Privacy policy.

Privacy Policy

Effective Date: 10/1/2025
Last Updated: 10/20/2025

1. INTRODUCTION

Hockaday RX ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website hockadayrx.com (the "Site") or use our services (the "Services").

By using the Site or Services, you consent to the data practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, please do not access or use the Site or Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

Account Creation and Consultation Booking:

  • Name, email address, phone number

  • Mailing address

  • Date of birth

  • Athletic information (sport, competition level, training goals)

  • Payment information (credit card, billing address)

Consultation and Service Delivery:

  • Medical history and current health conditions

  • Current medications (prescription and over-the-counter)

  • Dietary supplements and vitamins currently used

  • Allergies and adverse reactions

  • Athletic performance data (training schedule, competition dates)

  • Therapeutic Use Exemption (TUE) documentation

  • Anti-doping testing history

  • Goals and performance objectives

Communications:

  • Email correspondence

  • Text messages

  • Phone call records

  • Feedback, reviews, and testimonials

  • Survey responses

  • Customer service inquiries

Downloadable Resources:

  • Email address (when downloading free checklists, guides, or resources)

  • Name (optional)

2.2 Information Collected Automatically

When you access the Site, we automatically collect certain information:

Device and Usage Information:

  • IP address

  • Browser type and version

  • Operating system

  • Device type (desktop, mobile, tablet)

  • Pages visited and time spent on pages

  • Referring website or source

  • Date and time of visit

  • Click-through and navigation patterns

Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance your experience and analyze Site usage. See Section 8 for more details.

2.3 Information from Third Parties

We may receive information from:

Payment Processors:

  • Transaction confirmations

  • Payment status

  • Billing information (we do NOT store full credit card numbers)

Scheduling Platforms:

  • Appointment confirmations from Calendly or similar tools

  • Time zone and scheduling preferences

Analytics Providers:

  • Aggregated usage data from Google Analytics or similar services

Social Media:

  • If you interact with us on social media platforms, we may collect publicly available information from your profile

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Schedule and conduct consultations

  • Perform supplement analysis and medication reviews

  • Provide WADA compliance guidance

  • Develop personalized performance protocols

  • Send appointment reminders and follow-up communications

  • Deliver educational resources and materials

  • Process payments and maintain transaction records

3.2 Communication

  • Respond to your inquiries and requests

  • Send service-related notifications

  • Provide customer support

  • Send educational content and updates (with your consent)

  • Conduct surveys and request feedback

3.3 Marketing (With Consent)

  • Send promotional emails about our Services

  • Notify you about new offerings, webinars, or resources

  • Share relevant content related to sports pharmacy and athletic performance

  • You may opt out of marketing communications at any time (see Section 10)

3.4 Site Improvement and Analytics

  • Analyze Site usage and user behavior

  • Improve Site functionality and user experience

  • Identify technical issues and bugs

  • Monitor Site security

3.5 Legal and Safety

  • Comply with legal obligations and regulatory requirements

  • Protect against fraud, abuse, or illegal activity

  • Enforce our Terms of Use

  • Respond to legal requests from law enforcement or government authorities

  • Protect the rights, property, and safety of Hockaday RX, our users, and the public

3.6 Business Operations

  • Maintain business records

  • Conduct internal research and development

  • Manage subscriptions and memberships

  • Process refunds or cancellations

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information to third parties. However, we may share your information in the following circumstances:

4.1 Service Providers

We may share information with trusted third-party vendors who perform services on our behalf, including:

  • Payment processors (Stripe, PayPal, Square)

  • Scheduling platforms (Calendly, Acuity Scheduling)

  • Email marketing services (Mailchimp, Klaviyo)

  • Website hosting and analytics (Squarespace, Google Analytics)

  • Customer relationship management (CRM) tools

  • Cloud storage providers (Google Drive, Dropbox)

These service providers are contractually obligated to protect your information and may only use it to perform services for us.

4.2 Legal Requirements

We may disclose your information if required by law, including to:

  • Comply with a subpoena, court order, or legal process

  • Respond to government or regulatory requests

  • Investigate fraud, abuse, or violations of our Terms of Use

  • Protect the rights, property, or safety of Hockaday RX, our users, or the public

  • Enforce our agreements and policies

4.3 Business Transfers

If Hockaday RX is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and your rights regarding your information.

4.4 With Your Consent

We may share your information with third parties when you provide explicit consent, such as:

  • Sharing testimonials or reviews publicly (with your permission)

  • Coordinating care with your physician or healthcare team (with your authorization)

  • Referring you to partner organizations or training facilities (with your consent)

4.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, such as:

  • Statistical data about Site usage

  • General trends in athlete supplement use

  • Research findings based on anonymized data

5. PROTECTED HEALTH INFORMATION (PHI) AND HIPAA

5.1 HIPAA Compliance for Healthcare Services

For clients who engage in paid consultations involving medical history, medications, or health conditions, Hockaday RX acts as a Covered Entity under the Health Insurance Portability and Accountability Act (HIPAA).

Protected Health Information (PHI) includes:

  • Medical history and diagnoses

  • Current medications and supplements

  • Allergies and adverse reactions

  • Health-related communications with our pharmacist

5.2 How We Protect PHI

We implement HIPAA-compliant safeguards to protect your PHI, including:

  • Secure storage: Encrypted cloud storage with access controls

  • Limited access: Only authorized personnel can access PHI

  • Confidential communications: Secure email and phone consultations

  • Business Associate Agreements (BAAs): Third-party vendors handling PHI sign BAAs

  • Training: Staff trained on HIPAA privacy and security requirements

5.3 Your Rights Under HIPAA

If your information is subject to HIPAA, you have the right to:

  • Access: Request a copy of your PHI

  • Amendment: Request corrections to inaccurate information

  • Accounting: Request a list of disclosures of your PHI

  • Restriction: Request limits on how we use or disclose your PHI

  • Confidential communications: Request communications via alternative means

To exercise these rights, contact us at hello@hockadayrx.com.

5.4 Notice of Privacy Practices

Clients receiving healthcare services will receive a separate Notice of Privacy Practices that provides additional detail about how we use and protect PHI under HIPAA.

5.5 When HIPAA Does Not Apply

HIPAA protections do not apply to:

  • General website visitors who have not engaged in paid consultations

  • Users who download free resources without providing health information

  • Publicly available educational content on the Site

6. DATA RETENTION

6.1 How Long We Keep Your Information

Healthcare Records (PHI):

  • Medical and consultation records are retained for 7 years from the date of last service, in compliance with California law and HIPAA requirements

Business and Transaction Records:

  • Payment and billing records: 7 years (for tax and accounting purposes)

  • Appointment scheduling records: 3 years

Marketing and Communications:

  • Email marketing lists: Until you unsubscribe or request deletion

  • Website analytics: Aggregated data retained indefinitely; IP addresses anonymized after 26 months

Legal Holds:

  • If information is subject to legal proceedings, we retain it until the matter is resolved

6.2 Deletion Requests

You may request deletion of your personal information at any time (see Section 11). However, we may retain certain information as required by law or for legitimate business purposes (e.g., completing transactions, resolving disputes, enforcing agreements).

7. DATA SECURITY

7.1 Security Measures

We implement administrative, technical, and physical safeguards to protect your information, including:

Technical Safeguards:

  • SSL/TLS encryption for data transmission

  • Encrypted storage of sensitive data

  • Secure access controls and authentication

  • Regular security updates and patches

  • Firewall and intrusion detection systems

Administrative Safeguards:

  • Staff training on privacy and security practices

  • Access limited to authorized personnel only

  • Confidentiality agreements with employees and contractors

  • Regular security audits and risk assessments

Physical Safeguards:

  • Secure office facilities with restricted access

  • Locked file cabinets for physical records

  • Secure disposal of sensitive documents (shredding)

7.2 No Guarantee of Security

While we take reasonable measures to protect your information, no system is 100% secure. We cannot guarantee the absolute security of information transmitted over the internet or stored electronically. You acknowledge and accept this risk when using the Site or Services.

7.3 Data Breach Notification

In the event of a data breach involving your personal information, we will notify you in accordance with applicable laws, including HIPAA breach notification requirements (within 60 days of discovery).

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us recognize your browser, remember your preferences, and analyze Site usage.

8.2 Types of Cookies We Use

Strictly Necessary Cookies:

  • Essential for Site functionality (e.g., login, security)

  • Cannot be disabled without affecting Site performance

Performance and Analytics Cookies:

  • Google Analytics and similar tools

  • Track Site usage, page views, and navigation patterns

  • Help us improve user experience

Functional Cookies:

  • Remember your preferences (e.g., language, time zone)

  • Enable personalized features

Marketing Cookies:

  • Track your activity across websites for advertising purposes

  • Used by Facebook Pixel, Google Ads, or similar platforms (with your consent)

8.3 Managing Cookies

You can control cookies through your browser settings:

  • Block all cookies: Most browsers allow you to refuse cookies entirely

  • Delete cookies: Clear cookies stored on your device

  • Third-party cookies: Block cookies from external advertisers

Note: Disabling cookies may affect Site functionality and user experience.

Opt-Out Tools:

8.4 Do Not Track Signals

Some browsers offer "Do Not Track" (DNT) signals. Currently, there is no universal standard for how websites should respond to DNT signals. We do not respond to DNT signals at this time.

9. THIRD-PARTY LINKS

The Site may contain links to third-party websites, including:

  • Research articles and publications

  • Third-party supplement verification services (NSF, Informed Sport)

  • Social media platforms

  • Partner organizations

We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any external sites you visit. This Privacy Policy applies only to information collected by Hockaday RX.

10. YOUR PRIVACY RIGHTS

10.1 Access and Correction

You have the right to:

  • Request a copy of the personal information we hold about you

  • Request corrections to inaccurate or incomplete information

  • Request a summary of how we use your information

How to request: Email hello@hockadayrx.com with "Access Request" in the subject line.

10.2 Deletion

You may request deletion of your personal information, subject to exceptions such as:

  • Legal obligations to retain records (e.g., HIPAA 7-year retention)

  • Completing transactions or providing requested services

  • Resolving disputes or enforcing agreements

How to request: Email hello@hockadayrx.com with "Deletion Request" in the subject line.

10.3 Opt-Out of Marketing Communications

You may opt out of promotional emails by:

  • Clicking "Unsubscribe" at the bottom of any marketing email

  • Emailing hello@hockadayrx.com with "Unsubscribe" in the subject line

  • Updating your preferences in your account settings

Note: Even if you opt out of marketing emails, we may still send you transactional emails related to your consultations, appointments, or account activity.

10.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request details about the personal information we collect, use, and share

  • Right to Delete: Request deletion of your personal information (subject to exceptions)

  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal information)

  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to exercise CCPA rights: Email hello@hockadayrx.com or call (310) 617-3365.

We will respond to verified requests within 45 days (may be extended by an additional 45 days if necessary).

10.5 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Obtain confirmation of data processing and access to your data

  • Right to Rectification: Correct inaccurate or incomplete data

  • Right to Erasure: Request deletion of your data (subject to legal exceptions)

  • Right to Restrict Processing: Limit how we use your data

  • Right to Data Portability: Receive your data in a structured, machine-readable format

  • Right to Object: Object to processing based on legitimate interests or direct marketing

  • Right to Withdraw Consent: Withdraw consent for data processing at any time

Legal Basis for Processing (GDPR):

  • Consent: When you provide explicit consent (e.g., marketing emails)

  • Contract Performance: To provide Services you requested

  • Legal Obligation: To comply with applicable laws

  • Legitimate Interests: For business operations, fraud prevention, and Site improvement

How to exercise GDPR rights: Email hello@hockadayrx.com.

Right to Lodge a Complaint: You may file a complaint with your local data protection authority if you believe we have violated GDPR.

11. CHILDREN'S PRIVACY

11.1 Age Restriction

The Site and Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11.2 Youth Athletes (Ages 13-17)

For youth athletes ages 13-17 who use our Services:

  • Parental consent is required for consultations

  • Parents/guardians must provide information on behalf of minors

  • We collect only information necessary to provide Services

11.3 If We Discover Children's Information

If we learn that we have inadvertently collected personal information from a child under 13 without parental consent, we will delete that information immediately. If you believe we have collected information from a child under 13, contact us at hello@hockadayrx.com.

12. INTERNATIONAL DATA TRANSFERS

Hockaday RX is based in the United States. If you access the Site from outside the U.S., your information may be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country.

By using the Site or Services, you consent to the transfer of your information to the United States.

If you are located in the EEA, we rely on:

  • Your explicit consent

  • Standard contractual clauses approved by the European Commission

  • Other lawful transfer mechanisms under GDPR

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

How we notify you:

  • Updated "Last Updated" date at the top of this policy

  • Prominent notice on the Site homepage

  • Email notification (for material changes affecting your rights)

Your continued use of the Site or Services after changes are posted constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Hockaday RX
Email: hello@hockadayrx.com

HIPAA Privacy Officer:
Brandon Hockaday, PharmD
Email: brandon@hockadayrx.com

Response Time: We will respond to privacy inquiries within 10 business days.

15. ACKNOWLEDGMENT

BY USING THIS SITE OR SERVICES, YOU ACKNOWLEDGE THAT:

✓ You have read and understood this Privacy Policy
✓ You consent to the collection, use, and disclosure of your information as described
✓ You understand how we protect your health information under HIPAA
✓ You understand your rights regarding your personal information
✓ You consent to data transfers to the United States (if accessing from outside the U.S.)