top of page

Cura+

CuraPlus Privacy Policy

This Privacy Policy explains how CuraPlus, Inc. (“CuraPlus,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you visit our websites, use our online services and chat widgets, create an account, engage in telehealth services, purchase products, or otherwise interact with us (collectively, the “Services”).
 
Not for emergencies. If you’re experiencing a medical emergency, call 911 or your local emergency number immediately.
If you do not agree with this Privacy Policy, please do not use the Services. Your use of the Services is also subject to our Terms of Use.
1) Scope & How This Policy Relates to HIPAA
Some activities on CuraPlus involve Protected Health Information (“PHI”) and are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). When CuraPlus or its clinical partners provide telehealth or pharmacy-related services, your PHI is handled in accordance with our HIPAA Notice of Privacy Practices (NPP), which describes how PHI may be used and disclosed for treatment, payment, and healthcare operations.

  • This Privacy Policy applies to personal information collected through our consumer-facing Services (e.g., browsing, ecommerce, chat, marketing) and to PHI only to the extent this Policy references HIPAA and the NPP.

  • If there is a conflict between this Privacy Policy and the NPP with respect to PHI, the NPP controls.

Link: Notice of Privacy Practices (NPP)
2) Information We Collect
We collect information in three ways: (a) directly from you; (b) automatically through the Services; and (c) from third parties (e.g., payment processors, analytics, pharmacy partners).
A. Information You Provide

  • Account & Profile: name, email, phone, date of birth, address, login credentials.

  • Health Intake / Telehealth: medical history, current medications, allergies, lab results, symptoms, risk assessments, photos you upload, and other PHI.

  • Orders & Payments: order details, shipping address; payment card data is processed by our payment processor (we do not store full card numbers).

  • Communications: messages via chat, email, SMS (including consent preferences), support requests, and survey responses.

  • Insurance & Benefits (if applicable): plan details, member ID, prior authorization information.

  • User-Generated Content: reviews, feedback, attachments.

B. Information Collected Automatically

  • Device/Usage Data: IP address, browser type, device identifiers, pages viewed, referring/exit pages, timestamps, approximate location (from IP), and interactions (clicks, scrolls).

  • Cookies & Similar Technologies: session cookies, analytics tags, advertising pixels, and local storage (see Cookies & Tracking below).

C. Information from Third Parties

  • Pharmacy & Clinical Partners: prescription status, fulfillment updates, related PHI as allowed by HIPAA and the NPP.

  • Labs & Diagnostics: test orders/results (PHI).

  • Payment/Shipping Vendors: payment status, delivery status.

  • Marketing/Analytics Partners: campaign performance metrics, attribution.

3) How We Use Information
We use personal information (and PHI as permitted by HIPAA/NPP) to:

  • Provide and improve Services: create/manage accounts, process orders, arrange discreet delivery, enable telehealth visits, and support care coordination.

  • Clinical purposes (PHI): diagnosis, treatment, care coordination, pharmacy fulfillment, labs, and required healthcare operations (see NPP).

  • Customer support: respond to inquiries, troubleshoot issues.

  • Safety & compliance: detect/prevent fraud, abuse, security incidents; comply with law.

  • Communications: send service updates, appointment reminders, refill notices, and with consent where required, marketing/promotional messages (email/SMS).

  • Research & analytics: understand usage, evaluate product performance, and improve user experience (data may be aggregated/de-identified where possible).

  • Legal: enforce Terms of Use, protect our rights, and comply with regulatory obligations.

4) How We Disclose Information
We share information in the following circumstances:

  • Clinical & Pharmacy Partners (PHI): with licensed providers, pharmacies, and labs to deliver care, fulfill prescriptions, and process results, consistent with HIPAA and the NPP.

  • Service Providers: with vendors that perform services for us (hosting, EHR/telehealth platforms, payment processing, shipping, analytics, communications), under confidentiality obligations.

  • Insurance & Assistance Programs (if applicable): to verify eligibility, obtain prior authorizations, or access financial assistance programs, with your direction/consent as needed.

  • Legal & Safety: to comply with law, valid legal processes, or governmental requests; to protect the safety, rights, or property of users, the public, or CuraPlus.

  • Business Transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality safeguards.

  • With Your Consent: when you direct us to share (e.g., referring provider, caregiver), or otherwise consent.

We do not sell your personal information in the traditional sense. For certain states (e.g., CA), we explain choices about “sale” or “sharing” for targeted advertising in State Privacy Rights below.
5) Cookies & Tracking Technologies
We and our partners use cookies, pixels, SDKs, and similar technologies to enable essential features, analyze traffic, remember preferences, and (where permitted) tailor ads. You can:

  • Adjust browser settings to block/clear cookies.

  • Use platform-level settings (e.g., iOS/Android ad preferences).

  • Manage preferences via our Cookie Settings link (if implemented).

Do Not Track (DNT): We currently do not respond to DNT signals because there is no industry consensus.
6) SMS, Email & Chat Communications
By providing your email/phone, you agree we may send you transactional and service-related messages (e.g., account notices, appointment reminders, order updates). Where required, we obtain your opt-in for promotional SMS/emails.

  • Opt-out of SMS: reply STOP to any message. You may receive a confirmation.

  • Opt-out of email marketing: click “unsubscribe” in the email footer.

  • Chat widget: if your chat is configured to collect email first, we will use that email to respond and may associate chat activity with your account.

Message/data rates may apply. Consent is not a condition of purchase or care.
7) Children’s Privacy
The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without appropriate parental/guardian consent as required by law. If you believe a child provided information to us, contact us (see Contact Us).
8) Data Retention
We retain personal information for as long as needed to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Health records/PHI are retained according to applicable healthcare laws and professional standards.
9) Data Security
We employ administrative, technical, and physical safeguards designed to protect information, including encryption in transit, access controls, and monitoring. No system is 100% secure; please use strong passwords and protect your account credentials.
10) State Privacy Rights (CA, CO, CT, UT, VA, and others)
Depending on your state, you may have rights to access, correct, delete, opt out of certain data uses (e.g., targeted advertising or “sale” as defined by law), and appeal our decision on your request.

  • California (CCPA/CPRA) Disclosures:

    • Categories collected: identifiers (e.g., name, email), commercial info (orders), internet activity (usage), geolocation (coarse), inferences (preferences), and, in clinical contexts, sensitive information/PHI (governed by HIPAA).

    • We do not sell personal information for money. We may “share” data for cross-context behavioral advertising as defined by CA law (e.g., via advertising cookies) when enabled.

    • Opt Out of Sale/Sharing: Use our Do Not Sell or Share My Personal Information link (if implemented) or email us (see Contact Us).

    • Sensitive Information: PHI is governed by HIPAA and the NPP; for non-PHI sensitive categories, we limit use to permitted purposes.

  • How to Exercise Rights: Submit a request via [privacy@curaplus.com] or the web form (if available). We will verify your identity and respond within the timeframe required by law. Authorized agents may submit requests with proof of authorization.

These rights do not apply to PHI processed under HIPAA (covered by the NPP’s separate rights, such as access and amendment to medical records).
11) International Users
Our Services are intended for users in the United States. If you access from outside the U.S., you understand your information may be processed in the U.S., where laws may differ from those in your country.
12) Third-Party Links & Services
The Services may link to third-party sites or integrate with third-party tools (e.g., payment processors, shipping carriers, telehealth platforms). This Policy does not apply to those third parties. Review their privacy policies for details on their practices.
13) Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted with a new “Last Updated” date. Material changes may be communicated through the Services or by email where required.
14) Contact Us
CuraPlus, Inc.

Email: info@curaplushealth.com
Phone: +1(747)309-1788
For PHI and your HIPAA rights, contact our Privacy Officer at hipaa@curaplus.com and see our Notice of Privacy Practices.
 

bottom of page