BIOPHOENIX INC.

Website & Platform Privacy Policy

Effective Date: April 1, 2026  |  Last Revised: April 1, 2026  |  Jurisdiction: Delaware C-Corporation operating in New Jersey and all 50 states

BioPhoenix Inc. (“BioPhoenix,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website (biophoenixhealth.com), use our patient portal, or engage with our telehealth platform and related services (collectively, the “Platform”).

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THE TERMS OF THIS POLICY.

1. WHO WE ARE

BioPhoenix Inc. is a Delaware C-Corporation with its principal place of business in Barnegat, New Jersey. BioPhoenix operates as a marketing and management services organization (MSO). We are not a licensed medical practice, hospital, or pharmacy. Clinical services accessed through our Platform are provided exclusively by independent, licensed healthcare professionals and physician-owned professional corporations operating independently from BioPhoenix Inc.

For purposes of the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act, BioPhoenix functions as a Business Associate to our clinical platform partners who serve as the Covered Entities. Our clinical partners operate under separate Business Associate Agreements (BAAs) that govern the handling of Protected Health Information (PHI). This Privacy Policy addresses both our general privacy practices and our HIPAA obligations as a Business Associate.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information you voluntarily provide to us, including:

  • Identity and Contact Information: Full name, date of birth, gender, mailing address, email address, phone number, and government-issued identification for age and identity verification.
  • Health and Medical Information: Medical history, current medications, medication allergies, treatment goals, prior medical records, and responses to health intake questionnaires. This information constitutes Protected Health Information (PHI) under HIPAA.
  • Payment Information: Credit card numbers, ACH banking information, and billing address. Payment data is processed through PCI-DSS compliant third-party payment processors. BioPhoenix does not store complete credit card numbers on its servers.
  • Account Credentials: Username, password, and security question responses for your patient portal account.
  • Communications: Messages, emails, and other communications you send to us or your care team through the Platform.

2.2 Information Collected Automatically

When you access our Platform, we automatically collect:

  • Technical Data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
  • Usage Data: Pages visited, features accessed, time spent on pages, click paths, and session duration.
  • Cookie and Tracking Data: Information collected through cookies, web beacons, pixel tags, and similar technologies. See Section 9 for our complete Cookie Policy.
  • Location Data: General geographic location derived from IP address. We do not collect precise GPS location without your explicit consent.

2.3 Information from Third Parties

We may receive information about you from:

  • Clinical Platform Partners: Our contracted telehealth platform vendors (including healthcare technology companies that host our patient management and provider systems) may share de-identified operational data and referral tracking information consistent with applicable law and BAA terms.
  • Laboratory Partners: If you participate in lab-based monitoring programs, laboratory results may be transmitted to your care team through our clinical partners’ systems.
  • Affiliate and Referral Partners: Non-clinical marketing partners may provide us with contact information when you are referred to our services through their platforms.
  • Analytics Providers: Third-party analytics services may provide aggregated and de-identified data about Platform usage.

3. HOW WE USE YOUR INFORMATION

3.1 To Provide and Operate Our Services

  • Creating and managing your patient portal account.
  • Facilitating your connection to licensed healthcare providers for telehealth consultations.
  • Processing subscription enrollment, billing, and payment.
  • Coordinating prescription fulfillment with licensed compounding pharmacies through your care team.
  • Sending appointment reminders, treatment reminders, and care follow-up communications.
  • Providing customer support and responding to your inquiries.

3.2 For Business Operations

  • Analyzing Platform usage to improve our services and user experience.
  • Conducting quality assurance and compliance reviews.
  • Preventing fraud, unauthorized access, and other illegal activity.
  • Complying with legal obligations and regulatory requirements.
  • Enforcing our Terms of Service and other agreements.

3.3 For Marketing and Communications (with your consent)

  • Sending promotional emails, newsletters, and wellness content if you have opted in.
  • Conducting remarketing and advertising campaigns through compliant paid advertising platforms.
  • Personalizing content and recommendations based on your program participation.

You may opt out of marketing communications at any time by clicking ‘Unsubscribe’ in any marketing email or contacting us at privacy@aadilk.com. Opting out of marketing communications does not affect transactional communications related to your active care program.

3.4 What We Will NEVER Do With Your Information

BioPhoenix will never sell, rent, or trade your personal information or Protected Health Information to third parties for their marketing purposes. We do not monetize your health data.

4. HIPAA NOTICE OF PRIVACY PRACTICES

THIS SECTION CONSTITUTES YOUR NOTICE OF PRIVACY PRACTICES UNDER THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) AND THE HITECH ACT.

4.1 Protected Health Information (PHI)

Protected Health Information (PHI) is health information that can identify you as an individual and relates to: (1) your past, present, or future physical or mental health condition; (2) the provision of health care to you; or (3) past, present, or future payment for health care. PHI includes information transmitted or maintained in any form, including electronic PHI (ePHI).

4.2 Permissible Uses and Disclosures of PHI

As a Business Associate, BioPhoenix may use and disclose your PHI only as permitted by our BAAs with our clinical partners and as required by applicable law. Permitted uses include:

  • Treatment: Disclosing PHI to licensed healthcare providers to facilitate your telehealth consultations and care coordination.
  • Operations: Using PHI for quality assurance, compliance, and administrative functions necessary to operate the Platform.
  • Business Associate Functions: Using PHI to perform contracted services on behalf of our clinical platform partners, consistent with BAA terms.
  • Required by Law: Disclosing PHI when required by federal or state law, court order, or government investigation.
  • Public Health Activities: Reporting to public health authorities as required by law (e.g., mandatory disease reporting).
  • Abuse or Neglect Reporting: Disclosing PHI to government authorities authorized to receive reports of abuse, neglect, or domestic violence.

4.3 Uses and Disclosures Requiring Your Authorization

The following uses and disclosures require your written authorization:

  • Most uses and disclosures of PHI for marketing purposes.
  • Sale of PHI.
  • Uses and disclosures of psychotherapy notes.
  • Uses and disclosures beyond what is permitted under HIPAA’s Treatment, Payment, and Operations provisions.

You may revoke any authorization in writing at any time, except to the extent we have already acted in reliance on it.

4.4 Your HIPAA Rights

You have the following rights regarding your PHI:

  • Right to Access: You have the right to inspect and obtain a copy of your PHI. We will respond to written access requests within 30 days. Requests should be submitted to privacy@aadilk.com.
  • Right to Amend: You may request that we amend inaccurate or incomplete PHI. We will respond within 60 days and may deny requests in limited circumstances.
  • Right to Accounting of Disclosures: You may request a list of disclosures of your PHI made by us or our clinical partners for purposes other than treatment, payment, or operations, for the six years prior to your request.
  • Right to Restrict: You may request restrictions on certain uses and disclosures of your PHI. We are not required to agree to all restrictions, except when you have paid out-of-pocket and request restriction of disclosure to a health plan.
  • Right to Confidential Communications: You may request that we communicate with you through alternative means or at alternative locations (e.g., contact only by email, not phone).
  • Right to a Paper Copy: You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
  • Right to Notification of Breach: In the event of a breach of your unsecured PHI, we will notify you as required by HIPAA’s Breach Notification Rule within 60 days of discovering the breach.

4.5 HIPAA Complaints

If you believe your privacy rights under HIPAA have been violated, you may file a complaint with BioPhoenix at privacy@aadilk.com or with the U.S. Department of Health and Human Services Office for Civil Rights at:

HHS Office for Civil Rights | 200 Independence Avenue, S.W. | Washington, D.C. 20201 | 1-877-696-6775 | www.hhs.gov/ocr

We will not retaliate against you for filing a complaint.

5. HOW WE SHARE YOUR INFORMATION

5.1 Clinical Platform Partners

We share PHI with our contracted clinical platform vendors (including the licensed telehealth technology companies and provider networks we partner with) pursuant to executed Business Associate Agreements. These partners access PHI only as necessary to provide telehealth services and are contractually obligated to protect it.

5.2 Compounding Pharmacies

Prescription orders and necessary patient information are transmitted to licensed compounding pharmacies through our clinical partners’ secure e-prescribing systems. Pharmacies receive only the minimum necessary information to fulfill your prescription.

5.3 Service Providers

We engage third-party service providers who process data on our behalf, including:

  • Payment processors (PCI-DSS compliant)
  • Cloud hosting and data storage providers
  • Email service providers
  • Analytics and performance monitoring platforms
  • Customer relationship management (CRM) software providers

All service providers are contractually bound by data processing agreements requiring them to process your data only on our instructions and in compliance with applicable law.

5.4 Legal Requirements

We may disclose your information when required by applicable law, court order, government investigation, or when we reasonably believe disclosure is necessary to protect our legal rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5.5 Business Transfers

If BioPhoenix undergoes a merger, acquisition, reorganization, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any changes to this Privacy Policy that may result.

6. DATA SECURITY

BioPhoenix implements and maintains administrative, technical, and physical safeguards designed to protect your personal information and PHI from unauthorized access, use, disclosure, alteration, or destruction. Our security measures include:

  • Encryption of PHI and ePHI in transit (TLS 1.2+) and at rest (AES-256).
  • Access controls and role-based permissions limiting PHI access to authorized personnel.
  • Regular security risk assessments and vulnerability testing as required by the HIPAA Security Rule.
  • Employee training on HIPAA compliance, data security, and privacy obligations.
  • Business Associate Agreements with all vendors that access PHI.
  • Audit logs tracking access to and modifications of PHI.
  • Incident response and data breach notification procedures.

Despite our best efforts, no security system is impenetrable. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at security@aadilk.com.

7. DATA RETENTION

We retain your personal information and PHI for as long as necessary to provide our services, comply with applicable legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Medical Records and PHI: Minimum of 7 years from the date of service, or as required by applicable state law, whichever is longer. New Jersey law requires retention of adult patient records for 7 years.
  • Account Information: Retained for the duration of your active account plus 3 years following account closure.
  • Payment Records: Retained for 7 years for accounting and tax compliance purposes.
  • Marketing Data: Retained until you opt out or request deletion, subject to legal retention requirements.

Following expiration of the applicable retention period, we will securely destroy or de-identify your information.

8. YOUR PRIVACY RIGHTS

Depending on your state of residence, you may have additional privacy rights beyond those provided by HIPAA:

8.1 California Residents (CCPA/CPRA)

California residents have the right to: (1) know what personal information we collect, use, and disclose; (2) delete personal information we hold about them (subject to legal exceptions); (3) opt out of the sale of personal information (we do not sell personal information); (4) non-discrimination for exercising their privacy rights; and (5) correct inaccurate personal information. To exercise these rights, contact privacy@aadilk.com.

8.2 New Jersey Residents (NJDPA)

New Jersey residents have rights under the New Jersey Data Protection Act effective January 15, 2025, including rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of targeted advertising, sale of personal data, and profiling.

8.3 All Users — General Rights

Regardless of location, you may contact us at any time to:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate personal information.
  • Request deletion of your personal information (subject to legal retention requirements).
  • Opt out of marketing communications.
  • Withdraw consent for non-essential data processing.

To exercise these rights, submit a verified request to privacy@aadilk.com. We will respond within 30 days. We may require identity verification before processing certain requests.

9. COOKIES AND TRACKING TECHNOLOGIES

Our Platform uses cookies and similar tracking technologies to operate, analyze, and improve our services and to support compliant advertising activities.

9.1 Types of Cookies We Use

  • Essential Cookies: Required for Platform functionality (login sessions, security tokens). These cannot be disabled.
  • Analytics Cookies: Track user behavior in aggregate to help us understand Platform usage and improve performance (e.g., Google Analytics configured for IP anonymization).
  • Marketing and Remarketing Cookies: Support targeted advertising through compliant platforms. ONLY active for non-PHI web traffic; never used in authenticated patient portal sessions. All marketing tracking is restricted to general website activity, not clinical care activity.
  • Preference Cookies: Remember your settings and preferences.

9.2 Cookie Controls

You can control cookies through your browser settings. Note that disabling certain cookies may affect Platform functionality. We honor Global Privacy Control (GPC) signals where required by law.

IMPORTANT: We NEVER permit advertising pixels, remarketing tags, or third-party tracking technologies to operate within the authenticated patient portal. These technologies are strictly limited to the public-facing marketing website.

10. MINORS

Our Platform is intended exclusively for adults 18 years of age or older. We do not knowingly collect personal information from individuals under 18. All patients are required to verify they are at least 18 (or the age of majority in their state of residence, if higher) before accessing clinical services. If we discover that we have inadvertently collected information from a minor, we will promptly delete it. If you believe we have collected information from a minor, please contact privacy@aadilk.com immediately.

11. THIRD-PARTY LINKS

Our Platform may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. INTERNATIONAL USERS

BioPhoenix is operated from the United States and is intended for U.S. residents only. We currently do not offer services to residents outside the United States. If you access our Platform from outside the United States, you do so at your own risk and acknowledge that your information will be processed in the United States.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by: (1) posting a prominent notice on our website; (2) sending an email notification to your registered email address; and/or (3) updating the ‘Effective Date’ at the top of this policy. Your continued use of the Platform following notice of changes constitutes your acceptance of the updated policy.

14. CONTACT US

For privacy-related questions, concerns, or to exercise your rights, contact our Privacy Officer:

BioPhoenix Inc. | Privacy Officer

Email: privacy@aadilk.com

Mailing Address: BioPhoenix Inc., Barnegat, New Jersey 08005

Response Time: We respond to all privacy inquiries within 5 business days and honor formal rights requests within 30 days.

This Privacy Policy was drafted in accordance with HIPAA (45 C.F.R. Parts 160 & 164), the HITECH Act, New Jersey Data Protection Act, California Consumer Privacy Act/CPRA, FTC Act Section 5, and applicable state telehealth privacy laws. This document does not constitute legal advice. BioPhoenix Inc. has engaged qualified healthcare legal counsel (Lengea Law) for formal legal compliance review.

BioPhoenix Inc. is a marketing and management services organization. We are not a medical practice, pharmacy, or licensed healthcare provider. All clinical services are provided by independent, licensed healthcare professionals operating through licensed physician-owned professional corporations. All medical consultations are performed exclusively by licensed medical providers. Prescriptions are issued at the sole discretion of treating physicians and are not guaranteed. Medications are dispensed by licensed compounding pharmacies. BioPhoenix services are not available to individuals under 18 years of age. These services are not a substitute for emergency care. If you are experiencing a medical emergency, call 911 immediately.BioPhoenix is not a covered entity under HIPAA. Your health information is handled pursuant to our Privacy Policy and Business Associate Agreements with our clinical partners.

Facebook-f X-twitter Instagram
  • BARNEGAT NJ 08005
Resources
Our Services
Quick Links
©2026 BioPhoenix Inc. All Rights Reserved.