Skip to main content
7872 Walker St #106, La Palma, CA (714) 690-0349
Legal

Privacy Policy

Effective: April 1, 2026Last reviewed: March 18, 2026Version: 2.4

The short version

We collect what we need to fill your prescription, sell you supplements, and follow the law — and not one byte more. We don't sell your data, run no third-party advertising trackers on this site, and don't run a marketing email list. PHI (your health information) is handled separately under our HIPAA Notice.

Contents
  1. Scope & the two notices
  2. What we collect
  3. How we use it
  4. Who we share it with
  5. Cookies & tracking
  6. Retention
  7. Your rights (CCPA/CPRA)
  8. Children
  9. Security
  10. Changes to this policy
  11. Contact

1. Scope & the two notices

Phoenix Pharmacy ("Phoenix," "we," "us") operates this website, a retail pharmacy at 7872 Walker St #106, La Palma, CA, and a closed-door long-term care pharmacy serving licensed facilities in Orange and Los Angeles Counties. This Privacy Policy covers information collected through our website, online accounts, supplement store, and general business operations.

Protected Health Information (PHI) — anything tied to a prescription, clinical service, or your medical history — is governed by a separate document, the HIPAA Notice of Privacy Practices. If a piece of information falls under both, HIPAA controls.

2. What we collect

We try to collect as little as possible. The categories below summarize what we hold and why.

CategoryExamplesWhy
Account & identityName, email, phone, address, date of birthTo verify you, ship orders, and contact you about prescriptions
Order & paymentItems purchased, totals, last 4 digits of card. Card numbers are tokenized by our PCI-DSS Level 1 processor — Phoenix never stores them.Fulfillment, refunds, tax, accounting
Insurance & RxInsurance ID, group number, prescriber, medication, dose. Treated as PHI.Billing your plan and dispensing safely. See HIPAA Notice.
Device & site usageIP, device type, browser, pages visited, referrerSecurity, fraud prevention, fixing bugs. Never sold or licensed.
CommunicationsMessages you send the pharmacist; refill confirmationsTo answer you and keep a record of clinical advice

3. How we use it

We use your information to:

  • Fill prescriptions, dispense supplements, and ship orders
  • Bill insurance plans and process payments
  • Answer your questions through the secure messaging system
  • Send transactional notices — order shipped, ready for pickup, refill due — by SMS or email only when you've opted in
  • Detect fraud, debug software, and protect the site from abuse
  • Comply with California Board of Pharmacy, DEA, and IRS recordkeeping rules

We do not use your information for behavioral advertising, lookalike audience building, or sale to data brokers — and we don't run a marketing email list.

4. Who we share it with

We share information only with parties who help us run the pharmacy, and only the minimum they need:

  • Insurance plans & PBMs — to adjudicate prescription claims
  • Prescribers — to clarify orders or coordinate care
  • Shipping carriers (USPS, UPS) — name and address only
  • Payment processor (Stripe) — tokenized card data, PCI-DSS Level 1
  • Hosting & email infrastructure (Vercel, Resend, Cloudflare) — bound by Business Associate Agreements where PHI is involved
  • Government & law enforcement — only when legally required, such as a controlled-substance audit or a properly issued subpoena

5. Cookies & tracking

This site uses two cookies. Both are first-party. Neither is used for advertising.

NamePurposeLifetime
phx_sessionKeeps you signed in30 days
phx_cart_v1Remembers items in your cartUntil cleared

We do not run Google Analytics, Facebook Pixel, TikTok Pixel, or any other third-party tracker.

6. Retention

  • Prescription records: 7 years from last fill (CA Business & Professions Code §4081)
  • Controlled substance records: 3 years (DEA), retained alongside Rx records for the longer 7-year window
  • Order & tax records: 4 years (IRS)
  • Account data: Deleted within 60 days of your closure request, except where retention is legally required above
  • Server access logs: 30 days, then aggregated

7. Your rights (CCPA/CPRA)

If you're a California resident — and almost everyone we serve is — you have the right to:

  • Know what personal information we have collected about you
  • Request a copy of that information in a portable format
  • Request correction of inaccurate information
  • Request deletion (subject to the legal retention rules above)
  • Opt out of "sharing" or "selling" of personal information — we do neither, but the opt-out is yours by default
  • Limit use of sensitive personal information (insurance, health) — though most of this is governed by HIPAA
  • Be free of retaliation for exercising any of these rights

To exercise any right, email privacy@phoenixpharmacy.com from the address on file or call us. We verify identity before releasing data and respond within 45 days.

8. Children

This site isn't directed at children under 13, and we don't knowingly collect their information online. Pediatric prescriptions are filled in person or through a parent/guardian's account.

9. Security

The site runs over TLS 1.3. Account passwords are not stored — we use magic-link email authentication. PHI lives in a HIPAA-compliant pharmacy management system with role-based access and audit logs. We run quarterly access reviews. No security is perfect; if we ever suffer a breach affecting your data, we'll notify you within the time required by California Civil Code §1798.82.

10. Changes to this policy

We update this document when our practices change. The version number and effective date at the top will move; material changes are emailed to active account holders 30 days before they take effect.

11. Contact

Privacy questions go to privacy@phoenixpharmacy.com or:

Privacy Officer
Phoenix Pharmacy
7872 Walker St #106
La Palma, CA 90623
(714) 690-0349