This Privacy Policy describes how Bidwell Health LLC, a Florida limited liability company ("Bidwell Health," "we," "us," or "our"), collects, uses, and protects your information when you use our asynchronous telehealth platform. Protecting your health information is central to how we operate, and this policy explains your rights and our obligations under HIPAA and applicable state law.
Information We Collect
When you use Bidwell Health, we collect the following information to facilitate your care:
Full name and date of birth
Email address and phone number
Current symptoms and medical history
Current medications and known allergies
Preferred pharmacy for prescriptions
Payment information (processed securely via Stripe — we never store card numbers directly)
How We Use Your Information
Your information is used exclusively for the following purposes:
Treatment: To enable licensed providers to evaluate your symptoms, make diagnoses, and prescribe appropriate treatment
Payment processing: To securely process your visit payment through Stripe
Communication: To send visit confirmations, provider responses, prescription updates, and important account notifications
HIPAA Compliance
Bidwell Health is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA). All Protected Health Information (PHI) is handled in accordance with HIPAA regulations.
All PHI is encrypted both in transit (TLS 1.2+) and at rest
Access to patient data is strictly limited to authorized treating providers
We maintain administrative, physical, and technical safeguards to protect your health information
Our team members are trained on HIPAA privacy and security requirements
Data Sharing
We do not sell, rent, or trade your personal or health information. Your data is shared only with:
Treating providers: Licensed clinicians who review and respond to your visit
Pharmacy (via DoseSpot): Your selected pharmacy receives prescription information electronically through our e-prescribing partner DoseSpot
Payment processor (Stripe): Payment details are transmitted directly to Stripe for secure transaction processing
We will never sell your data to third parties, advertisers, or data brokers.
Data Security
We employ industry-standard security measures to protect your information:
Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption
Encryption at rest: All stored data is encrypted using AES-256 encryption
Infrastructure: Our platform is built on Supabase with row-level security policies and secure database access controls
Payment security: Stripe handles all payment processing and is PCI DSS Level 1 compliant — the highest level of certification
Your Rights
You have the following rights regarding your personal and health information:
Access: You may request a copy of the personal and health information we hold about you
Correction: You may request corrections to any inaccurate or incomplete information
Deletion: You may request deletion of your account and associated data, subject to legal retention requirements