Privacy Policy

Last updated: April 3, 2026

🔒 HIPAA Compliant — Your health data is protected by federal law

Virile.ai ("we," "us," or "our") is committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy describes how we collect, use, store, and protect your personal and health information when you use our platform.

1. Information We Collect

We collect the following categories of information to provide our telehealth services:

Account information: Name, email address, password, and state of residence
Health intake information: Age, height, weight, medical conditions, current medications, symptom history, and treatment preferences
Biometric data: BMI calculations derived from height and weight inputs
Payment information: Processed securely by our payment provider (Stripe); we do not store card numbers
Usage data: Pages visited, time on site, and form interactions (anonymized)

2. How Your Information Is Protected

We implement industry-standard and HIPAA-required safeguards to protect your Protected Health Information (PHI):

Encryption at rest: All health data is stored in encrypted databases
Encryption in transit: All data transmitted uses TLS 1.2+ (HTTPS)
Access controls: Role-based access ensures only authorized personnel can view PHI
Minimum necessary standard: We access only the data required to provide care
Audit logs: All access to health records is logged and monitored
Business Associate Agreements (BAAs): All third-party vendors handling PHI sign BAAs

3. Who Sees Your Information

Your health information is shared only in the following circumstances:

Licensed physicians: Your intake form responses and health profile are shared with the reviewing physician for treatment decisions
Licensed pharmacies: Prescription details are shared with our pharmacy partners for dispensing
Required by law: We may disclose information as required by applicable law, court order, or government authority
Emergency situations: To prevent serious harm to you or others

We do not sell, rent, or trade your personal or health information to advertisers, marketers, or data brokers. Ever.

4. How We Use Your Information

To create and manage your account
To facilitate physician consultations and treatment plans
To process prescriptions and coordinate pharmacy fulfillment
To send treatment-related communications and refill reminders
To improve our AI intake system (using de-identified, aggregated data only)
To comply with legal and regulatory obligations

5. Data Retention

We retain your health records for a minimum of 7 years from the date of last service, as required by applicable state and federal regulations. Account information is retained for as long as your account remains active, plus 2 years following closure. You may request deletion of non-health account data at any time by contacting us.

6. Your Rights

Under HIPAA and applicable law, you have the right to:

Access your health records and request copies
Request corrections to inaccurate health information
Request an accounting of disclosures of your PHI
Request restrictions on certain uses and disclosures
Receive a Notice of Privacy Practices
File a complaint with the U.S. Department of Health and Human Services

7. Cookies and Tracking

We use essential cookies to maintain your session and provide the service. We do not use third-party advertising cookies or tracking pixels on any page containing health information.

8. Children's Privacy

Our services are intended for adults 18 years of age and older. We do not knowingly collect information from minors. If we learn we have collected data from a minor, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting an updated version on this page with a new "Last updated" date.

10. Contact Us

For privacy questions, to exercise your rights, or to file a complaint regarding your health information, please contact our Privacy Officer:

Email: [email protected]
Subject line: "Privacy Request — [Your Name]"

We will respond to all privacy requests within 30 days.