HIPAA Privacy Policy

1. Our Commitment to Your Privacy

NoBSRx.com ("NoBs Rx," "we," "us," or "our") is committed to protecting the privacy and security of your personal information and your protected health information ("PHI"). This HIPAA Notice of Privacy Practices describes how PHI about you may be used and disclosed by NoBs Rx and the independent, U.S.-licensed providers who deliver care through our platform, and how you can get access to this information. This Notice is required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations, including the HITECH Act.

2. Information We Collect

We collect information you provide directly to us, information collected automatically when you use our services, and information from independent providers and partner pharmacies that treat or dispense to you:

• •Personal Identifiers: Name, date of birth, email address, shipping and billing addresses, phone number, and government-issued ID where required for identity verification.
• •Protected Health Information: Medical history, medications, allergies, height/weight, lab values, symptoms, lifestyle questionnaire responses, photos uploaded for clinical evaluation, treatment notes, prescription records, and provider communications.
• •Payment Information: Payment card details and billing address, processed by our PCI-compliant third-party payment processor; we do not store full card numbers on our servers.
• •Technical Data: IP address, device and browser type, pages viewed, referring URLs, and similar usage data collected via cookies and analytics tools.

3. How We Use and Disclose Your Information

We use and disclose PHI for the following purposes permitted by HIPAA without obtaining additional authorization from you:

• •Treatment: We share your PHI with the independent, U.S.-licensed providers who evaluate and treat you, and with our partner pharmacies who fill and ship your prescriptions.
• •Payment: We use and disclose PHI to bill and collect payment for services and to process refunds.
• •Health Care Operations: We use PHI for quality assurance, training, credentialing, audits, customer service, and similar operational activities.
• •Business Associates: We share PHI with vendors that perform services on our behalf (hosting, secure messaging, analytics, telehealth platform, payment processing). These vendors are bound by Business Associate Agreements that require them to safeguard your PHI.
• •As Required by Law: We may disclose PHI when required by federal, state, or local law, including for public health activities, suspected abuse or neglect, health oversight, judicial proceedings, law enforcement, and serious threats to health or safety.
• •With Your Authorization: Other uses or disclosures, including marketing communications and the sale of PHI, will be made only with your written authorization, which you may revoke at any time.

4. Information We Do Not Sell

We do not sell your personal information or PHI. We do not share your PHI with third parties for their own marketing purposes without your written authorization.

5. Your HIPAA Rights

You have the following rights with respect to your PHI:

• •Right to Access: You may request to inspect or obtain a copy of your PHI maintained by us.
• •Right to Amend: You may request that we amend PHI that you believe is inaccurate or incomplete.
• •Right to an Accounting of Disclosures: You may request a list of certain disclosures we have made of your PHI.
• •Right to Request Restrictions: You may request that we restrict how we use or disclose your PHI for treatment, payment, or operations.
• •Right to Confidential Communications: You may request that we communicate with you in a specific way or at a specific location.
• •Right to a Paper Copy: You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
• •Right to Be Notified of a Breach: You will be notified following a breach of your unsecured PHI as required by law.

6. Security

We implement administrative, physical, and technical safeguards designed to protect your PHI, including encryption in transit and at rest, role-based access controls, audit logging, and workforce training. No method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Retention

We retain PHI for as long as necessary to provide services to you and to comply with our legal, regulatory, and recordkeeping obligations, including state medical record retention laws.

8. Cookies and Analytics

We use cookies and similar technologies to operate the Website, remember your preferences, and analyze site usage. You can control cookies through your browser settings; disabling cookies may impact site functionality.

9. Children's Privacy

Our services are intended for adults 18 years and older. We do not knowingly collect personal information from children under 13.

10. Changes to This Notice

We reserve the right to change this Notice at any time. The revised Notice will be effective for all PHI we maintain. The current Notice will always be posted on this page with an effective date.

11. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us at support@nobsrx.com or with the U.S. Department of Health and Human Services, Office for Civil Rights, at 200 Independence Avenue, S.W., Washington, D.C. 20201, 1-877-696-6775, or www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

12. Contact Us

For privacy-related inquiries or to exercise any of the rights above, please contact:

• •Email: support@nobsrx.com
• •Subject Line: Privacy Request