This Privacy Policy (this “Policy”) describes how CreoRx Solutions LLC, and other company names used by us and our affiliates (together, “CreoRx,” “we,” “us,” or “our”) handles and secures information we collect through our website www.creorx.com (the “CreoRx Website”) and through registered users of the CreoRx Solutions portal (collectively, our “Services”). For purposes of this Policy, “you” or “User” means the individual user of our Services and/or visitors to the CreoRx Website.
Please also review the Service’s End User License Agreement (“EULA”) and Terms and Conditions, which govern your use of the Services and are available at www.creorx.com. By using our Services, you consent to this Policy, our EULA, and our Terms and Conditions, and our collection, use, and sharing of your information as described below.
This Policy applies to CreoRx’s Sites and Services. It does not apply to personal data we process solely on behalf of our business customers as a service provider or business associate. For information on how our business customers process your data, please refer to their respective privacy policies.
If you do not agree to the terms of this Privacy Policy, please do not provide us with any personal information and do not use the Services.
Personal data is any information that relates to an identified or identifiable individual. We collect several types of personal data from and about users of our Services. In many cases, the personal data you provide will be apparent from the context in which you provide it:
We may combine personal data we receive from you with personal data we obtain from other sources, including:
Our Services gather information whenever you visit, log in, or otherwise interact with us. We use cookies, web beacons, server logs, and other tracking technologies (“Engagement Tools”) to collect the following:
We use these Engagement Tools to save user preferences, preserve session settings, authenticate users, analyze performance, improve the Services, communicate with you about your account, and carry out our legal obligations. Engagement Data may be combined with personal information, in which case we treat the combined information as personal information.
We may also work with third-party analytics providers, such as Google Analytics, to collect and analyze information about use of the Services. To opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout.
Session Replay: We may use third-party session replay tools to capture how users interact with our portal through behavioral metrics and session recordings in order to improve user experience. Data collected through session replay tools is handled in accordance with those providers’ privacy policies and is used solely to improve portal functionality.
SMS/Text Messaging: To the extent you have opted in to receive SMS communications from us or through our platform, your SMS opt-in data and consent will not be shared with any third parties for their own purposes.
You may control how certain Engagement Tools operate by modifying your browser or device settings. Most browsers allow you to refuse or delete cookies. Doing so may reduce the performance of certain Services. We do not currently respond to browser Do Not Track signals; however, we do honor opt-out preference signals such as the Global Privacy Control (GPC) where required by applicable law.
We collect the following categories of personal information about you:
We use personal and non-personal information for the following purposes:
We will not share personal information you submit except under the following circumstances:
We do not sell personally identifiable information. If we ever decide to sell personally identifiable information, we will provide you with notice and a right to opt out of such sale.
SMS opt-in data notice: Text messaging originator opt-in data and consent will not be shared with any third parties for their independent marketing or other purposes.
From time to time, we may request your consent in connection with the use or sharing of your information. Where you have opted in to uses or sharing not otherwise provided for in your User Agreement or this Policy, you will have the ability to withdraw your consent and opt out of such use or sharing going forward. In that event, we will refrain from the consented use or sharing, but we may not be able to require removal of information already shared with third-party recipients.
Some of our users — such as health care providers — are subject to laws and regulations governing the use and disclosure of health information, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), and the regulations adopted thereunder.
When we perform certain services on behalf of medical providers that require us to receive, use, disclose, transmit, or maintain individually identifiable health information protected by HIPAA, we are functioning as a “business associate” as defined by HIPAA. In those instances, we will protect the privacy and security of health information as set forth in the Business Associate Agreement (“BAA”) we enter into with the applicable health care provider or covered entity, and we will use and disclose health information only as permitted under HIPAA, the applicable BAA, and as authorized by the patient.
Under HIPAA, patients have a right to access and request amendment of their individually identifiable health information maintained by their health care providers. Such requests must be submitted directly to the health care provider, unless we receive different instructions. When acting as a business associate, we will work with health care providers to process patient requests for access, amendment, accounting of disclosures, and restrictions on use and disclosure.
We may also receive, access, use, disclose, transmit, and maintain individually identifiable health information when we are not functioning as a business associate — for example, when you sign an authorization permitting use and disclosure for purposes described in the authorization. In these instances, our use may be governed by applicable state medical privacy laws rather than HIPAA. We will take necessary steps to protect the privacy and security of information as required by applicable state law.
As described in our Terms and Conditions, patients may authorize the use of their medical information for marketing purposes in connection with the Services. Such marketing use is limited to communications related to CreoRx’s pharmacy lien services, pharmacy benefit programs, and related healthcare service offerings. We will not sell, rent, or lease patient medical information to unaffiliated third parties for their independent marketing purposes.
If you have authorized the use of your medical information for marketing purposes and wish to revoke that authorization, you may do so at any time by contacting us in writing at info@creorx.com. Revocation is effective prospectively only and will not affect any use or disclosure that occurred prior to our receipt of your revocation request. To the extent HIPAA applies, any marketing communications requiring patient authorization under HIPAA will comply with applicable HIPAA marketing authorization requirements.
Depending on where you live, you may have the following rights with respect to your personal data under applicable data protection laws:
To exercise any of these rights, you may:
You may also exercise opt-out rights by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). We will honor such signals to the extent required by applicable law. You will need to enable the signal in each browser or browser extension you use.
We must verify your identity before fulfilling your requests. If we cannot verify your identity, we may request additional information. If you are an authorized agent making a request on behalf of another person, we will also need to verify your identity, which may require proof of written authorization or a power of attorney.
We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing. We do not charge a fee to process or respond to requests unless they are excessive or repetitive. If we determine a request warrants a fee, we will inform you before completing it.
Non-Discrimination: We will not discriminate against you for exercising any privacy right described in this Policy. This means we will not deny goods or services to you, provide different prices or rates, or provide a different level or quality of services because you exercised a privacy right.
Appeal Process: If you are not satisfied with the resolution of your request and you are afforded a right to appeal such decision under applicable law, you will be notified of our appeal process in our response to your request.
You may also opt out of receiving marketing-related emails from us via the unsubscribe link in such emails. Please note that opting out of marketing emails does not affect transactional or account-related communications.
If you are a healthcare provider or healthcare-related service provider who has entered into a User Agreement with us, your contact and directory information may be listed in one or more of our professional directories.
Our Services can be used to facilitate communications between users, including appointment requests, appointment reminders, case-related information, and prescription transmissions. You should be aware that this Policy covers only information you submit through our Services. Information exchanged outside our Services is not covered by this Policy.
Because our Services enable users to share information, you should take care in selecting with whom you share your records and other information. Although our Services process such transmissions, we cannot take responsibility for the actions of other users or persons with whom you share your information.
We endeavor to make security of our Services and the information they collect, store, process, and transmit a top priority. To prevent unauthorized access, maintain data accuracy, and ensure appropriate use of information we collect, we deploy a wide range of technical, physical, and administrative safeguards, including:
Under applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information residing on and processed by our Services. No system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our Services.
In the event of a security breach involving your personal information or individually identifiable health information, we will notify affected individuals in accordance with applicable federal and state breach notification laws, including Nevada’s data breach notification requirements under NRS 603A.220 and, to the extent applicable, the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414).
Notification will be provided without unreasonable delay and in no case later than the timeframes required by applicable law. Notification may be made by email, postal mail, telephone, or other means as permitted by applicable law. In the event of a breach affecting more than 500 individuals, we will also notify the U.S. Department of Health and Human Services and prominent media outlets as required by the HIPAA Breach Notification Rule. We will cooperate with law enforcement and regulatory authorities in the investigation of any data breach to the extent required by law.
There are proactive measures you can take to improve your security and reduce the risk of unintended disclosure of personal information:
We retain personal data as long as we are providing the Services to you or our Subscribers. Even after we stop providing Services to you, or if you close your account, we keep your personal data to comply with our legal and reporting obligations. In all cases, we retain data in accordance with applicable limitation periods and records retention obligations imposed by law.
Different categories of data are subject to different retention periods based on applicable legal, regulatory, and business requirements:
Upon expiration of the applicable retention period, data will be securely destroyed or de-identified in accordance with industry best practices.
If you desire to deactivate your account, please contact us using the contact information below. Upon your request, your account will be deactivated and your personal information will be securely archived for the applicable retention period. You may request an export of your data by contacting us at info@creorx.com, subject to applicable fees and legal restrictions.
We store indefinitely non-personal information, including de-identified health information and Engagement Data, as well as information you have shared on any public forums or surveys.
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
To submit a CCPA request, contact us at www.creorx.com or info@creorx.com. When emailing, we will ask you to verify your identity by confirming three of the following: name; telephone number; city and state; ZIP code; attorney name or law firm; or date of loss or procedure.
California residents additionally have the right under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) to request information regarding third parties to whom CreoRx has disclosed certain categories of personal information during the preceding year for those third parties’ direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes. If you are a California resident with further questions, please contact us at info@creorx.com.
In accordance with Cal. Civ. Code § 1789.3, California residents may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by contacting them in writing at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210.
Our Site and Services are not intended for or designed to attract children under the age of 18, and we do not knowingly collect personal information from such children. If we learn that we have inadvertently obtained personal information from a child under the age of 18, we will delete that information as soon as practicable. If you become aware that your child has provided us with personal information without your consent, please contact us immediately.
Our Services do allow users above the age of 18 — such as healthcare providers, parents, and legal guardians — to submit personal information about others, including minors. Such users assume full responsibility for their submission, use, and transmission of such information.
This Policy applies only to our Site and Services. It does not apply to sites and services offered by third parties, including websites that our Services may display links or advertisements for. When you click on such links, you will be visiting websites operated by third parties that have their own information collection practices. We do not have control over how any third party gathers or uses information, and we encourage you to review their privacy policies before providing any information.
Access to our Site and Services is administered in the United States and is intended for users in the United States. You may not use our Site and Services in any jurisdiction where offering, accessing, or using our Services would be illegal or unlawful. If you are located outside of the United States, the information you submit to us will be transferred to the United States. By using our Site and Services, you consent to this transfer and to the processing of personal information as described in this Policy.
We continue to improve and enhance our Services and CreoRx Website, and some improvements may result in changes to this Policy. We will post such changes on this page. If the changes are significant, we will provide a more prominent notice, which may include email notification. We encourage you to periodically reread this Policy to see if there have been any changes that affect you.
Any changes to this Privacy Policy will go into effect as soon as they are posted to the Site. Your use of our Services following any such change constitutes your agreement that all information collected from or about you after the revised Policy is posted will be subject to the terms of the revised Policy. If you disagree with any changes and do not wish your information to be subject to the revised Policy, you will need to deactivate your account before the new Policy becomes effective.
Should you have any questions or complaints about the practices described in this Policy, you may contact us at:
CreoRx Solutions LLC
871 Coronado Center Dr., Suite 200
Henderson, NV 89052
Phone: (877) 273-6791
Email: info@creorx.com
Privacy Requests: info@creorx.com
Legal Notices: legal@creorx.com
Last Updated: February , 2026