Privacy Policy

1. About this Privacy Policy

This Privacy Policy describes how Axiom Health, Inc. and its affiliates (“Axiom,” “we,” “us,” or “our”) collect, use, and disclose personal information when you visit joinaxiomhealth.com, use any Axiom application, or otherwise interact with the products, services, communications, and content we make available (collectively, the “Service”). Capitalized terms not defined here have the meaning given in our Terms of Service.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. We may update it from time to time; when we do, we will revise the “Last updated” date and, where required by law, notify you or obtain your consent.

2. Limitations on use by minors

The Service is intended for adults at least 18 years old (or the age of majority in the user's state of residence, if higher). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us using the details below and we will take reasonable steps to delete it.

3. Protected health information and HIPAA

Axiom is generally not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). However, the independent clinicians, medical groups, pharmacies, and laboratories that may provide services to you through the Service may be covered entities, and Axiom may act as a HIPAA business associate to one or more of them. To the extent the information you provide is “protected health information” under HIPAA (“PHI”), it is handled under HIPAA and the applicable Notice of Privacy Practices of the covered entity, not under this Privacy Policy.

Information you provide to Axiom that is not used solely to obtain clinical evaluation, prescription fulfillment, or laboratory services from a covered entity — for example, the contact details you use to create an account, or your interactions with our marketing and analytics — is generally not PHI and is handled in accordance with this Privacy Policy and applicable state law. Where state law applies heightened protections to health-related information, we comply with those requirements; see our Consumer Health Data Privacy Policy for additional details.

4. Information we collect

We collect information in the following categories. Specific information collected depends on how you interact with the Service.

Information you provide to us

• Identifiers and contact information: name, email address, postal address, phone number, date of birth, and similar details used to create and maintain an account.
• Demographic information: gender, ZIP code, and similar information.
• Payment information: payment card or bank details, billing address, and transaction information. Full payment card numbers are handled by our payment processors and are not stored on Axiom's servers.
• Content you submit: photographs, files, documents, and messages you send through the Service, including messages to support and clinical teams.
• Health-related information you provide: medical history, current medications, symptoms, goals, biometric measurements, and information about your sex life, reproductive health, sexuality, or other sensitive health topics, to the extent you share it. Some of this information may be PHI handled under HIPAA as described above.
• Government identifiers: where required for identity verification or compliance, identifiers such as a driver's license number, passport number, or last four digits of a Social Security number, and images of identity documents.
• Communications: the content of your messages, surveys, and feedback.

Information we collect automatically

• Device and identifier information: IP address, device type and model, operating system, browser type, language and time-zone settings, advertising identifiers (such as mobile ad IDs), and similar device characteristics.
• Usage information: pages or screens viewed, referring URLs, links and elements clicked, search queries, session duration, and similar information about how you use the Service. Some of this usage information may relate to health-relevant pages.
• Approximate location: general geographic location inferred from your IP address.
• Cookies and similar technologies: as described in Section 7.

Information from third parties

• Service providers and partners that help us operate the Service, process payments, run analytics, deliver advertising, verify identity, or detect fraud;
• Affiliated clinicians, pharmacies, and laboratories, in connection with your care;
• Marketing and co-branding partners; and
• Publicly available sources.

Information we infer

We may derive new information from the data we collect, such as inferences about your preferences, interests, or suitability for particular educational content or marketing.

5. Sensitive personal information

Some categories of information described above may be treated as “sensitive personal information” under state privacy laws, including government identifiers, account credentials, precise geolocation, racial or ethnic origin, biometric data used for identification, the contents of certain communications, health information, and information about your sex life or sexual orientation. Where state law requires, we obtain your consent before processing sensitive personal information for purposes other than providing the Service, and we provide the right to limit use of sensitive personal information as described in Section 11.

6. How we collect information

We collect information directly from you when you create an account, fill out forms, communicate with us, complete a clinical intake, make a purchase, or otherwise use the Service. We collect information automatically when you visit our websites or use our apps. We also receive information from third parties as described in Section 4.

7. Cookies, pixels, and similar technologies

We and our partners use cookies, web beacons, software development kits, mobile advertising identifiers, and other similar technologies (collectively, “Cookies”) to operate the Service, remember your preferences, measure performance and engagement, secure the Service, and support marketing and advertising. Some Cookies are essential to the Service; others are used for analytics or advertising.

Third-party Cookies on our Service currently include, among others, Google Analytics (analytics), Google Ads (advertising measurement and remarketing), and the Meta Pixel (advertising measurement and remarketing on Meta platforms such as Facebook and Instagram). These partners may collect device identifiers, IP address, usage data, and similar information about your activity on our Service and may combine it with information they collect from other websites and services. The specific third-party Cookies in use may change from time to time.

Most browsers let you control or block Cookies through their settings, and mobile operating systems let you reset or limit advertising identifiers. Blocking some Cookies may affect how the Service functions. You can also use the additional controls described in Section 11.

8. How we use information

We use the information we collect to:

• Operate, maintain, and improve the Service, including personalizing your experience, troubleshooting, and developing new features;
• Facilitate clinical evaluation, prescription fulfillment, and laboratory services through affiliated clinicians, pharmacies, and laboratories;
• Communicate with you about your account, applications, orders, appointments, protocols, customer support, and other Service-related matters;
• Send you marketing, promotional, and educational content where permitted, including content tailored to your interests;
• Process payments, prevent fraud, verify identity, and meet our legal, regulatory, and contractual obligations;
• Measure the effectiveness of our content, products, marketing, and advertising; and
• Protect the rights, property, or safety of Axiom, our users, or others.

The Service may use AI-supported features (for example, to draft support responses for human review, to triage messages, or to power chat assistants). We do not use AI to make clinical decisions; clinical decisions are made by licensed clinicians. Where you interact directly with an AI assistant, we will indicate this consistent with applicable law.

We may de-identify or aggregate information so that it no longer reasonably identifies you, and use and share such de-identified or aggregated information for any lawful purpose, including research, analytics, and product development. We do not attempt to re-identify de-identified information except to test the integrity of the de-identification process or as permitted by law.

9. How we disclose information

We may disclose personal information to:

• Service providers that perform functions on our behalf, such as hosting, customer support, payment processing, fraud prevention, identity verification, shipping, analytics, marketing, and communications;
• Affiliated clinicians, medical groups, pharmacies, and laboratories in connection with your care, prescriptions, and lab services;
• Advertising and analytics partners, as described in Section 10;
• Corporate affiliates that share systems or support operations;
• Acquirers and successors in connection with a proposed or completed merger, acquisition, financing, or sale of all or part of our business or assets;
• Legal and government authorities when we believe disclosure is required by law, legal process, or to protect the rights, property, or safety of Axiom, our users, or others; and
• Others with your consent or at your direction.

We do not sell personal information for money. Some of our cookie-based disclosures to advertising and analytics partners may, however, qualify as a “sale” or “sharing” of personal information under certain state privacy laws (including California). See Section 10 and Section 14 for details and opt-out mechanisms.

10. Advertising and analytics partners

We partner with third parties such as Google (Google Analytics and Google Ads) and Meta (Meta Pixel) to measure how the Service is used, deliver advertisements to you on other websites and apps, and reach people with similar interests. These partners may use the information they collect through Cookies on the Service together with information they collect from other sources. The list of partners may change over time.

You can manage how these partners use information about you through the controls described in Section 11. We do not knowingly share information classified as PHI under HIPAA with advertising partners.

11. Your privacy choices and controls

Account information

You can review and update your account information through the Service or by contacting us. We will respond to requests in accordance with applicable law.

Marketing communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing message, and out of marketing SMS by replying STOP. We may still send you transactional or service-related communications.

Cookies and ad tracking

• Most browsers allow you to manage or delete Cookies through their settings.
• Mobile operating systems allow you to reset or limit advertising identifiers.
• Industry opt-out pages let you opt out of interest-based advertising from participating companies: optout.aboutads.info and optout.networkadvertising.org.
• You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on and manage Google ad settings at adssettings.google.com.
• You can manage Meta ad preferences at accountscenter.meta.com/ads.

Where required by law, we honor opt-out preference signals such as the Global Privacy Control (GPC) sent by browsers and browser extensions. We do not respond to legacy “Do Not Track” browser signals.

12. Data retention

We retain personal information for as long as needed to provide the Service, fulfill the purposes described in this Privacy Policy, meet our legal, accounting, and reporting requirements, and resolve disputes. Retention periods vary by data type and context; some information is retained longer where required by law, including records of clinical care that the affiliated medical group or pharmacy is required to maintain.

13. Data security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. No security control is perfect, and we cannot guarantee the security of any information you transmit to us. Please use a strong, unique password and notify us immediately if you suspect unauthorized access to your account.

14. State-specific rights

California

California residents have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), including the right to:

• Know what personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we have shared it;
• Access a copy of your personal information in a portable format;
• Correct inaccurate personal information we maintain about you;
• Delete personal information, subject to legal exceptions;
• Opt out of sale or sharing of personal information (note that we do not sell personal information for money, but certain Cookie-based disclosures to advertising partners may qualify as “sale” or “sharing” under the CCPA);
• Limit use of sensitive personal information for purposes other than providing the Service or as otherwise permitted by law; and
• Non-discrimination for exercising your rights.

To exercise these rights, email hello@joinaxiomhealth.com with the subject line “CCPA Request” or use the relevant controls within the Service. We may need to verify your identity before responding. You may designate an authorized agent to make a request on your behalf with appropriate authorization. We do not knowingly sell or share the personal information of California residents under 16. California residents may also request information about disclosures of personal information for third-party direct marketing purposes under the “Shine the Light” law (Cal. Civ. Code § 1798.83); we do not currently make such disclosures.

Other states

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising, sale of personal information, and certain profiling. To exercise these rights, contact us at the email above. You may have the right to appeal a denial of a request; instructions to appeal will be provided in our response.

Consumer health data

Residents of Washington, Nevada, Connecticut, and other states with consumer health data laws should also review our Consumer Health Data Privacy Policy.

15. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. A parent or legal guardian who believes that a child under 13 has provided personal information to us should contact us so we can delete it.

16. Jurisdiction

The Service is operated in the United States and intended for users in the United States. By using the Service, you understand that your information will be processed in the United States and that U.S. law applies to our handling of your information.

17. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page indicates when it was most recently revised. We will notify you of material changes as required by law.

18. Contact us

Questions or requests regarding this Privacy Policy? Contact us at hello@joinaxiomhealth.com or write to Axiom Health, Inc., Attn: Privacy, [street address], Wilmington, DE [zip].