Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

1. Our duties

Kayarx LLC, in its role as the technology platform supporting your care, treats Protected Health Information ("PHI") in compliance with the federal Health Insurance Portability and Accountability Act ("HIPAA") and applicable state laws. We are required by law to maintain the privacy of your PHI, provide you with this notice of our legal duties and privacy practices, follow the terms of the notice currently in effect, and notify you of any breach of unsecured PHI affecting you.

2. How we may use and disclose your PHI

• Treatment. We share your intake responses, profile, and any lab results with the licensed physician reviewing your care so they can make a clinical decision. The physician may share PHI with the compounding pharmacy or lab provider as needed to fulfill your treatment.
• Payment. We share the minimum information needed to bill you and to process insurance reimbursement (if applicable). Card details flow directly through our payment processor, Stripe.
• Health-care operations. Internal quality review, audit, security investigation, and similar activities that support the Service.
• As required by law. Court orders, subpoenas, public-health reporting, regulatory inquiries.
• With your written authorization for any other use or disclosure not listed above. You may revoke that authorization at any time.

3. Your rights

• Access. You have the right to inspect and obtain a copy of your PHI held by us. Most of your PHI is already visible to you in your account portal.
• Amendment. You may request that we amend PHI you believe is inaccurate or incomplete.
• Accounting of disclosures. You may request a list of certain disclosures we have made of your PHI.
• Restrictions. You may request restrictions on certain uses or disclosures, though we are not always required to agree.
• Confidential communications. You may ask us to communicate with you in a specific way (for example, only by your portal inbox and not by email).
• Paper copy of this notice. You may request a paper copy at any time, even if you have already agreed to receive it electronically.
• Complaint. You may file a complaint with us or with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.

4. How we keep PHI in our portal, not in your email

Where most telehealth platforms email prescription details, dosing instructions, and clinical updates to your regular inbox, KayaRx stores those messages inside your secure portal. The notification email you receive contains only a generic notice and a link to sign in. This reduces the risk that PHI is exposed if your email account is later compromised.

5. Business Associates

KayaRx works with vendors that process PHI on our behalf — our clinical infrastructure partner, our compounding pharmacy network, our email provider, and our cloud-hosting vendor (Microsoft Azure). Each is bound by a HIPAA Business Associate Agreement that requires them to protect PHI to the same standards we do.

6. Changes to this notice

We reserve the right to change the terms of this notice. Material changes will be communicated through the Service or by email. The current version is always available at this URL.

7. Contact

For questions about this notice, to exercise any of the rights above, or to file a complaint, sign in and message our support team through the support chat in your account. To file a complaint with HHS, see hhs.gov/hipaa/filing-a-complaint.