PRIVACY POLICY FOR MEDMAIL PHARMACY

Medmail (“Medmail,” “we,” “us,” or “our”) is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy describes how we collect, use, disclose, and protect information provided through our website (the “Website”), which offers over-the-counter medications, supplements, and medical supplies via an online store.

We comply with all applicable privacy laws, including:

  • The Personal Information Protection and Electronic Documents Act (“PIPEDA”); and
  • Relevant provincial privacy laws, including but not limited to:
    • Ontario’s Personal Health Information Protection Act (PHIPA)
    • Alberta’s Personal Information Protection Act (AB PIPA),
    • British Columbia’s Personal Information Protection Act (BC PIPA), and
    • Québec’s Act Respecting the Protection of Personal Information in the Private Sector, as amended by Law 25.

If you reside in a province with its own privacy legislation, your rights and our obligations may vary slightly depending on local law.

This policy does not apply to personal health information (PHI) regulated under PHIPA, as Medmail does not collect PHI or offer prescription or diagnostic services.

You should carefully review this Privacy Policy before placing an order or submitting any personal information through the Website. By accessing or using the Website, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Website.

Scope of this Policy

This policy applies to information collected from users who:

  • Browse or interact with our Website;
  • Make purchases through our online store;
  • Use our automated chatbot to receive guidance on selecting products;
  • Provide shipping, billing, or contact details during

This policy does not apply to third-party platforms or services linked from our Website. We encourage you to review their privacy policies before interacting with those platforms.

Information We Collect

We collect personal information that is necessary to fulfill your orders, respond to inquiries, and operate our platform. This may include:

a)  Contact and Shipping Information:

  • Name
  • Email address
  • Phone number
  • Shipping and billing address

b)  Order and Transaction Information:

  • Purchase history
  • Selected products and quantities
  • Payment method and billing details (note: we do not store full credit card numbers)

c)  Chatbot and Customer Support Communications:

  • Responses to chatbot prompts
  • Questions or messages sent to our support team

d)  Device and Usage Data:

  • IP address, device type, browser type
  • Pages viewed, time spent on site
  • Cookies and analytics data collected via tools like Google Analytic

How We Collect Information

We collect your information through:

  • Direct input when placing an order, contacting support, or interacting with our chatbot;
  • Automated tracking technologies such as cookies and scripts;
  • Third-party service providers handling payment processing and

How We Use Your Information

We use your personal information to:

  • Process and fulfill orders;
  • Communicate order confirmations, delivery updates, and customer support responses;
  • Customize chatbot suggestions and improve your shopping experience;
  • Monitor website performance and improve platform functionality;
  • Comply with legal and tax obligations (e.g., issuing receipts);
  • Prevent fraud and ensure transactional

If you use our automated chatbot feature, we may collect and analyze your inputs to help recommend suitable products and improve user experience. The chatbot uses automated logic and does not involve human review unless you are redirected to customer service. Information entered into the chatbot, such as product preferences or general wellness goals, may be used to provide tailored suggestions but is not stored long-term unless required for fulfillment or legal purposes. We do not recommend entering sensitive personal or medical information into the chatbot, as it is not a diagnostic or clinical tool.

We do not use your information for advertising profiling or to make automated decisions that have legal or similar effects.

Disclosure of Your Information

We do not sell or rent your personal information. We may share information with:

a)  Third-Party Service Providers

We contract with service providers who assist with:

  • Payment processing
  • Order fulfillment and shipping
  • Website hosting and analytics

These providers are contractually required to handle data securely and lawfully.

b)  Legal and Regulatory Requirements

We may disclose your information:

  • To comply with legal obligations (e.g., court orders);
  • To respond to law enforcement or regulatory

c)  Business Transfers

If Medmail is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

d)  To Regulatory Authorities

We may disclose your information as required by law to:

  • The Ontario College of Pharmacists;
  • Health Canada;
  • The College of Physicians and Surgeons of Ontario (CPSO);
  • Other oversight bodies in connection with inspections, audits, or

Legal Basis for Processing

Our legal grounds for processing personal information include:

  • Your consent (e.g., when submitting your shipping information);
  • Fulfillment of a contract (e.g., completing your purchase);
  • Our legitimate interest in providing a secure and efficient service;
  • Compliance with legal

Your Rights

You have certain rights regarding your personal information, subject to limitations under applicable laws and professional standards. These rights may include:

  • Right to access: You may request a copy of the personal information we hold about you;
  • Right to correction: You can request correction of inaccurate or incomplete data;
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time, although this may affect your access to certain services;
  • Right to deletion: You may request that we delete your account and personal information, subject to our legal and regulatory retention obligations;
  • Right to complain: You may lodge a complaint with a privacy commissioner in your

To exercise these rights, please contact us at our email address below.

Cookies and Analytics

We use cookies and similar tracking technologies to improve user experience and analyze how our Website is used. These technologies help us:

  • Recognize returning users and retain session preferences;
  • Maintain platform security and authentication integrity;
  • Monitor traffic and performance trends to optimize our

You can manage or disable cookies through your browser settings. However, disabling essential cookies may affect the functionality of certain features or prevent you from accessing secure areas of the Website.

Data Security

We take your privacy seriously and implement appropriate administrative, technical, and physical safeguards to protect your information. These safeguards include:

  • Secure server environments;
  • SSL encryption for transmitted data;
  • Access controls and staff

While we take all reasonable steps, no method of transmission over the internet or method of electronic storage is completely secure.

By using this Website, you acknowledge that there is a residual risk associated with transmitting information online, and you agree to use the Website at your own discretion and risk.

Data Retention

We retain your personal data only for as long as reasonably necessary to:

  • Fulfill your orders and maintain transaction records;
  • Comply with legal and accounting obligations
  • Respond to audits, inquiries, or inspections by regulatory authorities;
  • Resolve disputes, enforce agreements, or protect our legal

When information is no longer required, we securely dispose of or anonymize it in accordance with applicable legal standards.

Third-Party Websites and Services

Our Website may contain links to third-party websites, such as health information sources, licensed practitioner platforms, or courier tracking portals. This Privacy Policy applies only to the information collected by Medmail through our Website and services.

We are not responsible for the privacy practices, content, or data handling procedures of third- party websites or services that may be accessible through links provided on our Website. We encourage you to review the privacy policies of any third-party sites before providing them with your personal information.

Your use of any third-party services or websites is at your own risk, and Medmail disclaims any liability related to their data practices.

Email Communications

We are committed to complying with Canada’s Anti-Spam Legislation (CASL). Where required, we will obtain your express or implied consent before sending you any commercial electronic messages (“CEMs”), such as promotional emails, newsletters, health product updates, or special offers.

You may withdraw your consent at any time by clicking the “unsubscribe” link in our emails or by contacting us directly at [email protected]. Please note that unsubscribing from promotional messages will not affect your receipt of essential service communications, including those related to your order confirmations.

We do not send unsolicited marketing communications, and we do not sell, rent, or disclose your email address or phone number to third parties for marketing purposes without your explicit consent.

Children’s Privacy

Our Website and services are not directed to individuals under the age of majority in their province or territory of residence. We do not knowingly collect or solicit personal information from minors.

If we become aware that we have inadvertently collected personal information from an individual who is underage and not under the care of a parent or guardian for the purposes of accessing care, we will take appropriate steps to delete such information in accordance with applicable laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page and indicated by the “Last Updated” date above. Your continued use of the Website constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

Contact Us

If you have questions, requests, or concerns regarding this Privacy Policy or the way we handle your personal information, please contact us at: [email protected]