Legal

Consumer Health Data Privacy Policy

Last updated: May 12, 2026

1. Scope and purpose

This Consumer Health Data Privacy Policy (“CHD Policy”) describes how Axiom Health, Inc. and its affiliates (“Axiom,” “we,” “us,” or “our”) handle “consumer health data” as that term is defined under state laws that apply to such data, including the Washington My Health My Data Act, Nevada Senate Bill 370, and the Connecticut Data Privacy Act's consumer health data provisions (collectively, the “CHD Laws”).

This CHD Policy supplements our Privacy Policy and applies in addition to it. In the event of a conflict between this CHD Policy and our Privacy Policy with respect to consumer health data, this CHD Policy controls to the extent required by applicable CHD Law.

This CHD Policy does not apply to protected health information governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), to health records held by a covered entity or business associate subject to HIPAA, or to other information that is exempt from CHD Laws. For information on the privacy practices of independent clinicians, medical groups, pharmacies, and laboratories that provide care through the Service, please refer to their respective Notices of Privacy Practices.

2. What is consumer health data

For purposes of this CHD Policy, “consumer health data” means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. Depending on the applicable state law, this may include:

  • Individual health conditions, treatments, diagnoses, diseases, or symptoms;
  • Social, psychological, behavioral, or medical interventions;
  • Health-related surgeries or procedures;
  • Use or purchase of prescribed or over-the-counter medications, including compounded preparations;
  • Bodily functions, vital signs, symptoms, or measurements such as weight, height, body composition, blood pressure, or other biometric data;
  • Reproductive or sexual health information;
  • Gender-affirming care information;
  • Mental or behavioral health information;
  • Information about consumer use of health-related goods or services, including engagement with health-related pages on the Service;
  • Precise geolocation data that could reasonably indicate a consumer's attempt to access health services or supplies; and
  • Any information derived or extrapolated from non-health information that is used to identify a consumer's health status.

3. Sources and categories of consumer health data we collect

We may collect consumer health data from the same sources, and in the same categories, described in our Privacy Policy. Specifically, we may collect consumer health data:

  • Directly from you, when you complete a clinical intake, share information with a clinician, participate in a consultation, request a product or service, or otherwise communicate with us through the Service;
  • Automatically, through cookies and similar technologies that record your interaction with health-related pages or features of the Service (see Section 7 of our Privacy Policy);
  • From service providers and partners that support clinical evaluation, prescription fulfillment, lab testing, payments, identity verification, customer support, and marketing on our behalf;
  • From affiliated clinicians, pharmacies, or laboratories, in connection with your care; and
  • From inferences and derivations we make from the data we collect.

4. How we use consumer health data

We use consumer health data to:

  • Operate, maintain, secure, and improve the Service, including troubleshooting and developing new features;
  • Facilitate clinical evaluation, prescription fulfillment, and laboratory services delivered by affiliated clinicians, pharmacies, and laboratories;
  • Communicate with you about your account, applications, appointments, orders, and clinical care;
  • Process payments and prevent fraud;
  • Comply with our legal, regulatory, and contractual obligations;
  • Conduct research and development, including by using de-identified or aggregated data; and
  • Send marketing or educational communications where permitted by law and consistent with the consent obligations described below.

Where applicable CHD Law requires, we obtain your consent before collecting, using, or sharing your consumer health data for purposes other than those that are strictly necessary to provide the goods or services you have requested.

5. How we share consumer health data

We may share consumer health data with:

  • Affiliates within our corporate group that support the operation of the Service;
  • Affiliated clinicians, medical groups, pharmacies, and laboratories involved in your care;
  • Service providers and processors bound by written agreements that limit their use and disclosure of the data;
  • Acquirers and successors in connection with a proposed or completed merger, acquisition, financing, or sale of all or part of our business or assets, consistent with applicable CHD Law; and
  • Legal, government, and public-safety authorities when we believe disclosure is required by law or necessary to protect the rights, property, or safety of Axiom, our users, or others.

We do not sell consumer health data. Where applicable CHD Law requires authorization or consent for specific sharing, we will obtain it before that sharing occurs.

6. Your rights regarding consumer health data

Depending on your state of residence and the applicable CHD Law, you may have the following rights with respect to consumer health data we hold about you:

  • Right to confirm and access — confirm whether we are processing your consumer health data and obtain a copy of that data, along with information about the categories of third parties and affiliates with which we have shared it.
  • Right to correct — request that we correct inaccurate consumer health data.
  • Right to delete — request that we, and our processors and contractors, delete consumer health data we have collected about you, subject to limited exceptions allowed by law.
  • Right to withdraw consent — withdraw consent that you previously gave for the collection, use, or sharing of consumer health data, prospectively.
  • Right to appeal — appeal any decision by us to deny a request you have made under this CHD Policy. We will provide instructions for appeals in our response to your request.

Some rights may be limited by law — for example, where the consumer health data is part of a health record maintained for a legal retention period, where deletion would compromise an ongoing transaction, or where the data has been de-identified in accordance with applicable law.

7. How to exercise your rights

To exercise any of the rights described above, email us at hello@joinaxiomhealth.com with the subject line “Consumer Health Data Request,” or write to: Axiom Health, Inc., Attn: Privacy, [street address], Wilmington, DE [zip].

We will need to verify your identity before responding, and may ask you to confirm information we already have on file. You may designate an authorized agent to make a request on your behalf with appropriate written authorization. We will respond within the timeframes required by applicable CHD Law.

If you withdraw consent or request deletion of consumer health data that is necessary to provide the Service, we may be unable to continue providing the Service or specific features to you.

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect consumer health data, including access controls, encryption in transit, and restricted internal access. No safeguard is perfect; please notify us promptly if you believe your account or data has been compromised.

9. Children

We do not knowingly collect consumer health data from children under the age at which parental consent is required by applicable CHD Law. Parents and legal guardians who believe a child has provided consumer health data without proper authorization should contact us so we can take appropriate action.

10. Geofencing

Consistent with applicable CHD Law, including the Washington My Health My Data Act, we do not implement geofences around any entity providing in-person healthcare services for the purpose of identifying or tracking consumers seeking such services, sending consumers notifications or messages related to their consumer health data, or collecting consumer health data from consumers based on their presence at such facilities.

11. Changes to this CHD Policy

We may update this CHD Policy from time to time. The “Last updated” date at the top of this page indicates the most recent revision. Where required by law, we will notify you of material changes or obtain your consent before they take effect.

12. Contact us

Questions about this CHD Policy? Contact us at hello@joinaxiomhealth.com or Axiom Health, Inc., Attn: Privacy, [street address], Wilmington, DE [zip].