Privacy Policy

Last Updated: May 6, 2020

stoRx takes its privacy responsibilities seriously. This Privacy Notice describes how stoRx, Inc. (“stoRx“, “we“, “our” or “us“) may collect and process personal information about you through your interactions with us via our website www.storx.com and any related website and mobile application operated by stoRx (collectively, the “Site”) and/or stoRx’s medication- and product-purchasing platform made available via the Site (the “Platform”). In this Privacy Notice, the Site and Platform and all features and services delivered by stoRx via the Site or Platform are collectively referred to as the “Service” or “Services“.

This Privacy Notice applies to everyone who visits our Site or otherwise uses or interacts with any of our Services. If you have any questions or concerns about this Privacy Notice, or about the way your personal information is collected and used, please do not hesitate to contact us at info@storx.com. If you do not agree to any provision in this Privacy Notice, please do not use any of our Services. By using any of our Services you are consenting to the practices described in this Privacy Notice.

 

A Brief Explanation of our Services and How They May be Used

Our Services may be used by qualified healthcare providers (for example, a doctor, nurse practitioner or other healthcare provider qualified to prescribe medication) (“qualified healthcare providers”) to prescribe medication and other products to their patients. Our Services may also be used by consumers to purchase over-the-counter medicine and other products made available via our Services. All consumers and patients who use our Services are referred to in this Privacy Notice as “patients”. All medication (whether prescribed or over-the-counter) and all other products made available via the Services are referred to as “Products”.

Because prescriptions are initiated by a qualified healthcare provider on behalf of the qualified healthcare provider’s patient, please note the following:

If you are a qualified healthcare provider, you must secure your patient’s express permission before submitting your patient’s personal information via the Services. Such permission should make it clear to your patient that you are submitting your patient’s personal information (name, address, date of birth, medication prescribed, dosage and other relevant information) via the Services and that the patient should expect to receive an email via the Services after you have submitted the prescription.

If you are a patient, your qualified healthcare provider may prescribe medication for you via the Services. Before they do, they will inform you that the medication will be filled via the Services. They will then provide relevant personal information via the Services in order to prescribe the Product to you. If you do not wish to purchase medication via the Services, please inform your qualified healthcare provider before they submit your personal information via the Services.

 

Health Care Information is Governed by our Notice of Privacy Practices

To the extent that personal information collected through the Services is patient information provided to obtain pharmacy services, this information is governed by the stoRx Notice of Privacy Practices and not this Privacy Notice. If you have questions about which policy applies to personal information that has been provided, please contact us at info@storx.com.

 

Personal Information That We Obtain About You

Information Provided By You

If you register for a user account (an “Account”) via our Services, communicate with us, or otherwise use or interact with our Services, we may obtain personal information that you provide to us. Such information may include the following as applicable:

  • your contact information such as name, phone number, address and email address;
  • your demographic information such as date of birth and gender;
  • your location information;
  • prescription-related information;
  • if we engage in a phone conversation with you, we may, if allowed by law, record such conversation;
  • if you are a qualified healthcare provider registering for an Account, you will input your NPI number and professional license number;
  • comments, reviews, search terms, queries, and other personal information that you input into our Services or otherwise provide when using our Services; and
  • other personal information that you furnish to us.

You may choose not to provide certain personal information, but you may not be able to use the applicable Service.

Please note that if you are a patient and your qualified healthcare provider is prescribing a Product to you, your qualified healthcare provider will, with your consent, input into the Services:

  • your contact information, such as name, phone number, address and email address;
  • your date of birth;
  • your prescription information; and
  • other relevant personal information (including personal information necessary under state or federal law for a valid prescription) in order to prescribe a Product to you.

If you are a parent or legal guardian of a patient under the age of 18, you must provide your contact information and the name of the patient and you must purchase the Product prescribed to the patient.

If you submit any personal information relating to another person in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.

Payment Information

If you purchase a Product, you will be required to provide payment information via our Services. Your credit card or other payment method will be billed once you complete and submit your order. Your purchase is processed through our Services, but we use third-party payment processor Converge Payment Gateway to process your payment. The third-party payment processor is required to follow the Payment Card Industry Data Security Standard (PCI DSS) when handling payment card data. We do not receive, process or store your payment card information.

Account Information

Your Account includes personal information that you have provided in order to use our Services. Please log in to your Account to access, add or update your Account information.

Information Obtained From Our Services

We automatically collect and store certain types of information about your use of the Services, including information about your navigation on our Site and your interaction with content and services available through the Services. Like many websites, we use “cookies” and other identifiers and we obtain certain types of information when your web browser or device accesses our Services. Some information that is obtained automatically may qualify as personal information and some may not. If it is personal information, we protect it as described in this Privacy Notice. Following are further details regarding the information that is automatically obtained via our Services.

Device Information

We may collect device-specific information when you visit the Site or otherwise use the Services. This includes information such as Internet Protocol (IP) address, hardware model, operating system, unique device identifiers and mobile network information related to your device. We may also associate the information we collect from your different devices, which helps us provide consistent services across your devices.

Log Information

We may collect information regarding how you use our Services (including clicks and page information such as the address (or URL) of the website or mobile application you came from before visiting our Site), the pages you visit on our Site, which browser you used to view our Site, traffic to and from our Site, any search terms entered and other standard weblog information.

Location Information

When you access our Services on your mobile phone or device, we may collect information about your physical location through satellite, cell phone tower, Wi-Fi signal, web beacons, Bluetooth and near field communication protocols.

Cookies, Web Beacons and Similar Technologies

Cookies” are pieces of data that a website transfers to your computer’s hard drive for record-keeping purposes. We use cookies to enhance and simplify your experience using our Services and to improve our Services and offerings to you. Cookies provide features and services such as:

  • Remembering your preferences and allowing you to enter your Account information less frequently
  • Presenting information that we believe is relevant to your needs or interests;
  • Measuring the effectiveness of our Site and other Services; and
  • Providing other services and features that are available through the use of cookies.

A “session cookie” disappears after you close your web browser or it may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our Site. We may use both session and persistent cookies. Following is a list of the cookies that we currently use:

System

Cookie Name

Type

Notes

prescriptions.storx.com

XSRF-TOKEN

session

 

prescriptions.storx.com

storx_session

session

 

prescriptions.storx.com

remember_storx_users_XXXX

session

XXXX are dynamic numbers

prescriptions.storx.com

Email

session

stored as encrypted value after login

prescriptions.storx.com

Password

session

stored as encrypted value after login

storx.com

PHPSESSID

session

 

The Options/Settings section of most internet browsers will tell you how to manage cookies and other technologies that may be transferred to your device, including how to disable these technologies. You can disable our cookies or all cookies through your browser setting, but please note that disabling cookies may impact some of our Site’s features and prevent the Site and Services from operating properly.

The cookies above are first-party cookies (placed by us). Third-party cookies (cookies placed by third parties) may be used if you visit third party websites. We do not manage or control third-party cookies. In order to understand the cookie policies of such third parties, you should visit the third party’s website and/or contact the third party.

A “web beacon” is an electronic image placed in the code of a webpage, application, or email. We may use web beacons to monitor the traffic patterns of users from one page to another on our Site and to improve our Site’s performance. We may also use them in emails to understand when our email communications are opened or discarded.

Analytics information

Like many sites, we use Google Analytics on our Site. Google Analytics provides additional information and data related to you, your device and your computer browser, and your use of, and activity on, our Website. For information regarding Google’s privacy practices please visit Google’s site.

Information Obtained From Other Sources

We might receive information about you from other sources in order to deliver our Services to you, in order to ensure that we and the Product Provider can deliver Products that you ordered, in order to detect and prevent fraud, and/or otherwise in order to comply with applicable law. Following are a few examples:

  • as mentioned above, if you are a patient and you have been prescribed a Product, we will receive a prescription for such Product from your qualified healthcare provider;
  • we may receive information from carriers regarding updated delivery and address information in order to ensure proper delivery of Products; and
  • we may receive information from payment card processors for fraud prevention purposes and in order to ensure proper processing of payment information and delivery of Products; and

 

How We Use your Personal Information

We use the personal information that we obtain to operate, provide, develop and improve the services that we offer to our users and visitors. These purposes include the following:

  • in order to enable us to offer and fulfill Product orders;
  • to respond to your requests and provide you with information;
  • to acknowledge a payment or receipt of an order;
  • to communicate with you about your Account and/or an order;
  • to send you email alerts and to provide you with customer service;
  • to offer you other products and services that we believe may be of interest to you;
  • to personalize your experience interacting with us;
  • to provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of the Services;
  • to prevent and detect fraud and abuse in order to protect the security of our customers and visitors, stoRx and others; and
  • to comply with laws.

We may use your personal information in compliance with applicable law to offer you products and services that we believe may be of interest to you. If we contact you for any such purpose, you may opt out of receiving any such offers.

 

Does stoRx Share Personal Information?

We are not in the business of selling our users’ personal information to others. We share our users’ personal information only as described below:

Third-Party Provider: Amex Pharmacy

If you purchase a Product, the Product will be compounded (if applicable) and otherwise prepared, fulfilled and shipped by Amex Pharmacy. Your order and contact information and other relevant information will be provided to Amex Pharmacy via our Services. Amex Pharmacy (also referred to in this Privacy Notice as the “Product Provider”) is a third-party pharmacy and medication compounder that prepares, fulfills and ships all Products. For information about Product Provider’s services and privacy practices please contact Product Provider as follows:

Amex Pharmacy

1515 Elizabeth Street, Suite J
Melbourne, FL 32901

+1 (321) 872-0720

info@amexpharmacy.com

Other Third-Party Providers

We may disclose personal information to other service providers who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services. Third-party service providers have access to personal information as applicable to perform their functions.

Following is a list of our third-party service providers as of the last revised date:

Provider

Function

Location

Amex Pharmacy

Compounds medication and other Products, and prepares, fulfills and ships Products to patients

United States

Amazon Web Services (AWS)

EC2 Instance (Web Server), RDS (Database)

United States

Converge Payment Gateway

Payment Processing

United States

We update the foregoing list as we change or add new third-party providers. If you have any questions regarding any of our third-party service providers, please contact us at info@storx.com.

Protection of Our Business and for Law Enforcement Purposes

If we are requested by law enforcement officials or judicial authorities to provide personal information or other information, we may do so. In matters involving claims of personal or public safety or in litigation where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain), we may use or disclose personal information, including without court process.

We also reserve the right to disclose your personal information that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Site, (v) protect our and our affiliates’ and partners’ property or other legal rights (including, but not limited to, enforcement of our agreements), and/or (vi) protect the rights, property, privacy and/or safety of you or others.

Business Transfers 

In the event that stoRx or some or all of our business, assets or stock are sold or transferred (including in connection with any bankruptcy or similar proceedings) or used as security, or to the extent we engage in business negotiations with third parties, personal information may be transferred to or shared with third parties as part of any such transaction or negotiation. In any business transaction, customer information generally is one of the transferred business assets, but it remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise).

Aggregate, Anonymous and/or Combined Information

We may anonymize personal information that we obtain from you, and/or aggregate such information with other information, so that the resulting information does not personally identify you and cannot reasonably be used to personally identify you. We may use and disclose information that does not personally identify you for any purpose, except to the extent limited by applicable law. If we are required to treat such information as personal information under applicable law, then we may use it for all the purposes for which we use and disclose personal information.

Third-Party Services

The Services may contain links to, or otherwise use or make available, third-party websites, services, products or other resources not operated by us (“Third-Party Products“). Third-Party Products are provided as a convenience and/or to provide or deliver a specific service, product or function, and do not constitute an affiliation with, endorsement or sponsorship of the third party or the Third-Party Products. Any information you provide to third parties is not subject to the terms of this Privacy Notice, and we are not responsible for the privacy or security of the information that you provide to them or their handling of your information. We recommend that you review the privacy policy of any third party to whom you provide personal information online.

In addition, we are not responsible for the information collection, use, disclosure, or security policies and practices of other organizations, such as Apple, Google or Microsoft, or any device manufacturer, app developer, app provider, operating system provider or wireless service provider.

Other than as described above, you will receive notice when we intend to share your personal information with third parties, and you will have an opportunity to choose not to share such information.

 

Your Choices and Access

As mentioned above, you can modify and update your personal information in your Account by logging into your Account and making changes to your information yourself. You can also request the removal or modification of the personal information you have provided to us by sending an email to info@storx.com. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain information on the context in which you provided your personal information before implementing your request. We will try to accommodate your request as soon as reasonably practicable.

Please note that we may need to retain certain information for record keeping purposes, to protect our rights, and/or to complete or verify any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

Your Responsibility

By establishing an Account, you agree that it is your responsibility to:

  • Authorize, monitor, and control access to and use of your Account, user ID and password.
  • Promptly inform us of any need to deactivate a password or an account by emailing info@storx.com.

 

Terms that Apply to Residents of California

If you are a California resident, subject to applicable law, you may have certain rights under California law with respect to your personal information. If you wish to exercise any of your rights under California law as they relate to our Services, please contact us at info@storx.com.

We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. We will not include employment-related information in fulfilling your request.

California Shine the Light Law

California’s “Shine the Light” law, permits individuals who are California residents to request and obtain from us a list of personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. If you would like to make a request for information under the Shine the Light law, please contact us by email at info@storx.com. Requests may be made only once a year and are free of charge.

Personal Information of California Residents Under the Age of 18

If you are a California resident under the age of 18 and wish to remove content you have made publicly available (or if you are the parent or legal guardian of a California resident under the age of 18) please contact us at info@storx.com, where you may request to exercise your applicable access, rectification, cancellation and/or objection rights.

 

Children’s Personal Information

We recognize the importance of protecting children’s online privacy. Our Services are intended to be used by adults ages 18 and over. Our Services are not directed to children. We do not sell Products for purchase by children. All Products, including Products prescribed for children, are for purchase by adults as described in our Terms of Service. We do not knowingly collect personal information from children under the age of 13 without obtaining parental consent.

While our Services are not designed or intended to be used by anyone under the age of 18, our Services may be used by qualified healthcare providers to prescribe medication to their patients including patients who are children. If a qualified healthcare provider elects to prescribe a Product to a child patient via the Services, the child patient’s parent or legal guardian will provide personal information to the qualified healthcare provider. We will collect such personal information as applicable to deliver the Services. The child’s parent or legal guardian must use the Services on the child’s behalf. As described above, a child is not permitted to use the Services.

All qualified healthcare providers are required to secure verifiable consent from the parent or legal guardian of each child patient before submitting a prescription for such patient via the Services. Qualified healthcare providers are also required to input and use the parent or legal guardian’s contact information in the Services.

In the event that we become aware that we have collected personal information from any child under the age of 13 without first having obtained parental consent, we will dispose of such information in accordance with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable laws and regulations. If you are a parent or legal guardian and you believe that your child under the age of thirteen (13) has provided us with personal information without COPPA-required consent, please contact us at info@storx.com.

As mentioned above, if you are a California resident under the age of 18 (or if you are the parent or legal guardian of a California resident under the age of 18) and you wish to remove content you have made publicly available please contact us at info@storx.com.  We will reasonably assist you to exercise your applicable access, rectification, cancellation, and/or objection rights.

 

Security

Data Security

stoRx uses appropriate physical, managerial, and technical safeguards that are designed to protect the confidentiality, integrity and security of personal data that we collect and store against accidental or unlawful loss, theft and misuse and unauthorized access, disclosure, alteration destruction, or any other type of unlawful processing. Unfortunately, no web site, server or database is completely secure. stoRx cannot guarantee that your information will not be disclosed, misused or lost by accident or by the unauthorized acts of others.

It is important for you to protect against unauthorized access to your password and Account and to your computers, devices and applications. Be sure to sign off when finished using a shared computer. You are responsible for maintaining the confidentiality of your Account information and for restricting access to your device, and you agree to accept responsibility for all activities that occur under your Account.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your Account with us has been compromised), please contact us immediately at info@storx.com.

Email Security

As part of our Services, we may communicate with you via email. We and you may use unencrypted email to engage in communications. Since the email is transmitted over the Internet, a third party may be able to access the information and read it. Additionally, once the email is received by you, the security of that email depends on your email provider and your adherence to good privacy practices. Accordingly, someone may be able to access your email account and read it. You acknowledge and agree that there are risks associated with providing personal information electronically and that the privacy of such communications cannot be guaranteed. Understanding the risks, you hereby consent to the use of unencrypted email by stoRx to communicate with you.

“Phishing” is a common email scam where your email address is used to contact you and ask for personally identifiable or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Please note that stoRx will not send you emails asking for your credit card number, social security number or other personally identifiable information. If you are ever asked for this information, such request will not be from stoRx.

 

Do Not Track

Our Site does not support Do Not Track requests at this time. Do Not Track (DNT) is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page.  You may, however, set your Web browser to not accept new cookies or web beacons, be notified when you receive a new cookie, or disable cookies altogether. Please note that by disabling these features, the Site and Services will not function properly and not all features will be available. Please review the help or settings section of your browser for instructions on managing security preferences.

 

Revisions to this Privacy Notice

Our business will change, and our Privacy Notice will change too. You should check our Site frequently to see recent changes. The “last updated” date listed at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice on the Services. Your use of the Site, Platform or any other Service following these changes means that you accept the revised Privacy Notice. Please review our Privacy Notice when you use our Services in order to confirm that the Privacy Notice is acceptable to you. Unless stated otherwise, our current Privacy Notice applies to all personal information that we have about you and your account. 

 

The Terms of Service

This Privacy Notice is incorporated into and forms part of the Terms of Service, which outlines the terms and conditions you agree to when accessing and using the Site and/or other Services, and which can be found here. If you choose to use our Site or Platform or any of our other Services, your use and any dispute over privacy is subject to this Privacy Notice and our Terms of Service, including limitations on damages, resolution of disputes, and application of the law of the state of Florida. If you have any concern about privacy related to our Services, please contact us with a specific description, and we will try to resolve it.

 

Contact

If you have any questions, comments or requests regarding this Privacy Notice or our processing of your personal information, please contact us at info@storx.com.