Legal

Privacy Policy

Effective Date: March 21, 2026 Operated by InventRx Inc.

On This Page

  1. Information We Collect
  2. How We Use Your Information
  3. Data Security
  4. HIPAA Compliance
  5. Third-Party Services
  6. Cookies & Tracking
  7. Children's Privacy
  8. Changes to This Policy
  9. Contact Us

VendRx is a healthcare technology platform operated by InventRx Inc. ("we," "us," or "our"). We are committed to protecting the privacy and security of the information entrusted to us by patients, healthcare providers, and visitors to our website. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data.

By accessing or using VendRx's website, services, or automated dispensing systems, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

Section 01

Information We Collect

We collect information in several ways depending on how you interact with VendRx:

Information you provide directly:

  • Contact information such as name, email address, phone number, and organization when you submit an inquiry or request a demo.
  • Professional credentials or facility details provided by healthcare providers engaging with our platform.
  • Communications you send us via email or contact forms.

Information collected automatically:

  • Browser type, IP address, device identifiers, and operating system when you visit our website.
  • Pages visited, time spent on pages, referring URLs, and other usage analytics.
  • Cookie and similar tracking technology data (see Section 6).

Information related to dispensing transactions:

  • Prescription verification data processed through pharmacist-reviewed workflows.
  • Dispense event logs for regulatory compliance and audit purposes.
  • Machine operational telemetry for remote monitoring and maintenance.

VendRx machines do not store Protected Health Information (PHI) locally. All prescription and patient data is processed and stored in secure, HIPAA-compliant cloud infrastructure. No PHI resides on the physical dispensing unit.

Section 02

How We Use Your Information

We use the information we collect for the following purposes:

  • To operate, maintain, and improve the VendRx platform and automated dispensing services.
  • To respond to inquiries, provide customer support, and communicate with healthcare partners.
  • To process and fulfill prescription dispensing transactions in accordance with applicable law and pharmacist oversight requirements.
  • To send administrative communications, service updates, or changes to our policies.
  • To comply with legal and regulatory obligations, including state pharmacy board requirements and federal healthcare law.
  • To analyze usage patterns and improve the performance, safety, and accessibility of our services.
  • To detect, investigate, and prevent fraudulent transactions or unauthorized access.

We do not sell your personal information to third parties. We do not use patient health information for marketing purposes.

Section 03

Data Security

The security of your information is a priority for VendRx. We implement and maintain administrative, physical, and technical safeguards designed to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption of data in transit using industry-standard TLS protocols.
  • Encryption of data at rest within our cloud infrastructure.
  • Role-based access controls limiting data access to authorized personnel only.
  • Regular security assessments and penetration testing of our systems.
  • Audit logging of all system access and transaction events.
  • Business continuity and disaster recovery planning.

Because VendRx machines operate on a cloud-first architecture, no sensitive patient or prescription data is stored locally on the physical unit. This design minimizes exposure at the point of care and ensures data integrity across all deployments.

While we strive to use commercially reasonable means to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use secure connections when accessing any online service.

Section 04

HIPAA Compliance

VendRx operates within the healthcare industry and recognizes its obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.

Where VendRx acts as a Business Associate of a Covered Entity (such as a hospital, urgent care clinic, or pharmacy), we enter into a Business Associate Agreement (BAA) as required by HIPAA. These agreements define our obligations with respect to the use, disclosure, and safeguarding of Protected Health Information (PHI).

Our HIPAA compliance program includes:

  • Designated privacy and security personnel responsible for policy implementation and oversight.
  • Workforce training on HIPAA requirements and privacy best practices.
  • Policies and procedures governing the access, use, and disclosure of PHI.
  • A breach notification process in accordance with HIPAA requirements and applicable state law.
  • Regular risk analyses to identify and address potential vulnerabilities in our systems.

If you believe your health information has been improperly accessed or disclosed, please contact us immediately at info@vend-rx.com.

Section 05

Third-Party Services

VendRx may engage trusted third-party service providers to assist in operating our platform and delivering our services. These providers may have access to certain information only to the extent necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of that information.

Categories of third-party service providers we may use include:

  • Cloud infrastructure and hosting providers (e.g., data storage, compute services).
  • Analytics platforms used to understand website and platform usage.
  • Customer relationship management (CRM) and communication tools.
  • Payment processors for billing and invoicing with healthcare partners.
  • Pharmacy management system integrations required for prescription verification workflows.

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party services you access through our platform.

Section 06

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze traffic, and understand how visitors interact with our content. A cookie is a small text file placed on your device when you visit a website.

We use the following types of cookies:

  • Essential cookies — necessary for the website to function properly. These cannot be disabled.
  • Analytics cookies — help us understand how visitors use our site so we can improve it. Data collected is aggregated and anonymized.
  • Preference cookies — remember your settings and choices to provide a more personalized experience.

Most web browsers allow you to control cookies through their settings. You may choose to disable cookies, though doing so may affect certain features of our website. Opting out of analytics cookies does not affect the core functionality of our services.

We do not use cookies to collect or store any Protected Health Information.

Section 07

Children's Privacy

VendRx's website and digital services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at info@vend-rx.com and we will take steps to remove that information promptly.

For minors who receive prescription medications through a VendRx-enabled facility, all dispensing is subject to the oversight and authorization of a licensed pharmacist and the prescribing provider, consistent with applicable state and federal law.

Section 08

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.

Your continued use of VendRx's website or services after the posting of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, please discontinue use of our services and contact us to discuss your concerns.

Section 09

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the way we handle your information, please reach out to us. We are committed to addressing your inquiries promptly and transparently.

VendRx Privacy Team

Operated by InventRx Inc. — Questions about your privacy or this policy? We're here to help.

info@vend-rx.com
(310) 903-2871