Important: ProviaRx, LLC (DBA of Saha Services LLC) is a technology platform only — we do not employ physicians, practice medicine, or dispense medications. This Privacy Policy describes how we handle information collected through our platform. For information about how your health information is used for medical purposes, please review our HIPAA Notice of Privacy Practices.
1. Who We Are
ProviaRx is a trade name (DBA) of Saha Services LLC, a Texas limited liability company ("ProviaRx," "we," "us," or "our"). We operate a telehealth technology platform at proviarx.com that connects patients with independent licensed healthcare providers for GLP-1 weight management and hormone optimization programs.
Platform Disclosure: ProviaRx is a technology and administrative services platform only. We do not employ physicians, practice medicine, make prescribing decisions, or dispense medications. All healthcare services are provided by independent licensed healthcare providers, and all medications are dispensed by independent state-licensed compounding pharmacies.
2. Information We Collect
2.1 Information You Provide Directly
When you use our platform, you may provide:
- Identity information: First name, last name, date of birth, sex assigned at birth
- Contact information: Email address, phone number, mailing address, state of residence
- Health information: Medical history, current medications, allergies, symptoms, health goals, BMI, activity level, prior treatments — this information constitutes Protected Health Information (PHI) under HIPAA
- Payment information: Credit/debit card details, HSA/FSA card details — processed by Stripe, Inc. (we do not store card numbers)
- Communications: Messages sent through our chat widget or email to care@proviarx.com
2.2 Information Collected Automatically
- Usage data: Pages visited, time spent, browser type, device type, operating system
- IP address: Used for fraud prevention and geographic compliance
- Cookies: See Section 7 for details
⚠️ Health Information: Information you provide in our health assessment constitutes Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). This information is handled in accordance with our HIPAA Notice of Privacy Practices in addition to this Privacy Policy.
3. How We Use Your Information
We use the information we collect to:
- Transmit your health assessment to independent licensed physicians for clinical review
- Communicate with you about your assessment status, approval, and subscription
- Facilitate prescription transmission to independent licensed compounding pharmacies
- Process subscription payments through our payment processor (Stripe)
- Respond to your inquiries and provide customer support
- Comply with applicable laws, regulations, and legal processes
- Detect, prevent, and address fraud, security incidents, and technical issues
- Improve our platform and services (using de-identified, aggregated data only)
- Send service-related communications (not marketing without your consent)
We do not sell your personal information. We do not use your health information for advertising or marketing purposes.
4. How We Share Your Information
4.1 Independent Healthcare Providers
Your health assessment information is shared with independent licensed physicians who review assessments through our platform. These providers access PHI only to the extent necessary to provide healthcare services and are subject to HIPAA obligations.
4.2 Independent Compounding Pharmacies
If a physician approves your prescription, your relevant information (name, address, prescription details) is shared with an independent licensed compounding pharmacy to fulfill and ship your medication.
4.3 Service Providers (Business Associates)
We share information with third-party service providers who assist in operating our platform under Business Associate Agreements (BAAs) or Data Processing Agreements:
- Cloudflare, Inc. — Website hosting, CDN, and security services
- Stripe, Inc. — Payment processing (subject to Stripe's Privacy Policy)
- Email Service Provider — Secure email delivery under HIPAA BAA
4.4 Legal Requirements
We may disclose information when required by law, court order, or government authority, or when necessary to protect the rights, property, or safety of ProviaRx, our users, or the public.
4.5 Business Transfers
In the event of a merger, acquisition, or sale of assets, patient health information will only be transferred in compliance with HIPAA and applicable privacy laws, with appropriate notice to affected individuals.
✅ We never sell your personal information to data brokers, advertisers, or any third parties for commercial purposes.
5. Data Security
We implement administrative, technical, and physical safeguards to protect your information:
- Encryption in transit: All data transmitted between your browser and our platform uses TLS 1.2+ encryption (HTTPS)
- Encryption at rest: Sensitive data stored by our service providers is encrypted using AES-256
- Access controls: Access to patient information is limited to authorized personnel on a need-to-know basis
- Cloudflare security: DDoS protection, WAF (Web Application Firewall), and bot mitigation
- Payment security: Card data is processed directly by Stripe (PCI-DSS Level 1 certified) — we never store card numbers
- Vendor agreements: All vendors handling PHI execute HIPAA Business Associate Agreements
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach involving PHI, we will notify affected individuals as required by HIPAA's Breach Notification Rule (within 60 days of discovery).
6. Your Rights and Choices
6.1 Access and Correction
You have the right to request access to the personal information we hold about you and to request correction of inaccurate information. Submit requests to legal@proviarx.com.
6.2 Deletion
You may request deletion of your personal information, subject to our legal obligations to retain certain records (including medical records, which are subject to state-specific retention requirements ranging from 5-10 years).
6.3 HIPAA Rights
As a patient, you have additional rights regarding your Protected Health Information under HIPAA. These rights are described in detail in our HIPAA Notice of Privacy Practices and include the right to access, amend, and restrict disclosure of your health records.
6.4 Marketing Communications
We do not send marketing emails without your explicit consent. If you receive any marketing communications, you may opt out by clicking "unsubscribe" or emailing care@proviarx.com.
6.5 Subscription Cancellation
You may cancel your subscription at any time by emailing care@proviarx.com before your next billing cycle. Cancellation does not automatically delete your health records, which are retained per applicable law.
7. Cookies and Tracking Technologies
Our website uses minimal cookies and tracking technologies:
- Essential cookies: Required for the website to function (session management, security). Cannot be disabled.
- Cloudflare cookies: Used for security and performance optimization by our CDN provider.
- Analytics: We do not currently use third-party analytics tools (e.g., Google Analytics) that track you across websites.
- Advertising: We do not use advertising cookies or tracking pixels.
You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.
8. California Residents — CCPA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:
- Right to Know: Request disclosure of personal information collected, used, disclosed, or sold about you in the past 12 months
- Right to Delete: Request deletion of personal information we have collected (subject to exceptions)
- Right to Opt-Out: We do not sell personal information — there is nothing to opt out of
- Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights
Note: Health information (PHI) subject to HIPAA is partially exempt from CCPA. To the extent PHI is exempt, your rights are governed by HIPAA, described in our HIPAA Notice of Privacy Practices.
To submit a CCPA request, contact us at legal@proviarx.com with the subject line "CCPA Request."
9. Children's Privacy
Our platform is intended for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected information from a minor, we will promptly delete it. If you believe we have collected information from a minor, please contact us at legal@proviarx.com.
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify active subscribers by email at least 30 days before changes take effect
- For material changes affecting how we use PHI, provide HIPAA-required notice
Your continued use of the platform after the effective date constitutes acceptance of the updated policy. If you disagree with changes, you may cancel your subscription and request data deletion.