Last updated: August 9, 2025
Healthi Rx Pharmacy operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Healthi Rx Pharmacy is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.
If we collect protected health information (PHI) in connection with our pharmacy services, we use and disclose that information as described in our HIPAA Notice of Privacy Practices (the “HIPAA Notice”), available at https://healthi.com/pages/hipaa. The HIPAA Notice explains, among other things, how we use PHI for treatment, payment, and healthcare operations; other permitted uses (e.g., public health and safety); your HIPAA rights (e.g., access, correction, restrictions, confidential communications, and accounting of disclosures); and how to contact our Privacy Officer. We do not sell PHI. This Privacy Policy governs personal information outside of HIPAA; it does not limit your rights under HIPAA.
When we use the term “personal information”, we mean information that identifies or can reasonably be linked to you or another person. Personal information does not include de-identified or aggregated information.
Depending on how you use the Services, where you live, and applicable law, we may collect or process the following categories (including inferences drawn from them):
Identifiers & contact details: name, email, phone, billing and shipping addresses; account ID.
Government ID/age verification (as permitted by law): used only when necessary (e.g., age-restricted items, identity verification).
Account credentials: username, password, security questions, preferences.
Commercial/transaction information: items viewed or added to cart, wishlists, purchases, returns, exchanges, order history.
Payment information: card type/last 4, tokenized payment identifiers, transaction details, billing info (we do not store full card numbers; our processor does).
Device/usage information: IP address, device and browser type, operating system, language, referring/exit pages, timestamps, pages/views, links clicked, general location derived from IP, session data, and identifiers (cookies, pixels, SDKs).
Communications & support: messages you send us (email, web forms, SMS), call or chat recordings where permitted with notice, and survey responses.
User-generated content: product reviews, ratings, Q&A.
Marketing/ads information: cookie IDs, engagement with our emails/ads, campaign parameters.
Logistics & delivery information: carrier/courier status and delivery confirmations, safe-drop instructions.
Social or single-sign-on data (if you use those options): profile info authorized by you.
Inferences: preferences, affinity categories, likelihood to reorder, derived from the above.
PHI note: When similar data relates to your prescriptions or clinical services, it may be PHI governed by our HIPAA Notice rather than this Privacy Policy.
We collect personal information from:
Directly from you: account creation, checkout, in-store pickup, returns/exchanges, support requests, reviews, SMS/email opt-ins.
Automatically through the Services: via cookies, pixels, SDKs, web beacons, and similar technologies.
Service providers: payment processing, hosting/cloud, customer support/CRM, analytics, fulfillment, shipping/courier, communications.
Partners/other third parties: advertising/marketing partners, social sign-in providers (if used).
Affiliates: within our corporate family for the purposes described here.
For PHI: your prescriber, health plans, and other covered entities per the HIPAA Notice.
We use personal information (separate from PHI) for:
Provide, tailor, and improve the Services: process payments; fulfill orders; manage accounts; provide in-store pickup/local courier; facilitate returns/exchanges; remember preferences; recommend products; maintain and improve site functionality and performance.
Communications: transactional notices (order, shipping/courier updates, delivery confirmations, account/security alerts); customer support.
Marketing & advertising: send promotional emails/SMS (with your consent where required); personalize and measure ads on our Services and on other sites/apps; manage preference and suppression lists.
Security, fraud prevention & integrity: authenticate users; detect, prevent, and respond to fraud, abuse, spam, security incidents, and malicious activity; debug and repair errors.
Analytics & reporting: usage analytics, site performance, A/B testing, and business operations.
Legal & compliance: comply with law and legal process; enforce terms and policies; protect our rights, users, and the public.
De-identified/aggregated use: to analyze and improve the Services; we maintain and use such data without attempting to re-identify it.
PHI is used and disclosed as described in our HIPAA Notice (e.g., treatment, payment, health care operations, medication counseling, renewals, public health/safety). We do not use PHI for third-party targeted advertising.
We may disclose personal information (not PHI) for the purposes above:
Shopify: platform hosting, payments, checkout, security, analytics, and platform features that may combine data across merchants to improve the Shopify platform.
Service providers/contractors: IT and cloud hosting, payment processing, fraud prevention, order fulfillment and shipping/courier, communications (email/SMS), analytics, customer support, and marketing services—under contracts restricting use to our instructions.
Business and marketing partners: to deliver, personalize, and measure ads per their privacy notices (see Your Rights & Choices).
With your direction/consent: social sign-ins, sharing to social networks, shipments to third-party recipients.
Affiliates: within our corporate group for consistent service and operations.
Legal, safety, and business transactions: compliance with law/enforcement; protection of rights/safety; and in mergers, acquisitions, financing, or bankruptcy.
PHI disclosures are governed by our HIPAA Notice (e.g., prescribers, health plans, business associates). We do not sell PHI.
The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to operate, protect, and improve the platform. Shopify may also use certain data across merchants to provide enhanced features and personalization. Shopify is responsible for its processing and for responding to requests about those platform-level uses. For details and choices, see the Shopify Consumer Privacy Policy and the Shopify Privacy Portal.
We and our partners use cookies, pixels, and similar technologies to:
operate the site and enable core functions (authentication, cart, checkout),
remember preferences and improve performance,
measure usage and analytics, and
personalize content/ads and measure campaigns.
You can control cookies via your browser settings (which may block or delete cookies) and, where available, via cookie controls on our site. Some features may not work if certain cookies are disabled. Email pixels help us measure engagement; you can disable images in your email client to limit pixel collection.
The Services may link to third-party websites or online services. Their privacy policies govern your use of those sites; we are not responsible for their content, security, or privacy practices. Content you share on public or third-party platforms may be viewable by others.
The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (and we do not knowingly “sell” or “share” personal information of individuals under 16). If you believe a child has provided personal information, contact us and we will delete it as required by law.
We use administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is 100% secure.
We retain personal information only as long as necessary for the purposes described in this Policy (e.g., to provide the Services, maintain your account, comply with legal obligations, resolve disputes, enforce agreements), or as otherwise permitted by law. PHI retention follows applicable federal and state pharmacy/healthcare record-keeping laws and our HIPAA Notice.
Depending on where you live, you may have some or all of the following rights. These rights may apply only in certain circumstances and are subject to legal exceptions:
Right to Access/Know: request access to the personal information we hold about you.
Right to Delete: request deletion of personal information we maintain about you.
Right to Correct: request correction of inaccurate personal information.
Right to Portability: request a copy of your personal information and, where feasible, transfer it to another entity.
Right to Opt Out of “Sale”/“Sharing”/Targeted Advertising: opt out of disclosures for targeted advertising as defined by applicable law.
Right to Restrict/Withdraw Consent (where processing is based on consent).
Right to Appeal: appeal our decision on your request (where applicable).
Non-discrimination: we will not discriminate against you for exercising your rights.
How to exercise your rights
Contact us using the information in Contact below; we may need to verify your identity.
For Shopify-controlled uses related to the platform (e.g., cross-merchant personalization), use the Shopify Privacy Portal.
Global Privacy Control (GPC): if you visit our site with the GPC signal enabled, where required, we treat it as an opt-out for that browser/device (and associated account where we can reasonably link it). Other browser “Do Not Track” signals are not recognized at this time.
Authorized agents (U.S.): You may designate an authorized agent to submit requests on your behalf; we will require proof of authorization and may ask you to verify your identity directly.
Marketing communications: You may opt out of marketing emails via the unsubscribe link and opt out of marketing texts by replying STOP. We may still send transactional messages (e.g., order, delivery, and account/security notices).
HIPAA rights: To exercise rights regarding PHI, please follow the instructions in our HIPAA Notice.
Where the GDPR/UK GDPR applies, our legal bases include: contract (to provide the Services you request); legitimate interests (e.g., site security, fraud prevention, improvements, and certain marketing); consent (where required, e.g., email/SMS marketing, some cookies); and legal obligations (tax, accounting, compliance).
We do not engage in solely automated decision-making that produces legal or similarly significant effects about you. We may use automated tools for fraud prevention, security, personalization, and logistics; human review is involved where legally required.
If you reside in certain U.S. states (e.g., CA, VA, CO, CT, UT), you may have additional rights concerning personal information, including the rights listed above. Notice at Collection (California): We collect the categories described under Personal Information We Collect or Process for the purposes listed under How We Use Your Personal Information, disclose them as described under How We Disclose Personal Information, and retain them as described under Security and Retention. We do not use or disclose sensitive personal information for purposes that require a “Right to Limit” under California law. We do not knowingly sell or share the personal information of minors under 16.
To exercise California/other state privacy rights, use Your Rights and Choices above.
If you have concerns about how we process your personal information, please contact us using the details below. Depending on where you live, you may have the right to appeal our response by contacting us again and stating “Appeal” in the subject line. You may also have the right to lodge a complaint with your local data protection authority.
For complaints regarding PHI, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights as described in our HIPAA Notice.
We may transfer, store, and process your personal information in countries other than where you live (including the United States). Where required, we rely on appropriate safeguards, such as Standard Contractual Clauses or other legally recognized transfer mechanisms.
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for legal or regulatory reasons. We will post the revised Privacy Policy on this website, update the “Last updated” date, and provide notice as required by applicable law. Your continued use of the Services after the effective date means you accept the changes.
Questions about our privacy practices or this Privacy Policy, or to exercise your rights regarding personal information (non-PHI):
info@healthi.com • 2318 NE 2nd Ave, Miami, FL 33137, USA
For HIPAA/PHI questions or requests (Privacy Officer):
privacy@healthi.com • Attn: Privacy Officer, 2318 NE 2nd Ave, Miami, FL 33137, USA
Quick links
HIPAA Notice: https://healthi.com/pages/hipaa
Privacy Policy (this page)
Terms of Service: https://healthi.com/pages/terms
Shipping Policy: https://healthi.com/policies/shipping-policy
Refund Policy: https://healthi.com/policies/refund-policy