Back to Compound Health

Privacy Policy And Notice Of Privacy Practices

Last updated June 18, 2026

This Privacy Policy and Notice of Privacy Practices explains how Compound Technologies Inc. collects, uses, discloses, and protects personal information and protected health information when you visit trycompound.health, complete intake or support workflows, or otherwise interact with us.

Notice Of Privacy Practices For Protected Health Information

This Privacy Policy and Notice of Privacy Practices explains how Compound Technologies Inc., doing business as Compound Health, may collect, use, disclose, and protect personal information and protected health information, or PHI, when you use trycompound.health, intake, checkout, support, care coordination, messaging, and related services.

PHI is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended. To the extent Compound Health creates, receives, maintains, or transmits PHI in connection with covered health care services, we use and disclose that PHI only as permitted or required by applicable law, this Notice, your authorization, or contracts with covered health care providers, pharmacies, and other care partners.

Independent licensed clinicians, pharmacies, laboratories, and other health care partners involved in your care may be separate covered entities or business associates under HIPAA. They may provide their own notices of privacy practices, consent forms, and privacy terms.

Information We Collect

We may collect personal information you provide directly, including your name, email address, phone number, billing details, shipping details, order information, account or support messages, and information you submit through intake, eligibility, or care-related workflows.

We also collect information automatically when you use the site, including device and browser information, pages viewed, referring pages, approximate location derived from IP address, UTM parameters, click identifiers, and analytics or attribution data.

Health And Care Information

If you complete medical intake, eligibility, consultation, pharmacy, or care-support workflows, we may collect or receive health-related information such as medical history, medications, allergies, lab information, photos, treatment requests, provider notes, prescription-related information, pharmacy fulfillment details, care messages, and information about symptoms, goals, eligibility, side effects, adverse events, or follow-up needs.

We treat PHI as confidential and maintain administrative, technical, and physical safeguards designed to protect it. We train personnel who handle PHI, limit access based on role and need, use vendor agreements where required, and review privacy and security practices as our services change.

How We May Use And Disclose PHI

We may use and disclose PHI for treatment, payment, and health care operations. For treatment, this can include sharing intake answers, care messages, prescription details, shipping information, and follow-up information with clinicians, pharmacies, laboratories, care coordinators, or support personnel involved in your care. For payment, this can include using information to process payment authorizations, refunds, invoices, eligibility, charge disputes, accounting, and related records. For operations, this can include quality assurance, support, fraud prevention, compliance, auditing, training, vendor management, service improvement, and business administration.

We may also use or disclose PHI when required or permitted by law, including for public health and safety, adverse event reporting, health oversight activities, judicial or administrative proceedings, law enforcement requests, workers compensation, coroners or medical examiners, organ or tissue donation organizations, serious threats to health or safety, specialized government functions, and other disclosures allowed by HIPAA or applicable state law.

Uses That Require Your Written Authorization

We will obtain your written authorization before using or disclosing PHI for purposes that require authorization under HIPAA, including most uses and disclosures of psychotherapy notes if we maintain them, most marketing uses of PHI, and any sale of PHI. You may revoke an authorization in writing, except to the extent we have already relied on it.

How We Use Information

We use personal information to operate the site, process payments and orders, coordinate intake and care-support workflows, communicate with you, provide customer support, detect fraud or abuse, comply with legal obligations, measure site performance, understand marketing effectiveness, and improve our products and services.

Analytics And Advertising

We use analytics, pixels, cookies, server-side events, and similar technologies to measure advertising performance, attribute purchases, remember preferences, and improve the site experience. Analytics and advertising partners may process information according to their own terms and privacy practices.

We do not knowingly disclose PHI to advertising platforms for targeted advertising or use PHI for marketing in a way that requires HIPAA authorization unless we have obtained that authorization. Site activity that is not PHI may still be processed for analytics, attribution, security, and advertising measurement as described in this policy and our cookie or tracking controls, where available.

How We Share Information

We may share personal information with vendors and service providers that help us run the business, including payment processors, analytics providers, advertising and attribution providers, email or SMS tools, hosting providers, customer-support tools, clinicians, pharmacies, and fulfillment partners. We may also share information when required by law, to protect rights and safety, to prevent fraud or misuse, or in connection with a business transaction.

When a vendor creates, receives, maintains, or transmits PHI for us or for a covered care partner, we require appropriate contractual protections, such as a business associate agreement when required by HIPAA.

State-Specific Provider Licensure Disclosure

Certain states require telemedicine providers to make provider licensure or identifying information publicly available on a website. Compound Health will not make telemedicine services available to patients located in those states unless the required provider network and licensure information is publicly posted and kept current.

Compound Health does not currently make telemedicine services available to patients located in the following states:

  • Massachusetts
  • Rhode Island
  • Vermont

If Compound Health begins serving any of these states, this page will be updated before launch with the provider names, professional credentials, licensure or registration information, and any other identifying information required by applicable state telemedicine rules. You may also contact support@trycompound.health with questions about provider identity, licensure, or state availability.

Email And SMS

If you opt in, we may send marketing emails or text messages. Consent to marketing is not a condition of purchase. Message and data rates may apply. You can unsubscribe from marketing emails using the link in the email, and you can reply STOP to opt out of SMS.

Standard email and SMS may not be fully secure. We may use email, SMS, phone, or secure care messaging to communicate about account, support, intake, payment, shipping, and care coordination matters unless you request a different confidential communication method that we can reasonably accommodate.

Your HIPAA Rights

Subject to applicable law and verification of your identity, you may have the right to inspect and receive a copy of PHI about you, request an amendment to PHI you believe is incorrect or incomplete, request an accounting of certain disclosures, request restrictions on certain uses or disclosures, request confidential communications, receive a paper or electronic copy of this Notice, and choose someone to act for you if they have legal authority.

We may deny certain requests where permitted by law. If we deny a request, we will explain the reason and any review rights that apply. To exercise these rights, contact support@trycompound.health.

State Privacy Rights And Other Choices

Depending on where you live, you may have additional rights to access, correct, delete, or receive a copy of personal information, opt out of certain processing, or appeal a privacy decision. We will honor applicable state privacy rights, but HIPAA and other legal recordkeeping requirements may limit deletion or certain opt-out requests for PHI, clinical, pharmacy, payment, tax, accounting, security, fraud-prevention, dispute, or compliance records.

Children

Our site and services are not intended for children under 18, and we do not knowingly collect personal information from children under 18.

Security

We use reasonable administrative, technical, and organizational safeguards to protect personal information. No website, network, or storage system is perfectly secure.

Our Legal Duties

We are required by law to maintain the privacy and security of PHI that we handle, provide this Notice, follow the duties and privacy practices described in this Notice, and notify affected individuals following a breach of unsecured PHI when required by law.

We may change this Notice and make the revised Notice effective for PHI we already maintain as well as information we receive in the future. The current version will be posted on this website with its effective date.

Complaints

You may file a privacy complaint with us by contacting support@trycompound.health. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint or exercising privacy rights.

Contact

Compound Technologies Inc.
95 3rd Street
San Francisco, CA 94105
United States

Email support@trycompound.health.