Privacy Policy
Effective Date: April 1, 2026 · AccessRx / August Aisles LLC
Your Privacy Matters: We do not sell your personal information or Protected Health Information (PHI) to anyone, ever. This policy explains exactly what we collect, how we use it, and your rights.
1. Introduction
August Aisles LLC, operating as AccessRx ("ASRX," "we," "us," or "our"), provides this Privacy Policy to explain how we collect, use, disclose, and protect information about you when you use the ASRX platform at asrx.health (the "Platform").
ASRX is a healthcare access and coordination platform. Because we facilitate access to healthcare services, we handle sensitive health information in addition to standard personal data. We take both your privacy and the security of your health information seriously.
This Privacy Policy applies to all information we collect through the Platform and through any related communications with you. By using the Platform, you consent to the collection and use of your information as described herein.
This Privacy Policy is incorporated into and subject to our Terms of Service.
2. Information We Collect
We collect information in the following categories:
Account & Identity Information
- Full legal name
- Email address
- Phone number
- Date of birth
- Mailing address (for medication delivery)
- Account credentials (username and encrypted password)
Health & Medical Information (PHI)
The following information constitutes Protected Health Information (PHI) under HIPAA and is subject to heightened protections:
- Health history and medical background provided during intake
- Current symptoms, health goals, and reported conditions
- Current medications and supplements
- Allergies and contraindications
- Lab results or documents you upload
- Communications with your assigned healthcare provider
- Treatment plans, prescriptions, and clinical notes from your provider
Payment Information
- Credit or debit card information (processed by our PCI-compliant payment processor — ASRX does not store full card numbers)
- Billing address
- Transaction history
Usage & Technical Data
- Pages and features accessed, time spent on the Platform
- Device type, operating system, and browser
- IP address and approximate geographic location (state-level)
- Referring URLs and navigation paths
Communications
- Messages sent to our support team
- Secure messages exchanged with your healthcare provider through the Platform
- Feedback or survey responses
3. How We Use Your Information
We use the information we collect for the following purposes:
- Platform Services: To create and manage your account, process intake forms, and facilitate your connection with an independently licensed healthcare provider.
- Clinical Coordination: To transmit your health information to the licensed provider reviewing your case and to the licensed compounding pharmacy fulfilling your prescription.
- Billing & Payments: To process subscription payments, manage billing cycles, and send receipts and billing notices.
- Communications: To send you platform-related notifications, prescription status updates, provider messages, and medical communications relevant to your care. We do not use your email for advertising third-party products.
- Customer Support: To respond to inquiries, resolve disputes, and troubleshoot issues.
- Platform Improvement: To analyze usage patterns in aggregate and improve Platform features and user experience. This analysis is performed on anonymized or de-identified data where possible.
- Legal & Safety Compliance: To comply with applicable laws, regulations, and court orders, and to protect the rights, safety, and property of ASRX, our users, and the public.
We do not use your health information for advertising, marketing profiling, or sale to data brokers under any circumstances.
4. HIPAA Notice of Privacy Practices
HIPAA Notice of Privacy Practices — Summary
This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Your Rights Regarding Your Health Information:
- Right to Access: You have the right to inspect and obtain a copy of your PHI held by ASRX and your treating providers. Requests must be submitted in writing to hello@asrx.health. We will respond within 30 days.
- Right to Amend: If you believe your PHI is inaccurate or incomplete, you may request an amendment. We may deny the request if the information was not created by us, is not part of our records, or is accurate and complete as recorded.
- Right to an Accounting: You may request a list of disclosures we have made of your PHI, other than those for treatment, payment, and healthcare operations.
- Right to Restrict: You may request restrictions on how we use or disclose your PHI. We are not required to agree to all restrictions, but will notify you of our decision.
- Right to Confidential Communications: You may request that we communicate with you about your PHI in a specific way or to a specific location.
- Right to a Paper Copy: You may request a paper copy of this Notice at any time.
Our Permitted Uses and Disclosures of PHI:
- Treatment: We disclose your PHI to independently licensed physicians and other providers for the purpose of evaluating your health and making clinical decisions.
- Payment: We use your PHI to process billing and coordinate payment for services.
- Healthcare Operations: We may use and disclose PHI to evaluate the quality of care coordination, conduct compliance activities, and train staff, all under strict confidentiality requirements.
- Prescription Fulfillment: We share relevant PHI (including your prescription) with the licensed compounding pharmacy fulfilling your prescription.
- As Required by Law: We may disclose PHI when required to do so by applicable federal, state, or local law, including in response to valid court orders or government investigations.
Disclosures We Will NOT Make Without Your Written Authorization:
- Sale of your PHI
- Use of PHI for marketing purposes
- Disclosure of psychotherapy notes (if applicable)
- Any other disclosures not described in this Notice
To exercise any of your HIPAA rights or to file a complaint, contact us at hello@asrx.health. You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr. We will not retaliate against you for filing a complaint.
5. How We Share Your Information
We do not sell, rent, or trade your personal information or Protected Health Information to any third party for commercial purposes. We share information only in the following circumstances:
- Treating Healthcare Providers: Your health intake information and relevant PHI is shared with the independently licensed physician or provider assigned to evaluate your case. This sharing is necessary to provide the healthcare coordination service you have requested.
- Compounding Pharmacies: Upon issuance of a valid prescription by your provider, we transmit your prescription and necessary shipping information to the licensed compounding pharmacy fulfilling your order.
- Service Providers (Business Associates): We share limited information with trusted third-party vendors who help operate the Platform, including payment processors (PCI-DSS compliant), cloud hosting providers, and customer support tools. All such vendors are required to sign Business Associate Agreements (BAAs) where required by HIPAA and are contractually prohibited from using your data for any purpose other than providing services to ASRX.
- Legal Compliance: We may disclose information when required by law, court order, subpoena, or governmental authority, or when we believe disclosure is necessary to protect the safety of any person or to investigate fraud or security concerns.
- Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of ASRX's assets, your information may be transferred to the successor entity, subject to the same privacy protections described in this Policy. You will be notified of any such transfer.
- With Your Consent: We may share information for other purposes with your explicit prior written consent.
6. Data Security
We implement comprehensive administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:
- Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. Data stored at rest is encrypted using AES-256 bit encryption.
- HIPAA-Compliant Infrastructure: Our platform is hosted on HIPAA-compliant cloud infrastructure with audit logging, access controls, and regular security reviews.
- Access Controls: Access to PHI is restricted on a need-to-know basis. Staff and contractors with access to health information undergo HIPAA training and are subject to confidentiality obligations.
- Payment Security: Payment card data is processed by a PCI DSS-compliant payment processor. ASRX does not store full credit card numbers on our servers.
- Incident Response: In the event of a data breach that involves your PHI or personal information, we will notify you in accordance with applicable HIPAA Breach Notification Rule requirements and relevant state data breach notification laws.
While we take extensive precautions, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security of your information, but we are committed to maintaining the highest practical level of protection.
7. Cookies and Tracking
ASRX uses a minimal and functional approach to cookies and tracking technologies:
- Functional Cookies: We use cookies that are strictly necessary for the Platform to operate — including session authentication tokens, security cookies, and user preference settings. These cookies are required and cannot be disabled without affecting your ability to use the Platform.
- Analytics Cookies: We use basic, privacy-respecting analytics to understand aggregate Platform usage patterns (e.g., which pages are visited, general traffic volume). This data is anonymized and not used for advertising profiling.
- No Advertising or Cross-Site Tracking: We do not use advertising cookies, tracking pixels, or third-party ad network technologies. We do not track you across other websites. We do not participate in behavioral advertising networks.
- No Social Media Tracking: We do not embed social media tracking pixels (e.g., Meta Pixel, TikTok Pixel) on the Platform.
You may control cookie settings through your browser. Disabling functional cookies will impair your ability to log in and use the Platform. Disabling analytics cookies will not affect Platform functionality.
8. Your Rights
You have the following rights with respect to your personal information held by ASRX. To exercise any of these rights, contact us at hello@asrx.health. We will respond within 30 days.
- Right to Access: You may request a copy of the personal information and PHI we hold about you. We will provide it in a portable, readable format.
- Right to Correction: If your personal information is inaccurate or incomplete, you have the right to request that we correct it. We will honor reasonable requests within 30 days.
- Right to Deletion: You may request that we delete your personal information and account. We will comply unless we are required to retain certain information by law, for legitimate business purposes (e.g., resolving disputes), or to fulfill outstanding medical or pharmacy orders. Health records may be subject to minimum retention requirements under applicable state law.
- Right to Restrict Processing: You may request that we limit how we use your information in certain circumstances.
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
- HIPAA Rights: As described in Section 4 of this Policy, you have specific rights under HIPAA with respect to your PHI, including rights to access, amend, and receive an accounting of disclosures.
We will not discriminate against you for exercising any of these rights.
9. Children's Privacy
The ASRX Platform is intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18. If you are under 18, do not use the Platform or submit any information to us.
If we become aware that we have inadvertently collected personal information from a person under 18, we will promptly delete that information from our records. If you believe we may have information from or about a minor, please contact us immediately at hello@asrx.health.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes to this Policy, we will:
- Post the updated Policy on the Platform with a new "Effective Date" at the top;
- Send an email notification to your registered email address.
Your continued use of the Platform after the effective date of the updated Policy constitutes your acceptance of the revised terms. If you do not agree with the changes, you should discontinue use of the Platform and delete your account before the effective date.
The current version of this Privacy Policy is always available at asrx.health/privacy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or your HIPAA rights, please contact us:
Email: hello@asrx.health
Company: August Aisles LLC (operating as AccessRx / ASRX)
Address: Houston, TX
Platform: asrx.health
For HIPAA-related complaints, you may also contact:
U.S. Department of Health & Human Services
Office for Civil Rights
hhs.gov/ocr/complaints
1-800-368-1019
This Privacy Policy was last updated on April 1, 2026. Prior versions are available upon request.