Skip to main content
AFFINITYDIRECT

Privacy Policy

Last updated: April 22, 2026

1. Introduction

Affinity Direct, a division of Affinity Whole Health LLC ("Affinity Direct," "we," "us," or "our"), is committed to protecting the privacy of our patients and website visitors. This Privacy Policy describes how we collect, use, disclose, and protect your information when you visit our website or use our telehealth services.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Personal Information

When you use our services, we may collect:

  • Name, date of birth, and contact information (email, phone, address)
  • Payment information (processed securely via third-party payment processors; we do not store card numbers)
  • State of residence and shipping address
  • Patient portal sign-in and verification information, such as login credentials, one-time codes, or similar access data

Protected Health Information (PHI)

As a healthcare provider, we collect health information necessary to provide medical services, including:

  • Medical history, current medications, and allergies
  • Symptoms, health questionnaire responses, and treatment goals
  • Prescription and treatment records
  • Communications with your assigned provider

All PHI is handled in accordance with the Health Insurance Portability and Accountability Act (HIPAA). Please see our HIPAA Notice of Privacy Practices for details.

Usage Data

We automatically collect certain information when you visit our website, including IP address, browser type, pages visited, and referring URLs. This data is used for analytics and improving our services.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain our telehealth services
  • Process your intake form and facilitate provider review
  • Fulfill and ship your prescriptions
  • Communicate with you about your orders and care
  • Send transactional and administrative messages (appointment updates, prescription status)
  • Send marketing communications, if you have opted in
  • Comply with applicable laws, regulations, and professional standards
  • Detect and prevent fraud and abuse

4. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Healthcare providers — Licensed clinicians within the Affinity network who review your case and issue prescriptions
  • Pharmacy partners — Pharmacies that fulfill and dispense your prescription medication
  • Service providers — Technology, payment processing, identity verification, shipping, communications, and analytics vendors who process data on our behalf under contractual confidentiality and security obligations
  • Legal authorities — When required by law, court order, or to protect the rights and safety of our patients or the public

When Protected Health Information is shared with vendors that perform services for us, we require those vendors to safeguard the information and use it only for authorized purposes.

5. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect your information, taking into account the nature of the information and the services we provide. These safeguards may include:

  • Encryption for data transmitted to and from our platform
  • Administrative and technical access controls intended to limit PHI access to authorized workforce members and service providers with a legitimate need to know
  • Vendor management and contractual protections for service providers that handle sensitive information on our behalf
  • Policies and procedures designed to support confidentiality, integrity, and availability of sensitive data

No method of transmission over the internet or method of electronic storage is 100% secure. While we take reasonable precautions designed to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking

We use essential session cookies required to operate our platform (e.g., maintaining your intake session state). We do not use third-party behavioral advertising cookies or cross-site tracking. You can configure your browser to refuse cookies; however, some features may not function properly without them.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information (subject to legal and medical record retention requirements)
  • Opt out of marketing communications at any time by clicking "unsubscribe" in any email
  • Request a copy of your medical records (see our HIPAA Notice for the process)

To exercise these rights, contact us at virtual@affinitywholehealth.com.

7a. California Residents (CCPA/CPRA)

California residents have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California residents may request to: (1) know what personal information we collect and how it is used; (2) delete personal information (subject to HIPAA retention requirements); (3) correct inaccurate personal information; (4) opt out of sale or sharing (we do neither). Submit requests to virtual@affinitywholehealth.com. We will respond within 45 days. Note: Protected Health Information governed by HIPAA is exempt from CCPA.

7b. Data Retention

We retain medical records and Protected Health Information for a minimum of 7 years from the date of service, or longer as required by the laws of your state of residence. Non-health personal data is retained only as long as necessary for the purposes described in this policy or as required by applicable law. You may request deletion of non-PHI data; however, we are required by law to retain medical records regardless of such requests.

8. Children's Privacy

Our services are intended for adults 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we become aware that a minor has provided us with personal information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated "Last updated" date and, when required by law, provide additional notice of material changes. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Affinity Direct — Privacy Officer
Email: virtual@affinitywholehealth.com
Affinity Whole Health LLC
Columbus, Ohio