ForgeMeds Client Login

Legal Framework

Comprehensive Privacy Policy

Effective Date: April 9, 2026

Notice to Users: This Comprehensive Privacy Policy outlines how ForgeMeds Technologies, LLC (a Wyoming Limited Liability Company) collects, protects, and utilizes your data in accordance with federal and state regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy laws.

I. Introduction & Scope

ForgeMeds Technologies, LLC, organized under the laws of the State of Wyoming ("ForgeMeds", "we", "us", or "our"), is committed to safeguarding your privacy. This Privacy Policy details our practices regarding the collection, use, and disclosure of information when you access our website, applications, and digital platform (collectively, the "Platform").

ForgeMeds operates as a Management Services Organization (MSO) and technology platform. We do not provide medical services directly. Instead, we facilitate connections between you and independent, physician-owned medical groups (the "Medical Groups") and independent pharmacies (the "Pharmacies"). Because of this structure, your data is bifurcated into standard Personal Information and Protected Health Information (PHI).

II. Information We Collect

To provide our services effectively, we collect data across several categories:

  • A. Personal Identifiers: Includes your full name, email address, physical address, shipping address, phone number, date of birth, and government-issued identification (if required for medical verification).
  • B. Protected Health Information (PHI): Data collected during your health assessments, medical history, laboratory test results, current medications, biometric data, and records of synchronous or asynchronous consultations with the Medical Groups. PHI is strictly governed by HIPAA.
  • C. Financial Information: Payment card details, billing address, and transaction history. Please note that ForgeMeds uses third-party, PCI-compliant payment processors (e.g., Stripe); we do not store full credit card numbers on our servers.
  • D. Technical & Usage Data: Automatically collected information including your IP address, browser type, operating system, device identifiers, interaction with our Platform (clickstream data), and referring URLs.

III. How We Use Your Information

Your information is utilized for the following core purposes:

  • Clinical Facilitation: Routing your PHI and assessment data to affiliated Medical Groups to enable medical evaluation, diagnosis, and prescription issuance.
  • Fulfillment & Operations: Transmitting approved prescriptions and shipping details to affiliated 503A/503B Pharmacies for medication compounding and delivery.
  • Account Management: Processing payments, managing your subscription lifecycle, and providing technical support.
  • Platform Optimization: Analyzing user behavior to debug issues, improve UI/UX, and enhance the overall functionality of the Platform.
  • Marketing & Communications: Sending transactional emails (e.g., shipping updates) and, with your consent, promotional materials regarding new treatments or offers.

IV. How We Share and Disclose Information

ForgeMeds does not sell your personal data to third parties for monetary gain. We disclose information only as necessary to operate our Platform:

  • Affiliated Healthcare Providers: Your PHI is shared securely with the independent Medical Groups and Pharmacies exclusively for the purpose of your medical care and treatment.
  • Business Associates & Service Providers: We share data with trusted third-party vendors (e.g., cloud hosting providers, CRM platforms, and payment gateways) who perform services on our behalf. These entities are bound by strict Business Associate Agreements (BAAs) and confidentiality clauses.
  • Legal & Regulatory Compliance: We may disclose information if required to do so by law, court order, subpoena, or to cooperate with law enforcement and FDA regulatory audits.
  • Corporate Transactions: In the event of a merger, acquisition, restructuring, or sale of assets involving ForgeMeds Technologies, LLC, your information may be transferred as a business asset, subject to ongoing privacy protections.

V. Tracking Technologies, Cookies, and Analytics

The Platform uses cookies, web beacons, and tracking pixels (such as Google Analytics and Meta Pixel) to track general user behavior, optimize marketing campaigns, and prevent fraud.

Opt-Out & Do Not Track: You can configure your browser to reject cookies or alert you when cookies are being sent. We respect Global Privacy Control (GPC) signals where mandated by law. Please note that blocking cookies may restrict certain functionalities of the Client Dashboard. We do NOT use tracking pixels on secure pages where PHI is collected or displayed.

VI. HIPAA and Protected Health Information

As a technology provider for covered entities, ForgeMeds acts as a "Business Associate" under HIPAA. We deploy administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of your PHI.

For a complete explanation of how your medical information may be used and disclosed by the treating Medical Groups, and how you can get access to this information, please refer to the separate Notice of Privacy Practices (NPP) provided to you during your clinical onboarding.

VII. State-Specific Privacy Rights

Depending on your jurisdiction, you may possess additional rights regarding your non-PHI personal data:

  • Colorado Privacy Act (CPA): As a company operating and serving residents in Colorado, we grant Colorado consumers the right to access, correct, delete, and port their personal data. You also have the right to opt-out of targeted advertising and profiling.
  • California Privacy Rights Act (CPRA): California residents may request a disclosure of data collection categories, request deletion, limit the use of sensitive personal information, and opt-out of the "sharing" of personal data for cross-context behavioral advertising.
  • Other States: We extend similar data access, correction, and deletion rights to residents of Virginia (VCDPA), Connecticut (CTDPA), Utah (UCPA), and Nevada, strictly in accordance with their respective state laws.

To exercise these rights, please submit a verifiable consumer request via the contact methods listed in Section XI. We will not discriminate against you for exercising your privacy rights.

VIII. Data Security & Retention

We implement industry-standard encryption (e.g., AES-256 for data at rest and TLS 1.3 for data in transit) and maintain our database on SOC2 and HIPAA-compliant servers. While we strive to protect your data with the highest commercial standards, no electronic transmission over the internet can be guaranteed to be 100% secure.

We retain your personal information and PHI only for as long as necessary to fulfill the purposes outlined in this policy, or as mandated by federal and state medical record retention laws (typically 7 to 10 years).

IX. Children's Privacy

The ForgeMeds Platform is strictly intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18. If we become aware that we have collected personal data from a minor, we will take immediate steps to delete that information.

X. Changes to This Privacy Policy

ForgeMeds may update this Comprehensive Privacy Policy periodically to reflect changes in legal regulations, technology, or our business practices. All updates will be posted on this page with an amended "Effective Date." We encourage you to review this policy regularly.

XI. Contact Information

If you have questions regarding this Privacy Policy, wish to exercise your data rights, or need to contact our Data Protection Officer, please reach out to us at:

ForgeMeds Technologies, LLC

Corporate Registration:
c/o Northwest Registered Agent Service, Inc.
30 N Gould St Ste R
Sheridan, WY 82801

Operational Headquarters:
Colorado Springs, CO, United States

Email: privacy@forgemeds.com