This policy governs the myrxwallet.io Website and early access list only. Platform member data will be governed by a separate HIPAA Notice of Privacy Practices at launch.
MyRxWallet North America Corporation (“MyRxWallet,” “we,” “us,” or “our”) is a Wyoming corporation designing the first healthcare platform built to compensate patients and providers for the health data the industry has been monetizing without them. We take your privacy seriously — not as a legal obligation, but as a founding principle.
This Privacy Policy describes what information we collect from visitors to myrxwallet.io (the “Website”) and individuals who join our early access list, how we use and protect that information, and what rights you have with respect to it. It applies to all information collected through our Website and related email communications.
This Privacy Policy governs the Website only. When the MyRxWallet platform launches and members enroll, member health data will be governed by a separate Notice of Privacy Practices issued under HIPAA, and by member-facing terms of service. See Section 7.
By using our Website or submitting your information, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Website or submit your information.
The MyRxWallet platform is currently in active development. The platform has not launched. No patients are enrolled. We do not hold any protected health information (PHI), genomic data, prescription records, electronic health records, or any other member health data.
The only personal information we currently collect from Website visitors is:
When the platform launches, our data collection and processing practices will expand significantly. We will update this Privacy Policy before those new practices begin. Early access list subscribers will receive advance notice of material updates per Section 15.
Early Access List. If you submit our early access sign-up form, we collect your email address and ZIP code. Submission is entirely voluntary. You may decline to register and still visit the Website.
Communications. If you contact us by email or through any contact form, we collect the contents of your communication and any personal information you choose to include.
When you visit our Website, certain technical information is collected automatically through standard web server logs and, where enabled, analytics tools:
This information is used in aggregate or pseudonymized form to understand how visitors use our Website and to improve the user experience. It is not used to identify you personally without your consent.
See Section 5 for details on cookies and tracking technologies.
We do not currently collect: protected health information (PHI) of any kind; prescription records, medical history, or electronic health records; genetic or genomic data; financial account, payment card, or banking information; Social Security numbers or government-issued identification numbers; biometric data; or personal information from children under 13.
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Send launch updates to early access subscribers | Consent (explicit at sign-up) | Email address |
| Analyze Website traffic and improve user experience | Legitimate interests | IP address, page views, device/browser info |
| Detect and prevent fraud, spam, and abuse | Legitimate interests | IP address, email address |
| Comply with legal obligations | Legal obligation | As required by applicable law |
| Notify you of material changes to this Privacy Policy | Consent / Legitimate interests | Email address |
We will never use your email address for any purpose other than launch communications and policy update notifications without your separate, explicit consent. We will never sell your email address or any other personal information to third parties.
Cookies are small text files placed on your device by websites you visit. They allow the website to remember information about your visit, improving both your experience and the site's functionality.
| Category | Description | Opt-Out |
|---|---|---|
| Essential / Strictly Necessary | Required for basic Website functionality (form submission, session security). Without these cookies, certain features cannot work. | No — required |
| Analytics / Performance | Collect anonymized or pseudonymized data about how visitors use the Website. Used to improve the Website, not to identify individuals. | Yes |
| Functional | Remember preferences you set (if any) to provide a more personalized experience. | Yes |
We do not use advertising, tracking, or cross-site behavioral advertising cookies. We do not use cookies that track you across third-party websites for commercial purposes.
You can control cookies through your browser settings. Most browsers allow you to view, block, and delete cookies. Residents of the EU/EEA/UK and other jurisdictions with applicable cookie consent laws will be presented with a consent banner before non-essential cookies are placed on their device.
If you join the early access list, you will receive: MyRxWallet platform launch updates and milestone announcements; and advance notice of material changes to this Privacy Policy.
We will use your email address to send you launch updates and nothing else. You will not receive promotional emails from third-party advertisers, commercial offers unrelated to MyRxWallet, or communications sold to other companies. We mean this commitment absolutely.
We use SendGrid (a Twilio company) to deliver email communications to early access list subscribers. SendGrid processes email addresses as a data processor acting under our instructions. SendGrid does not have the right to use early access subscriber email addresses for its own purposes.
Every email we send includes an unsubscribe link. Click it to remove yourself from launch communications at any time. Removal from email communications will be processed within a commercially reasonable time (typically within 10 business days). You may also request deletion of your information entirely by contacting privacy@myrxwallet.io. See Section 10 for our data retention practices.
MyRxWallet does not currently hold, process, or transmit any protected health information (PHI) as defined under HIPAA (45 C.F.R. Parts 160 and 164). The platform has not launched. No patients are enrolled. Early access list registrations (email address + ZIP code) are not PHI.
When the MyRxWallet platform launches and begins processing member health data, we anticipate operating as a HIPAA-covered entity or business associate depending on the specific data flows involved. At that time, we will:
If you contact us and voluntarily describe your health situation, we will treat that information as confidential. However, such communications are not formally governed by HIPAA until the platform has launched and a member relationship is established under a signed member agreement and HIPAA authorization.
We do not collect any genetic or genomic data through this Website or the early access list. Genetic data integration is planned as an optional, opt-in feature for enrolled members after the platform launches, subject to HIPAA Expert Determination de-identification requirements and applicable state and federal genetic privacy laws.
When genetic data collection begins (and only with explicit member opt-in consent), we are committed to compliance with the following:
Federal law: Genetic Information Nondiscrimination Act (GINA) (42 U.S.C. § 2000ff et seq.); HIPAA as applied to genetic information in covered entity operations.
State laws (representative; not exhaustive): California GIPA (Cal. Health & Safety Code §§ 24000–24010); Illinois GIPA (410 ILCS 513); Texas Genetic Privacy Act (Tex. Health & Safety Code § 58A); Washington My Health MY Data Act (SB 1155); Florida, Nevada, Colorado, Connecticut, Virginia, Oregon: comparable genetic and consumer health data protections under applicable state law.
We monitor state genetic privacy legislation and will comply with applicable law in every state where members reside.
Regardless of applicable law minimums: Member genetic data will never be sold to third parties without explicit, separately executed written consent. Genetic data licensing for pharmaceutical research will be conducted only under HIPAA-compliant de-identification, individual member consent, and the platform's royalty structure (85% of licensing revenue to the member). Members will retain the right to revoke consent for genetic data use at any time.
We do not sell your personal information. Period.
| Recipient | Purpose | Data Shared |
|---|---|---|
| SendGrid (Twilio) | Email delivery — data processor under our instruction | Email address |
| Website hosting / analytics providers | Website operations; performance and traffic analytics | IP address, device/browser info (aggregate or pseudonymized) |
| Legal and regulatory authorities | Response to valid legal process (court orders, subpoenas, regulatory requests) | As required by applicable law |
We do not share personal information with other third parties except as described above or with your explicit consent.
When the platform launches, information sharing will expand to include licensed buyers of de-identified research data (pharmaceutical companies, research institutions, healthcare organizations) acting under member-by-member consent and the platform's royalty structure. That expanded sharing will be fully described in member-facing disclosures at launch.
If MyRxWallet is involved in a merger, acquisition, restructuring, or sale of all or a portion of its assets, your personal information may be transferred to a successor entity. We will provide notice via email and/or prominent Website notice before your information becomes subject to a materially different privacy policy, and you will have the opportunity to delete your information prior to any such transfer.
| Data Category | Retention Period |
|---|---|
| Early access list (email + ZIP) | Until you unsubscribe; or until platform launch and you complete enrollment or affirmatively decline; or upon verified deletion request |
| Website analytics / server log data | Up to 24 months in aggregated or pseudonymized form |
| Unsubscribe records | Retained indefinitely to honor your preference and comply with CAN-SPAM and similar anti-spam obligations |
| Inquiry / correspondence | Up to 3 years, or as required by applicable law |
| Legal hold | For the duration required by applicable legal obligation, litigation hold, or regulatory investigation |
You may request deletion of your personal information at any time by emailing privacy@myrxwallet.io with “Deletion Request” in the subject line. We will process your request within 30 days (or within the shorter period required by applicable law for California, EU/EEA/UK, and other residents). We will confirm deletion in writing.
Exceptions: We may retain certain information as required to comply with legal obligations, resolve disputes, enforce our agreements, or prevent fraud, even after a deletion request.
If you are a California resident, CCPA/CPRA grants you: Right to Know (categories and specific pieces of personal information collected); Right to Delete (subject to limited exceptions); Right to Correct inaccurate personal information; Right to Opt Out of Sale or Sharing (we do not sell — no action needed); Right to Limit Use of Sensitive Personal Information; Right to Non-Discrimination for exercising your rights.
To exercise California rights: Email privacy@myrxwallet.io with “California Privacy Request” in the subject line. We will respond within 45 calendar days, extendable by 45 days with notice if reasonably necessary.
If you are located in the EU, EEA, or UK, GDPR grants you: Right of Access; Right to Rectification; Right to Erasure; Right to Restriction of Processing; Right to Data Portability; Right to Object; Right to Withdraw Consent; Right to Lodge a Complaint with your local supervisory authority (edpb.europa.eu).
Lawful bases: Consent (email communications); Legitimate interests (analytics, security, anti-fraud). International data transfers: Standard Contractual Clauses (SCCs) where required. EU Representative: Will be designated per GDPR Article 27 before processing EU resident data at scale. Contact privacy@myrxwallet.io for current representative information.
To exercise GDPR rights: Email privacy@myrxwallet.io with “GDPR Request” in the subject line. We will respond within 30 days.
Residents of Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Indiana (ICDPA), Iowa (ICDPA), Tennessee (TIPA), Nevada, Washington (My Health MY Data Act), and other states with enacted comprehensive privacy legislation have rights substantially equivalent to those described above. Email privacy@myrxwallet.io with “[State] Privacy Request” in the subject line.
Washington's My Health MY Data Act (SB 1155) provides specific protections for consumer health data, including geolocation data that could be used to infer health conditions and genetic data. We do not currently collect consumer health data as defined by this Act. When the platform launches and health data collection begins, Washington residents will receive specific disclosures required by this Act.
Our Website and early access list are intended exclusively for individuals 18 years of age and older. We do not knowingly collect personal information from any person under the age of 13, and we do not knowingly collect personal information from individuals aged 13–17 without verifiable parental consent as required by applicable law.
If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately at privacy@myrxwallet.io. We will promptly delete the information upon verification.
California residents under 16 have additional rights under CCPA § 1798.120 regarding sale of personal information. We do not sell personal information of anyone, including minors.
The MyRxWallet platform is designed to include clinical research participation pathways for pediatric patients under guardian consent (Tier 5 — pediatric patients with qualifying diagnoses). When this feature launches, enrollment will require documented parental or legal guardian informed consent and HIPAA authorization; all pediatric data processing will comply with COPPA (15 U.S.C. § 6501 et seq.) and applicable FTC regulations; clinical trial participation will require IRB approval with independent ethics review for each study protocol.
We implement reasonable and appropriate technical, administrative, and physical safeguards to protect the personal information in our care. Current measures include:
No data transmission over the internet or electronic storage system is 100% secure. While we work diligently to protect your information, we cannot guarantee absolute security against all threats.
Breach notification: In the event of a personal data breach affecting your information, we will notify you as required by applicable federal and state breach notification laws (including GDPR Article 33/34 for EU residents) within the timeframes required by applicable law.
When the platform launches and PHI is processed, we will implement the full HIPAA Security Rule safeguard framework (45 C.F.R. §§ 164.302–164.318).
Our Website may contain links to third-party websites, social media platforms, or services not operated by us. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party website you visit before submitting personal information. We have no control over and assume no responsibility for the privacy practices of any third-party site or service.
We may update this Privacy Policy as our platform develops, legal requirements change, or we expand our data practices. When we do:
Prior versions of this Privacy Policy are available upon written request to privacy@myrxwallet.io.
MyRxWallet North America Corporation
Attention: Privacy Officer
Email: privacy@myrxwallet.io
Subject line guidance: General inquiry: “Privacy Inquiry” • California request: “California Privacy Request” • GDPR request: “GDPR Request” • Deletion request: “Deletion Request” • Security concern: “Security Concern”
We will acknowledge all privacy-related inquiries within 5 business days and provide a substantive response within 30 days. For requests with extended statutory response periods (e.g., CCPA 45-day window), we will confirm receipt and timeline by the 5-business-day acknowledgment.
| Version | Effective Date | Scope | Summary |
|---|---|---|---|
| 1.0 | May 7, 2026 | Website and early access list only | Initial publication |
MyRxWallet North America Corporation is a Wyoming corporation. This Privacy Policy does not constitute legal advice. Individuals with specific legal questions about their privacy rights should consult qualified counsel.
© 2026 MyRxWallet North America Corporation · Las Vegas, NV · EIN 33-1503628 · myrxwallet.io · privacy@myrxwallet.io