SECURE TELEHEALTH ACCESS | LICENSED PROVIDER NETWORK
SECURE TELEHEALTH ACCESS | LICENSED PROVIDER NETWORK
PRIVACY POLICY
This Privacy Policy explains how Savvy Health collects, uses, discloses, and protects personal information and health-related information in connection with its platform and services. Where consent is required by applicable law, we obtain it separately.

This Privacy Policy (“Policy”) explains how Savvy Smart Ecomm Ltd, doing business as Savvy Health ("Savvy Health", "we", "us", or "our"), collects, uses, discloses, and safeguards your personal information when you visit our website or use our services. For European Union residents, this policy also follows the requirements of the European General Data Protection Regulation (GDPR).

YOUR AGREEMENT

A. We process personal information and health-related information in accordance with applicable law, including HIPAA (if applicable), GDPR, and CCPA. Your use of the Site is also subject to our Terms of Use.

B. This policy applies to the Company, our websites, products, and services.

C. If you live in the European Union, this policy also explains how we meet GDPR/UK GDPR requirements to the extent applicable.
I. Information We Collect
We may collect the following types of information.

Personal Information

Personal information may include:

  • Name
  • Email address
  • Phone number
  • Mailing address
  • Date of birth
  • Payment information
  • Account login credentials
Health Information

When you use our services, we may collect health-related information including:

  • Medical history
  • Current health conditions
  • Symptoms
  • Treatment history
  • Prescription information
  • Responses to intake questionnaires
This information may be considered Protected Health Information (PHI) under applicable healthcare privacy laws. Other consumer health information is processed under applicable state/federal privacy laws and user consent. Health-related information may be provided directly by you through intake forms or communications.

Automatically Collected Information

When you access our Site, we may automatically collect certain information including:

  • IP address
  • Browser type
  • Device type
  • Operating system
  • Website usage activity
  • Date and time of access
II. How We Collect Information
We collect information when you:
  • Create an account
  • Complete intake forms
  • Schedule or attend telehealth consultations
  • Communicate with healthcare providers
  • Purchase products or services
  • Contact customer support
We may also collect information automatically through cookies and analytics technologies.
III. How We Use Your Information
A. We may use your information to:

  • Create, maintain, and secure your account;
  • Connect you with independent licensed healthcare providers who evaluate your health information and determine appropriate care options;
  • Facilitate access to telehealth services provided by independent licensed healthcare providers;
  • Facilitate prescription fulfillment and pharmacy coordination only when a licensed healthcare provider determines treatment is clinically appropriate and permitted by law;
  • Process payments, orders, and transactions;
  • Communicate with you about your account, requested services, care coordination, prescriptions, billing, support, security, and updates to our policies or terms;
  • Operate, maintain, improve, and analyze our platform and services;
  • Detect, investigate, and prevent fraud, misuse, security incidents, and other unlawful activity; and
  • Comply with legal, regulatory, medical-record, contractual, and compliance obligations.
B. Email marketing (when legally allowed):
We will only send marketing emails to users who have provided explicit, verifiable consent where required by law, including TCPA, GDPR, CCPA, or other applicable regulations. Permission is your clear and verifiable agreement, which can happen in situations like:

  1. Selecting “email me about my cart” (where offered).
  2. Giving your email address during contests, events, or surveys after we disclose we will send marketing emails and you opt in.
  3. Subscribing to our email newsletter through a form on our site.
  4. Filling out a form and checking an opt-in box (unchecked by default) to get emails after we've told you the emails will be commercial.

C. Opting out of marketing emails:

  1. All marketing emails will clearly show that you can opt out of receiving more marketing emails from us at no cost.
  2. All marketing emails will have a one-click unsubscribe or opt-out option.
  3. Once you opt out or unsubscribe, we will stop sending marketing emails to you immediately within the period required by applicable law.
D. How We Share Information

We may share your information with:

Healthcare Providers

Licensed healthcare providers who deliver telehealth services through our Site.

Pharmacies

Licensed pharmacies that dispense medications prescribed through the Site.

Service Providers

Third-party vendors who help operate our services, including:
  • Hosting providers
  • Payment processors
  • Technology vendors
  • Customer support providers
Legal Requirements

We may disclose information if required by law or legal process.

Business Transfers

If Savvy Health undergoes a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

E. Managing email preferences:

To stop receiving marketing and non-transactional emails, click the "unsubscribe" link at the bottom of those emails. If you decide not to receive our emails or newsletters, you can opt-out by emailing us at support@savvyhealthrx.com.
F. Telemarketing (when legally allowed):

By providing us your phone number, and providing the express written consent required by the Telephone Consumer Protection Act (TCPA) and similar laws (if applicable), you authorize us to contact you by email, phone, text message, social networks, or other communication methods your device can receive. You must provide express, verifiable consent before receiving marketing or reminder communications, including email, SMS, or calls, consistent with TCPA, GDPR, CCPA, or other applicable law. Consent to receive marketing calls, texts, or emails is voluntary and is not required to access our platform or services. No healthcare, purchases, or services are conditioned on marketing consent. Messages are sent by Savvy Health. Frequency may vary. Your mobile carrier’s message and message/data rates may apply. You can text HELP for help or STOP to cancel at any time. Examples of giving permission for telemarketing include:

  1. Submitting your phone number in a form that clearly states you agree to receive marketing calls/texts and acknowledging the TCPA disclosure.
  2. Opting into cart-reminder texts.
  3. Providing your phone number for contests/events/surveys after we disclose we’ll contact you by call/text.
  4. Checking an unticked checkbox that references automated marketing calls/texts and our Terms and Conditions/Privacy.
We may send you our own marketing communications where permitted by law and with consent where required. We do not disclose health-related information for third-party advertising. Any use of cookies or similar technologies on intake, authenticated, scheduling, treatment, or payment pages will be limited to what is necessary for the requested service or otherwise permitted by applicable law

G. Opting out of telemarketing:

You don't need to agree to our telemarketing efforts to buy goods or services from us. If you don't want to receive marketing calls, let us know by emailing us at support@savvyhealthrx.com. We'll honor opt-out requests immediately.

H. Limitations on opting out:

You might not be able to opt out of all information sharing, such as sharing with credit card processors for orders you place with us. Choices you make about marketing communications won't affect transactional, relationship, or legally required communications.

I. Legal disclosure of personal information:

We may disclose your personal information to law enforcement or other government officials if necessary to comply with the law or at their request.

J. Agreement to Privacy Policy:

By using our site, you agree to this Privacy Policy. If you disagree, please don't use our site. We may change this policy as needed.

K. Confidentiality and security:

We treat all information on our site as confidential. It is stored securely and accessed only by authorized personnel. We take appropriate measures to protect personal data from unauthorized use, loss, destruction, damage, theft, or disclosure.
L. Consent for personal information:

How we obtain your consent:

When you give us personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery, or return a purchase, you're consenting to our collection and use of that information for that specific purpose.

Withdrawing your consent:

If you change your mind after giving consent, you can withdraw it at any time by contacting us at email address support@savvyhealthrx.com.

Keep in mind that withdrawing consent won't affect information sharing you can't opt out of, such as sharing with credit card processors for orders you place with us. Withdrawing consent will not affect the processing of your health or demographic data necessary for clinical evaluation, fulfillment of services, or legal obligations. Opt-out only applies to marketing or optional product communications. Choices you make about information sharing won't affect transactional, relationship, or legally required communications. For some services, collection and use of your personal data might be necessary for the service to work.

M. Circumstances without separate consent:

We collect and process your personal data for various purposes in this Privacy Policy. In some cases, we don't need separate consent, including:

  1. When fulfilling our contractual obligations to you;
  2. To comply with laws, regulations, court orders, or other legal obligations, or to assist in investigations; or
  3. For legitimate interests, such as operating our business and providing services, except when overridden by your interests or fundamental rights and freedoms that require personal data protection.
N. Managing and Deleting your Personal Data:

You can request to edit, update, access, or delete your information by emailing us at support@savvyhealthrx.com. We will respond within timelines required by applicable law and will delete or de-identify personal data as required. We retain personal information only for as long as necessary for the purposes described in this Policy, or as otherwise required or permitted by law.

We may use de-identified or aggregated data for analytics and service improvement and we do not attempt to re-identify it.

  1. Requesting a copy of your Personal Data: You may request a free, electronic copy of your Personal Data. We will provide it in a commonly used and machine-readable format, allowing you to transfer it to another company.
  2. We will review and respond to verifiable access, correction, and deletion requests within the time required by applicable law. We may retain information where required or permitted by law, including for treatment coordination, payment, fraud prevention, dispute resolution, security, medical-record retention, and compliance purposes.
O. Sale or Sharing of Personal Information

We do not sell personal information as defined under applicable law.

P. Health-Related Information:

Savvy Health operates a platform that connects users with independent licensed healthcare providers who evaluate health information and determine appropriate care options. Independent providers and pharmacies may issue separate privacy notices or Notices of Privacy Practices governing their own collection, use, and disclosure of medical information. Protected Health Information (PHI) is processed only under a valid Business Associate Agreement (BAA) with a covered entity. Savvy Health does not provide medical care. All health evaluations, prescriptions, or treatment decisions are made by independent licensed providers. Savvy Health is not a HIPAA covered entity; HIPAA obligations apply only when a BAA is executed.

Cross-context behavioral advertising is allowed only with explicit opt-in consent, and health-related information is never disclosed for third-party advertising. Marketing communications are only sent with consent where legally required. Tracking on intake, authenticated, scheduling, treatment, and payment pages is limited to what is necessary to provide the requested service or otherwise permitted by law. Users may manage their cookie preferences via the platform’s settings. Global Privacy Control (GPC) signals are honored for California residents.

Personal and health-related information is retained only as long as necessary to provide services, support care coordination, maintain required records, comply with law, detect or prevent fraud, enforce agreements, or protect the platform and users. Aggregated or de-identified data may be used to improve services, perform analytics, and benchmark performance, provided no individual can be identified.

When acting as a business associate under a valid BAA, Savvy Health will notify the covered entity promptly of any PHI breach. The covered entity is responsible for notifying affected individuals unless the BAA delegates that duty.

California, EU, and UK residents have rights to access, correct, delete, opt out of sale or sharing, and limit the use of sensitive personal information. Requests may be submitted to support@savvyhealthrx.com, and Savvy Health will respond within the legally required timeframe. Users may withdraw consent for optional marketing or tracking activities without affecting necessary operational communications.

Savvy Health may act as a business associate only when a valid written BAA is in place. When acting as a business associate, only the minimum necessary PHI is accessed, such as scheduling information, encounter records, and communications required to connect users and providers. Savvy Health does not access clinical notes, diagnoses, or prescription content unless explicitly required by the BAA. All PHI is used, disclosed, and protected solely as permitted by the applicable BAA and HIPAA.

For ‘medical information’ under California’s CMIA outside HIPAA scope, CMIA confidentiality and breach obligations are followed.

Savvy Health does not collect, retain, or sell PHI or consumer health data for advertising purposes. It does not share such information for targeted advertising without express written consent. We do not use health-related information for third-party advertising. Cross-context behavioral advertising with personal information is only conducted with explicit opt-in consent. No PHI or sensitive health data is shared for targeting or advertising purposes.

In the event of a suspected data security incident, users should contact support@savvyhealthrx.com without including PHI or other sensitive data.

Savvy Health uses vetted vendors and subprocessors to provide the platform and services. Subprocessors that handle PHI are bound by written agreements requiring HIPAA compliance, where applicable. A current list of subprocessors is available upon request or posted on the site.

If there is a conflict between these Terms and a BAA or a medical group’s Notice of Privacy Practices, the document that provides stronger privacy or security protections for PHI governs with respect to PHI.
IV. Personal Data Disclosure
We may disclose your Personal Data for the purposes described in previous sections of this Privacy Policy, and in the following ways:

  • Healthcare Providers and Pharmacies: We may disclose personal information and health-related information to independent licensed healthcare providers who evaluate your health information and determine appropriate care options, and to licensed pharmacies that fulfill lawfully issued prescriptions, only as necessary to facilitate care, prescription fulfillment, payment, care coordination, platform operations, legal compliance, or as otherwise described in this Policy.
  • Affiliates and Internal Operations: We may disclose personal information within Savvy Health and with affiliated entities under common ownership or control as reasonably necessary to operate the platform, provide services, support care coordination, process payments, prevent fraud, perform internal administration, or comply with law.
  • Service Providers and Vendors: We may disclose personal information to vendors and service providers that help us host, operate, secure, support, process payments for, analyze, fulfill, or improve our services, subject to appropriate confidentiality and data-protection obligations.
  • Legal Compliance, Law Enforcement, and Public Safety Purposes: We may share your data with law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties to comply with laws, regulations, court orders, or other legal obligations, to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Policy, or agreements with third parties, or for crime-prevention purposes.
V. Cookies and Third-Party Services
A. Cookies: We may use "cookies" to enhance your online experience, making it easier for you to navigate through our website and improving certain features. Cookies are text files that websites often place on a user's hard drive when the user visits the website. These files identify a user's computer and can record preferences and other data about the user's website visit. Cookies and similar technologies may collect information associated with your browser or device, including identifiers and usage data, as described in this Policy. You may be able to disable cookies through your web browser, but please note that some services may not function properly without them, and your experience on our website could be affected. For health-context pages, we limit tracking to what is necessary for the requested service and obtain consent where required.

B. Third-Party Cookies: We may work with third-party advertising companies that serve ads on our behalf across the internet. These companies may collect and use information about your visits to our website and other websites, as well as your interaction with our products and services. They do this to provide you with advertisements about goods and services that may interest you. These partners may associate data with identifiers; see their privacy notices and your browser/app settings for controls. We honor Global Privacy Control (GPC) signals where required. They may use information about your visits to this and other websites to target ads and track user responses. These targeted ads may appear on our website or other sites you visit. Anonymous information is collected using pixel tags or cookies, which are standard technologies used by most major websites. If you don't want these companies to collect this information, you can opt out.

To learn more about the use of this information or to opt out from certain third-party advertising partners, please visit the Network Advertising Initiative at http://www.networkadvertising.org/choices. Note that if you delete your cookies, use a different browser, or buy a new computer, you'll need to renew your opt-out choice.

C. Third-Party Services: Generally, the third-party providers we use will only collect, use, and disclose your information as necessary to perform specific services they provide to us. Some third-party services, like payment gateways and transaction/payment processors, must comply with security standards, such as the Payment Card Industry Data Security Standard (PCI-DSS). PCI-DSS is a set of security standards designed to ensure that all payment processors handling credit card information maintain a secure environment. All direct payment gateways we use adhere to PCI-DSS.

While we don't store your credit card information, payment gateways and transaction/payment processors may store your purchase transaction data as required by law. These third parties have their own privacy policies about how they handle your personal information during purchase-related transactions. We recommend reading their privacy policies to understand how your information will be handled.

Keep in mind that some providers may be located in, or have facilities in, a different jurisdiction than you or us. If you proceed with a transaction involving a third-party service provider, your information may be subject to the laws of the jurisdiction(s) where the provider or its facilities are located.

Once you leave our site or are redirected to a third-party website or application, our Privacy Policy and Terms of Use no longer apply.

We do not permit third-party advertising technologies to collect or process health-related information or PHI.
VI. Data Retention
We retain personal information only as long as necessary to:

  • Provide services
  • Maintain required medical records
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
VII. Payment Information
A. Payment Processing: If you use a direct payment gateway to complete your purchase of our services, our payment processor may store your card data in compliance with Payment Card Industry Data Security Standard (PCI-DSS). Savvy Health does not store it directly. We store your purchase transaction data only as needed to process your purchase, including recurring payments only if you enroll in a subscription or continuity program that is clearly disclosed at checkout and in the applicable terms.

B. Cancellation of Automatic Renewal: You can cancel the automatic renewal of your purchase transactions, including the associated purchase transaction data, at any time by contacting us at email address support@savvyhealthrx.com or by using the self-service tools (where available).

C. Payment Security: All direct payment gateways follow the standards set by PCI-DSS, which is managed by the PCI Security Standards Council. This council is a joint effort of major credit card brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements ensure that our site and service providers securely handle your credit card information.
VIII. Electronic Communications, Phone Calls, and Text Messages
A. Electronic Communications: By giving your consent in accordance with applicable law, you agree to receive electronic communications from us. We may choose to communicate with you through email or by posting notices on our site. All agreements, notices, disclosures, and other electronic communications we send to you satisfy any legal requirement that they be in writing.

B. Phone Calls and Text Messages: When you give your consent as per the Telephone Consumer Protection Act (TCPA) or any applicable law, you agree to receive phone calls, including artificial voice calls, pre-recorded messages, and calls delivered via automated technology, as well as text and SMS messages to the phone number(s) you provided. Message frequency varies. Mobile carriers are not responsible for delayed or undelivered messages. Consent is voluntary and not a condition of purchase.

C. Privacy: Be aware that text messages we send may be seen by anyone with access to your phone. To maintain privacy, take steps to protect your phone and text messages.

D. Opting Out: To stop receiving text messages, reply "STOP", "END", or "QUIT" to any text message we've sent. You can also request to stop receiving text messages by calling or emailing us at support@savvyhealthrx.com.

E. Help and Support: For our contact information or instructions on stopping text messages, reply "HELP" to any text message we've sent or contact us at support@savvyhealthrx.com. Message and data rates may apply to any text/SMS communication.
IX. External Links
Please be aware that our Privacy Policy does not apply to the practices of companies we don't own or control, or to people we don't employ or manage. We provide external links for your convenience only. We have no control over, don't review, and aren't responsible for third-party websites, their content, or any goods or services available through them. Our Privacy Policy doesn't apply to these websites, so any information you provide to them is at your own risk. We encourage you to review their privacy policies.
X. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, authentication mechanisms, and monitoring systems for unauthorized access or activity.

We use SSL/TLS and other reasonable administrative, technical, and physical safeguards designed to protect personal information and health-related information against unauthorized access, loss, misuse, or disclosure.
XI. Data Breach
In the event of a data breach involving personal information or PHI, we will notify affected individuals and regulators within the timelines required by applicable law, including HIPAA, GDPR, or applicable state law, providing details of the breach, affected data, and remediation measures. This notification will include a detailed description of the data breach and the type of data affected. We will also communicate the following:
  • The name and contact details of our data protection officer or other point of contact for more information.
  • A description of the likely consequences of the data breach.
  • A description of the measures we've taken or propose to take to address the data breach, including any measures to mitigate its possible adverse effects.
  • Any other information you may reasonably request relating to the data breach.
We will promptly investigate the data breach and use industry-standard, commercially reasonable efforts to mitigate its effects. Any breach involving personal health information will be reported to you and regulatory authorities as required by law, including HIPAA, GDPR, or state-specific privacy laws, within legally mandated timelines. We will also, subject to your prior written agreement, carry out any recovery or other actions necessary to remedy the data breach. Unless required by applicable privacy laws, we won't release or publish any filing, communication, notice, press release, or report concerning the data breach. Where regulator notice is required (e.g., under GDPR/UK GDPR or state law), we will notify the relevant authority within the required timeline.
XII. Geographic Location
If we process personal data originating from the European Economic Area (EEA) outside the EEA, in a territory that has not been designated by the European Commission as ensuring an adequate level of protection under applicable Privacy Laws, we will undertake the transfer pursuant to appropriate transfer mechanisms in accordance with EU Standard Contractual Clauses or the EU-U.S. Data Privacy Framework, as applicable). We have data processing agreements in place to ensure compliance with all relevant applicable law, and all processing is performed according to the highest security regulations.
XIII. Age of Consent
Our services are intended for users 18 years or older. We do not knowingly collect personal information from children under 13. Minors aged 13–17 may only use the Site with parental consent, and parents must agree to our Terms of Use and Privacy Policy on behalf of the minor.
XIV. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use or disclose it. Material changes will be announced via banner notice. Continued use of our Site after having been informed of any such changes to these conditions implies acceptance of the revised Privacy Policy. This Privacy Policy is an integral part of our Terms of Use.

If our Company is acquired or merged with another company, we may disclose your Personal Data with our prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.

For residents of the European Economic Area, our disclosure is limited to situations where we are permitted to do so under applicable European and national data protection laws and regulations.
XV. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
  • Access your personal information
  • Correct inaccurate information
  • Request deletion of certain data
  • Receive a copy of your information
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact us at email address support@savvyhealthrx.com.

We have a "Data Protection Officer" who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following email address: support@savvyhealthrx.com.
XVI. Miscellaneous
A. Headings and Interpretation

Section headings are for convenience only and don't affect interpretation. References to parties, persons, entities, or corporations include appropriate gender and number as needed.

B. No Waiver

Failure to enforce any provision of this Privacy Policy does not constitute a waiver of that provision or any other provision in the Privacy Policy.

Contact information

Savvy Smart Ecomm Ltd
291 Franklin Ave, Ste 7, Wyckoff, NJ 07481
support@savvyhealthrx.com
—---------------
Notice of Privacy Practices

Last Updated: April 7, 2026

This notice describes how medical information about you may be used and disclosed and how you can access this information.

Our Responsibilities

Savvy Health is required by law to maintain the privacy and security of your Protected Health Information (PHI).

We must provide you with this notice describing our legal duties and privacy practices.

Uses and Disclosures of Health Information

Your health information may be used for:

Treatment

Sharing information with healthcare providers involved in your care.

Payment

Processing payments for healthcare services.

Healthcare Operations

Administrative activities including quality improvement and service management.

Your Rights

You have the right to:

  • Access your health records
  • Request corrections to your records
  • Request confidential communications
  • Request restrictions on certain disclosures
  • Receive a copy of this notice
California residents have the right to:
  • Opt out of the sale or sharing of personal information
  • Limit the use of sensitive personal information
  • Access, correct, or delete personal information we maintain about you
To exercise your rights, please contact: support@savvyhealthrx.com

Complaints

If you believe your privacy rights have been violated, you may file a complaint with Savvy Health contact information below.

You may also file a complaint with the U.S. Department of Health and Human Services.

Contact Information

Savvy Smart Ecomm Ltd
291 Franklin Ave, Ste 7, Wyckoff, NJ 07481