Privacy Policy

This Privacy Policy explains how Nexi Health (Tiesenga Surgical Associates, S.C.), doing business as TryNexi, collects, uses, discloses, and safeguards personal information obtained through our website TryNexi.com and related services (collectively, the “Site” or “Services”). We are committed to protecting your privacy and complying with applicable data protection and privacy laws. By using the TryNexi website or Services, you agree to the collection and use of information in accordance with this Privacy Policy. Terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

Scope

This Privacy Policy applies to personal information we collect through the TryNexi website and Services for general purposes. However, note that health and medical information you provide for purposes of obtaining medical care via TryNexi may be subject to the Health Insurance Portability and Accountability Act (HIPAA) and state health privacy laws. In those cases, our Notice of Privacy Practices (NPP) (provided to patients) will govern how we use and disclose your Protected Health Information (PHI). If any terms in this Privacy Policy conflict with the NPP regarding PHI, the NPP will prevail. This Privacy Policy primarily addresses non-PHI and website usage data.

1. Information We Collect

We collect several types of information from or about users of our Site and Services, including:

• Personal Identifiers: Information that identifies you or can be used to contact you, such as your name, email address, telephone number, mailing address, date of birth, login username, and password. We collect these when you register for an account, fill out forms on our Site, or communicate with us.
• Health and Medical Information: When you seek telemedicine services through TryNexi, we will collect information about your health condition, medical history, medications, allergies, lab results, and other health-related information that you provide to us or that we obtain in the course of your care. This may include intake questionnaire responses, symptoms, treatment history, and any files or images you upload. This information is necessary for our providers to evaluate and treat you and is considered sensitive. (As noted, health information that constitutes PHI is handled in accordance with HIPAA and our NPP.)
• Payment Information: If you make payments for our Services, you will provide payment details such as credit or debit card information and billing address. We do not store full credit card numbers on our servers; instead, we use a secure third-party payment processor (Authorize.Net) to handle transactions. The payment processor will receive your card number and other billing information to process payments on our behalf. We may store a payment token or record of your transaction (but not the full card number) for billing and accounting purposes.
• Technical and Usage Data: When you use our Site, we automatically collect certain information about your device and usage of the site. This includes your IP address, browser type, device type, operating system, referring website, pages viewed, links clicked, and the dates/times of access. We may use cookies, web beacons, and similar tracking technologies to gather this information. (See Cookies and Tracking below for more details.)
• Communications: If you contact us via email, chat, phone or through our Site (e.g., contact forms or messaging features), we will collect the information you provide in your communications. This may include inquiries, feedback, or other details you share. We may also keep records of any communications between you and your TryNexi healthcare providers via our platform.
• Geolocation: We do not continuously track your precise geolocation, but in order to verify you are in Illinois (as required for service eligibility), we may request or infer location information (such as your IP address location or a one-time device geolocation check with your consent). This is solely to ensure compliance with state law and will not be used to track your movements beyond confirming you are within Illinois when receiving services.

We collect information either directly from you (for example, when you fill out forms or enter information on the Site) or automatically through technology as you navigate the Site. In some cases, we may receive information about you from third parties – for instance, if a pharmacy or lab sends us results or updates related to a service we are providing you, or if we receive information from an identity verification service or marketing partner.

2. How We Use Your Information

TryNexi uses the collected information for purposes consistent with providing you with quality telehealth services and running our business. The primary uses include:

• To Provide and Manage Services: We use your personal and health information to deliver telemedicine services – for example, to create and manage your user account, to connect you with our licensed providers, to review your health data and enable our providers to evaluate and treat you, to issue prescriptions or orders, and to facilitate scheduling and follow-ups. Your information allows us to personalize the care you receive and make informed medical decisions.
• For Communication: We use your contact information (email, phone number) to communicate with you about appointments, health inquiries, treatment plans, refills, and administrative matters. We may send you service-related announcements or alerts (e.g., appointment reminders, lab result notifications, changes in our terms or policies). We may also respond to your support requests or feedback. With your consent, we may send occasional marketing or promotional communications about new services or wellness tips, but you will have the ability to opt out of such communications (see Your Choices below).
• Payment Processing: We use payment information to process transactions for telehealth consultations or related services you purchase. For example, we transmit your billing details to our payment processor (Authorize.Net) to charge your credit card and we keep records of payments for accounting, auditing, and tax purposes. If you are on a subscription or installment plan, we use your information to bill you at the agreed intervals.
• Improve and Customize Services: We may use usage data and feedback to understand how our Site and Services are being used and to improve them. For instance, we might analyze usage patterns to troubleshoot technical issues, optimize our user interface, or develop new features. We might also use de-identified or aggregated data (which no longer identifies you personally) for internal research, analytics, and product development to enhance our telehealth offerings.
• Safety and Legal Compliance: We may use your information as necessary to comply with applicable laws and regulations (for example, to maintain proper medical records, fulfill reporting obligations to health authorities, or respond to lawful requests by public authorities). We also use information to enforce our Terms of Service, to detect and prevent fraud, abuse, or security incidents, and to protect the rights, property, or safety of our users, patients, staff, or the public. For example, if we suspect that someone is attempting to use our Service improperly (such as a minor misrepresenting their age, or someone seeking medication for illicit use), we may use data to investigate and take appropriate action.
• Other Purposes: If we seek to use your information for any purpose not described in this Policy, we will obtain your consent where required or ensure the use is compatible with the purposes listed above. We will not use your personal information in ways that are not reasonably related to the purposes for which it was collected, unless required or allowed by law.

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect technical and usage information, to personalize your experience, and to improve our Site functionality. Cookies are small text files stored on your device which help us remember your preferences and recognize you upon return visits. For example, we use cookies to keep you logged in during a session, to remember your preferences (like language or font size), and to gather analytics data about how users navigate our site.

The types of cookies we may use include:

• Essential Cookies: Necessary for the website to function properly (e.g., to maintain your login session or shopping cart if applicable). Without these, certain features may not work.
• Analytics Cookies: We use these to collect information about site usage and performance. For instance, we use Umami analytics or similar services to understand which pages are popular, how users move through the site, and if they encounter errors. This helps us improve design and content. The information collected is generally aggregated and does not directly identify individuals. Umami analytics may set its own cookies; we ensure no sensitive health identifiers are sent to analytics tools.
• Preference Cookies: Remember choices and settings to provide a more personalized experience (e.g., remembering you have already completed a certain onboarding step so we don’t show it again).
• Security Cookies: Help ensure security, e.g., by authenticating users and protecting against fraudulent logins.

If we ever use advertising or social media cookies (for instance, to track the effectiveness of our marketing campaigns on platforms like Facebook or Google), we will update this policy accordingly. Currently, our focus is on providing healthcare services and we do not host third-party ads on our site.

Cookie Choices: You can control or delete cookies through your browser settings. Most web browsers automatically accept cookies, but you can modify settings to decline cookies or to prompt you each time a cookie is offered. Note that disabling certain cookies (especially essential cookies) may affect the functionality of our Service. For more information on managing cookies, refer to your browser’s help documentation. Additionally, Umami analytics offers an opt-out browser add-on if you wish to prevent your data from being used by Umami analytics across all websites.

We may also use other tracking technologies like web beacons (small graphic images in emails or on pages that track view counts) to know if you’ve opened an email or viewed a page, which helps us measure communication effectiveness. These can usually be controlled by deleting the associated email or opting out of communications.

4. Disclosure of Your Information

We do not sell your personal information to third parties for their own commercial uses. We share your information only in the following circumstances, as needed to provide our Services or as required by law:

• With Healthcare Providers: Your health and personal information will be shared with the licensed clinicians (doctors, nurse practitioners, etc.) who provide telemedicine services through TryNexi. Those providers need access to your information to evaluate your condition, provide medical advice, prescribe medications, or follow up on your care. All such providers are obligated to maintain the confidentiality of your information as healthcare professionals.
• Within Our Organization: Your information may be accessed by authorized personnel within Nexi Health (Tiesenga Surgical Associates, S.C.) who need it to perform their duties. For example, our medical staff, care coordinators, and support staff may access data to coordinate appointments, process payments, or assist with customer service. Access is given on a need-to-know basis and all staff are bound by confidentiality obligations.
• Service Providers (Processors): We share information with third-party service providers and business partners who perform services on our behalf. These include, for example:
  • Payment processors: as noted, Authorize.Net will receive payment card details to process transactions securely.
  • Cloud hosting and IT providers: companies that provide data storage, web hosting, or IT support for our platform.
  • Telehealth technology vendors: if we use a third-party video conferencing platform or electronic health record system, those vendors will process information as needed to facilitate your consultation and record-keeping.
  • Pharmacies and Labs: If our provider issues a prescription for you, we will transmit the necessary info (identifiers, contact, and prescription details) to the pharmacy you choose or our partner pharmacy to fill the prescription. Similarly, if lab tests are ordered, we share necessary data with the lab company (e.g., your name, contact, test orders) and the lab will return results which become part of your record.
  • Analytics and email service providers: We may share limited data with analytics providers (like Google Analytics) or email communication services (for sending appointment reminders, newsletters, etc.). These providers are only allowed to use the data to provide services to us and are contractually prohibited from using it for other purposes.
  All our service providers are required to protect your information by appropriate security measures and to use it only for the purposes we specify. Where applicable (such as with certain health IT or cloud vendors), we enter into Business Associate Agreements (BAAs) to ensure they comply with HIPAA for PHI.
• Legal and Regulatory Compliance: We may disclose information about you if required to do so by law or legal process, or if we have a good‑faith belief that such disclosure is necessary to (i) comply with a legal obligation (such as a court order, subpoena, or investigation by regulatory authorities), (ii) protect and defend our rights or property, or the rights, property, or safety of our users, patients, or others, (iii) investigate or assist in preventing any violation of law or these Terms, including fraud or security issues, or (iv) respond to an emergency that we believe in good faith requires us to disclose information to assist in preventing a significant and imminent threat to health or safety.
• Corporate Transactions: In the event that Nexi Health (Tiesenga Surgical Associates, S.C.) is involved in a merger, acquisition, sale of assets, restructuring, bankruptcy, or other business transaction, your information (including personal data) may be transferred to the successor or affiliate as part of that transaction. We will ensure that any such entity is bound by privacy obligations at least as protective as those in this Policy, and we will provide notice to you before your personal data is transferred and becomes subject to a different privacy policy.
• With Your Consent: Apart from the cases above, we will share your personal information with third parties only with your explicit consent. For example, if you wanted us to share your medical information with your primary care physician or a family member, we would do so only with your written authorization as required by law.

Importantly, we do not disclose or sell any personal information to third parties for their direct marketing purposes, and in the past 12 months we have not sold personal information. Therefore, we do not include a “Do Not Sell My Personal Information” link on our Site, as it is not applicable. If our practices change in the future, we will update this Policy and provide opt-out mechanisms as required by law.

Additionally, if we ever need to share de-identified or aggregated data (which cannot reasonably be used to identify you) – for example, publishing a health trend or statistic – we may do so, as such data is not personally identifiable and not subject to the same restrictions.

5. Data Security

We implement reasonable and appropriate security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. This includes administrative, technical, and physical safeguards. For instance, we use encryption technology (HTTPS/TLS) to secure data transmitted between your browser and our servers. Sensitive data such as medical information and personal identifiers are stored in secure systems with access controls. We limit access to personal data only to those employees and service providers who need it to perform their job duties, and they are bound by confidentiality obligations.

Our payment processor (Authorize.Net) is PCI-DSS compliant and uses industry‑standard encryption and security protocols to protect your payment information. We do not store full credit card numbers on any TryNexi systems to further reduce risk.

Despite our efforts, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. Cyber threats evolve quickly, and although we monitor and update our security measures regularly, there is always a residual risk of a data breach. You can help protect your data by using strong passwords, keeping your login credentials confidential, and notifying us immediately if you suspect any unauthorized access to your account.

In the unfortunate event of a data breach that affects your personal information, we will promptly notify you in accordance with applicable laws and regulations, and take necessary steps to mitigate any harm.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For example:

• Healthcare records (including telehealth consultation records, medical histories, and prescriptions) are typically kept for a minimum period as required by Illinois state law or other applicable regulations (often at least 7 years for adult medical records, or longer if mandated). This retention is to ensure continuity of care and legal compliance.
• Account information (such as your profile data and contact details) will be kept for as long as your account is active and as needed to provide you services. If you choose to close your account, we may retain certain information as necessary to comply with legal obligations (e.g., retaining transaction records for financial auditing), resolve disputes, enforce our agreements, or as otherwise required by law. Any retained data will remain subject to the protections of this Privacy Policy.
• If data has been de-identified or aggregated so that it is no longer personally identifiable, we may retain such information for analytic or research purposes without time limitation, to help us improve our services.

When we no longer have a legitimate need or legal obligation to retain your personal information, we will securely dispose of it or anonymize it in accordance with our data retention and deletion policies.

7. Your Rights and Choices

Account Information: You may access, correct, or update certain personal account information at any time by logging into your TryNexi account and editing your profile. It is your responsibility to keep your personal details accurate. If you need assistance updating information, you can contact us using the information in the Contact section below.

Communication Preferences: You can opt out of non-essential communications from us. For instance, if you have subscribed to a marketing newsletter or promotional emails, you can unsubscribe using the link provided in those emails or by contacting us. Please note that even if you opt out of marketing messages, we may still send you transactional or service-related communications (such as appointment confirmations, reminders, or administrative notices) as these are necessary for the Services.

Do Not Track: Some browsers offer a “Do Not Track” (DNT) feature. At this time, our website does not respond to DNT signals due to lack of an industry standard. However, you can manage tracking (like cookies) through your browser settings as described in the Cookies section.

California Privacy Rights: If you are a resident of California, you have certain rights under the California Consumer Privacy Act (CCPA) and other state laws. These may include the right to know what personal information we have collected about you in the past 12 months, the right to request deletion of your personal information (subject to exceptions), the right to opt-out of the sale of your personal information (as noted, we do not sell personal data), and the right not to be discriminated against for exercising these rights. To exercise any applicable rights, you (or an authorized agent acting on your behalf) may contact us as described below. We will verify your identity (or authority of your agent) before fulfilling the request. Please note that certain information cannot be deleted if it is still needed for the purposes it was collected or if retention is required by law (for example, we cannot delete your medical records prematurely due to legal retention obligations). We will respond to verifiable requests within the timeframes required by law.

Other State-Specific Rights: Residents of some states (e.g., Nevada) may have the right to opt out of future sale of personal information. Again, while we currently do not sell data, Nevada residents can send an opt-out request to us and we will record it as per state law. If you are a resident of a state with additional privacy rights (such as Virginia, Colorado, etc. with new privacy laws), you may contact us to exercise those rights and we will honor them as applicable.

HIPAA Rights: If you become a patient, your Protected Health Information (PHI) is governed by HIPAA. Under HIPAA, you have rights to access your health records, request amendments to incorrect information, obtain an accounting of certain disclosures of PHI, and more. These rights are detailed in our Notice of Privacy Practices. For example, you can request a copy of your medical consultation notes or lab results by contacting us. We may require such requests in writing and may charge a reasonable fee for copies as permitted by law. If you have any questions or wish to exercise your HIPAA rights, please reach out to us (see Contact section).

European Union (GDPR) Notice: TryNexi is focused on serving Illinois, USA, and does not actively offer services to individuals in the European Union. However, if you are accessing our Site from the EU or European Economic Area (EEA), be aware that any personal data you provide will be transferred to and processed in the United States. By using our Site or providing information, you consent to the transfer of your data to the U.S. (which may have different data protection rules than your country). We will handle your information in accordance with this Privacy Policy. If you are an EU/EEA data subject, you may have additional rights under the General Data Protection Regulation (GDPR), such as the right to access, rectify, or erase your data, or object to or restrict processing. You also have the right to lodge a complaint with a supervisory authority. To exercise any GDPR rights, please contact us. However, please note that our Services are not intended for use outside the U.S., and by using them you acknowledge that your data will be handled as described here.

Exercising Your Rights: To exercise any privacy rights or make requests regarding your personal information, please contact us at the email or mailing address provided in the Contact section. We will need to verify your identity (and/or authority if you are an agent) to a reasonable degree of certainty before fulfilling certain requests (for instance, by confirming information that we have on file). Verification is to protect your privacy and security. We will respond to your request as required by applicable law.

8. Children’s Privacy

TryNexi does not knowingly collect personal information from children under the age of 13. Our website and telehealth Services are not directed to minors under 18, and per our Terms of Service, individuals under 18 should not use TryNexi without parental consent or at all (we only treat adults in most cases). If you are a parent or guardian and believe that a child under 13 may have provided personal information to us (for example, by fraudulently misrepresenting their age), please contact us immediately. We will take steps to delete such information and terminate the child’s account if we learn that we have collected data from a child under 13 without verifiable parental consent.

9. International Users

As mentioned, TryNexi is intended for users in the United States, specifically in Illinois. If you are accessing the Site from outside the U.S., be aware that you are sending information (including personal data) to the United States where our servers and central database are located. That information may be transferred within the U.S. or back out of the U.S. to other countries (for example, to a cloud provider’s data center) depending on the type of information and how it is stored. The U.S. and other countries to which we transfer data may not have the same data protection laws as your jurisdiction. By providing your information, you consent to any transfer and processing in accordance with this Privacy Policy. We will take all steps reasonably necessary to ensure your data is treated securely, but if you are in a jurisdiction like the EU, please understand that the legal safeguards might differ from your home country.

If you are in a country embargoed by the U.S. or on certain restricted lists, you may not be permitted to use our Services. It is your responsibility to ensure your use of TryNexi complies with your local laws.

10. Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will post the updated policy on this page with a new “Last Updated” date at the top. If changes are significant, we may also notify you by email or through a notice on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the TryNexi Site or Services after any update constitutes your acceptance of the changes. If you do not agree with the revised policy, you should discontinue use of the Site and Services and may request us to delete your account data as permitted (subject to legal retention requirements).

11. Contact Us

By using TryNexi’s website and Services, you acknowledge that you have read and understand this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein. If you do not agree, please do not provide personal information or use the Services.