Privacy Policy

Last updated: December 13, 2025

Wrapped Technologies, Inc. ("Wrapped Health," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites, applications, and services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect information from two primary groups of users: healthcare providers and clinic staff ("Providers") and patients or other individuals receiving product recommendations ("Patients").

1.1 Information from Healthcare Providers

When Providers use our platform, we may collect:

  • Account information: name, email address, practice name, role, and related registration details.
  • Authentication data: information processed through our identity provider (e.g., Clerk) to manage logins and account security.
  • Usage and configuration data: product recommendation history, saved templates, catalog configurations, and other workflow preferences.
  • Technical and interaction data: log data related to how Providers use the platform (e.g., access times, clicks, feature usage).

1.2 Information from Patients

When Patients receive product recommendations and use our checkout service, we may collect:

  • Contact information: name, email address, phone number, and shipping address.
  • Order and transaction information: products viewed or purchased, order status, and related transactional details.
  • Limited clinical context: non-prescription product recommendation context as provided or initiated by the Provider (e.g., general indication or category such as "post-op knee support" or "dry skin care," where applicable). We design our system to operate in a PHI-light manner and limit the health-related information we store to what is reasonably necessary to support the transaction.

Payment card information is collected and processed by our third-party payment processors and is not stored in full by Wrapped Health.

1.3 Automatically Collected Information

When you access or use the Services, we may automatically collect:

  • Device information: browser type, operating system, device identifiers.
  • Log data: IP address, access times, pages viewed, referring URLs, error logs.
  • Analytics data: information about how you interact with our site and platform, such as feature usage and navigation patterns, via analytics tools.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and operate the Services: including enabling Providers to send product recommendations and Patients to view and purchase products.
  • To facilitate provider-to-patient product recommendations: including generating and delivering secure checkout links.
  • To process orders and facilitate fulfillment: by transmitting necessary information to our retail and payment partners.
  • To send transactional communications: such as checkout links, order confirmations, order status updates, and related messages.
  • To provide support: responding to questions, troubleshooting issues, and improving customer service.
  • To secure and maintain our systems: including monitoring, detecting, and preventing fraud, abuse, or security incidents.
  • To improve and develop the Services: analyzing usage patterns, performance, and feedback to enhance functionality and user experience.
  • To comply with legal obligations: and enforce our Terms of Service and other agreements.

We do not sell personal information to third parties.

3. SMS, Email, and Other Communications

3.1 Provider-Initiated Messages

  • Providers may use Wrapped Health to send Patients transactional messages containing product recommendation links and related updates. Patient consent shall be obtained by checking the appropriate consent box on the Notice of Privacy Practices provided by the provider, or by such other means as requested by the provider. By receiving a recommendation initiated by provider, the patient acknowledges that your provider has obtained such consent and that Wrapped Health is delivering the message as a Business Associate (when applicable) acting on the provider's behalf.
  • Wrapped Health sends these messages on behalf of the Provider as part of the care-related workflow.

3.2 Patient SMS Consent and Opt-Out

  • When a Patient receives a product recommendation link from a Provider through Wrapped Health, the message is considered a transactional healthcare-related communication related to the Patient's encounter with that Provider.
  • Patients may receive: a link to recommended products; limited follow-up communications directly tied to that recommendation or checkout session.

Message frequency varies. Message and data rates may apply.

Patients may opt out of SMS messages at any time by replying:

  • "STOP" to unsubscribe, or
  • "HELP" for assistance.

After a Patient sends "STOP," we may send a one-time confirmation message to acknowledge the opt-out and will then cease sending SMS messages related to that workflow, unless the Patient later provides consent again.

Consent Managed by Healthcare Providers (HIPAA Context)

In cases where we operate under a Business Associate Agreement ("BAA"), your healthcare provider is responsible for obtaining any required consent or authorization under HIPAA or other applicable laws to permit Wrapped Health to process your information and send you transactional healthcare-related communications on their behalf. Wrapped Health does not independently obtain or manage patient consent for these messages; rather, we rely on the Provider's direction and authorization as permitted under HIPAA.

3.3 Service and Administrative Emails

We may also send non-promotional emails such as:

  • Order confirmations and receipts.
  • Important service updates or changes to this Privacy Policy or our Terms of Service.
  • Support responses and operational notices.

You may manage certain email preferences, but we may still send emails that are necessary to provide the Services (e.g., order confirmations).

4. How We Share Your Information

We may share information in the following ways:

4.1 Service Providers

We use trusted third-party vendors to operate and support the Services, such as:

  • Authentication: Clerk (identity and access management).
  • Database and storage: NeonTech and other infrastructure providers (encrypted data storage).
  • Communications: Twilio (SMS delivery), SendGrid or similar providers (email delivery).
  • Search: Algolia or similar tools (product search functionality).
  • Payments and commerce orchestration: Shoppable or other payment processors and commerce partners.
  • Address validation and maps: Google Places API or similar.
  • Hosting and deployment: Vercel or similar hosting platforms.
  • EHR integration: Athenahealth and other EHR or health IT partners, where enabled.

These service providers are authorized to process personal information only as necessary to provide services to Wrapped Health and are subject to appropriate contractual and security obligations.

4.2 Retail Partners

When you place an order, we share necessary order and shipping information with retail fulfillment partners (such as Walmart, Target, CVS, Walgreens, or others) so they can process, ship, and deliver your order, and handle returns or customer service related to that order.

4.3 Healthcare Providers

We may share limited order-related information with the Provider who sent you the product recommendation (for example, confirmation that you viewed or completed an order) to support care coordination and follow-up.

4.4 Legal and Safety

We may disclose information if we believe in good faith that such disclosure is:

  • Required by law, regulation, subpoena, or other legal process.
  • Necessary to protect the rights, property, or safety of Wrapped Health, our users, or others.
  • Necessary to detect, prevent, or address fraud, security, or technical issues.

4.5 Business Transfers

In the event of a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

5. HIPAA, PHI, and "PHI-Light" Processing

Wrapped Health is designed to operate in a PHI-light manner, limiting the health-related information we store to what is reasonably necessary to support provider-to-patient product recommendations and related transactions.

In certain configurations and relationships with Providers that are subject to the Health Insurance Portability and Accountability Act ("HIPAA"), Wrapped Health may act as a "Business Associate":

  • Where applicable, we will enter into Business Associate Agreements ("BAAs") with covered entities or other parties, as required by law.
  • In those cases, we will handle Protected Health Information ("PHI") in accordance with HIPAA, our BAAs, and this Privacy Policy.

Regardless of whether HIPAA applies in a specific instance, we implement administrative, technical, and physical safeguards designed to protect health-related information, including:

  • Encryption of data in transit and at rest.
  • Access controls and least-privilege principles.
  • Logging and monitoring of access to sensitive systems.

6. Data Security

We take reasonable and appropriate measures to protect your information, including:

  • Encryption: Using modern encryption protocols (e.g., TLS for data in transit; strong encryption for data at rest).
  • Access controls: Limiting access to personal information to personnel with a legitimate business need.
  • Authentication and session security: Secure login processes and expiring sessions for user access.
  • Monitoring: Security monitoring, logging, and periodic reviews of systems and access.

However, no system can be guaranteed to be completely secure. You use the Services at your own risk, and we encourage you to take appropriate steps to protect your own information.

7. Data Retention

We retain personal information for as long as reasonably necessary to:

  • Provide the Services to Providers and Patients.
  • Fulfill the purposes described in this Privacy Policy.
  • Comply with legal, regulatory, or accounting requirements.
  • Resolve disputes and enforce our agreements.

Examples:

  • Provider account data is retained for the duration of the Provider's relationship with us and for a reasonable period thereafter.
  • Patient checkout sessions are time-limited; while link access may expire after a set period, order records and related logs may be retained longer for compliance, support, and audit purposes.

When information is no longer needed, we may anonymize, aggregate, or securely delete it.

8. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, which may include:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal or contractual retention requirements.
  • Restriction or objection: Request that we limit or cease certain processing activities, where applicable.
  • Opt-out of marketing: If we send marketing communications in the future, you will be able to opt out at any time via the unsubscribe link or by contacting us.

To exercise these rights, please contact us at privacy@getwrappedhealth.com. We may need to verify your identity before fulfilling certain requests.

9. Children's Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete such information. If you believe we may have collected information from a child under 13, please contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we may provide additional notice (such as by email or through the Services). We encourage you to review this Privacy Policy periodically to stay informed about our practices.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Wrapped Technologies, Inc.

Email: hello@getwrappedhealth.com

Website: getwrappedhealth.com