HerTeleMeds

Privacy Policy

Last updated: April 28, 2026

Who We Are

HerTelemeds is operated by Beauty Empower Group LLC ("HerTelemeds," "we," "us," "our"), a Virginia limited liability company. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use HerTelemeds.com (the "Site") and the telehealth services offered through it (collectively, the "Services").

Scope

This policy applies to personal information we collect directly from you, through your use of the Services, or from third parties. Protected Health Information ("PHI") — medical intake answers, photographs, prescription information — is subject to additional protection under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), described in Section 6 below.

1. Information We Collect

Information you provide directly:

  • Name, email, phone, date of birth, shipping address
  • Medical intake questionnaire answers
  • Photographs you upload for clinical review
  • Payment information (handled by Stripe; we do not store full card details)
  • Communications you send us

Information we collect automatically:

  • IP address, browser type, device information
  • Pages you visit, how you arrived at the Site, time spent on pages
  • Cookies and similar technologies (see Section 4)

Information from third parties:

  • Our partner pharmacy may send back shipping status and tracking data

2. How We Use Your Information

We use your information to:

  • Provide the Services (process your intake, route it to a provider, issue prescriptions, fulfill orders)
  • Communicate with you about your order and prescription
  • Process payments
  • Comply with legal and regulatory requirements
  • Improve our Services
  • Prevent fraud and abuse
  • Send marketing communications (with your consent, and with an option to unsubscribe at any time)

3. Legal Bases (for Individuals in Covered Jurisdictions)

We rely on the following legal bases for processing:

  • Contract performance — to deliver the Services you purchase
  • Legitimate interests — fraud prevention, improving our Services, direct communications with existing customers
  • Consent — for marketing communications and non-essential cookies
  • Legal obligation — compliance with healthcare, tax, and regulatory laws

4. Cookies and Tracking Technologies

We use cookies for:

  • Essential — session management, checkout functionality
  • Analytics — measuring Site usage (Google Analytics or similar)
  • Marketing — with your consent, tracking pixels for advertising partners

You can manage cookie preferences through your browser settings or (when implemented) a cookie consent banner on the Site.

5. How We Share Information

We share your information only as described below. We do not sell your personal information.

With healthcare providers and our partner pharmacy: To provide clinical review, issue prescriptions, and fulfill your orders.

With third-party service providers: Stripe for payments, Healthie for electronic health records, AWS for hosting, ShipStation for shipping labels, and similar vendors. Each operates under written contracts that require them to protect your information.

With your chosen pharmacy: If you elect to have your prescription sent to a pharmacy of your choice instead of our partner pharmacy, we transmit the prescription electronically to that pharmacy.

For legal or regulatory reasons: When required by law, court order, or government request; to protect our rights, property, or safety or that of others; or in connection with an investigation of suspected fraud, misuse, or illegal activity.

In a business transaction: If HerTelemeds is acquired, merges, or sells assets, your information may be transferred as part of that transaction (with customary confidentiality obligations).

6. HIPAA and Protected Health Information

HerTelemeds operates as a HIPAA-regulated entity in connection with the clinical services provided through the Site. Your Protected Health Information ("PHI") — which includes medical intake answers, photographs, prescription records, and related clinical data — is stored in our HIPAA-compliant electronic health records platform (Healthie).

Your HIPAA rights include:

  • The right to access your PHI
  • The right to request corrections to inaccurate PHI
  • The right to request restrictions on certain uses and disclosures of your PHI
  • The right to request confidential communications
  • The right to receive an accounting of disclosures
  • The right to complain to us or to the U.S. Department of Health and Human Services Office for Civil Rights

To exercise any of these rights, contact support@hertelemeds.com or write to:

HIPAA Privacy Officer
Beauty Empower Group LLC
3060 Williams Drive, Suite 300
Fairfax, VA 22031

We will respond to your request within the timeframes required by HIPAA, typically 30 days.

Business Associate Agreements: We have executed written Business Associate Agreements with all vendors that receive PHI on our behalf, including Healthie and Amazon Web Services.

PHI is not transmitted to Stripe. Payment descriptors, metadata, and customer records sent to Stripe are deliberately sanitized to carry no information that identifies treatment, diagnosis, or condition.

7. Data Retention

We retain different categories of your information for different periods, in each case for the longest applicable retention period among the states we serve and any overriding federal requirement.

Medical records. Patient medical records — including intake responses, photographs, identity verification images, prescriber notes, and prescriptions — are retained for a minimum of ten (10) years from the date of your last encounter with our Services. For records of a patient who was a minor at the time of treatment, records are retained until the patient reaches age twenty-eight (28) or for ten (10) years past the last encounter, whichever is later. Medical records are stored in our HIPAA-compliant electronic health record system (Healthie) under a signed Business Associate Agreement.

Pharmacy dispensing records. Records of medication dispensing held by our partner pharmacy are retained by the pharmacy in accordance with applicable state pharmacy regulations (typically five to ten years).

Account and authentication data. Your email address, account identifiers, default shipping address, and authentication history are retained for as long as your account is active. If you delete your account, we retain account-level identifiers as required to link to medical records that must be preserved under the medical record retention period above; the rest is deleted within ninety (90) days.

Payment records.Financial transaction records are retained by our payment processor (Stripe) per Stripe’s policies and applicable tax and financial regulations, typically seven (7) years or more. We do not store full payment card numbers.

We do not delete or destroy patient medical records during the retention periods stated above except in response to a verified request that complies with applicable state and federal law. After the retention period expires, records are securely destroyed or de-identified.

8. Security

We implement industry-standard safeguards to protect your information, including:

  • Encryption in transit (TLS) and at rest (AES-256)
  • Access controls limiting PHI access to authorized personnel
  • Audit logging of PHI access
  • HIPAA-compliant hosting infrastructure (AWS with executed BAA)
  • Regular review of security practices

No security system is perfect. In the event of a data breach affecting your PHI, we will notify you as required by HIPAA and applicable state breach notification laws.

9. Your Choices

  • Marketing emails: Unsubscribe via the link in any marketing email or by contacting support@hertelemeds.com
  • Account closure: Request account closure via support@hertelemeds.com; we will retain records as legally required
  • Cookies: Manage through your browser
  • Do Not Track: We currently do not respond to DNT signals because no industry standard is universally followed

10. Children

HerTelemeds is not intended for use by anyone under the age of 18. We do not knowingly collect information from children. If you believe a child has provided us information, contact support@hertelemeds.com and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email to active users and posted on the Site with a new "Last Updated" date.

12. Contact Us

Questions about this Privacy Policy or our privacy practices:

HerTelemeds (Beauty Empower Group LLC)
3060 Williams Drive, Suite 300
Fairfax, VA 22031
Phone: (703) 219-8896
Privacy inquiries: support@hertelemeds.com
HIPAA-specific inquiries: support@hertelemeds.com