Legal
Privacy Policy
Effective Date: June 8, 2026
RxRelay, a joint venture between RxReinvented LLC and Wild Forest LLC (“RxRelay,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your personal information, and it outlines your rights under applicable laws including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable federal and state laws, including the Gramm-Leach-Bliley Act (GLBA) and the Federal Trade Commission Act (FTC Act). This Policy addresses three categories of users of our services and website (www.rxrelay.ai): Customers (such as Medical Providers and Clinics), Patients, and other Web Visitors. We comply with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA) for Protected Health Information (PHI) and other medical data protection regulations. Our services include the RxRelay Platform, a Software-as-a-Service (SaaS) Prescription Management Engine that enables prescription routing, status tracking, pharmacy connectivity, and API integrations for medical providers and clinics (the “Platform”), a secure Customer Portal, and a public website. RxRelay does not interface with medical insurance in any capacity and does not process, adjudicate, or submit claims to any insurance carrier or third-party payor. This policy outlines our practices regarding the collection and use of PHI and prescription transaction data, including through the use of cookies and similar technologies.
1. Scope of This Privacy Policy
This Privacy Policy applies to:
- Customers (such as medical providers and clinics): Healthcare providers who use the RxRelay Platform and secure Customer Portal to manage prescription workflows, including PHI.
- Patients: Individuals whose prescription information is processed through the RxRelay Platform by their healthcare provider.
- Casual Web Visitors: Individuals who visit our public website (www.rxrelay.ai).
This policy does not apply to information collected by third-party websites or services linked from our website or portals, unless explicitly stated.
2. Definitions
- Protected Health Information (PHI): Individually identifiable health information as defined by HIPAA, including medical records, treatment details, and billing information.
- Personal Information: Any information that identifies or can be used to identify an individual, such as name, contact details, or IP address.
- Cookies: Small data files stored on your device to enhance website functionality, performance, and marketing.
3. Information We Collect and How We Use It
We collect and process different types of information based on your user category. Below, we describe the information collected, how it is used, and the legal basis for processing.
3.1 Customers (Medical Providers)
Information Collected:
- Account Information: Name, email address, phone number, practice name, billing information, and professional credentials.
- Usage Data: Information about how you interact with the Customer Portal and RxRelay Platform, such as login history, prescription submission activity, feature usage, and system preferences.
- PHI: Patient prescription and health information processed through the RxRelay Platform, accessible only to authorized users within your practice.
- Technical Data: IP address, browser type, device information, and cookies or similar technologies used in the Customer Portal.
How We Use It:
- To provide, maintain, and improve the RxRelay Platform and Customer Portal.
- To authenticate and secure access to your account and prescription data.
- To process payments and manage subscriptions.
- To communicate with you about updates, support, or account-related matters.
- To comply with legal obligations, such as HIPAA, and contractual agreements (e.g., Business Associate Agreements).
- To analyze usage trends and improve system functionality (anonymized data only).
Legal Basis:
- Performance of a contract with you (e.g., providing the RxRelay Platform service).
- Compliance with legal obligations (e.g., HIPAA).
- Our legitimate interest in improving services and ensuring security, where not overridden by your rights.
Cookies in the Customer Portal: We use cookies to authenticate your login, maintain session security, and personalize your experience. You can manage cookie preferences through the Customer Portal settings, but essential cookies required for functionality cannot be disabled.
3.2 Patients
Information Collected:
- Account Information: Name, email address, phone number, and other identifiers associated with prescriptions processed on your behalf through the RxRelay Platform.
- PHI: Prescription records, medication details, and related health information transmitted through the RxRelay Platform by your healthcare provider.
- Technical Data: IP address, browser type, and device information when accessing the RxRelay Platform or our public website.
How We Use It:
- To facilitate secure prescription processing and management on your behalf through the RxRelay Platform.
- To support accurate prescription routing and status tracking between your provider and pharmacy.
- To authenticate and secure access to your account.
- To comply with HIPAA and other applicable regulations.
- To troubleshoot technical issues and improve Platform functionality (anonymized data only).
Legal Basis:
- Your consent, where required (e.g., for account creation or non-essential cookies).
- Performance of a contract with your healthcare provider to deliver prescription management services through the RxRelay Platform.
- Compliance with legal obligations (e.g., HIPAA).
Cookies and Platform Access: We use cookies to secure logins, maintain session integrity, and enhance Platform functionality. Essential cookies are required for Platform access and cannot be disabled. You can manage non-essential cookies through Platform settings.
3.3 Casual Web Visitors
Information Collected:
- Personal Information: Information you voluntarily provide, such as name and email address, when submitting inquiries via contact forms.
- Technical Data: IP address, browser type, device information, pages visited, and cookies or similar technologies used on our public website.
- Usage Data: Anonymized data about how you interact with our website, such as pages viewed and time spent.
How We Use It:
- To operate and improve our public website.
- To respond to inquiries or provide information about our services.
- To analyze website performance and user behavior (anonymized data only).
- For marketing purposes, such as delivering targeted advertisements, where you have consented or where permitted by law.
Legal Basis:
- Your consent (e.g., for cookies or marketing communications).
- Our legitimate interest in operating and improving our website, where not overridden by your rights.
Cookies on the Public Website: We use cookies for functionality (e.g., site navigation), analytics (e.g., tracking site usage), and marketing (e.g., targeted ads). You can manage cookie preferences through our cookie consent tool on the website. Essential cookies cannot be disabled, but you may opt out of non-essential cookies.
4. How We Protect Your Information
We implement robust physical, technical, and administrative safeguards to protect your information, including:
- Encryption: Data transmitted to and from our portals and website is encrypted using industry-standard protocols (e.g., TLS).
- Access Controls: Only authorized personnel and users have access to PHI, limited to their role and purpose.
- HIPAA Compliance: We maintain HIPAA-compliant safeguards for PHI, including Business Associate Agreements with Customers.
- Regular Audits: We conduct regular security assessments and audits to ensure compliance with applicable laws.
Despite our efforts, no system is completely secure. If you suspect unauthorized access to your account, please contact us immediately.
5. Sharing Your Information
We do not sell your personal information or PHI. We may share information as follows:
Customers (Medical Providers):
- With your authorized staff or subcontractors as permitted under our Subscription Agreement and Business Associate Agreement.
- With service providers (e.g., hosting or payment processors) bound by strict confidentiality and compliance applicable to the type of data shared.
- To comply with legal obligations, such as responding to subpoenas or regulatory requests.
Patients:
- With your healthcare provider and connected pharmacy partners, as part of the RxRelay Platform service.
- With service providers supporting the RxRelay Platform, subject to HIPAA-compliant agreements.
- With your consent or as required by law (e.g., public health reporting).
Casual Web Visitors:
- With analytics or marketing providers (e.g., Google Analytics) for anonymized data or with your consent for personalized ads.
- With service providers supporting website functionality (e.g., hosting providers).
We may also disclose information to protect our rights, enforce our policies, or respond to legal processes.
6. Your Rights and Choices
6.1 Customers (Medical Providers)
- Access, correct, or delete your account information by contacting us or using Customer Portal tools.
- Manage cookie preferences in the Customer Portal (except essential cookies).
- Request a copy of our HIPAA Business Associate Agreement.
6.2 Patients
- Access, correct, or request deletion of your PHI by contacting your healthcare provider.
- Request restrictions on certain uses or disclosures of PHI, as permitted by HIPAA.
- Manage cookie preferences in the RxRelay Platform (except essential cookies).
- Contact us or your provider to exercise your HIPAA rights.
6.3 Casual Web Visitors
- Opt out of non-essential cookies via our cookie consent tool.
- Opt out of marketing communications by clicking “unsubscribe” in emails or contacting us.
- Request access, correction, or deletion of your personal information, where applicable.
To exercise your rights, contact us at matt@wildforestllc.com. We will respond within the timeframes required by law.
If you are a California resident, you have the following rights under the CCPA and CPRA:
- Right to Know: You can request information about the personal information we have collected about you, including the categories of personal information, the sources from which it was collected, the business or commercial purpose for collecting or selling the information, and the categories of third parties with whom we have shared the information.
- Right to Delete: You can request that we delete any personal information we have collected about you, subject to certain exceptions.
- Right to Opt-Out of Sale or Sharing: You can opt-out of the sale or sharing of your personal information.
- Right to Limit Use and Disclosure of Sensitive Personal Information: You can limit our use and disclosure of your sensitive personal information to certain specified purposes.
- Right to Correction: You can request that we correct any inaccurate personal information we have collected about you.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA or CPRA rights.
Please note that you may only make a CCPA or CPRA-related request twice within a 12-month period. We will require you to provide information to verify your identity before responding to your request.
7. Retention of Information
- PHI: Retained as required by HIPAA and our agreements with customers, typically for a minimum of 6 years or as directed by your healthcare provider.
- Customer Information: Retained for the duration of our contract with you and as required by law or for legitimate business purposes (e.g., billing records).
- Web Visitor Information: Retained for as long as necessary for the purposes described (e.g., analytics or marketing), typically no longer than 2 years unless required by law.
8. Cookies and Tracking Technologies
We use cookies and similar technologies (e.g., web beacons) across our website and portals:
- Essential Cookies: Necessary for website and portal functionality and security (cannot be disabled).
- Analytics Cookies: Track usage to improve performance (anonymized data).
- Marketing Cookies: Enable personalized ads (opt-in required for web visitors).
You can manage cookie preferences through our website or portal settings. Disabling cookies may affect functionality. For more details, see our Cookie Policy.
9. Third-Party Links
Our website and portals may contain links to third-party sites. We are not responsible for their privacy practices. Please review the privacy policies of any third-party sites you visit.
10. Children’s Privacy
Our services are not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately.
11. International Users
Our services are hosted in the United States. If you access our services from outside this region, your information may be transferred to and processed in our hosting location. We comply with data protection laws, including HIPAA for PHI, applicable to the United States.
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a revised “Effective Date” or through direct communication (e.g., email to customers or patients). Please review this policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
For HIPAA-related inquiries, you may also contact our Privacy Officer at support@rxrelay.ai.