Privacy Policy

RXSAURUS PRIVACY POLICY

Last Updated: March 1, 2026 Effective Date: March 1, 2026

RxSaurus ("we," "us," "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what data we collect, how we use it, and what rights you have regarding your information when you use the RxSaurus website and services (the "Site").

1. WHO WE ARE

RxSaurus is a drug equivalency lookup and comparison tool that provides educational and reference information about prescription and over-the-counter medications. RxSaurus is operated by [LEGAL ENTITY NAME]. We are not a healthcare provider, pharmacy, health plan, or healthcare clearinghouse. We are not a HIPAA-covered entity or Business Associate.

Our Site is located at https://rxsaurus.com.

For privacy inquiries, contact us at: privacy@rxsaurus.com

2. DATA WE COLLECT

Personal Identifiers: When you create an account or interact with certain features of the Site, we may collect your email address, display name or username, and IP address. If you submit insurance coverage data, we may collect the insurance plan name and coverage details you provide.

Health and Drug Information: When you use the Site's search and comparison tools, we process information about the drugs you search for, drug comparison queries, and insurance coverage data you voluntarily submit. This information is considered health-related but is self-reported by you and is not clinical data obtained from a healthcare provider.

Usage Data: We automatically collect certain technical information when you visit the Site, including your IP address (anonymized after collection), browser type and version, operating system, referring URL, pages visited and features used, search queries entered, date and time of access, and device type and screen resolution.

User-Contributed Content: If you submit insurance coverage reports or other user-generated content, we collect the data you provide, including plan name, coverage tier, prior authorization status, and any notes you include. User-contributed content is associated with your account but displayed anonymously on the Site.

What We Do NOT Collect: We do not collect Social Security numbers, financial account numbers, health insurance ID numbers, medical record numbers, prescription numbers, patient names or health records from third parties, biometric data, or any data directly from healthcare providers, pharmacies, or insurance companies.

3. HOW WE USE YOUR DATA

We use the information we collect for the following purposes: to provide, maintain, and improve the Site and its features; to display drug equivalency and comparison results; to display anonymized, aggregated insurance coverage data contributed by users; to respond to your inquiries and provide user support; to detect, prevent, and address technical issues, fraud, and abuse; to analyze usage patterns to improve the Site's functionality and content; to send important notices about the Site (such as changes to our Terms of Service or this Privacy Policy); and to comply with legal obligations.

We do NOT use your data to provide medical advice or clinical recommendations; to sell, rent, or share your personal information with data brokers or advertisers; to build health profiles for insurance underwriting purposes; to make automated decisions that produce legal or similarly significant effects; or to target you with health-related advertising based on your search history.

4. LEGAL BASIS FOR PROCESSING (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds: Consent — where you have given us explicit consent to process your data for specific purposes (e.g., submitting insurance coverage data); Legitimate Interests — to operate, improve, and secure the Site, where our interests do not override your fundamental rights; Contract Performance — to provide services you have requested; and Legal Obligation — to comply with applicable laws and regulations.

5. DATA SHARING

We may share your data with the following categories of third parties, solely as necessary: Service Providers — hosting providers (Cloudflare), analytics services, and email providers that process data on our behalf under contractual obligations; Legal Compliance — law enforcement or government authorities when required by law, subpoena, or court order; Business Transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction; and Aggregated Data — we may share anonymized, aggregated usage data that cannot reasonably be used to identify you.

We do NOT share your data with data brokers, advertisers, pharmaceutical companies, insurance companies, or any entity for the purpose of marketing, profiling, or insurance underwriting.

6. WE DO NOT SELL YOUR PERSONAL INFORMATION

RxSaurus does not sell, rent, lease, or trade your personal information to any third party for monetary or other valuable consideration. This applies to all users, including California residents under the CCPA/CPRA and residents of all other jurisdictions with similar protections.

7. HEALTH DATA — SPECIAL PROTECTIONS

Drug search queries and insurance coverage submissions may be considered health-related information under certain state and federal laws. We apply the following protections to health-related data: health-related data is encrypted in transit (TLS 1.2+) and at rest; access to health-related data is restricted to authorized personnel on a need-to-know basis; health-related data is not used for advertising, marketing, or profiling purposes; we do not share health-related data with third parties except as described in Section 5; and user-contributed insurance coverage data is displayed only in anonymized, aggregated form.

Because RxSaurus is not a HIPAA-covered entity, the data you provide to us is not protected by HIPAA. However, we voluntarily apply heightened security and privacy standards to all health-related data.

8. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy: account data is retained for the life of your account plus 30 days after deletion; usage logs (anonymized) are retained for 12 months; insurance coverage submissions are retained for 24 months from the date of submission, or until the user requests deletion; and aggregated, de-identified data may be retained indefinitely.

You may request deletion of your data at any time by contacting privacy@rxsaurus.com.

9. SECURITY

We implement industry-standard technical and organizational measures to protect your data, including encryption of data in transit using TLS 1.2 or higher; encryption of sensitive data at rest; access controls and authentication for internal systems; regular security assessments; and use of Cloudflare for DDoS protection, WAF, and edge caching.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your personal data: Right to Access — request a copy of the personal data we hold about you; Right to Rectification — request correction of inaccurate or incomplete data; Right to Deletion — request deletion of your personal data, subject to legal retention requirements; Right to Restriction — request that we limit processing of your data; Right to Data Portability — receive your data in a structured, commonly used, machine-readable format; Right to Object — object to processing based on legitimate interests; Right to Withdraw Consent — withdraw consent at any time where processing is based on consent; and Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@rxsaurus.com. We will respond within 30 days (or within the timeframe required by applicable law).

11. COOKIES AND TRACKING

RxSaurus uses the following types of cookies and tracking technologies: Essential Cookies — required for the Site to function properly, including session management and security tokens; Analytics Cookies — used to understand how visitors interact with the Site (e.g., Cloudflare Web Analytics, which does not use client-side state or track individuals across sites); and Preference Cookies — used to remember your settings and preferences.

We do NOT use third-party advertising cookies, cross-site tracking pixels, or fingerprinting technologies.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Site functionality.

12. CHILDREN (COPPA)

RxSaurus is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@rxsaurus.com.

13. FTC HEALTH BREACH NOTIFICATION COMPLIANCE

Although RxSaurus is not a HIPAA-covered entity, we comply with the FTC Health Breach Notification Rule (16 CFR Part 318) to the extent it applies. In the event of a breach of security involving unsecured identifiable health information, we will notify affected individuals, the FTC, and (if applicable) the media, in accordance with the Rule's requirements and timelines.

14. CALIFORNIA RESIDENTS — CCPA/CPRA

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): Right to Know — you may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it; Right to Delete — you may request deletion of your personal information, subject to certain exceptions; Right to Opt-Out of Sale — RxSaurus does not sell personal information. We do not share personal information for cross-context behavioral advertising; Right to Correct — you may request that we correct inaccurate personal information; Right to Limit Use of Sensitive Personal Information — to the extent we process sensitive personal information, you may request that we limit its use to purposes necessary to provide the services; and Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise your rights, contact us at privacy@rxsaurus.com or submit a verifiable consumer request. We will verify your identity before processing your request.

Categories of personal information collected in the preceding 12 months: identifiers (email, IP address), internet or network activity information (browsing history, search history), and health-related information (drug search queries, insurance coverage submissions).

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

15. WASHINGTON RESIDENTS — MY HEALTH MY DATA ACT (MHMDA)

If you are a Washington State resident, the My Health My Data Act (MHMDA) provides additional protections for consumer health data: Consent — we will obtain your consent before collecting, sharing, or selling consumer health data, as required by MHMDA; Right to Access — you may request access to the consumer health data we have collected about you; Right to Deletion — you may request deletion of your consumer health data; Prohibition on Sale — RxSaurus does not sell consumer health data; and Geofencing Prohibition — RxSaurus does not use geofencing technology around healthcare facilities.

"Consumer health data" under MHMDA includes data that identifies a consumer's past, present, or future physical or mental health status, which may include drug search queries and insurance coverage submissions on RxSaurus.

To exercise your MHMDA rights, contact us at privacy@rxsaurus.com.

16. EUROPEAN UNION RESIDENTS — GDPR

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent UK/Swiss legislation: all rights listed in Section 10 above apply; you have the right to lodge a complaint with your local data protection authority; international data transfers are governed by Standard Contractual Clauses (SCCs) or other approved transfer mechanisms; and our legal bases for processing are described in Section 4.

Data Protection Contact: privacy@rxsaurus.com

17. CONTACT AND UPDATES

If you have questions about this Privacy Policy, please contact us:

Email: privacy@rxsaurus.com Website: https://rxsaurus.com

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on the Site and updating the "Last Updated" date. Your continued use of the Site after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.