HIPAA Privacy Policy

Hypergevity is committed to protecting the confidentiality, integrity, and availability of your Protected Health Information ('PHI') in accordance with the Health Insurance Portability and Accountability Act of 1996 ('HIPAA'), the HITECH Act, and applicable state privacy laws.

We act as a Business Associate of the independent medical practices that deliver care through our platform, and as a Covered Entity where applicable. We never sell PHI and we never use PHI for advertising or third-party marketing without your express written authorization.

• Account & contact information (name, email, phone, shipping address).
• Demographic information necessary for clinical eligibility (age, state, biological sex).
• Self-reported health history, medications, vitals, and intake responses.
• Provider notes, prescriptions, lab results, and treatment records.
• Payment information processed by a PCI-DSS compliant payment processor.
• Technical metadata (device, IP, audit logs) for security and integrity.

• Treatment. Sharing PHI with the independent licensed clinician evaluating you and the compounding pharmacy fulfilling your prescription.
• Payment. Processing fees for the telehealth visit, medications, and shipping.
• Healthcare operations. Quality assurance, provider credentialing, audit, and case review.
• Legal requirements. When required by law, court order, or to respond to a lawful request from a regulator.
• Patient safety. To avert a serious and imminent threat to health or safety.

PHI is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256. Access is restricted by role-based controls, audited continuously, and protected by multi-factor authentication. All workforce members complete annual HIPAA training and execute confidentiality agreements. We maintain a documented Incident Response Plan and breach notification process.

• Right to inspect and obtain a copy of your PHI.
• Right to request an amendment of inaccurate or incomplete PHI.
• Right to an accounting of disclosures.
• Right to request restrictions on certain uses and disclosures.
• Right to request confidential communications by alternative means.
• Right to a paper copy of this Notice upon request.
• Right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights without retaliation.

Medical records are retained for the minimum period required by the laws of the state in which your treating clinician is licensed (typically 6–10 years). You may request deletion of non-clinical account data at any time by writing to support@hypergevity.com.

Hypergevity LLC · Privacy Officer · 1209 N Orange Street, Wilmington, DE 19801 · privacy@hypergevity.com