,” or “targeted advertising” use of Personal Information, you may opt out by contacting us at [email protected] or by using supported universal opt-out signals (e.g., GPC) where required.
- Limit use of Sensitive Personal Information: Where available by law, you may request that we limit our use and disclosure of Sensitive Personal Information to purposes permitted by law by contacting us at [email protected].
- Access, correction, and deletion: You may request access to, correction of, or deletion of Personal Information, subject to legal exceptions. To exercise these rights, contact [email protected]. We will verify your request using information reasonably necessary to confirm your identity.
- Authorized agents: Where permitted, you may designate an authorized agent to submit a request on your behalf. We may require proof of authorization and verification of your identity.
State-Specific Notices
California Privacy Notice (CPRA)
Categories of Personal Information we may collect (and may have collected in the preceding 12 months) include: identifiers; contact information; commercial information; internet or electronic network activity; geolocation data; audio/visual information you provide; professional or employment information; inferences; and Sensitive Personal Information (e.g., health-related information, precise geolocation if enabled, financial information processed by payment processors).
Sources: you, your devices, our service providers, affiliates, advertising/analytics partners, healthcare partners, and publicly available sources.
Purposes of use: as described in How We Use Information.
Disclosures for business purposes: to service providers and contractors, affiliates, and as otherwise described in Disclosure of Information.
Sale/Share: We may engage in activities that constitute a “sale” or “sharing” of Personal Information under California law in connection with advertising and analytics. You may opt out as described in Your Privacy Choices and Rights. We do not knowingly sell or share the Personal Information of consumers under 16.
Retention: We retain each category of Personal Information for the duration necessary to fulfill the purposes described, considering factors such as the amount, nature, and sensitivity of the data; potential risk from unauthorized use or disclosure; and legal requirements.
Rights: California residents have the right to know/access, correct, delete, opt out of sale/share, limit use/disclosure of Sensitive Personal Information, and be free from discrimination for exercising rights. Submit requests at [email protected]. To appeal a decision on your request, reply to our response or email us with “Appeal” in the subject line.
Virginia, Colorado, Connecticut, and Utah
Residents of these states may have rights to access, correct, delete, obtain a copy (data portability), and opt out of targeted advertising, sale of Personal Information, and certain profiling. Exercise these rights at [email protected]. We will authenticate requests and respond within the timeframes required by law. You may appeal a denial by emailing us with “Appeal” in the subject line.
Nevada
Nevada residents may opt out of the sale of covered information by contacting [email protected].
Children's Privacy
The Services are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13. If we learn that we have collected such information, we will take reasonable steps to delete it. Parents or guardians who believe a child has provided us Personal Information may contact us at [email protected].
International Users
The Services are intended for use in the United States. If you access the Services from outside the United States, you understand that your information may be transferred to, stored, and processed in the United States, which may have different data protection laws than your jurisdiction.
Third-Party Services and Links
The Services may include links to third-party websites, plug-ins, or services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of those third parties.
De-Identified and Aggregated Data
We may de-identify or aggregate Personal Information and use and disclose such information for any lawful purpose. We will not attempt to re-identify data that we have de-identified, except as permitted by law.
Changes to This Policy
We may update this Privacy Policy from time to time. The "Effective Date" below indicates when this Policy was last revised. Your continued use of the Services after changes have been posted indicates your acceptance of the updated Policy.
How to Contact Us
For questions or to exercise your privacy rights, contact:
MedRX-One Online Pharmacy
Attn: Privacy
250 Granite St, Braintree, MA 02184, United States
Email: [email protected]
Effective Date
Last Updated: August 21, 2025