How DripVitals collects, uses, protects, discloses, and retains your information — and the rights and choices you have. Last updated: July 7, 2026.
This Privacy Policy describes how DripVitals (“DripVitals,” “we,” “us,” or “our”) collects, uses, and discloses information about you when you visit dripvitals.com, create an account, or use our telehealth platform (collectively, the “Services”). It also explains the rights available to you under applicable privacy laws. By using the Services, you acknowledge the practices described in this policy. If you do not agree, do not use the Services.
Health records held by your providers and pharmacies. The independent Medical Groups, Providers, and Pharmacies that deliver your care may be “covered entities” under the Health Insurance Portability and Accountability Act (HIPAA). Health information they maintain about you is governed by HIPAA and their own Notices of Privacy Practices, which are provided to you in connection with your care. This Privacy Policy governs information handled by DripVitals as a platform. Where DripVitals handles protected health information on behalf of a covered entity, it does so as a business associate under written agreements required by HIPAA. Residents of Washington and Nevada: our separate Consumer Health Data Privacy Policy also applies to your consumer health data.
Identifiers and contact information: name, date of birth, email address, phone number, shipping and billing address, account credentials, and, where required for telehealth identity verification, a government-issued photo ID.
Health information: information you provide during intake, consultations, and follow-up, including medical history, medications, allergies, symptoms, height, weight, lab results you share, photographs where a service requires them, treatment preferences and goals, and communications with your care team through the platform.
Commercial and financial information: products or services considered or purchased, subscription plan, order history, and payment card details (collected and processed by our payment processors — we do not store full card numbers).
Internet and device activity: IP address, device identifiers, browser type, operating system, pages viewed, links clicked, referring URL, session information, and interactions with our emails, collected through cookies, pixels, and similar technologies.
Approximate geolocation: inferred from your IP address (for example, to confirm service availability in your state). We do not collect precise GPS location.
Audio, visual, and electronic information: photographs you upload, and video or audio from telehealth visits where your Provider conducts one.
Inferences: preferences and characteristics derived from the information above, used to operate and improve the Services.
Sources: we collect information directly from you; automatically from your device; and from service providers and partners including identity-verification services, payment and buy-now-pay-later processors, the Medical Groups and Pharmacies involved in your care, shipping carriers, and analytics providers.
We and our service providers use cookies, pixels, software development kits, and similar technologies to keep you signed in, remember preferences, measure site performance, analyze usage, and measure the effectiveness of our marketing. You can manage cookies through your browser settings, and where required by law we honor opt-out preference signals such as Global Privacy Control (GPC). Disabling cookies may affect site functionality. We do not use advertising pixels or third-party ad trackers on pages where you complete health intake or communicate with your care team, and we do not disclose the contents of your health intake or care communications to advertising platforms.
We disclose information in the following circumstances:
We do not sell your personal information for money, and we do not sell or share health information for advertising. If any disclosure for cross-context behavioral advertising were considered a “sale” or “sharing” under applicable state law, you have the right to opt out as described in Section 7, and we honor GPC signals for this purpose.
We retain personal information for as long as needed to provide the Services and for legitimate business purposes, and as required by law. Retention periods are determined by: the nature of the information (medical and pharmacy records are subject to statutory retention periods, commonly 5–10 years or longer depending on state law); our legal, tax, and accounting obligations; the need to resolve disputes and enforce agreements; and fraud- and abuse-prevention needs. When information is no longer required, we delete or de-identify it.
We maintain administrative, technical, and physical safeguards designed to protect your information, including encryption of data in transit, access controls, and vendor security requirements. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Protect your account by using a strong, unique password and notifying us immediately of any suspected unauthorized access at support@dripvitals.com.
Depending on your state of residence (including California, Colorado, Connecticut, Florida, Montana, Oregon, Texas, Utah, and Virginia, among others), you may have some or all of the following rights, subject to legal limits and exceptions (including medical-record retention laws):
Exercising rights. Submit requests to support@dripvitals.com with the subject “Privacy Request.” We will verify your identity (typically by matching information on file and confirming control of your account email) before acting, and respond within the time required by your state’s law (generally 45 days, extendable once). You may use an authorized agent where your state permits; we will require proof of the agent’s authority and may still verify your identity directly. If we decline a request, you may appeal by replying to our decision with the subject “Privacy Appeal”; we will respond to appeals within the period required by your state, and you may also contact your state Attorney General.
If you are a Washington resident (or your data is collected in Washington) or a Nevada resident, our Consumer Health Data Privacy Policy describes the categories of consumer health data we collect, the purposes, the categories of sources and recipients, and how to exercise your rights to access, withdraw consent, and delete consumer health data, including the appeal process.
The Services are intended for adults 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it as required by law.
Some browsers transmit “Do Not Track” signals, for which no industry standard has been adopted; we treat recognized opt-out preference signals (such as GPC) as opt-out requests where applicable law requires.
We may update this Privacy Policy from time to time. The “Last updated” date reflects the current version; material changes will be communicated through the Services or by email before they take effect, and where required by law we will obtain your consent.
Privacy questions and requests: support@dripvitals.com (subject line “Privacy Request”).
See also our Terms of Service, Consumer Health Data Privacy Policy, Refund Policy, and Important Safety Information.