Privacy Policy
PreventScripts is operated by Personal Medicine Plus, Inc., doing business as PreventScripts (“PreventScripts,” “we,” or “us”).
PreventScripts’ mission is to help as many people as possible live healthier lives through proactive prevention and digital behavior change. We wrote this policy to help you understand what information we collect through our websites, apps, devices, and other products and services, how we use it, and what choices you have about it.
Please note: This policy does not cover data we handle on behalf of other entities, such as health systems, providers, or payers. Those practices are covered by our agreements with those entities. Please see those privacy policies for how they handle your data.
Which notice applies to you. If your information is collected as part of treatment or a care relationship with a healthcare provider, it is protected health information (PHI) governed by our HIPAA Notice of Privacy Practices and our agreements with that provider. Information you provide to PreventScripts directly as a consumer — outside of a provider relationship — is governed by this Privacy Policy. Where both could apply, the HIPAA Notice controls for PHI.
Who this policy covers. PreventScripts serves both individual users of our health platform (including patients) and business contacts at our current and prospective clients, such as provider groups, employers, and payers. Most of this policy concerns individual and patient users. If you are a business contact, see “Business and prospective-client contacts” below.
Table of Contents
- How we collect information
- What we do with the info we collect
- How and when we share your information
- Mobile messaging (SMS/text)
- How long we keep your information
- Your rights and choices
- Research participation
- Transferring your information
- Business and prospective-client contacts
- State-specific disclosures
- Changes to this Policy
- Contact us
How we collect information
The information we collect depends on how you interact with us, the services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our services, including information you provide directly, information collected automatically, information from third-party data sources, and data we infer or generate from other data.
Information you provide: When you sign up for or use PreventScripts, you share certain information, such as:
- Common personal information and identifiers: We collect name, username or alias, and contact details such as email address, postal address, and phone number. (Your mobile phone number may also be used to send transactional text messages — see Mobile messaging (SMS/text) below.)
- Demographic data: In some cases, we request that you provide, or you may offer, age, gender, marital status, and other relevant details.
- Payment information: If you make a purchase or other financial transaction, we collect credit card numbers, financial account data, and other payment credentials.
- Contents and files: We collect the photos, documents, or other files you upload, along with email messages or other communications you send.
Sensitive Personal Information
- Account access credentials: We collect information such as a username or account number in combination with passwords, access codes, or similar credentials that allow access to an account.
- Contents of communications: We collect the contents of messages you send in chats and message boards in our apps.
- Health data: We collect and analyze information concerning your health, such as metrics like weight, physical activity, mental state, sleep and exercise habits, dietary intake, and other lifestyle indicators.
- Sensitive demographic data: We collect information about racial/ethnic background, religion, or beliefs if provided voluntarily or if we infer it throughout the program to better support you.
Technical information collected automatically when you use PreventScripts: When you use our website or mobile application, certain internet and electronic network activity information is created and logged automatically. Here are some of the types of information we collect:
- Log data: When you use PreventScripts, our servers record information (“log data”) that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it. This log data includes IP address, browser type and settings, device configuration, and the access time and date you used PreventScripts.
- Geolocation data: Based on the configuration of your device and application settings, geolocation data is gathered during the use of our applications or online services. This may include the inference of your general geographic location — including city, state, and country — derived from your Internet Protocol (IP) address.
- Cookies and similar technologies: We use cookies, web beacons, and similar technologies across our websites and applications to enable core functionality, keep your account secure, remember your preferences, and measure and improve site and app performance. This data may include page visits, link selections, usage metrics, identifiers, and device information. We do not use these technologies for advertising. Detailed information is available in our Cookie Policy at preventscripts.com/cookie-policy.
- Device information: In addition to log data, we collect information about the device you’re using PreventScripts on, including the type of device, operating system, settings, unique device identifiers, and crash data.
- Usage data and customization: When using the PreventScripts platform, user activity — including dietary logs — is used to personalize your experience. Activity on our websites, applications, and affiliated products is also automatically recorded. This includes the originating URL, visited pages, duration of page visits, access timestamps, and details pertaining to website usage and user actions.
- Sensor data: We may receive data from connected third-party health devices or apps when you opt in; for example, you can choose to connect your Apple Watch Health App with PreventScripts so we can receive and help you track your step and exercise data.
- Information we create or generate: We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we may infer your BMI from your height and weight.
Information from third-party services: We also obtain the types of information described above from third parties. These third-party sources include, for example:
- Third-party apps and integrations: Third-party applications and services, including social networks you choose to interact with to connect to our services. What we have access to depends on the privacy policies or settings for those accounts.
- Analytics and service vendors: We may receive information from analytics or service vendors that help us measure and improve the performance of our websites and applications. These vendors act on our behalf and are not permitted to use your information for their own purposes.
- Co-branded service partners: Partners with which we offer co-branded services or engage in joint marketing activities.
- Vendors acting on our behalf: Third parties that collect or provide data in connection with work they do on our behalf. For example, companies that determine your device’s location based on its IP address.
You have the option to withhold information or to use browser and device settings to restrict specific forms of data collection. Please note that choosing not to provide requested information may result in limited access to, or impaired functionality of, particular services or features.
What we do with the information we collect
We are committed to delivering personalized, secure, and effective digital health experiences. Here’s how we use your data:
Product and service delivery: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive information: account access information, sensitive demographic data, contents of communications, health data.
Business operations: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive information: account access information, sensitive demographic data, contents of communications, health data.
Product improvement, development, and research (including AI/ML, and user research such as surveys and interviews): Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive information: account access information, sensitive demographic data, contents of communications, health data.
Personalization: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive information: account access information, sensitive demographic data, contents of communications, health data.
Customer support: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive information: account access information, sensitive demographic data, contents of communications, health data.
Communications: Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive information: sensitive demographic data, health data.
We may combine information across platforms and interactions to improve your experience.
A note on text messaging: Although the table above describes our general data practices, we use text messaging (SMS) solely for transactional purposes — such as one-time passcodes and care-related notifications. We do not use your mobile phone number or your SMS consent for marketing or advertising, and we do not share or sell that information. See Mobile messaging (SMS/text) below.
How and when we share your information
We may share your information with, for example:
- Other services — at your direction, when you decide to link your PreventScripts account to those services. If you link your PreventScripts account to any of those third parties, or allow us to share your information with them, that data is governed by their privacy policies.
- Service providers — vendors or agents working on our behalf for the purposes described in this policy. For example, companies we’ve hired to provide customer service support, deliver text messages, or assist in protecting and securing our systems and services may need access to your information to provide those functions.
- Financial institutions — when you provide payment data, for example to make a purchase, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
- Corporate transactions — we may disclose your information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
- Legal authorities — we will access, disclose, and preserve your information when we believe doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
- Safety/security situations — we will also disclose your information if we believe it is necessary to:
- Protect our customers and others; for example, to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone.
- Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks.
- Protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.
Analytics providers (service providers) — we use analytics vendors to help us understand and improve the performance of our website and apps. These vendors process information (such as identifiers, device information, and usage data) only on our behalf and under contract, and are not permitted to use it for their own purposes or for advertising. We do not run third-party advertising, and we do not sell or share your information with advertising networks.
Mobile/SMS information — exclusion from sharing and “sales.”Notwithstanding anything else in this section, no mobile information — including your phone number and your consent to receive text messages — will be shared with or sold to any third parties or affiliates for marketing or promotional purposes at any time. This information is excluded from any “sale” or “sharing” of personal information described in this policy. See Mobile messaging (SMS/text) below.
We do not sell or share your personal information, and we do not disclose it to third parties for their own marketing or advertising purposes.
Mobile messaging (SMS/text)
PreventScripts uses text messaging only to support and secure your use of the Service. The messages we send are transactional, not promotional.
Types of messages: We send one-time passcodes (OTPs) for identity verification and secure login, and account- or care-related notifications such as reminders and service updates tied to your participation in the program. We do not send marketing or promotional text messages to patients, and we do not use text messaging for advertising.
How you consent: Our text messaging program is available only to individuals 18 years of age or older. When you complete your assessment, you are asked whether you consent to receive text messages. We send a one-time passcode (OTP) to your mobile number only after you have affirmatively opted in. Providing this consent is not a condition of receiving care or using the Service.
Message frequency and rates: Message frequency varies based on your activity and requests. Message and data rates may apply. For questions about your plan, contact your wireless carrier. Carriers are not liable for delayed or undelivered messages.
How to opt out or get help: You can opt out of text messages at any time by replying STOP (you may also reply END, CANCEL, or UNSUBSCRIBE). After you opt out, we will send a single confirmation message and will not send further texts unless you opt in again. For help, reply HELP or contact us at support@preventscripts.com.
We do not share or sell your mobile information: No mobile information — including your phone number and your consent to receive text messages — will be shared with or sold to any third parties or affiliates for marketing or promotional purposes at any time. We share your phone number only with service providers (such as our SMS delivery vendor) acting on our behalf to deliver these messages, and only as needed to operate the messaging program.
How long we keep your information
We keep your information only as long as needed for the purposes described in this policy, and then delete or de-identify it. Retention periods depend on the type of information:
- Account and health data: kept for as long as your account is active and for a limited period afterward to support reactivation, address disputes, and meet our legal obligations.
- Billing and transaction records: kept for the period required by applicable tax, accounting, and legal requirements.
- Consent records (including SMS opt-in): kept as needed to evidence your consent and our compliance.
- De-identified or aggregated data: may be kept indefinitely, as it no longer identifies you.
Where the law requires us to preserve information (for example, in response to a legal hold or law enforcement request), we will retain it for as long as required.
Your rights and choices
We offer clear, meaningful choices regarding your data. If you have a PreventScripts account, many of these controls are built directly into your settings. For example, you can:
- Edit information in your profile at any time.
- Link or unlink your PreventScripts account from other services.
- Choose whether PreventScripts will be customized for you using your inputs (for example, by adding or removing your food entries or step count).
- Close your account and delete your account data. (Please note that there may be legal reasons for us to keep your data, such as if we receive a law enforcement request asking us to preserve data.)
In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
- Access and portability of your information: We can usually share this with you in a portable format within 30 days of your request. To request a data export, please contact us at support@preventscripts.com using the email address tied to your PreventScripts account.
- Correction and deletion of your information:You can log into your profile to update your information, or delete your data at any time by closing your account. Please note that there may be legal reasons for us to keep your data, such as if we receive a law enforcement request asking us to preserve data. To request account deletion, please contact us at support@preventscripts.com using the email address tied to your PreventScripts account.
- Object to us processing your information: You can ask us to stop using your information for certain purposes, including any promotional emails we may send. If you opt out of promotional emails, we may still send you transactional messages about your account, such as one-time passcodes or reminders you have requested.
- Text messaging: You can opt out of text messages at any time by replying STOP. See Mobile messaging (SMS/text) above.
- Data sharing or sales: We do not sell or share your personal information and do not use it for targeted advertising, so there is no need to opt out of these activities.
- Browser or device controls: To learn how to use browser and device controls to manage cookies and similar technologies, please visit our Cookie Policy. If you have questions, please don’t hesitate to contact us.
To exercise any of these rights, contact us at support@preventscripts.com.
Research participation
De-identified, aggregated data is used to contribute to clinical and health-related research. If you wish to withdraw from research participation, you may do so through your settings, by filling out the opt-out of PreventScripts research form, or by contacting us directly.
Transferring your information
Data may be stored in the U.S. or other countries where PreventScripts or its partners operate. We use safeguards — including contracts and legal mechanisms — to protect your information across borders, in accordance with applicable laws.
Business and prospective-client contacts
If you are a representative of one of our current or prospective clients (for example, a provider group, employer, or payer), we collect business contact and interaction information about you — such as your name, employer, role, business contact details, and your interactions with our website, communications, and sales team. We collect this directly from you (including through forms on our website) and through our customer relationship management (CRM) system.
We use this information to communicate with you and respond to your inquiries; to market our services to you, including newsletters and emails about offerings that may interest you; and to manage and track our sales relationship. We do not sell this information, and we do not share it with third parties for their own marketing or advertising. The vendors that support these activities (such as our CRM and email providers) act as service providers on our behalf and may not use your information for their own purposes.
You can opt out of marketing emails at any time using the unsubscribe link in those emails or by contacting us at support@preventscripts.com. Even if you opt out of marketing, we may still send you messages necessary to manage an existing business relationship.
This section does not apply to patient or individual health-platform users, whose information is handled as described elsewhere in this policy and, where applicable, our HIPAA Notice.
State-specific disclosures
If you are a customer covered by Washington’s “My Health, My Data” Act or Nevada’s SB 370, please visit the PreventScripts Consumer Health Data Privacy Notice.
Residents of certain states may have additional rights and choices, including:
Notice at Collection: You have a right to receive notice of our practices before or when we collect your information, including the categories of information and sensitive personal information collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this policy under the headers above.
Right to Know: You have a right to see the information we have collected about you. You may request your information by contacting us at support@preventscripts.com using the email address tied to your PreventScripts account. You also have a right to request additional information about our collection, use, disclosure, selling, or sharing of such information. You can find those details in this policy under the headers above.
Rights to Request Correction or Deletion: You also have rights to request that we correct inaccurate information about you or delete your information. You can log into your profile to update your information, or delete your data at any time by logging into your account or by contacting us at support@preventscripts.com using the email address tied to your PreventScripts account. Please note that there may be legal reasons for us to keep your data, such as if we receive a law enforcement request asking us to preserve data.
Right to Opt Out / Right to Limit Use and Disclosure of Sensitive Personal Information: Although you have the right to opt out of the “sale” or “sharing” of personal information and to limit the use of sensitive personal information, PreventScripts does not sell or share your personal information, does not use it for targeted advertising, and uses sensitive personal information — including your health data — only to provide and support PreventScripts. Because we do not engage in these activities, there is no opt-out for you to exercise; if this ever changes, we will update this policy and provide the required choices.
Mobile phone numbers and SMS/text messaging consent are never sold, shared, or used for marketing or advertising.
PreventScripts does not sell or share the personal information of children or teens.
Right Against Discrimination: PreventScripts will never discriminate against you for exercising these rights.
You may designate, in writing or through a power of attorney, an authorized agent to exercise these rights on your behalf. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
Lastly, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which they have established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. To make a request, email support@preventscripts.com. You may be asked to verify your identity or authorize an agent.
Changes to this policy
We may periodically update this policy. Material changes will be communicated through the Service or via email. Continued use after updates means you accept the new terms.
Contact Us
The best way to get in touch is by emailing support@preventscripts.com, or writing to:
Personal Medicine Plus, Inc., dba PreventScripts
Attention: Privacy Officer
421 N 5th St
Paducah, KY 42001
Email: support@preventscripts.com
Last Updated: May 31, 2026