ForbiddenRx

Legal

Privacy Policy

Last updated: April 25, 2026

1. Introduction

ForbiddenRX LLC (“ForbiddenRx,” “we,” “us,” or “our”) operates the telehealth platform at forbiddenrx.co (the “Service”). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Service.

Medical care delivered through the Service is provided by independent licensed medical providers practicing through Jimenez Medical Wellness, PLLC and other affiliated medical practices (“Medical Group”). The Medical Group maintains its own Notice of Privacy Practices governing protected health information (“PHI”) under HIPAA, summarized in Section 4 below.

2. Information We Collect

Personal Data

  • Name, email address, mailing address, phone number
  • Date of birth, government-issued identification
  • Account credentials and authentication data
  • Payment information (processed by Stripe; we do not store full card numbers)
  • Device, browser, and IP address information
  • Usage data and interactions with the Service

Health Data

  • Medical history, current medications, allergies
  • Symptoms, vitals, and clinical responses you provide during intake
  • Photos or video of yourself submitted for clinical review
  • Recordings or transcripts of telehealth visits
  • Provider notes, prescriptions, and treatment plans

3. How We Use Your Information

  • Provide, operate, and improve the Service
  • Facilitate telehealth visits and prescription fulfillment
  • Process payments and manage subscriptions
  • Communicate appointment reminders, refill alerts, and account notices
  • Respond to support inquiries
  • Comply with legal obligations and prevent fraud

We do not sell your personal or health information. We do not use your PHI for marketing purposes without your written authorization.

4. HIPAA Notice of Privacy Practices

The Medical Group is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). Your PHI may be used and disclosed by the Medical Group for:

  • Treatment — coordinating care with your treating provider, pharmacies, and other healthcare professionals
  • Payment — billing for services and processing prescriptions
  • Healthcare Operations — quality improvement, training, and administrative functions

You have the right to: inspect and request a copy of your PHI; request corrections; receive an accounting of disclosures; request restrictions on certain uses; receive confidential communications; and file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights without retaliation.

5. Who We Share Information With

  • Medical providers licensed in your state for clinical evaluation and prescribing
  • Licensed pharmacies that fulfill approved prescriptions
  • Payment processors (Stripe) to process transactions
  • Service providers for hosting, identity verification, communications, and analytics, under written agreements that limit their use of your data
  • Legal and regulatory authorities when required by law or to protect safety
  • Successors in connection with a merger, acquisition, or sale of assets, with notice to you

6. Data Security

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit and at rest, access controls, audit logging, and HIPAA-compliant infrastructure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7. Data Retention

Medical records are retained by the Medical Group for the period required by applicable state and federal law (typically 6–10 years). Account and billing records are retained as required by tax and accounting regulations. You may request deletion of non-medical account data at any time, subject to our legal obligations.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of personal data, subject to legal retention requirements
  • Withdraw consent for non-essential processing
  • Receive a copy of your PHI in an electronic format
  • File a complaint with a regulatory authority

To exercise these rights, email support@forbiddenrx.co. We will respond within 30 days.

9. Children’s Privacy

The Service is intended for adults aged 18 and older. We do not knowingly collect personal information from children under 18. If you believe a minor has provided us with personal information, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and posted on this page with a revised “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions or to exercise your rights, contact:

ForbiddenRX LLC
Privacy Officer
1270 Avenue of the Americas, 7th Floor, #1178
New York, NY 10020
Email: support@forbiddenrx.co

Questions about this page? Email support@forbiddenrx.co or visit our contact page.