Skip to main content

Privacy Policy

Last updated: February 1, 2026

1. Introduction

Rimal Health ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our telehealth services. Please read this policy carefully. If you disagree with its terms, please discontinue use of our site.

2. Information We Collect

We may collect the following information:

  • Personal identification information — name, email address, phone number, date of birth
  • Health information — medical history, current medications, substance use history, treatment goals (protected health information / PHI under HIPAA)
  • Payment information — processed securely through our third-party payment processor; we do not store full card numbers
  • Usage data — IP address, browser type, pages visited, and time spent on pages

3. How We Use Your Information

  • To provide and manage your telehealth care
  • To facilitate physician review of your intake and prescription management
  • To communicate with you about your treatment
  • To process payments
  • To improve our services
  • To comply with legal obligations, including HIPAA requirements

4. HIPAA Compliance

Your protected health information (PHI) is handled in accordance with the Health Insurance Portability and Accountability Act (HIPAA). We implement appropriate administrative, physical, and technical safeguards to protect PHI. For details on your rights under HIPAA, please see our HIPAA Notice of Privacy Practices.

5. Substance Use Disorder Record Protections (42 CFR Part 2)

Because Rimal Health provides treatment for substance use disorders, your treatment records receive additional federal protections under 42 CFR Part 2, the Confidentiality of Substance Use Disorder Patient Records regulation.

These protections mean:

  • We will not disclose your SUD treatment records without your specific written consent, except in limited circumstances permitted by law (such as medical emergencies or qualified audits).
  • Your SUD records cannot be used against you in any legal proceeding without your consent or a qualifying court order.
  • When we share your records with your consent (for example, with your pharmacy or treating physician), we include a notice prohibiting unauthorized redisclosure.
  • You have the right to an accounting of disclosures of your SUD records and the right to request restrictions on how your records are used or disclosed.

For full details on these protections, please review our HIPAA Notice of Privacy Practices, which includes our 42 CFR Part 2 Patient Notice.

These protections apply in addition to, and not in place of, the general privacy protections described elsewhere in this Privacy Policy. Where 42 CFR Part 2 provides greater protection than HIPAA, the more protective standard applies to your SUD treatment records.

6. Information Sharing

We do not sell your personal information. We may share your information with:

  • Healthcare providers — your treating physician and pharmacy, as needed for your care
  • Service providers — third-party vendors who assist in operating our platform (all bound by confidentiality agreements)
  • Legal requirements — when required by law, court order, or governmental authority

7. Data Security

We use industry-standard encryption (TLS/SSL) for all data in transit and AES-256 encryption for data at rest. Access to PHI is restricted to personnel who need it to provide your care. We conduct regular security audits and maintain HIPAA-compliant infrastructure.

8. Cookies & Tracking

We use cookies and similar tracking technologies to improve your experience, analyze site traffic, and understand where our visitors come from. You can control cookie settings through your browser preferences.

9. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information (subject to legal requirements)
  • Opt out of marketing communications at any time
  • File a complaint with the U.S. Department of Health & Human Services if you believe your HIPAA rights have been violated

10. Contact Us

For privacy-related questions or to exercise your rights, contact us at: support@rimalhealth.com