Privacy Policy

Privacy Policy & HIPAA Notice

Last Updated: December 8 2025

1. Introduction

HiDoc HDHQ4 LLC ("HiDoc," "we," "us," or "our") provides online medical evaluation and certification services for qualifying medical cannabis patients ("Services"). We are committed to protecting your privacy and ensuring that your personal and health information is handled with the utmost security, confidentiality, and integrity.

Important: HiDoc is not an emergency service. If you are experiencing a medical emergency, call 911 immediately.

This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our websites, including www.sayhidoc.com and book.sayhidoc.com, and all related services, content, and functionality (collectively, the "Services").

HiDoc is the controller of the personal information we hold about you in connection with your use of the Services. This means we determine and are responsible for how your personal information is used.

2. HIPAA Compliance

HiDoc is committed to compliance with the Health Insurance Portability and Accountability Act ("HIPAA"). We implement appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI).

2.1 Our HIPAA Obligations

  • We maintain policies and procedures to protect your PHI
  • All third-party vendors who handle PHI have signed Business Associate Agreements (BAAs) as required by HIPAA
  • We train our personnel on HIPAA requirements
  • We conduct periodic risk assessments
  • We maintain audit logs of access to PHI

2.2 Your HIPAA Rights

Under HIPAA, you have the right to:

  • Access your health records: Request copies of your medical records
  • Request amendments: Ask us to correct inaccurate or incomplete information
  • Request restrictions: Ask us to limit how we use or disclose your PHI (though we may not be able to agree to all requests)
  • Receive an accounting of disclosures: Request a list of certain disclosures we have made of your PHI
  • Receive confidential communications: Request that we communicate with you in a specific way or at a specific location
  • Receive a copy of this notice: Obtain a paper copy of this Privacy Policy upon request

2.3 Data Retention

We retain your medical records for a minimum of 7 years as required by state and federal law, or longer if required by the applicable state's medical cannabis program. After the required retention period, records are securely destroyed.

2.4 Breach Notification

In the event of a data breach affecting your PHI, we will notify you within 60 days as required by HIPAA. We will also notify the Department of Health and Human Services and, if applicable, the media as required by law.

3. Information We Collect

3.1 Information You Provide

We collect information you provide when you register, schedule an appointment, participate in a consultation, or use our platform. This may include:

Contact Information:

  • Name, address, email, phone number
  • Date of birth
  • Government-issued ID (for identity verification)

Health Information:

  • Medical history and qualifying condition(s)
  • Health-related information you disclose during your evaluation
  • Appointment records and consultation notes
  • State registry submissions and certification information

Account Information:

  • Username and password
  • Profile information
  • Communication preferences

Payment Information:

  • Billing address
  • Payment method details (note: we use third-party payment processors and do not store full credit card numbers)

Communications:

  • Messages you send to our support team
  • Feedback and survey responses

3.2 Information Collected Automatically

When you use our Services, we may automatically collect:

Device and Usage Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Pages visited and features used
  • Date and time of access
  • Referring URL

Cookies and Tracking Technologies:

  • We use cookies and similar technologies to improve your experience, analyze usage, and for security purposes
  • You can manage cookie preferences through your browser settings

3.3 Information from Third Parties

We may receive information from:

  • State medical cannabis registries (confirmation of submission/approval)
  • Identity verification services
  • Payment processors (transaction confirmation)

4. How We Use Your Information

We use your information to:

Provide Services:

  • Verify your identity and eligibility for consultation
  • Facilitate your telehealth evaluation
  • Submit certifications to state registries
  • Process payments

Communicate with You:

  • Send appointment reminders and confirmations
  • Respond to your inquiries
  • Send renewal notices
  • Provide customer support

Improve Our Services:

  • Maintain and improve our platform
  • Perform analytics
  • Detect and prevent fraud or misuse

Comply with Legal Obligations:

  • Meet state medical cannabis program requirements
  • Respond to lawful requests from government authorities
  • Comply with HIPAA and other applicable laws

5. How We Share Your Information

5.1 We Do Not Sell Your Information

We do not sell, rent, or trade your personal information or health information to third parties for marketing purposes.

5.2 Sharing With Your Consent

We may share your information when you explicitly consent or direct us to do so.

5.3 Service Providers and Business Associates

We may share your information with third-party service providers who perform services on our behalf, including:

  • Telehealth platform providers
  • Payment processors
  • Identity verification services
  • Cloud hosting providers
  • Customer support tools
  • Analytics providers

All service providers who handle PHI have signed Business Associate Agreements and are contractually obligated to protect your information in accordance with HIPAA.

5.4 State Registry Submissions

As part of the medical cannabis certification process, we will submit your certification and required information to the appropriate state medical cannabis registry. This submission is required to complete the service you have requested.

5.5 Healthcare Providers

Your evaluating healthcare provider will have access to information necessary to conduct your evaluation and provide certification.

5.6 Legal and Regulatory Disclosures

We may disclose your information if required by law, regulation, legal process, or governmental request, or to:

  • Protect the rights, safety, or property of HiDoc or others
  • Detect, prevent, or address fraud or security issues
  • Enforce our Terms and Conditions

5.7 Business Transfers

If HiDoc is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5.8 Aggregated and De-Identified Data

We may use de-identified or aggregated data for research, analytics, or business purposes. Such data does not identify you and may be used without further consent.

6. Data Security

We implement appropriate administrative, technical, and physical safeguards to protect your information, consistent with HIPAA's Security Rule and telehealth best practices. These include:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Audit logging and monitoring
  • Regular security assessments
  • Employee training on data protection

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Correction

You may request access to your personal information or request corrections by contacting us at support@sayhidoc.com.

7.2 Communication Preferences

  • Email: You can opt out of promotional emails by clicking the "unsubscribe" link in any promotional email
  • Text Messages: You can opt out by replying STOP to any text message

Note: You cannot opt out of transactional communications related to your appointments or account.

7.3 Account Deletion

You may request deletion of your account by contacting us. Note that we may retain certain information as required by law or for legitimate business purposes, including medical records retention requirements.

7.4 Do Not Track

Our Services do not currently respond to "Do Not Track" browser signals.

8. Children's Privacy

Our Services are intended for users 18 years or older (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children under 16 without parental or guardian consent.

Minors seeking medical cannabis certification must do so through a qualified caregiver or guardian as permitted by applicable state law.

If we learn that we have collected personal information from a child under 16 without proper consent, we will promptly delete that information. Please contact us at support@sayhidoc.com if you believe we have collected information from a child.

9. Third-Party Links and Services

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.

10. State-Specific Disclosures

10.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You can request information about the categories and specific pieces of personal information we have collected, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Correct: You can request correction of inaccurate personal information.

Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@sayhidoc.com.

Categories of Personal Information Collected: Identifiers, protected health information, commercial information, internet/network activity, and inferences drawn from the above.

Purposes for Collection: Providing services, communicating with you, improving our services, and complying with legal obligations.

10.2 Virginia Residents

Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to access, correct, delete, and obtain a copy of personal data, and the right to opt out of targeted advertising and sales of personal data.

10.3 Other States

Residents of other states may have additional rights under applicable state privacy laws. Contact us at support@sayhidoc.com for more information.

11. International Users

Our Services are intended for users in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

12. SMS/Text Messaging Privacy

If you opt in to receive text messages from HiDoc:

  • We will only use your phone number to send messages related to our Services
  • We will not share your phone number with third parties for their marketing purposes
  • Message and data rates may apply
  • You can opt out at any time by replying STOP

All SMS opt-in data and consent information will not be shared with any third parties.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you by email or prominent notice on our Services as required by law

Your continued use of our Services after changes means you accept the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, your privacy rights, or wish to exercise your rights, please contact:

HiDoc HDHQ4 LLC

Email: support@sayhidoc.com

Address: 5831 Forward Ave #1374, Pittsburgh, PA 15217

15. Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

HiDoc Privacy Email: support@sayhidoc.com

Address: 5831 Forward Ave #1374, Pittsburgh, PA 15217

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:

U.S. Department of Health and Human Services

200 Independence Avenue, S.W.Washington, D.C. 20201Toll-free: 1-877-696-6775Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

Appendix: Categories of Personal Information

CategoryExamplesCollectedDisclosed ToIdentifiersName, email, phone, address, date of birth, government IDYesService providers, state registriesProtected Health InformationMedical history, conditions, certificationsYesHealthcare providers, state registries, service providers with BAAsCommercial InformationTransaction history, services purchasedYesPayment processorsInternet/Network ActivityIP address, browser type, pages visitedYesAnalytics providersGeolocation DataState of residence (for eligibility)YesState registriesInferencesEligibility determinationsYesInternal use only

BY USING HIDOC'S SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.