PRIVACY POLICY

The CareMD Privacy Policy

Effective Date: 01/27/2021
Last Updated: 02/24/2026

1. Introduction

The CareMD, Inc. (“The CareMD,” “Company,” “we,” “our,” or “us”) is committed to protecting the privacy and security of personal information and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you access or use our website, mobile applications, telehealth platform, and related services (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to information collected:

• Through our website and applications
• During account registration
• During telehealth consultations
• Through customer support interactions
• Through marketing and communications

This policy does not replace any Notice of Privacy Practices issued by licensed healthcare providers delivering care through the platform.

3. Information We Collect

3.1 Personal Identifiers

• Full name
• Email address
• Phone number
• Mailing address
• Date of birth

3.2 Account Information

• Username and password
• Authentication credentials
• Security verification data

3.3 Health and Medical Information

• Medical history
• Symptoms and conditions
• Intake questionnaires
• Consultation notes and communications
• Treatment plans and recommendations

3.4 Payment and Financial Information

Payment card data is processed by secure third-party payment processors. We do not store full card numbers.

3.5 Device and Technical Information

• IP address
• Device identifiers
• Browser type
• Operating system
• Usage analytics and interaction data

3.6 Communications Information

• Messages sent through the platform
• Customer support communications
• SMS or email communications (where permitted)

4. Protected Health Information (HIPAA)

To the extent The CareMD acts as a Covered Entity or Business Associate under the Health Insurance Portability and Accountability Act (“HIPAA”), Protected Health Information (“PHI”) will be handled in accordance with applicable HIPAA requirements.

Healthcare providers delivering care through the platform may maintain separate Notices of Privacy Practices governing clinical records and treatment data.

5. How We Use Information

We may use information to:

• Provide telehealth consultations and services
• Facilitate provider-patient communications
• Process payments and billing
• Verify identity and prevent fraud
• Improve platform performance and user experience
• Conduct internal analytics and quality improvement
• Send service notifications and updates
• Send marketing communications where legally permitted
• Comply with legal and regulatory obligations

6. Legal Bases for Processing (Where Applicable)

Depending on jurisdiction, we process information based on:

• Performance of a contract (service delivery)
• Legal obligations (regulatory and medical record requirements)
• Legitimate business interests
• User consent (marketing, optional data sharing)

7. Information Sharing and Disclosure

We may disclose information to:

7.1 Healthcare Providers

For purposes of diagnosis, treatment, and care coordination.

7.2 Service Providers

Including:

• Cloud hosting vendors
• Payment processors
• Customer support tools
• Analytics providers

All vendors are required to maintain appropriate confidentiality and security safeguards.

7.3 Legal and Regulatory Authorities

When required by law, subpoena, court order, or to protect rights, safety, or property.

7.4 Business Transfers

In connection with mergers, acquisitions, financing, or sale of assets.

8. Cookies and Tracking Technologies

We use cookies and tracking technologies to:

• Maintain session authentication
• Analyze platform performance
• Improve user experience
• Support marketing and advertising (on public pages only)

Users may disable cookies via browser settings, though some features may not function properly.

9. Data Security

We implement administrative, technical, and physical safeguards, including:

• Encryption of data in transit and at rest
• Role-based access controls
• Multi-factor authentication (where applicable)
• Security monitoring and incident response procedures
• Vendor risk assessments

No security system is guaranteed to be completely secure.

10. Data Retention

We retain information:

• For as long as necessary to provide Services
• To comply with healthcare record retention laws
• To resolve disputes and enforce agreements
• As required by regulatory authorities

Healthcare providers may maintain medical records according to state and federal laws independent of account deletion.

11. Consumer Privacy Rights

Depending on state law, users may have rights to:

• Access personal data
• Request correction
• Request deletion (subject to legal limitations)
• Opt out of targeted advertising
• Request data portability
• Requests may be submitted via:

Email: Provider@thecaremd.com

12. Marketing Communications

Users may receive:

• Appointment reminders
• Service updates
• Promotional communications (where permitted)

Users may opt out of marketing messages via unsubscribe links or SMS STOP commands.

13. Children’s Privacy

Services are not directed to children under 13 without parental or guardian involvement and consent, where required by law.

14. Third-Party Websites

Our Services may link to third-party sites. We are not responsible for their privacy practices or content.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be posted with a revised effective date.

16. Contact Information

The CareMD, Inc.

10601 Clarence Dr Ste 310 Frisco, TX 75033

Provider@thecaremd.com

888-275-8955