Privacy Policy

Last updated: April 5, 2026

Virile.ai ("we," "us," or "our") is committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, and applicable state privacy laws. This Privacy Policy describes how we collect, use, store, and protect your personal and health information.

For our full HIPAA Notice of Privacy Practices, see Privacy Practices. For California-specific rights, see California Privacy Statement.

1. Information We Collect

• Account information: Name, email address, password, state of residence, phone number
• Health intake information: Age, height, weight, medical conditions, current medications, symptom history, allergies, treatment preferences
• Biometric data: BMI calculations derived from height and weight inputs
• Payment information: Processed securely by Stripe; we do not store card numbers
• Usage data: Pages visited, time on site, form interactions (anonymized and aggregated)
• Communication records: Messages between you and your healthcare provider or support team

2. How Your Information Is Protected

• Encryption at rest: All health data stored in encrypted databases (AES-256)
• Encryption in transit: All data transmitted uses TLS 1.2+ (HTTPS)
• Access controls: Role-based access ensures only authorized personnel can view PHI
• Minimum necessary standard: We access only the data required to provide care
• Audit logs: All access to health records is logged and monitored
• Business Associate Agreements (BAAs): All third-party vendors handling PHI sign BAAs, including our affiliated provider networks (OpenLoop Health and CareValidate, both pending formal approval), pharmacy partners, and payment processors
• Regular security assessments: Periodic vulnerability testing and security reviews

3. Who Sees Your Information

• Licensed physicians: Your intake and health profile are shared with reviewing physicians through our affiliated provider networks (OpenLoop Health and CareValidate, both pending formal approval)
• Licensed pharmacies: Prescription details shared with state-licensed pharmacy partners for dispensing
• Payment processors: Stripe processes payment information under a signed BAA
• Required by law: We may disclose information as required by applicable law, court order, or government authority
• Emergency situations: To prevent serious harm to you or others

4. How We Use Your Information

• To create and manage your account
• To facilitate physician consultations and treatment plans
• To process prescriptions and coordinate pharmacy fulfillment
• To send treatment-related communications and refill reminders
• To improve our AI intake system (using de-identified, aggregated data only)
• To comply with legal and regulatory obligations
• To detect and prevent fraud

5. Data Retention

We retain health records for a minimum of 7 years from the date of last service, as required by applicable regulations. Account information is retained while your account is active, plus 2 years following closure. You may request deletion of non-health account data at any time.

6. Your Rights

Under HIPAA and applicable law, you have the right to:

• Access your health records and request copies
• Request corrections to inaccurate health information
• Request an accounting of disclosures of your PHI
• Request restrictions on certain uses and disclosures
• Request confidential communications
• Receive a copy of our Notice of Privacy Practices
• File a complaint with the U.S. Department of Health and Human Services

For full details, see our Notice of Privacy Practices and Patient Bill of Rights.

7. Cookies and Tracking

We use essential cookies to maintain your session. We do not use third-party advertising cookies or tracking pixels on any page containing health information.

8. Children's Privacy

Our services are for adults 18+ only. We do not knowingly collect information from minors.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email and by posting an updated version with a new "Last updated" date.

10. Contact Us