Who This Policy Covers
This Privacy Policy applies to organizational representatives and primary contacts of organizations enrolled in the ChatRx Tier 2 Community Business Partner Program, including K-12 schools, universities, small employers, nonprofits, faith communities, retail organizations, and healthcare-adjacent practices participating on a non-commission basis.
This program is non-commission. No payment, revenue share, or financial compensation passes between ChatRx and the Partner. The personal information collected under this policy is used solely for program administration, onboarding support, and utilization reporting — not for payment processing.
1. ABOUT THIS PRIVACY POLICY
ChatMD Inc., doing business as ChatRx ("ChatRx," "we," "our," or "us") is committed to protecting the privacy of individuals who participate in our programs. This Privacy Policy ("Policy") describes how ChatRx collects, uses, shares, and protects personal information provided by participants in connection with the Tier 2 Community Business Partner Program, and explains the rights available to participants regarding their data.
This Policy applies specifically to program participants in their organizational representative capacity. It does not govern the collection or handling of patient health information on the ChatRx clinical platform, which is separately governed by ChatRx's Patient Privacy Notice and HIPAA Notice of Privacy Practices available at ChatRx.MD.
By executing the Community Partner Agreement to which this Policy is attached, you acknowledge that you have read, understood, and agreed to the practices described herein.
2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
When you enroll in the program through our GoHighLevel (GHL) platform, we collect information you submit, which may include:
Full legal name of authorized representative(s)
Business title and role
Organization legal name and DBA (if applicable)
Organization address and contact information
Primary contact email address and phone number
Federal Tax Identification Number / EIN (for payment and tax reporting)
Payment account information (e.g., ACH bank details for revenue share disbursements)
Organization type and industry category
Co-branding assets submitted (e.g., organization logo)
Referral link and QR code usage and attribution data
2.2 Information Collected Automatically
When you use program materials, referral links, or interact with ChatRx’s platform in your promotional capacity, we may automatically collect:
Referral link click data and attribution tracking information
QR code scan events and timestamps
Device type and browser information associated with referral activity
IP address associated with referral link distribution
GHL dashboard login activity and session data
This automated data is non-clinical and does not include any patient health information.
2.3 Information We Do NOT Collect
ChatRx does not collect or share with program participants any of the following:
Protected Health Information (PHI) as defined under HIPAA
Individual patient names, diagnoses, prescriptions, or visit details
Any clinical or medical data related to patients who used the ChatRx platform through your referral link
Our system architecture maintains a strict separation between the clinical data engine (which is HIPAA-governed and inaccessible to program participants) and the GHL marketing and attribution platform (which handles only non-PHI program data).
3. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
Establishing and managing Partner’s account in GHL
Generating and assigning unique referral URLs, QR codes, and co-branded landing page assets
Tracking referral attribution and calculating revenue share earnings
Processing and disbursing monthly revenue share payments
Generating and delivering monthly performance reports
Communicating program updates, compliance notices, and onboarding support
Administering the 90-day pilot review and ongoing partnership evaluation
Complying with tax reporting obligations for revenue share payments
Enforcing the B2B Attribution Partner Agreement, including investigation of policy violations
Complying with applicable federal and state legal requirements
We do not sell your personal information to third parties. We do not use your information for purposes unrelated to program administration without your explicit consent.
4. HOW WE SHARE YOUR INFORMATION
We may share your information in the following limited circumstances:
GoHighLevel (GHL): Our CRM and partner management platform processes Partner account information, tracks attribution activity, and generates performance reports. GHL operates as a data processor on ChatRx’s behalf.
Payment Processors: Third-party ACH or payment service providers used to disburse revenue share payments. These processors receive only the minimum information necessary to process payment.
Tax and Accounting Services: As required for IRS and state tax reporting obligations related to revenue share payments.
Co-Branding Vendors: To the extent necessary to build and host Partner’s co-branded landing page, approved vendors may receive Partner’s organization name and logo only.
Legal and Regulatory Authorities: If required by law, court order, or regulatory inquiry, or in connection with enforcement of the Program Agreement.
Business Transfers: In the event of a merger, acquisition, or sale of substantially all ChatRx assets, Partner information may be transferred to the successor entity.
We require all third-party service providers to maintain appropriate confidentiality and security obligations and to use your data only as directed by ChatRx.
5. DATA RETENTION
We retain Partner organizational and representative data for the duration of the partnership and for a minimum of seven (7) years following termination for tax and legal compliance purposes. Referral attribution and performance data is retained for three (3) years following partnership termination to support audit and dispute resolution needs.
You may request deletion of your personal data at any time by contacting us at the address listed in Section 10. We will honor deletion requests within thirty (30) days, subject to legal obligations to retain certain records.
6. DATA SECURITY
ChatRx implements reasonable and appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
Encryption of data in transit using TLS/SSL protocols
Access controls limiting data access to authorized personnel only
Secure cloud infrastructure with audit logging
GHL platform security controls for affiliate and partner data
While we take data security seriously, no system is completely immune to security risks. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.
7. COOKIES AND TRACKING TECHNOLOGIES
ChatRx uses cookies and similar tracking technologies to support referral attribution. When a user clicks your referral link, a tracking cookie may be placed on their browser to attribute any subsequent completed visit to your account. This tracking:
Is used for compensation calculation and program reporting purposes only
Does not track user health information or clinical activity
Is subject to the user’s own browser and cookie settings
Is governed by ChatRx’s website cookie policy, available at ChatRx.MD
You acknowledge that cleared cookies or browser restrictions may affect attribution accuracy, and ChatRx’s tracking records are the authoritative source for compensation calculations.
8. YOUR PRIVACY RIGHTS
Depending on your state of residence, you may have the following rights with respect to your personal information:
Right to Access: Request a copy of the personal information we hold about you
Right to Correction: Request correction of inaccurate or incomplete information
Right to Deletion: Request deletion of your personal information, subject to legal retention obligations
Right to Portability: Request your data in a portable, machine-readable format
Right to Opt-Out of Sale: We do not sell personal data. This right is therefore satisfied by our current practices
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Residents of California have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know specific categories of data collected and shared, and the right to limit the use of sensitive personal information.
To exercise any of these rights, please contact us using the information in Section 10.
9. CHILDREN’S PRIVACY
The ChatRx program is open only to individuals who are at least eighteen (18) years of age. We do not knowingly collect personal information from individuals under age 18. If we become aware that a participant is under 18, we will promptly terminate their account and delete their information.
10. CONTACT INFORMATION AND PRIVACY REQUESTS
For questions about this Privacy Policy, to exercise your privacy rights, or to report a privacy concern, please contact:
ChatRx Privacy Team
Email: [email protected]
Website: ChatRx.MD
Mailing Address: ChatMD Inc., doing business as ChatRx, 328 S. Michigan Street Plymouth, IN 46563
We will respond to all privacy requests within thirty (30) days of receipt.
11. CHANGES TO THIS POLICY
ChatRx reserves the right to update this Privacy Policy at any time. Material changes will be communicated to active program participants via email to the address on file in GHL at least fourteen (14) days before taking effect. Continued participation in the program following notice of an update constitutes acceptance of the revised Policy.
The most current version of this Policy is always available at ChatRx.MD.
12. GOVERNING LAW
This Privacy Policy is governed by the laws of the State of [State] and applicable federal privacy law, including but not limited to the Electronic Communications Privacy Act, the CAN-SPAM Act, and applicable FTC regulations.