NavioMD Privacy Policy

Effective Date: April 11, 2025
Last Updated: April 30, 2025

Table of Contents

  1. Definitions
  2. Introduction
  3. Use by Minors & Children’s Privacy
  4. HIPAA Compliance & Protected Health Information (PHI)
  5. Information We Collect
  6. How We Use Your Information
  7. Disclosure of Your Information
  8. Your Rights & Controls
  9. Cookies, Tracking & Browser Preferences
  10. Data Retention
  11. Security Safeguards
  12. International Data Transfers
  13. Third-Party Vendors & Links
  14. Transactions & Payment Data
  15. Jurisdiction & Governing Law
  16. Your State Privacy Rights
  17. Data Breach Notification
  18. Policy Changes
  19. Contacting Us

1. Definitions

Personal Information: Data that identifies or can be reasonably linked to a specific person.
Protected Health Information (PHI): Individually identifiable health information as defined under HIPAA.
Platform/Services: NavioMD’s website, mobile applications, and virtual care services.
Care Providers: Includes licensed medical providers, pharmacy partners (e.g., The Pharmacy Hub), and affiliated clinical staff.

2. Introduction

NavioMD Inc. and its affiliates (“NavioMD,” “we,” “us,” or “our”) operate digital healthcare services that include telemedicine, prescriptions, lab orders, and virtual support. This Privacy Policy outlines how we collect, use, and safeguard your Personal Information and PHI in accordance with applicable laws including the Health Insurance Portability and Accountability Act (HIPAA) and relevant state privacy regulations.

By using our services, you consent to the data practices described in this policy.

3. Use by Minors & Children’s Privacy

NavioMD services are intended for individuals aged 18 and older. We do not knowingly collect data from children under 13 without verifiable parental consent. If we become aware that such information has been collected improperly, we will promptly delete it.

4. HIPAA Compliance & Protected Health Information

NavioMD is a Covered Entity under HIPAA. We fully comply with the HIPAA Privacy, Security, and Breach Notification Rules.

  • PHI includes any health information that can identify you and relates to your physical or mental health, healthcare services, or payment for services.
  • All PHI is protected by administrative, technical, and physical safeguards in compliance with federal and state regulations.

When working with Business Associates (e.g., Qualiphy, The Pharmacy Hub), we maintain HIPAA-compliant agreements to ensure continued protection of your information.

We also adhere to relevant state-specific data privacy laws such as:

  • California Confidentiality of Medical Information Act (CMIA)
  • Washington’s My Health My Data Act (MHMD)
  • Colorado Privacy Act (CPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Connecticut Data Privacy Act

5. Information We Collect

A. Information You Provide

  • Identity details (name, DOB, email, address)
  • Health history, intake forms, lifestyle info
  • Government-issued ID for verification
  • Uploaded photos, documents
  • Communications via chat, email, or surveys
  • Payment info (handled by secure third-party processors)

B. Automatically Collected

  • IP address, browser/device info
  • Site usage & behavior data
  • Location (if permitted)
  • Cookies, email tracking

C. From Third Parties

  • Referring platforms (social logins)
  • Analytics partners
  • Licensed Care Providers and pharmacies

D. Inferred Data

  • Preferences or health needs derived from activity

6. How We Use Your Information

  • Provide and coordinate care services (telehealth, pharmacy, labs)
  • Fulfill prescriptions and process payments
  • Respond to support inquiries and deliver updates
  • Conduct clinical research using de-identified data
  • Comply with legal, regulatory, and public health obligations
  • Prevent fraud and ensure platform security

7. Disclosure of Your Information

Your data may be disclosed to:

  • Medical and Pharmacy Providers: Qualiphy, The Pharmacy Hub
  • Operational Partners: Steer Health (patient portal and engagement services)
  • Payment Vendors: Stripe, Adyen (PCI-compliant)
  • Legal & Regulatory Authorities: In response to subpoenas or public health mandates
  • Corporate Transactions: Mergers, acquisitions, or asset transfers
  • Marketing Vendors: Only with your explicit consent or legal allowance
  • De-identified Uses: For research, analytics, and service improvement

We do not sell your PHI.

8. Your Rights & Controls

You have rights under HIPAA and state law to:

  • Access your data
  • Request corrections
  • Request restrictions on data use or disclosure
  • Request confidential communications
  • Receive an accounting of disclosures
  • Revoke authorization (where applicable)

To exercise your rights, contact: support@naviomd.com. Identity verification may be required.

9. Cookies, Tracking & Browser Preferences

  • We honor Global Privacy Control (GPC) signals where supported
  • You may disable cookies in your browser
  • We do not respond to Do Not Track (DNT) signals
  • Third-party analytics (e.g., Matomo) may collect anonymized usage data

Details are available in our Cookie Notice.

10. Data Retention

We retain Personal and Health Information as long as necessary to:

  • Provide care and meet medical recordkeeping obligations
  • Comply with HIPAA and other legal requirements
  • Resolve disputes and enforce agreements
    De-identified data may be retained indefinitely.

11. Security Safeguards

We employ industry-standard security practices:

  • TLS encryption for data in transit
  • Secure storage and access controls
  • Role-based permissions and activity logging
  • Routine security audits and vulnerability testing
  • Mandatory staff HIPAA training

However, no system can be guaranteed 100% secure.

12. International Data Transfers

All data is processed in the United States. If you access our services internationally, you consent to the transfer and storage of your information in the U.S., which may have different privacy laws.

13. Third-Party Vendors & Links

  • External links may direct you to third-party websites not governed by this Policy
  • Embedded content (e.g., videos, appointment tools) may follow third-party policies
    We are not responsible for third-party data practices.

14. Transactions & Payment Data

We use third-party, PCI-compliant vendors (e.g., Stripe, Adyen) to process all payments. NavioMD does not store complete credit card information.

15. Jurisdiction & Governing Law

By using our Services, you consent to the application of U.S. law and exclusive jurisdiction in the state of Florida, unless otherwise required by local regulations.

16. Your State Privacy Rights

If you are a resident of:

  • California: You may request access, deletion, correction, or opt-out of data sharing under CCPA/CPRA.
  • WA, VA, CO, CT, NV: You may have additional data rights under state-specific legislation.

To exercise these rights, contact: support@naviomd.com or visit our Privacy Center.

17. Data Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals and regulators as required under HIPAA and applicable state law—typically within 30 calendar days of discovery.

18. Changes to This Policy

We may update this Policy from time to time. When we do:

  • We’ll revise the “Last Updated” date above
  • For material changes, we will provide direct notice (e.g., email)

Your continued use of our Services constitutes acceptance of any updates.

19. Contacting Us

NavioMD Privacy Officer
300 S Pine Island Road, Suite 260
Plantation, Florida 33324
Phone: 1-877-276-2846
Email: support@naviomd.com

© 2025 NavioMD, Inc. All rights reserved.

Logo

Explore

Learn

Treatments

Location

300 S Pine Island Road, Suite 260 Plantation, Florida 33324

6am—7pm PST

Mon-Sun

Help CenterTerms of ServiceImportant Safety InformationPrivacy PolicyTelehealth Consent and Open Payments Notice
Footerbg

© 2025 — Copyright