Privacy Policy

1. Who we are

Adherix Health (“Adherix,” “we,” “our”) is a behavioral adherence platform for GLP-1 treatment programs. We provide SMS-based patient engagement infrastructure to healthcare clinics and metabolic care programs (“Clinic Operators”).

Contact: hello@adherix.health

2. Scope

This policy covers data collected through our marketing website, the Adherix platform accessed by Clinic Operators, and patient-facing SMS interactions delivered on behalf of Clinic Operators.

Adherix operates as a Business Associate under HIPAA when processing Protected Health Information (PHI) on behalf of Clinic Operators who are Covered Entities. A Business Associate Agreement (BAA) is required before any patient data is processed through the Adherix platform in a production clinical environment.

3. Data we collect

From Clinic Operators

When a clinic administrator creates an account or participates in a pilot, we collect: name, email address, organization name, and contact information provided during onboarding. We use this data to deliver the service, communicate about the platform, and provide support.

From patient programs (on behalf of Clinic Operators)

Clinic Operators enroll patients into the Adherix platform. The data we process on their behalf includes: patient first name, mobile phone number, timezone, program enrollment date, and SMS message history (both outbound messages and inbound replies). This data is provided by the Clinic Operator and is processed solely to deliver the behavioral engagement program they have configured.

We do not collect diagnostic codes, insurance information, clinical notes, or other medical records beyond what is necessary to deliver phase-appropriate SMS outreach.

From website visitors

Our marketing website may collect standard web analytics data (page views, referral source, device type) through analytics tooling. We do not use advertising cookies or sell visitor data.

4. How we use data

We use data to:

• Deliver phase-based SMS outreach on behalf of Clinic Operators
• Evaluate behavioral triggers and schedule patient communications
• Generate retention analytics and reports for Clinic Operators
• Route escalation alerts to the appropriate clinic staff
• Communicate with Clinic Operators about their account and the platform
• Improve the Adherix platform and behavioral models

We do not sell patient data. We do not use patient data for advertising. We do not share patient data with third parties except as necessary to deliver the service (see Section 5).

5. Service providers

Adherix works with a limited set of infrastructure and communications service providers to deliver the platform. Each provider has been evaluated for compliance with applicable data protection standards, including SOC 2 certification and HIPAA eligibility where relevant. A full list of sub-processors is available to Clinic Operators upon request and is provided as part of the Business Associate Agreement for covered deployments.

We do not share patient or clinic data with any service provider beyond what is strictly necessary to deliver the contracted service.

6. Data retention

Patient and message data is retained for the duration of the clinic’s active relationship with Adherix plus a reasonable period to support reporting and audit obligations. Clinic Operators may request deletion of their patient data by contacting us at hello@adherix.health. We will action deletion requests within 30 days.

7. Security

We maintain technical and organizational safeguards appropriate to the sensitivity of the data we process. This includes encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and infrastructure hosted on SOC 2 certified platforms. For a detailed description of our security posture, see our Security page.

8. Patient rights and consent

Clinic Operators are responsible for obtaining appropriate patient consent for SMS communications prior to enrolling patients in the Adherix platform. Patients who wish to stop receiving messages may reply STOP at any time. Adherix honors all opt-out requests delivered through the SMS channel.

Patients who have questions about how their data is used within a specific clinic’s program should contact that clinic directly. Adherix processes patient data under the direction of the Clinic Operator and does not independently respond to patient data requests outside of opt-out handling.

9. HIPAA and Business Associate Agreements

When Adherix processes PHI on behalf of a Covered Entity, a signed Business Associate Agreement is required before production use of the platform. Pilot programs that involve real patient data require a BAA in place prior to data processing. To request a BAA, contact hello@adherix.health.

10. Changes to this policy

We may update this policy as the platform evolves. Material changes will be communicated to active Clinic Operators by email. Continued use of the platform after notice constitutes acceptance of the updated policy.

11. Contact

Questions about this policy or data handling practices: hello@adherix.health