Privacy Policy — Hotspan Meds
On This Page
Legal

Privacy Policy

Last updated: April 1, 2026  ·  Hotspan Meds, LLC

Introduction

Hotspan Meds, LLC ("Hotspan Meds," "we," "us," or "our") is committed to protecting your privacy and handling your personal and health information responsibly. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding it.

This Policy applies to all information collected through our websites, applications, intake forms, patient portal, and any other services we provide (collectively, the "Services"). By using our Services, you consent to the practices described in this Policy.

If you have questions, contact us at privacy@meds.hotspan.com.

Information We Collect

Information You Provide Directly

  • Identity information: Name, date of birth, gender, shipping address, email, phone number
  • Health information (PHI): Medical history, current medications, allergies, diagnoses, symptoms, lab results, and other health data you provide in intake forms and communications
  • Payment information: Credit card number, billing address (processed by our PCI-compliant payment processor — we do not store full card numbers)
  • Communications: Messages, emails, or other communications you send us or your care team

Information Collected Automatically

  • Usage data: Pages visited, time spent, clicks, form interactions, and navigation paths
  • Device information: Browser type, operating system, device identifiers, screen resolution
  • Location data: General location derived from IP address (not GPS)
  • Cookies and tracking technologies: See the Cookies section below

How We Use Information

We use your information to:

  • Provide, operate, and improve the Services
  • Facilitate physician consultations and prescription issuance
  • Coordinate with licensed compounding pharmacies for medication fulfillment
  • Process payments and manage your subscription
  • Communicate with you about your treatment, account, and service updates
  • Send appointment or refill reminders and clinical follow-up communications
  • Comply with legal obligations, including HIPAA
  • Investigate fraud, enforce our Terms, and protect the safety of our patients and staff
  • Conduct analytics to understand how our Services are used and improve them
  • Send marketing communications (you may opt out at any time)

How We Share Information

We do not sell your personal information. We share information only in the following circumstances:

Treatment, Payment, and Operations

  • Independent physicians: Licensed healthcare providers on the platform who review your intake and issue prescriptions
  • Compounding pharmacies: Licensed pharmacies that fulfill your prescriptions
  • Payment processors: PCI-compliant processors to handle billing and subscription management
  • Shipping carriers: To deliver your medication (limited to name and address)

Service Providers

We share information with vendors and technology partners who help us operate the Services, including cloud hosting, analytics, customer support, and email delivery. These providers are contractually bound to protect your information and may not use it for their own purposes.

Legal Requirements

We may disclose information when required by law, court order, or government request, or when we believe disclosure is necessary to protect rights, safety, or property of Hotspan Meds, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of substantially all assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

HIPAA & Protected Health Information

Hotspan Meds is a HIPAA-covered entity or business associate where applicable. Your Protected Health Information (PHI) is handled in accordance with the Health Insurance Portability and Accountability Act of 1996 and all applicable amendments.

Our full HIPAA obligations and your rights regarding PHI are described in our Notice of Privacy Practices, which is provided separately as required by HIPAA.

We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule to protect electronic PHI (ePHI) against unauthorized access, use, or disclosure.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Services. Types of cookies we use:

  • Essential cookies: Required for the platform to function. Cannot be disabled.
  • Analytics cookies: Help us understand how users interact with the platform (e.g., Google Analytics). You may opt out via your browser settings.
  • Marketing cookies: Used to deliver relevant ads and measure ad performance. You may opt out via browser settings or the Digital Advertising Alliance opt-out tool at optout.aboutads.info.

Most browsers allow you to refuse or delete cookies. Note that disabling certain cookies may affect platform functionality.

Data Security

We implement industry-standard security measures including TLS/HTTPS encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, regular security audits, and employee training on data handling. Despite these measures, no system is completely secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

Data Retention

We retain your personal information and health records for as long as necessary to provide you with the Services, comply with legal and regulatory obligations (including medical record retention requirements, which vary by state but are generally 7–10 years), resolve disputes, and enforce our agreements.

After the applicable retention period, we securely delete or de-identify your information.

Your Privacy Rights

📋

Right to Access

Request a copy of the personal information we hold about you.

✏️

Right to Correct

Request correction of inaccurate or incomplete information.

🗑️

Right to Delete

Request deletion of your personal information, subject to legal retention requirements.

📤

Right to Portability

Receive your data in a structured, machine-readable format.

🚫

Right to Object

Object to marketing communications at any time. Unsubscribe from any email we send.

⚕️

HIPAA Rights

Access, amend, and obtain accounting of your PHI. See our Notice of Privacy Practices.

To exercise any of these rights, email privacy@meds.hotspan.com. We will respond within 30 days (or as required by applicable law). We will verify your identity before processing any request.

Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately at privacy@meds.hotspan.com and we will delete it promptly.

California Residents

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Please see our separate California Privacy Rights Notice for full details.

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email to your registered address at least 30 days before taking effect. Continued use of the Services after changes constitutes acceptance.

Contact

Privacy Officer, Hotspan Meds, LLC
Email: privacy@meds.hotspan.com
Website: meds.hotspan.com