Privacy Policy

DrHouse Privacy Policy

Effective Date: Mar. 04, 2026.

Table of Contents

1. Introduction and Scope

This Privacy Policy explains how DrHouse, Inc. (“DrHouse,” “we,” “us,” or “our”) collects, uses, and discloses personal information in compliance with U.S. state consumer data privacy laws, including but not limited to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), as well as other state consumer data privacy laws.

This Privacy Policy does NOT apply to protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”) (see Section A).

This Privacy Policy applies to personal information we collect through our websites (“Sites”), mobile applications (“Apps”), and other online or offline interactions.

A. HIPAA and Protected Health Information

If you use DrHouse to access medical services provided by a licensed clinician, our use or disclosure of your protected health information (“PHI”), which includes information you provide for diagnosis, treatment, payment or prescription purposes, is governed exclusively by HIPAA, not this Privacy Policy.  The Notice of Privacy Practices to which you were provided access when agreeing to receive clinical services describes how your PHI can be used or disclosed in accordance with HIPAA.

B. Age Requirement

You must be at least 18 years old to use the DrHouse Sites and Apps.

2. Categories of Personal Information Collected

We may collect the following categories of personal information, which may also be PHI.  

A. Categories of Personal Information

A. Identifiers

  • Examples: Name, postal address, email address, phone number, IP address, account name, unique identifiers.
  • DrHouse Collects: DrHouse may collect first and last name, email address, mailing address, IP address, device identifiers, unique 6-digit login code, information parsed from driver’s license or passport (name, address, DOB), estimated location and address history from identify-verification partner.

B. Customer Records Information

  • Examples: Financial information, billing information, medical information, health insurance information.
  • DrHouse Collects: DrHouse may collect billing information, payment card data, mailing address, insurance eligibility, medical information, symptoms, medical history, preferred pharmacy, doctor visit history.

C. Protected Classification Characteristics

  • Examples: Age, gender, race, ethnicity, disability, citizenship, marital status, veteran status.
  • DrHouse Collects: DrHouse may collect gender and date of birth.

D. Commercial Information

  • Examples: Records of products or services purchased, obtained, or considered; purchasing histories; consuming tendencies.
  • DrHouse Collects: DrHouse collects purchase history, visit information (location, address, reason for visit), order and transaction history, email interaction data (opens, clicks, purchases).

E. Biometric Information

  • Examples: Physiological, biological, or behavioral characteristics used for identification
  • DrHouse Collects: DrHouse does not collect biometric information, however our identity-verification partner may create temporary facial biometrics. DrHouse receives only the information extracted from your ID (such as name and address) and confirmation whether the images matched.

F. Internet or electronic Network Activity

  • Examples: Browsing history, search history, interaction with websites, applications, or advertisements.
  • DrHouse Collects: DrHouse collects browser type, operating system, IP address, domain name, click activity, referring website, date/time stamps, information typed into online forms, email open/click behavior, website interaction data, mobile device identifiers, app usage data, analytics from cookies and tracking tools.

G. Geolocation Data

  • Examples: Physical location or movements.
  • DrHouse Collects: DrHouse may collect approximate or precise device location (such as GPS, Wi-Fi, or cellular signals), as well as information used to calculate your distance from preferred providers. We may also receive estimated location data from our identity-verification partner when you submit a government ID and photo for identity verification.

H. Sensory Data

  • Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
  • DrHouse Collects: DrHouse may collect photos, video images, electronic signatures you provide for identity verification.

I. Professional or Employment Information

  • Examples: Job history, professional information.
  • DrHouse Collects: DrHouse does not collect employment information

J. Education Information

  • Examples: Education records directly related to a student.
  • DrHouse Collects: DrHouse does not collect education information.

K. Inferences

  • Examples: Profiles reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitudes.
  • DrHouse Collects: DrHouse collects preferences derived from: purchase history, website interactions, email interactions, survey responses, and internal analytics-based inferences about user interests.

L. Sensitive Personal Information

  • Examples: Government IDs, financial data, precise geolocation, health information, biometric identifiers, account log-in credentials.
  • DrHouse Collects: DrHouse collects identify-verification data you provide (e.g., driver’s license, passport images), financial information (credit card), precise geolocation, extracted ID information from verification partner, electronic signature and health information relevant to clinical services you seek (PHI protected under HIPAA).

B. Cookies and Other Information Collecting Technologies

1. What are cookies?

A cookie is a small file placed onto your device that enables a variety of features and functionality. We use first party cookies and other similar technologies to ensure everyone who uses our Sites and Apps has the best possible experience. We also use them for marketing and advertising.

We use cookies and similar technologies to understand how you interact with our Sites and Apps, identify which pages and features are most frequently used, improve your overall experience, and support the completion of transactions you request. In addition to cookies, we may use similar technologies such as web beacons, pixels, local storage, software development kits (SDKs), device identifiers, and authentication tokens for the same purposes.

2. Controlling cookies

Most browsers allow you to block or delete cookies through their settings. If you choose to disable cookies, some features or content on our Sites may not function properly or may become unavailable.  Website users who do not want their data collected with Google Analytics can visit the Google Analytics opt-out page and install the Google Analytics opt-out add-on for your browser: https://tools.google.com/dlpage/gaoptout.

C. Sources of Personal Information

We collect personal information from:

  • You directly: Account creation, visit scheduling, identify verification, customer support, surveys, ratings, reviews, comments or messages.
  • Your devices: Cookies, analytics tools, mobile device data.
  • Providers or Pharmacies: Visit history and prescription information, which is PHI and is protected under HIPAA.
  • Insurance Providers: Insurance eligibility, prescription history (PHI protected under HIPAA).
  • Identify Verification Partners: When you submit a government ID and photo for identity verification, our verification partner may confirm your identity by comparing the images and provide us with extracted ID information (such as your name and address) and confirmation of whether the images matched.
  • Third Parties: Those who pay for your care, service and clinical providers (PHI protected under HIPAA).
  • Publicly Available Sources: Information you make publicly available, for example, on social media or information available in public records.

3. Purposes for Collecting and Using Personal Information

We use personal information for the following purposes:

  • Verifying your identity and confirming your location
  • Identifying when you visit our Sites or Apps
  • Providing or managing products or services
  • Scheduling virtual visits
  • Processing payments for services through our third-party payment processor (DrHouse does not collect or process payment card information)
  • Facilitating your use of our services
  • Conducting analytics and improving the Sites/Apps
  • Placing and tracking orders
  • Protecting our rights and the rights of others
  • Responding to support inquiries
  • Sending marketing and promotional materials
  • Internal administrative purposes
  • Complying with legal obligations
  • Detecting and preventing fraud or security incidents
  • Creating de-identified information for lawful purposes. We do not attempt to re-identify de-identified information, and we contractually prohibit our service providers from doing so.

We do not use or disclose Sensitive Personal Information for purposes other than those permitted under applicable law.

For California residents, we may also use Personal Information for “business purposes” as defined under the CPRA, including. 

  • auditing, 
  • security and integrity, 
  • debugging, 
  • short-term transient use, 
  • performing services on behalf of the business, 
  • internal research, and
  • quality and safety assurance.

4. Disclosure of Personal Information to Third Parties

We may disclose personal information to:

  • Affiliates and subsidiaries
  • Service providers (including identify verification, analytics, hosting, payment processing, customer support, and order fulfilment)
  • Providers or Pharmacies (if PHI, it is protected under HIPAA)
  • Business partners (including in connection with contests, sweepstakes, or other promotions)
  • Professional advisors (such as attorneys, auditors, and consultants)
  • Law enforcement or regulatory bodies
  • Potential buyers or investors in connection with a corporate transaction
  • Third parties with your consent

We do not disclose your personal information in exchange for money, nor do we engage in practices that would be considered a “sale” or “sharing” of personal information under applicable state privacy laws. However, certain disclosures for advertising or analytics purposes may constitute “sharing” under the CPRA. You may opt-out of the sale or sharing of personal information at any time by using the ‘Do Not Sell or Share My Personal Information’ link.

Service providers are contractually prohibited from using personal information for any purpose other than performing services on our behalf.

We may also disclose information without your consent as required by law, to protect our rights, to prevent fraud or harm, or to comply with your request for services.

Our Sites and Apps may provide the opportunity to post comments or reviews in a public forum. Any information you submit in these areas may be publicly available.

Our Sites and Apps may also feature social media plugins, widgets, or similar tools that may result in information being collected or shared between us and the third party providing the tool.

5. Consumer Rights and How to Exercise Them

A. Consumer Rights

Depending on your state of residence, you may have the right to:

  • Access your personal information
  • Know the categories of personal information collected
  • Delete personal information
  • Correct inaccurate personal information
  • Opt-out of the sale or sharing of personal information. 
    • Where required by law, we recognize and process browser-based opt-out preference signals like Global Privacy Control (GPC) which allow you to automatically communicate your choice to opt-out of certain data practices.
  • Opt-out of cross-context behavioral advertising (targeted advertising)
  • Limit the use of sensitive personal information
  • Obtain a portable copy of your data
  • Appeal a denied request (where provided for by state law)

You may exercise these rights by contacting us using the methods listed in Section 11. We will verify your identity before processing your request. If we cannot verify your identity, we may deny your request and will explain the reason for the denial.

We will respond to your request without unreasonable delay but not later than 45 days, with a possible 45-day extension where reasonably necessary (unless a shorter timeframe is required by law).

B. Authorized Agents

You may designate an authorized agent to make requests on your behalf. The authorized agent must:

  • Provide proof of your written permission to act on your behalf
  • Verify their own identity with us
  • If the agent is a business, meet any other applicable state requirements.

We may deny requests from an authorized agent who does not meet these requirements.

C. California Residents

California residents may be entitled to ask us for a notice describing what categories of Personal Information we disclose with third parties or affiliates for direct marketing.

6. No Discrimination for Exercising Your Rights

We will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services.
  • Provide you with a different level of care.

However, we may offer financial incentives, such as discounts or other benefits, in exchange for the collection, retention, or sale of personal information, where permitted by law. Any financial incentive we offer will be reasonably related to the value of your data, and participation is voluntary. You may withdraw from a financial incentive program at any time.

7. Data Security and Retention

We use technical, administrative, and physical safeguards to protect personal information.

We retain each category of personal information for the period reasonably necessary to fulfill the purposes described in this Privacy Notice or as required by law. State law governs medical record retention requirements.

Where specific retention periods apply, they are disclosed in our Notice at Collection.

We do not retain Sensitive Personal Information for longer than is reasonably necessary to perform the services or provides the goods for which it was collected, unless permitted by law.

Following the expiration of an applicable retention period, we may de-identify, aggregate, or anonymize data instead of deleting it, where permitted by applicable law. 

8. Children’s Privacy

DrHouse’s services are not directed to any individual under 18, and DrHouse does not knowingly collect personal information from individuals under 18. If we learn that we have collected information from an individual under 18, we will delete it. 

9. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the effective date at the top of this Privacy Notice. For material changes, we will provide additional notice, such as a prominent notice on our website or email notification.

10. Handling State-Specific Privacy Requirements

We apply the highest applicable standard across states. When there are conflicts between state laws, we generally apply the higher standard of protection to all consumers, regardless of their state of residence. However, certain rights may apply only to residents of specific states as required by law. In such cases, we will clearly communicate any state-specific limitations when responding to your request.

In some states, the specific verification requirements and response timeframes may vary slightly based on your state of residence. We will process all requests in accordance with the requirements applicable to your state. 

California Residents (CPRA)

California residents have additional rights, including:

  • The right to limit the use of sensitive personal information.
  • The right to request information about data practices for the prior 12 months.
  • The right to make two access requests per 12-month period. 

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, you may contact us using any of the methods below. We may need to verify your identity before responding to certain requests. Authorized agents may submit requests on your behalf using the same contact methods.

Email: support@drhouse.com

Phone: (888) 605-1999

Mail:

DrHouse, Inc.
Attn: Privacy Office
244 Fifth Avenue, Suite 1270, New York, New York, 10001

Online Form: drhouse.com/contact/

If you need this Privacy Notice in an alternative format due to disability or language barrier, please contact us using one of the methods above.

12. Dispute Resolution

If you have a complaint or concern about how we handle your personal information, please let us know and we will do our best to address it. If you feel we have not resolved your concern, you may have the right to file a complaint with a data protection authority where you live or where a privacy law issue may have occurred. Depending on the law or any agreement between you and DrHouse, mediation or arbitration may also be available to resolve the issue.

Healthcare

on your schedule

Skip the unnecessary waiting room, see a board-certified physician now.

Get Started Now

Available in 50 states. Insurance accepted.

Screenshot of DrHouse Mobile App: Welcome Page for Booking Virtual Visits and Prescriptions Management Page