This Privacy Policy explains how WYNTON LLC, doing business as Zepym (“Zepym,” “we,” “us”), collects, uses, discloses, and protects information through our website, mobile experiences, and related services. Information that constitutes Protected Health Information (PHI) created or maintained by the Affiliated Medical Group is governed primarily by our HIPAA Notice of Privacy Practices; this Policy governs all other information.
This Policy applies to information collected through the Zepym platform. It does not apply to information collected by third parties (including independent Clinicians, Pharmacy Partners, and laboratories) that operate under their own privacy practices, except where they act as our business associate under HIPAA.
Account & identity data: name, email address, mailing address, date of birth, phone number, government-issued ID where required.
Health information: intake responses, medical history, medications, allergies, photos you upload, weight and biometric data, and messages with your care team. To the extent this is PHI held by the Affiliated Medical Group, it is governed by our HIPAA Notice.
Payment data: billing address and payment-card data, processed by our PCI-DSS compliant payment processor; we do not store full card numbers on our servers.
Device & usage data: IP address, browser type, device identifiers, pages viewed, referring URL, timestamps, and similar diagnostic data.
Communications: records of messages, calls, and support tickets you initiate with us.
We collect information directly from you (during sign-up, intake, and use of the Service), automatically through your device, and from third parties such as identity-verification services, pharmacy partners, laboratories, and analytics providers.
We use information to: (a) operate and maintain the Service; (b) facilitate clinical care, prescriptions, and pharmacy fulfillment; (c) process payments and prevent fraud; (d) communicate with you about your account, treatment, and the Service; (e) comply with legal obligations and respond to lawful requests; (f) monitor, improve, and develop the Service; and (g) with your consent, send marketing communications, which you may opt out of at any time.
Affiliated Medical Group & Clinicians. To enable your care.
Pharmacy Partners & laboratories. To fulfill prescriptions and process test results.
Service providers. Hosting, analytics, payment processing, customer support, shipping, and similar vendors that act on our behalf under written contracts requiring confidentiality and, where applicable, HIPAA business-associate terms.
Legal & safety. When required by law, subpoena, or to protect the rights, safety, or property of Zepym, our users, or others.
Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality protections.
With your consent. For any other purpose disclosed at the time of collection.
We do not sell your personal information or PHI for monetary consideration. We do not share PHI for marketing purposes without your authorization. Some analytics and advertising cookies may constitute “sharing” under California law; you may opt out via the controls in Section 7 and Section 12.
We use cookies, pixels, and similar technologies for authentication, security, analytics, and product improvement. You can control cookies through your browser settings. Disabling some cookies may impair functionality. We honor Global Privacy Control (GPC) signals as a request to opt out of sharing for cross-context behavioral advertising, where applicable.
We retain information for as long as needed to provide the Service, comply with our legal obligations (including state-law medical-record retention requirements, which may be seven years or longer), resolve disputes, and enforce our agreements. When information is no longer required, we delete or de-identify it.
We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, logging, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security. Notify us at security@zepym.health of any suspected breach.
The Service is not directed to children under 18 and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact privacy@zepym.health and we will delete it.
Subject to applicable law, you may request to: (a) access the personal information we hold about you; (b) correct inaccurate information; (c) delete information; (d) restrict or object to certain processing; (e) receive a portable copy; and (f) opt out of marketing. Rights regarding PHI are described in our HIPAA Notice.
To exercise these rights, email privacy@zepym.health. We will verify your identity and respond within the timeframes required by applicable law. You may use an authorized agent to submit a request on your behalf with written authorization.
California (CCPA/CPRA). California residents have the rights described in Section 11 plus the right to know the categories of personal information collected and the purposes of use; the right to limit use of sensitive personal information; and the right to non-discrimination for exercising these rights.
Virginia, Colorado, Connecticut, Utah, Texas, and similar states. Residents of states with comprehensive privacy laws have the right to access, correct, delete, port, and opt out of targeted advertising, sale of personal data, and certain profiling decisions, subject to the limits of each statute. Appeals: if we deny your request, you may appeal at privacy@zepym.health.
Florida. Florida residents may exercise rights under the Florida Digital Bill of Rights to the extent applicable.
Washington & Nevada. Residents may exercise rights under the My Health My Data Act and Nevada SB 370, respectively, with respect to consumer health data.
Our Service does not respond to browser “Do Not Track” signals at this time. We honor Global Privacy Control signals as described in Section 7.
The Service is intended for users in the United States. If you access the Service from outside the U.S., you understand that your information will be processed in the U.S., which may have different data-protection laws than your country of residence.
We may update this Policy. Material changes will be communicated by email or in-app notice. The “Effective Date” above reflects the most recent update.
WYNTON LLC d/b/a Zepym — Privacy Office
+1 (877) 959-3796
privacy@zepym.health