Legal
Effective Date: January 24, 2026
Table of Contents
Welcome to VirtuallyWell. This Privacy Policy (the "Policy") is designed to provide you with a comprehensive understanding of how VirtuallyWell LLC ("VirtuallyWell," "we," "us," or "our") collects, uses, discloses, stores, and protects your personal information. We recognize that your privacy is of paramount importance, and we are committed to maintaining the highest standards of data protection and transparency in all of our operations.
This Policy applies to your use of our websites (including www.virtuallywell.com and any related subdomains), mobile applications (whether available on iOS, Android, or other platforms), and any other digital services, products, features, or platforms we own, operate, or make available that link to or reference this Policy (collectively, the "Services"). By creating an account with VirtuallyWell, accessing our Services, or otherwise providing us with your personal information, you acknowledge that you have read, understood, and agree to be bound by the practices and terms described in the most current version of this Privacy Policy. If you do not agree with any aspect of this Policy, you should not use our Services.
We reserve the right to update, modify, or replace this Policy at any time to reflect changes in our business practices, technological advancements, evolving legal and regulatory requirements, or other operational considerations. When we make changes, we will revise the "Last Updated" date at the top of this document. If we make material changes that significantly affect your rights or how we handle your personal information, we will provide you with prominent notice as required by applicable law. This notice may take the form of an email to the address associated with your account, a notification within our Services, or a conspicuous posting on our website. In certain circumstances, we may also seek your affirmative consent to the changes. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.
If you are using our Services on behalf of another individual (such as a family member or dependent), you represent and warrant that you are authorized by that individual to act on their behalf, to provide their personal information to us, and to consent to this Privacy Policy on their behalf. You further acknowledge that the individual on whose behalf you are acting has been made aware of and agrees to the practices outlined in this Policy.
This Privacy Policy is a critical component of the legal framework that governs your relationship with VirtuallyWell. It is important to understand the scope of this Policy and the nature of the information we handle, as different types of information may be subject to different legal protections and regulatory requirements.
Throughout this Policy, we use certain terms that have specific meanings:
"Protected Health Information" or "PHI" has the meaning set forth in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, "HIPAA"). PHI is individually identifiable health information that is created, received, maintained, or transmitted by a covered entity or business associate in connection with the provision of healthcare services. PHI is subject to heightened protections under HIPAA.
VirtuallyWell operates as a technology platform that connects you with independent, third-party healthcare providers and pharmacies. We are not a healthcare provider ourselves, and we do not practice medicine or provide medical advice, diagnoses, or treatment. The healthcare services you receive through our platform are provided by independent medical groups and their affiliated healthcare providers (collectively, "Medical Groups"), as well as by independent pharmacies ("Pharmacies").
HIPAA Covered Entities vs. Business Associates:
Under HIPAA, healthcare providers, health plans, and healthcare clearinghouses that transmit health information electronically are classified as "covered entities." VirtuallyWell is not a covered entity. However, because we provide services to Medical Groups and Pharmacies that involve the creation, receipt, maintenance, or transmission of PHI on their behalf, we function as a "business associate" under HIPAA.
As a business associate, VirtuallyWell enters into Business Associate Agreements ("BAAs") with the Medical Groups and Pharmacies with whom we work. These BAAs impose strict contractual obligations on us to safeguard your PHI, to use and disclose it only as permitted by HIPAA and the BAA, and to implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of your PHI.
Notice of Privacy Practices:
Each Medical Group with which you interact is required by HIPAA to provide you with a Notice of Privacy Practices ("NPP"). The NPP describes how that Medical Group may use and disclose your PHI, your rights with respect to your PHI, and the Medical Group's legal duties regarding your PHI. You will be provided with a copy of the applicable NPP before you receive clinical services. By using our Services to access care from a Medical Group, you acknowledge that you have received and reviewed the NPP of that Medical Group.
Distinction Between Platform Information and PHI:
It is important to understand that not all information you provide to VirtuallyWell constitutes PHI. For example, the information you provide when you first create an account on our platform—such as your name, email address, date of birth, shipping address, and payment information—is collected by VirtuallyWell in our capacity as the operator of the platform, not in our capacity as a business associate providing services to a Medical Group. This information is Platform Information and is governed by this Privacy Policy and applicable state and federal consumer privacy laws (such as the California Consumer Privacy Act).
Once you begin the process of seeking medical care through our platform—for example, by completing a medical intake questionnaire or uploading a photo for a provider to review—the health information you provide may become PHI. At that point, it is subject to the protections of HIPAA and the NPP of the relevant Medical Group, in addition to this Privacy Policy.
Our Services are intended solely for use by individuals who are at least eighteen (18) years of age or the age of majority in their jurisdiction of residence, whichever is older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18.
VirtuallyWell does not offer services to, and does not knowingly collect personal information from, children or minors. Our platform is designed for adult users, and the healthcare services facilitated through our platform are intended for individuals who have reached the age of majority. If you are under 18 years of age, you are not permitted to create an account, access our Services, or provide us with any personal information.
We do not believe that our Services fall within the scope of the Children's Online Privacy Protection Act ("COPPA"), as they are not directed to children under the age of 13. However, if we become aware that we have inadvertently collected personal information from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems and to prevent that child from accessing our Services in the future.
If you are a parent or legal guardian and you believe that your child under the age of 18 has provided personal information to VirtuallyWell without your consent, please contact us immediately at support@virtuallywell.com. We will work with you to verify the situation and, if necessary, to delete the information from our records.
This section provides additional detail about how we handle Protected Health Information (PHI) in our role as a HIPAA business associate.
PHI includes any individually identifiable health information that is created, received, maintained, or transmitted in connection with the provision of healthcare services. This may include, but is not limited to:
Your medical history, including past diagnoses, treatments, surgeries, and hospitalizations.
Information about your current symptoms, complaints, or reasons for seeking care.
Clinical notes, assessments, and diagnoses made by healthcare providers.
Prescriptions and medication information.
Laboratory test results and other diagnostic information.
Photographs or images submitted for clinical evaluation.
Billing and insurance information related to your healthcare services.
As a business associate, VirtuallyWell may use and disclose your PHI only as permitted or required by our Business Associate Agreements with Medical Groups and Pharmacies, and as permitted or required by HIPAA. These permitted uses and disclosures generally include:
We will not use or disclose your PHI for purposes other than those described above without your written authorization, unless permitted or required by law.
HIPAA grants you certain rights with respect to your PHI. These rights are described in the Notice of Privacy Practices provided to you by the Medical Group. They generally include:
To exercise any of these rights, please contact the Medical Group that provided your care, or contact us at support@virtuallywell.com and we will direct your request to the appropriate party.
In the event of a breach of unsecured PHI, we will comply with all applicable HIPAA breach notification requirements. This includes notifying the affected Medical Group or Pharmacy without unreasonable delay and no later than 60 days after discovery of the breach. The Medical Group or Pharmacy is then responsible for notifying affected individuals and, if required, the Secretary of the U.S. Department of Health and Human Services and the media.
We collect personal information from a variety of sources and through various means. The specific types of information we collect depend on how you interact with our Services, the features you use, and the choices you make. This section provides a detailed overview of the categories of information we collect and the methods by which we collect it.
The majority of the personal information we collect is information that you voluntarily provide to us when you use our Services. This includes information you provide when you:
Create an account or register for our Services.
Complete a medical intake questionnaire or health assessment.
Upload documents, photographs, or other files.
Make a purchase or place an order.
Communicate with us via email, chat, phone, or other channels.
Participate in surveys, contests, promotions, or research studies.
Submit feedback, reviews, or testimonials.
Apply for a job or submit an employment application.
The specific types of information you may provide include:
When you access or use our Services, we automatically collect certain information about your device, your connection, and your interactions with our platform. This information is collected through the use of cookies, web beacons, log files, and other tracking technologies. For more information about these technologies, see Section 8.
The categories of information we collect automatically include:
We may analyze, aggregate, or otherwise process the information we collect to create new information, to draw inferences about you, or to derive insights. This may include:
Inferences About Your Interests and Preferences: Based on your browsing behavior, the content you view, the products you purchase, and other interactions with our Services, we may infer your interests in certain health topics, your preferences for certain types of products or services, and your likelihood of responding to certain marketing messages.
In addition to the information you provide directly and the information we collect automatically, we may obtain information about you from third-party sources. We may combine this third-party information with the information we collect directly to enhance our Services, to verify your identity, to prevent fraud, and to personalize your experience.
Third-party sources from which we may obtain information include:
We use the personal information we collect for a variety of purposes that are necessary to operate our business, to provide and improve our Services, to communicate with you, to personalize your experience, to conduct research and analytics, to market our Services, and to comply with our legal obligations. This section describes in detail the purposes for which we use your personal information and the legal bases for such use.
The following table provides a comprehensive overview of how we use your personal information:
In jurisdictions that require us to identify a legal basis for processing personal information (such as the European Economic Area, although our Services are currently U.S.-only), we rely on the following legal bases:
We may disclose your personal information to third parties in certain circumstances and for certain purposes. We do not "sell" your personal information in the traditional sense of exchanging it for monetary compensation. However, as described in Section 8, certain of our data sharing practices may constitute a "sale" or "sharing" under the definitions used in some state privacy laws. This section provides a comprehensive overview of the categories of third parties to whom we may disclose your personal information and the purposes for such disclosure.
When you use our Services to seek healthcare services, we disclose your personal information (including your health information) to the Medical Groups and Pharmacies you select or with whom you interact. This disclosure is necessary to enable these providers to evaluate your condition, to provide you with medical advice and treatment, to prescribe medications, and to fulfill your orders. The Medical Groups and Pharmacies are independent entities and are responsible for their own privacy practices. Your health information disclosed to Medical Groups is subject to HIPAA and the applicable Notice of Privacy Practices.
We engage third-party service providers and vendors to perform functions on our behalf and to assist us in operating our business. These service providers may have access to your personal information to the extent necessary to perform their functions, but they are contractually prohibited from using your personal information for any other purpose. The categories of service providers to whom we may disclose your personal information include:
In the event that VirtuallyWell is involved in a merger, acquisition, asset sale, financing, bankruptcy, or other business transaction, we may disclose your personal information to the other parties involved in the transaction (such as potential buyers, investors, or creditors) and to their advisors. If such a transaction is completed, your personal information may be transferred to the acquiring entity, and it will continue to be subject to the terms of this Privacy Policy or a successor privacy policy.
We may disclose your personal information to third parties when we believe in good faith that such disclosure is necessary or appropriate to:
Comply with applicable laws, regulations, legal processes, or enforceable governmental requests (such as responding to a subpoena, court order, or search warrant).
Enforce our Terms of Service, this Privacy Policy, or other agreements.
Detect, prevent, or otherwise address fraud, security, or technical issues.
Protect the rights, property, or safety of VirtuallyWell, our users, or the public, as required or permitted by law.
Respond to claims that any content violates the rights of third parties.
We may disclose your personal information to third parties when you have provided your explicit consent to such disclosure. For example, if you choose to connect your VirtuallyWell account with a third-party application or service, we may disclose your information to that third party in accordance with your instructions.
We may disclose aggregated or de-identified information that does not identify you individually to third parties for research, analytics, marketing, and other purposes without restriction.
Like most online services, we use cookies, web beacons, pixels, software development kits (SDKs), and other tracking technologies (collectively, "Tracking Technologies") to operate our Services, to understand how users interact with our platform, and to deliver targeted advertising. This section provides detailed information about the Tracking Technologies we use, the purposes for which we use them, and the choices you have to control them.
Cookies are small text files that are placed on your device (computer, smartphone, or tablet) by a website or application. Cookies allow the website to recognize your device and to store information about your preferences, your session, and your activity. There are different types of cookies:
Web Beacons (also called pixels or clear GIFs) are tiny, invisible images embedded in a website or email. When you load a page or open an email that contains a web beacon, your browser automatically sends a request to the server that hosts the image. This allows the server to log information about your device and your activity, such as your IP address, the time you viewed the page, and whether you clicked on any links.
Software Development Kits (SDKs) are pieces of code that we integrate into our mobile applications. SDKs allow us and our third-party partners to collect information about how you use the app, to deliver targeted advertising, and to provide other functionality.
We use Tracking Technologies for the following purposes:
We work with a number of third-party partners who use Tracking Technologies on our Services. These partners include:
We engage in the following online advertising practices:
Retargeting (Remarketing): If you visit our website or use our mobile app but do not complete a desired action (such as creating an account or making a purchase), we may use cookies and pixels to show you advertisements for our Services on other websites and applications you visit. This is known as retargeting or remarketing. The goal is to remind you of our Services and to encourage you to return and complete your transaction.
Lookalike Audiences: We may provide a hashed or encrypted version of your email address or other identifiers to advertising platforms (such as Facebook, Google, or YouTube). These platforms use this information to identify other users who share similar characteristics, interests, or behaviors to our existing customers. We can then serve advertisements to these "lookalike" audiences to reach potential new customers who are likely to be interested in our Services.
Cross-Context Behavioral Advertising (Interest-Based Advertising): We and our advertising partners may collect information about your online activities over time and across different websites, applications, and devices. This information is used to infer your interests and to deliver advertisements that are tailored to you. For example, if you visit several websites about fitness, you may see advertisements for health and wellness products. This practice is also known as interest-based advertising or online behavioral advertising.
Under certain state privacy laws (such as the California Consumer Privacy Act), these advertising practices may be considered a "sale" or "sharing" of personal information, even though we do not receive direct monetary compensation in exchange for your data. This is because we are allowing third-party advertising partners to collect information about you for their own commercial purposes.
You have several options to control the use of Tracking Technologies and to opt-out of targeted advertising:
Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically choose to block all cookies, to accept only first-party cookies, or to receive a notification before a cookie is set. Please note that if you block all cookies, some features of our Services may not function properly. To learn more about how to manage cookies in your browser, please consult your browser's help documentation.
Opt-Out of "Sale" or "Sharing" Under State Privacy Laws: If you are a resident of California or another state with a comprehensive privacy law, you have the right to opt-out of the "sale" or "sharing" of your personal information. You can exercise this right by clicking on the "Do Not Sell or Share My Personal Information" link on our website homepage or by contacting us at support@virtuallywell.com.
Do Not Track Signals: Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. However, there is no industry consensus on how to respond to DNT signals, and we do not currently respond to them. If a standard for responding to DNT signals is established in the future, we will reassess our policy.
VirtuallyWell may use artificial intelligence (AI), machine learning algorithms, and other automated systems to help us provide, improve, and personalize our Services. We are committed to using AI in a responsible, transparent, and ethical manner. This section describes how we use AI and the safeguards we have in place.
We use AI and automated systems for the following purposes:
Medical Intake Analysis: When you complete a medical intake questionnaire, we may use AI to analyze your responses. This analysis helps us to:
Route your case to the most appropriate Medical Group and healthcare provider based on your symptoms, medical history, and the type of care you are seeking.
Flag information that may require additional review or follow-up by a healthcare provider (such as potential drug interactions, contraindications, or high-risk conditions).
Identify patterns or trends in patient data that may inform clinical decision-making or quality improvement initiatives.
It is important to note that AI is used only to assist and support healthcare providers, not to replace them. All clinical decisions, including diagnoses, treatment recommendations, and prescribing decisions, are made by licensed healthcare professionals.
Chat and Customer Support: We may use AI-powered chatbots and virtual assistants to provide you with instant customer support and to answer common questions about our Services. These chatbots can help you with tasks such as:
Navigating our website or mobile app.
Tracking your order.
Updating your account information.
Scheduling appointments or consultations.
Providing general information about our Services.
If the chatbot is unable to answer your question or if you request to speak with a human, your inquiry will be escalated to a member of our customer support team. All chatbot interactions may be monitored and recorded for quality assurance, training, and improvement purposes.
Marketing Personalization: We may use AI to analyze your interactions with our Services, your browsing behavior, your purchase history, and other data to personalize the marketing communications and offers you receive. This allows us to:
Send you emails and notifications about products, services, or content that are likely to be relevant to your interests.
Display personalized recommendations on our website and mobile app.
Tailor the advertisements you see on our platform and on third-party websites.
Optimize the timing and frequency of our marketing messages.
You can opt-out of personalized marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by adjusting your communication preferences in your account settings.
All AI systems used by VirtuallyWell are subject to human oversight. We have implemented the following safeguards to ensure that AI is used responsibly:
In certain jurisdictions, you may have the right to object to decisions that are made solely on the basis of automated processing (including profiling) and that produce legal effects or similarly significantly affect you. If you believe that an automated decision has been made about you and you wish to challenge it, please contact us at support@virtuallywell.com.
We respect your privacy rights and are committed to providing you with meaningful choices and control over your personal information. Depending on where you live, you may have certain legal rights with respect to your personal information. This section describes those rights and how you can exercise them.
The following table summarizes the privacy rights that may be available to you, depending on your state of residence:
You may exercise your privacy rights by submitting a request through one of the following methods:
To protect your privacy and security, we must verify your identity before we can process your request. The verification process will vary depending on the nature of your request and the information we have on file for you. We may ask you to:
Provide information that matches what we have in our records (such as your name, email address, date of birth, or account number).
Respond to a verification email sent to the email address associated with your account.
Provide a copy of a government-issued ID (for requests involving sensitive information or account deletion).
Complete a multi-factor authentication process.
If you are making a request on behalf of another individual (such as your child or a family member), we will require you to provide proof of your authority to act on their behalf, such as a power of attorney or written authorization.
We will respond to your request within the timeframes required by applicable law. In most cases, this means:
If we deny your request, we will explain the reason for the denial and, where applicable, inform you of your right to appeal.
In some states, you may designate an authorized agent to submit a privacy request on your behalf. If you wish to use an authorized agent, you must provide the agent with written permission to act on your behalf, and the agent must be able to verify their identity and their authority to act on your behalf. We may also require you to verify your own identity directly with us.
You can opt-out of receiving promotional emails from us at any time by clicking the "unsubscribe" link at the bottom of any marketing email. You can also manage your communication preferences by logging into your account and updating your settings. Please note that even if you opt-out of marketing communications, we will still send you transactional and administrative messages related to your account and your use of our Services.
We take the security of your personal information very seriously. We have implemented a comprehensive information security program that includes administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction.
Encryption: We use industry-standard encryption to protect your personal information both in transit (when it is being transmitted over the internet) and at rest (when it is stored on our servers). This includes the use of TLS (Transport Layer Security) for data in transit and AES (Advanced Encryption Standard) for data at rest.
We require our service providers and vendors to implement appropriate security measures to protect your personal information. We conduct due diligence on our service providers before engaging them and include contractual provisions that obligate them to protect your information.
While we strive to protect your personal information, no security system is completely foolproof. We cannot guarantee the absolute security of your information, and we cannot be held responsible for unauthorized access, hacking, data loss, or other breaches that occur despite our reasonable security measures. You also have a responsibility to protect your information by using a strong, unique password, by not sharing your login credentials, and by being cautious about phishing attempts and other social engineering attacks.
If you believe that your account has been compromised or that you have identified a security vulnerability in our Services, please contact us immediately at support@virtuallywell.com or at our dedicated security email address: security@virtuallywell.com.
We retain your personal information for as long as is necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with our legal and regulatory obligations, to resolve disputes, to enforce our agreements, and for other legitimate business purposes.
The length of time we retain your personal information depends on the type of information and the purposes for which we use it. The following table provides general guidelines for our retention practices:
If you exercise your Right to Delete (as described in Section 10), we will delete your personal information from our active systems, subject to certain exceptions. We may retain certain information if necessary to:
Complete a transaction or provide a service you have requested.
Detect and prevent fraud or other illegal activity.
Comply with a legal obligation, such as a court order or regulatory requirement.
Exercise or defend legal claims.
Maintain the security and integrity of our Services.
Even after deletion, your personal information may remain in our backup systems for a limited period of time before it is permanently erased.
We may retain and use aggregated or de-identified information indefinitely for research, analytics, and other business purposes. Once information has been de-identified or aggregated in a manner that prevents it from being linked back to you, it is no longer considered personal information and is not subject to this Privacy Policy.
VirtuallyWell is headquartered in the United States, and our Services are designed for and directed to individuals located in the United States. We currently do not offer our Services to individuals located outside of the United States.
Our platform, our Medical Groups, and our Pharmacies are all located in the United States and are licensed to provide services only within the United States. If you are accessing our Services from outside the United States, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction.
All personal information we collect is stored and processed on servers located in the United States. By using our Services, you consent to the transfer of your personal information to the United States, where data protection laws may differ from those in your country of residence.
If we expand our Services to other countries in the future, we will update this Privacy Policy to reflect any additional data protection requirements and to provide information about international data transfers.
This section provides additional information and disclosures for residents of specific U.S. states that have enacted comprehensive privacy laws. If you are a resident of one of these states, the information in this section supplements the rest of this Privacy Policy.
This section applies to California residents and is provided in compliance with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and other California privacy laws.
The following table summarizes the categories of personal information we have collected about California residents in the preceding 12 months, the sources from which we collected it, the business or commercial purposes for which we used it, and the categories of third parties to whom we disclosed it for a business purpose.
We do not "sell" personal information in the traditional sense of exchanging it for money. However, under the CCPA/CPRA, the term "sale" is defined broadly and may include the disclosure of personal information to third parties for valuable consideration, even if no money changes hands. Similarly, "sharing" refers to the disclosure of personal information to third parties for cross-context behavioral advertising.
In the preceding 12 months, we have "sold" or "shared" the following categories of personal information for purposes of targeted advertising:
These categories of information have been disclosed to Advertising Partners (such as social media platforms and advertising networks) to enable targeted advertising and to measure ad performance.
We do not sell or share the personal information of consumers we know to be under 16 years of age.
We use and disclose Sensitive Personal Information only for the following purposes, which are permitted under the CPRA:
To perform the services or provide the goods you requested (e.g., to facilitate healthcare services).
To ensure security and integrity of our Services and to prevent fraud.
To verify or maintain the quality or safety of our Services.
For short-term, transient use (e.g., displaying information to you during your session).
To perform services on behalf of VirtuallyWell (e.g., by service providers).
To comply with legal obligations.
We do not use or disclose Sensitive Personal Information for purposes of inferring characteristics about you or for targeted advertising.
As a California resident, you have the following rights under the CCPA/CPRA:
Right to Know: You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we have shared your information.
Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of your sensitive personal information to certain permitted purposes. However, because we only use sensitive personal information for permitted purposes (as described above), this right may not apply in most cases.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
To exercise your rights, please see Section 10.2.
California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request certain information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
We may offer financial incentives, such as discounts, coupons, or special offers, in exchange for your email address or other personal information. The value of your personal information to us is reasonably related to the value of the incentive offered. You can opt-in to these programs by following the instructions provided at the time of the offer, and you can opt-out at any time by contacting us at support@virtuallywell.com.
This section applies to residents of Virginia and is provided in compliance with the Virginia Consumer Data Protection Act (VCDPA).
As a Virginia resident, you have the following rights:
To exercise your rights, please see Section 10.2. If we deny your request, you have the right to appeal by contacting us at support@virtuallywell.com with the subject line "Virginia Privacy Appeal."
This section applies to residents of Colorado and is provided in compliance with the Colorado Privacy Act (CPA).
As a Colorado resident, you have the following rights:
To exercise your rights, please see Section 10.2. If we deny your request, you have the right to appeal by contacting us at support@virtuallywell.com with the subject line "Colorado Privacy Appeal."
This section applies to residents of Connecticut and is provided in compliance with the Connecticut Data Privacy Act (CTDPA).
As a Connecticut resident, you have the following rights:
To exercise your rights, please see Section 10.2. If we deny your request, you have the right to appeal by contacting us at support@virtuallywell.com with the subject line "Connecticut Privacy Appeal."
This section applies to residents of Utah and is provided in compliance with the Utah Consumer Privacy Act (UCPA).
As a Utah resident, you have the following rights:
To exercise your rights, please see Section 10.2.
Nevada law (SB 220) gives Nevada residents the right to opt-out of the "sale" of their personal information. A "sale" under Nevada law is the exchange of personal information for monetary consideration. We do not currently sell personal information as defined by Nevada law. However, if you are a Nevada resident and wish to submit a request to opt-out of any future sales, you may do so by contacting us at support@virtuallywell.com with the subject line "Nevada Opt-Out Request."
This section applies to residents of Texas and is provided in compliance with applicable Texas privacy laws.
Texas law provides certain protections for health information. In addition to the protections described elsewhere in this Privacy Policy, Texas residents have the right to request access to their health information and to request corrections to inaccurate health information. To exercise these rights, please contact us at support@virtuallywell.com.
If you are a resident of a state that has enacted a comprehensive privacy law not specifically addressed above, you may have rights similar to those described in this section. Please contact us at support@virtuallywell.com to inquire about your rights.
Our Services may contain links to third-party websites, applications, or services that are not owned, operated, or controlled by VirtuallyWell. This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices, content, or security of any third-party service.
When you click on a link to a third-party website or service, you will be leaving our Services and will be subject to the privacy policy and terms of service of that third party. We encourage you to read the privacy policies of any third-party service you visit.
Our Services may include social media features, such as the ability to share content on Facebook, Twitter, YouTube, or other platforms. These features may collect information about your IP address and the pages you visit on our Services, and they may set cookies to enable the feature to function properly. Social media features are hosted either by a third party or directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing them.
As described in Section 2, the healthcare services you receive through our platform are provided by independent Medical Groups and Pharmacies. These entities have their own privacy practices and are responsible for protecting your health information in accordance with HIPAA and their own Notice of Privacy Practices. We encourage you to review the privacy policies and NPPs of any Medical Group or Pharmacy with which you interact.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this document.
If we make material changes to this Privacy Policy that significantly affect your rights or how we handle your personal information, we will provide you with prominent notice before the changes take effect. This notice may be provided through one or more of the following methods:
Sending an email to the email address associated with your account.
Displaying a prominent notice on our website or within our mobile application.
Requiring you to acknowledge the updated Privacy Policy the next time you log in to your account.
In some cases, we may also seek your affirmative consent to the changes.
Your continued use of our Services after the effective date of any changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree to the updated Privacy Policy, you should stop using our Services and contact us to close your account.
We will make prior versions of this Privacy Policy available upon request. If you would like to review a prior version, please contact us at support@virtuallywell.com.
If you have any questions, comments, concerns, or complaints about this Privacy Policy or our privacy practices, or if you would like to exercise your privacy rights, please contact us using the information below. We are committed to responding to your inquiries in a timely manner.
Email: support@virtuallywell.com
Mailing Address: VirtuallyWell LLC Attn: Privacy Officer 1633 W Innovation Way, 5th Floor Lehi, UT 84043 United States
Privacy Request Web Form: [www.virtuallywell.com/privacy-request] (link to be activated)
For Security Issues: security@virtuallywell.com
This Privacy Policy is effective as of January 24, 2026. By using VirtuallyWell's Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.