Skip to content

Privacy Policy

Last updated: May 29, 2026

Wrapped Technologies, Inc. ("Wrapped Health," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites, applications, and services (collectively, the "Services"). By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Definitions

For purposes of this Privacy Policy, the following terms shall have the following meanings:

"Fulfillment Partner" means a third party retailer with whom a Patient may choose to place an order for a Retail Health Product recommended by their Provider.

"HIPAA" means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended by the Health Information Technology for Economic and Clinical Health Act, 42 U.S.C. § 17931, and all regulations promulgated thereunder, 45 C.F.R. Parts 160 through 164 (collectively, and as modified from time to time).

"Patients" means any individual person within the United States who has a bona fide clinical relationship with a Provider and has consented to such Provider's use of the Platform to communicate certain information regarding Retail Health Products.

"Platform" means Wrapped Health's proprietary virtual platform that is intended to facilitate Providers' efficient selection, compilation and communication of Retail Health Product recommendations to Patients physically located throughout the United States.

"Providers" means those individual providers (or their authorized agents) who agree to use the Platform Services pursuant to the Terms of Service or any providers (or their authorized agents) using the Platform Services under an enterprise agreement.

"Retail Health Product" means an over-the-counter retail health product that is purchased directly by a consumer without a prescription from a healthcare provider.

Platform Services

When using the Platform, Providers may provide us with different types of information, including personal information of both Providers and Patients, other information that a Provider chooses to share with us, and information that the Provider permits their device to share with us. By using or accessing the Platform, a Provider may also provide us with additional information about the Provider that facilitates use of the Platform or ensures the privacy and security of information available through the Platform. We may use personal information provided to us through the Platform when we interact with Providers and Patients and in order to provide the Platform Services. When Providers use our Platform, we may collect:

  • Account information: name, email address, practice name, role, and related registration details.
  • Authentication data: information processed through our identity provider to manage logins and account security.
  • Usage and configuration data: product recommendation history, saved templates, catalog configurations, and other workflow preferences.
  • Technical and interaction data: log data related to how Providers use the Platform (e.g., access times, clicks, feature usage).
  • Communications: messages, SMS, email.
  • Billing Data
  • Customer Data: data input into the Platform by a Provider, which may include Protected Health Information and other identifiable information about Patients

We use trusted third-party vendors to help operate and support the Platform, such as:

  • Authentication and identity management
  • Cloud hosting, infrastructure, and data storage
  • Database services
  • SMS and email delivery
  • Product search functionality
  • Retail fulfillment, commerce, and payment orchestration
  • Address validation and mapping
  • EHR and health IT integration, where enabled
  • Analytics and product improvement

Please note that we may update our third-party vendors supporting the Platform from time to time. You may request a list of our current third-party partners providing support for the Platform at any time by contacting us via email.

We may collect, transmit and process Protected Health Information as a Business Associate on behalf of Providers in our provision of the Platform Services. We comply with HIPAA whenever we are processing, storing, transmitting or maintaining any Protected Health Information. We enter into an appropriate Business Associate Agreement with Providers to govern our activities on their behalf involving any Protected Health Information. We also require our third-party vendors to enter into appropriate Business Associate Agreements where their services in connection with the Platform will involve the transmission, storage, maintenance or processing of Protected Health Information.

We may store and process any information that you enter into the Platform together with other information we hold about you or independently as a user of the Platform. It is completely optional for you to use the Platform and to provide us information through the Platform. We may use information provided to us through the Platform to: (a) provide and operate the Platform; (b) facilitate scheduling, billing, and communications; (c) improve and secure the Platform; (d) comply with legal obligations; and (e) create de-identified or aggregated data for our internal use.

With respect to payment card information of Providers using our Platform Services, we use third-party payment processors to process payment card information and such payment card information is not stored in full by Wrapped Health.

Wrapped Health may send non-promotional emails in connection with the Platform Services such as:

  • Order confirmations and receipts.
  • Important updates or changes regarding the Services.
  • Amendments to this Privacy Policy or our Terms of Service.
  • Support responses and operational notices.

You may manage certain email preferences, but we may still send emails that are necessary to provide the Platform Services.

Provider-Initiated Messages to Patients

Providers may use the Platform to send Patients transactional messages containing the Provider's recommendations about certain Retail Health Products, including purchase links and related updates. Providers are responsible for obtaining appropriate consent from their Patients before communicating with such Patients through the Platform. Wrapped Health does not independently obtain or manage consent from Patients for messaging enabled by the Platform and relies on the Provider's direction and authorization to communicate with the Patient as permitted by HIPAA and applicable laws. By receiving a communication initiated by the Provider through the Platform, the Patient acknowledges that your Provider has obtained your consent to receive communications in this manner. Wrapped Health does not send any messages to Patients outside of those communications initiated by and sent on behalf of a Provider through the Platform. Message frequency varies. Message and data rates may apply to communications facilitated through the Platform. We may facilitate limited follow up messages to Patients as necessary based on a Provider's Retail Health Product recommendations or in connection with a checkout session.

Messages sent through the Platform to Patients:

  • Are delivered on behalf of a Provider and contain the Retail Health Product recommendations of that Provider.
  • May contain one or more links to the Retail Health Products recommended by a Provider.
  • May include information necessary to access or complete your order.
  • May require additional identity verification by the Patient (e.g., entering a birthdate to access message content)
  • Are solely for the purpose of facilitating communication of Retail Health Product recommendations from a Provider and connecting Patients to potential Fulfillment Partners for ordering of such Retail Health Products. We do not send general marketing or promotional campaigns to Patients.
  • Do not constitute medical advice, diagnosis, or treatment.

When Patients receive information about Retail Health Products from their Provider through the Platform, we may collect:

  • Patient Contact information: name, email address, phone number, and shipping address.
  • Order and transaction information: products viewed or purchased, order status, and related transactional details.
  • Limited context: non-prescription product recommendation context as provided or initiated by the Provider (e.g., general indication or category such as "post-op knee support" or "dry skin care," where applicable).

When Patients place an order, we share necessary order and shipping information with our Fulfillment Partners so they can process, ship, and deliver your order, and handle returns or customer service related to that order. We may also share limited order-related information with the Provider who sent the Retail Health Product recommendation (for example, confirmation that a Patient viewed or completed an order) to support care coordination and follow-up. We do not collect any payment card information of Patients when communicating information about a Provider's recommended Retail Health Products. All payments made by Patients for orders placed with a Fulfillment Partner are processed by the Fulfillment Partner. Patients should reach out to the Fulfillment Partner with any questions regarding how the Fulfillment Partner processes their information.

Patients may opt out of receiving communications through the Platform at any time by following the unsubscribe link at the bottom of any email facilitated through the Platform. Patients may opt out of SMS messages at any time by replying:

  • "STOP" to unsubscribe; or
  • "HELP" for assistance.

After a Patient chooses to unsubscribe from email, we may send a single follow up email to confirm the Patient's choice to unsubscribe. After a Patient sends "STOP," we may send a one-time confirmation message to acknowledge the opt-out. After these one-time confirmation messages (whether by email or SMS), we will cease sending the applicable form of communication (whether email or SMS) unless and until the Patient provides consent at a future time to receive such communications facilitated through the Platform. Patients may opt out of receiving emails, SMS messages, or both at any time. Patients who do not wish to receive any communications through the Platform should also notify their Provider of this decision.

Automatically Collected Information

When anyone accesses or uses the Services, including access to our website, we may automatically collect:

  • Device information: browser type, operating system, device identifiers.
  • Log data: IP address, access times, pages viewed, referring URLs, error logs.
  • Analytics data: information about how you interact with our site and platform, such as feature usage and navigation patterns, via analytics tools.

Use of Third Party Analytics, Advertising and Tracking Technologies

We may use third-party advertising, analytics, and tracking technologies (such as cookies, pixels, and similar tools) to: (a) understand how you interact with the Services; (b) improve the functionality and user experience; and (c) deliver advertisements, including personalized or interest-based advertisements. These technologies may collect information such as device identifiers, browsing activity, and interactions with the Services over time and across different websites or services. To the extent such activities are considered "targeted advertising," "sharing," or similar regulated processing under applicable law, you may have the right to opt out of such processing. You can manage preferences through the browser settings, device settings, or by contacting us at the email listed in our privacy@getwrappedhealth.com.

We do not sell personal information for monetary consideration. However, certain uses of cookies, analytics, or advertising technologies may be considered a "sale," "sharing," or "targeted advertising" under applicable law. Where required by law, you may opt out of such processing by contacting us or using available preference controls.

Disclosures related to Legal, Safety and Business Transfers

We may share the information you provide through the Services, including personal information of Providers and Patients, to the extent required by law, regulation, subpoena or other valid legal process or to the extent necessary to protect the rights, property or safety of Wrapped Health, our users or others.

We may share information you provide through the Services as necessary to detect, prevent or address fraud, security of technical issues in connection with the Services.

In the event of a merger, acquisition, financing, reorganization, or sale of assets undertaken by Wrapped Health, personal information may be transferred as part of that transaction, subject to appropriate confidentiality protections and in accordance with applicable laws.

Additionally, we may retain information collected from Providers, Patients and other users of the Services as long as necessary to provide the Services, comply with our legal obligations, resolve any disputes, or maintain security and audit records.

Data Security

We take reasonable and appropriate measures to protect your information, including:

  • Encryption: Using modern encryption protocols (e.g., TLS for data in transit; strong encryption for data at rest).
  • Access controls: Limiting access to personal information to personnel with a legitimate business need.
  • Authentication and session security: Secure login processes and expiring sessions for user access.
  • Monitoring: Security monitoring, logging, and periodic reviews of systems and access.

However, no system can be guaranteed to be completely secure. You use the Services at your own risk, and we encourage you to take appropriate steps to protect your own information.

When Wrapped Health is performing functions as a Business Associate, we will also comply with any additional security measures required under the applicable Business Associate Agreement.

Data Retention

We retain personal information for as long as reasonably necessary to:

  • Provide the Platform Services to Providers and Patients.
  • Fulfill the purposes described in this Privacy Policy.
  • Comply with legal, regulatory, or accounting requirements.
  • Resolve disputes and enforce our agreements.

Examples:

  • Provider account data is retained for the duration of the Provider's relationship with us and for a reasonable period thereafter.
  • Patient checkout sessions are time-limited; while link access may expire after a set period, order records and related logs may be retained longer for compliance, support, and audit purposes.

When information is no longer needed, we may securely delete it in accordance with applicable law.

Additional Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, which may include:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal or contractual retention requirements.
  • Restriction or objection: Request that we limit or cease certain processing activities, where applicable.
  • Opt-out of marketing: If we send marketing communications in the future, you will be able to opt out at any time via the unsubscribe link or by contacting us.

To exercise these rights, please contact us at privacy@getwrappedhealth.com. We may need to verify your identity before fulfilling certain requests.

Questions

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: hello@getwrappedhealth.com

Website: getwrappedhealth.com