Privacy Statement

Last Updated and Effective: February 18, 2026 

Healthy Web Inc., together with its parent Natural Partners, Inc. and their affiliates (referred to as “Fullscript”, “we”, “us” or “our”), are committed to protecting your (referred to as “you” or “your”) privacy and providing you with a positive experience on our websites and mobile applications, and when using our Services. Any terms not defined in this Privacy Statement shall have the same meanings ascribed to them in our Terms of Service.

This Privacy Statement applies to our websites, mobile applications, Services, or any other applications or features that link to or reference this Privacy Statement, including when you engage with us on social media, interact with our advertising or marketing materials, as well as offline interactions (such as when you call us, visit our offices, attend Fullscript events, or interact with our representatives at other events). This Privacy Statement describes how we handle your personal information and the choices available to you regarding the collection, use, access, and how to update and correct your personal information. Our privacy practices are subject to the applicable laws of the places in which we operate so you may see additional region-specific terms that only apply to individuals located in those geographic regions, or as required by applicable laws. For certain products, services, and features, there may be additional notices about our practices and this Privacy Statement supplements any other privacy policies provided or communicated to you. For individuals residing in the United States, please refer to our Consumer Health Data Privacy Notice for details on how we process your consumer health data and certain rights that may be afforded to you under applicable US state consumer health data laws.

Please note that certain health information that we collect on behalf of your health care provider may be subject to the federal Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”) or other applicable state laws. We collect, process, and handle health information on behalf of our health care provider customers that are covered entities under HIPAA in accordance with HIPAA and any applicable business associate agreements (BAAs) in place with those customers. Under those circumstances, such information may be governed by our customers’ notice of privacy practices. Please see your health care provider’s notice of privacy practices for how your health information may be used and disclosed.

Please refer to our “Personnel and Job Applicant Notice” below for further information if you are a job applicant, contractor, or service provider in California.

By using our Services, you acknowledge the terms of this Privacy Statement. If you do not understand the terms of this Privacy Statement, please do not use our Services. If you are using our Services on behalf of a person or entity other than yourself, you represent that you are authorized to act on such person or entity’s behalf and that such person or entity acknowledges the practices and policies outlined in this Privacy Statement. If you have questions about this Privacy Statement, please contact us before using, or continuing to use, our Platform or Services.

This Privacy Statement does not apply to the practices of companies unaffiliated with us or to parties that we do not employ or manage, including Practitioners. We may also provide links to third-party websites and services. The practices described in this Privacy Statement do not apply to information gathered through these third-party websites and services. We have no control over, and are not responsible for, the actions and privacy policies of third-parties and other websites, applications, and services. If you have any questions about the privacy practices of these third-parties, we encourage you to review their privacy policies or notices.

Collection of Personal Information

We may collect the following categories of personal information from or about you:

• Identifiers: name, alias, address, phone number, email address, social security number/social insurance number, account name, and IP address;
• Protected classification information: Personal information categories as defined in applicable laws including age, sex, payment or other financial information, signature, and employment;
• Commercial information: records of Products or Services sold, purchased, obtained, or considered, including purchasing or consuming history and tendencies;
• Biometric information: physiological, biological, or behavioral characteristics;
• Internet or other similar network activity information: search history and information on interactions with our website, application, or advertisement;
• Geolocation data: approximate location based on relevant IP address;
• Audio and visual information: phone calls and other communications with our customer service team, as well as photos or videos you choose to uploaded, including profile images;
• Professional information: business or professional qualifications, as well as National Provider Identification numbers;
• Education information: education-related information provided by you and directly related to Practitioner and Student Accounts that is maintained by an educational institution or party acting on its behalf;
• Sensitive personal information: account log-in information (if you make an account with us), approximate geolocation, information concerning your health, information concerning your sex life (such as your purchases of sexual health products using our Services), or personal information of minors submitted through Dependent Accounts (including health information and demographic data); and
• Inferences: inferences drawn or created based on any information identified above.

You may provide us with personal information in several ways, including, for example when you:

• Visit or use our Services;
• Register or create an account;
• Correspond with us in any way, including through questionnaires and surveys;
• Sign up to receive our newsletters or promotional information;
• Ask for customer service, support, or other assistance; or
• Interact with us in any other way, online or offline, including through our Services.

We obtain the personal information listed above from the following categories of sources:

• You: Through forms and surveys, purchases, health records or lab test results you choose to upload, and website interactions (site visits, search queries, IP address, and device details).
• Your Practitioner: if provided on your behalf.
• Your Employer: if your employer creates or manages an account on your behalf
• Our affiliates and subsidiaries
• Government Entities
• Public Sources: To improve data accuracy, completeness, and personalization, we may combine the information we collect from you with information we get from and about you from other online and offline sources.
• Third-Party Sources: If you choose to connect a wearable device to your account, we receive information from that device as authorized by you.

If you choose to provide Fullscript with a third party’s personal information (such as name, email address, or phone number), you represent that you have that third party’s permission to do so. Examples include forwarding reference or promotional material to a friend or sending job referrals. You may unsubscribe from any continued communication by following the link provided in the initial message or contacting us directly. 

Non-personal information includes information that does not personally identify you or information that has been anonymized (collectively, “non-personal information”). When we link non-personal information with personal information, we treat the linked information as personal information.

Use of Personal Information

We may collect personal information for a variety of reasons, such as:

• Provide Platform and Services: To create, maintain, and customize your account and fulfill or meet the reason you provided the information. For example, if you share your name and contact information to set-up an account or to ask a question about our Platform or Services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a Product or Service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate Product orders or process returns.  Additionally, we use your information to support core business functions, such as training, research, and analysis, develop new features, and improve our Platform, Services, and customer experience including through AI technologies.
• Customer support: To provide you with support and to respond to your inquiries, including to investigate and address your concerns, and monitor and improve our responses.
• Personalization: To personalize your experience on  our websites and to send educational content, service information, promotions, and other communications relevant to your interests via phone, email, text message, or push notification.
• Security and fraud prevention: To help maintain the safety, security, and integrity of our business, including our Platform and Services, databases, and other technology assets. This includes securing your account and preventing fraudulent activity. 
• Legal and compliance: To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• Promotions: To send promotional communications related to our business. 
• Employment: For individuals who apply for a career opportunity with Fullscript, we collect contact information, data submitted on a résumé or in a job application, and other information to administer the hiring process. Please see the “Personnel and Job Applicant Notice” below for further information on employment. 
• For any other purpose as permitted by law, including HIPAA, or otherwise with your consent, such as certain types of marketing.

 Use of Artificial Intelligence Technologies: Fullscript uses artificial intelligence and machine learning (AI) technologies to enhance and improve our Services and users’ experiences. Specifically, we may use AI technologies for our legitimate business purposes to process the information we collect about you as described in this Privacy Statement to: personalize content and recommendations, based on your responses to intake questions and other information collected about you; improve the efficiency and accuracy of our Services; enhance customer support through AI-assisted responses; analyze patterns and trends to improve content, products, and services; and detect and prevent fraud or security risks. The information we process through our use of AI systems is subject to the same data protection and security measures discussed in this Privacy Statement. We may use third-party AI services which are subject to our vendor management processes, and we require them to adhere to appropriate data protection standards.

Disclosing Personal Information

We may share Personal Information with third party service providers, suppliers, vendors, contractors, professional advisors, and business partners, which may include IT service providers, financial institutions, and payment processing providers, customer relationship management vendors, social media platforms, marketing and advertising networks, cloud-based solution providers, lawyers, accountants, auditors, and other professional advisors. We primarily share personal information with these third parties to help us with the uses described above, including for the purposes of operating our business, delivering, improving, providing, and customizing our Services, fulfilling orders, analyzing data, sending promotional and other communications related to our business, and for other legitimate purposes permitted by applicable law or otherwise with your consent.

We may also share personal information in the following ways:

• With your Practitioner for the purpose of fulfilling your transactions and your use of their dispensary.
• With Fullscript affiliated entities for business purposes including, but not limited to, customer support, technical and business operations, and data processing and storage.
• With service providers and subcontractors we use to support our business including, but not limited to, cloud storage, shipping of orders, payment processing and fraud detection, product suppliers, assisting with sales-related efforts or post-sales support, analyzing data, and providing customer support.
• With other companies who place cookies, tags, and web beacons on our Platform. These companies help operate our Platform and provide you with additional products and services.
• With third-party advertising networks to serve advertisements on our behalf.
• In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company.
• In response to a request for information by a competent authority, if we believe disclosure is in accordance with or is otherwise required by any applicable law, regulation, or legal process.
• With law enforcement officials, government authorities, or other third parties as necessary to comply with legal process or meet national security requirements, protect the rights, property, or safety of Fullscript, its service providers, you, or others, or as otherwise required by applicable law.
• To otherwise fulfill the purpose for which you provide it. For example, if you give us an individual’s email address for phone number in order to transmit communications through the Platform, we will transmit the contents of that communication and your personal information to the recipients.
• If we otherwise notify you and you consent to the sharing of personal information.

We may also use and share aggregated, anonymized and/or de-identified information for commercial and internal business purposes. Once personal information has been aggregated, de-identified, and/or anonymized in accordance with applicable laws, it is no longer considered personally identifying and is not covered by this Privacy Statement. We may use aggregated, anonymized, and/or de-identified Information for any purpose, including for research and marketing purposes, and may also disclose such data to any third parties, including advertisers and research partners.

You may choose to connect your Fullscript account to accounts on another service, and that service may send us information about your account on that service. We use that information to provide certain features such as EHR and other service provider integrations. By connecting accounts, you are enabling us and the other service provider to exchange information about you and data in your account in order to provide the requested services. If you would like to revoke your consent to share information, please visit the other service provider to revoke your permission.

We primarily share personal information with our affiliates, service providers, and restricted third parties in order to help us with the uses described above, including to operate and improve our Platform and Services, provide the requested Products and Services, and complete transactions. We have disclosed the following categories of personal information as identified in the table below. The business purpose for such disclosures are listed in the section above.

Selling: We do not sell your personal information.

Sharing/Targeted Advertising: We may also make certain categories of personal information available in order to receive certain benefits or services, and such disclosures may be considered “sharing” (e.g., “targeted advertising”) as defined under applicable privacy laws. We may  “share” the following categories of personal information, as identified in the table below. The business or commercial purpose for sharing is to deliver personalized advertising based on your interests. For example, when we make browsing information available to third party advertising companies (such as through third party tags on our Platform) in order to improve and measure our advertising campaigns and reach users with more relevant advertisements and content across different websites or online platforms that you may visit.

Retention of Personal Information

We retain personal information for the period necessary to fulfill the purposes for which it was collected and any other permissible or related purpose, unless a longer retention period is required or permitted by law. In certain situations, we must retain some or all of your personal information to: comply with our legal obligations; resolve disputes; enforce our agreements; protect against fraudulent, deceptive, or illegal activity; or for other legitimate business purposes, such as for auditing, accounting, or tax purposes. Once personal information is no longer needed, we will securely dispose of it in accordance with applicable laws and our data retention policies.

Your Rights and Choices

Depending on your state of residence, you may have the right to exercise certain choices and rights in connection with our products, services, and features as described in this section. To submit a privacy request, please see the instructions provided below.

Right to Opt-out of Selling, Profiling, and Sharing (e.g., Targeted Advertising). You may have the right to opt out of selling, profiling,  and the sharing of your personal information for targeted advertising. We do not sell your personal information or use your personal information for profiling, so we do not offer consumers the right to opt out of those information practices. In addition to the methods described below, you may opt out of  the sharing of your personal information for targeted advertising by declining advertising cookies through the banner or Preference Center on our Platform. Our personal information sharing does not include information about individuals we know are under the age of 18.

Right to Know. You may have the right to request we disclose the following information:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or sharing that personal information.
• The categories of third parties with whom we share personal information.
• The specific pieces of personal information we collected about you.
• The categories of personal information disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed it.

The information furnished will be provided in a portable, transferable, and usable format of our choosing, such as PDF.

Right to Delete. You may have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your request, we will delete your personal information from our records unless an exception applies. We may deny your deletion request if an exception applies, such as if the information is necessary to complete the transaction for which the information was collected, detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, identify and repair errors and for various other reasons available under applicable law.

Right to Correct. You may have the right to request that we correct inaccurate personal information that we maintain, subject to relevant exceptions. You can always review and edit your personal information by logging into your Fullscript account.

Right to Limit Uses and Disclosures of Sensitive Information: We do not use or disclose  sensitive personal information for purposes other than those business purposes permitted under HIPAA or applicable state law, including California. As a result, we do not offer a right to limit our use or disclosure of these categories of sensitive personal information.

Right of Non-Discrimination. We will not discriminate against you in any way if you choose to exercise your rights under applicable law. 

How to Submit Privacy Requests.

You can submit a request to us by either: 

• Calling us at 1-866-807-3828
• Sending us an email at privacy@fullscript.com
• Communicating with us once you are logged in to your account

Verification. In order to protect your personal information and prevent fraud, some of the requests must be verified. We may contact you by phone, email, or chat to complete the verification process. This process may require matching the information provided in your request with the information we have on file about you, and depending on the sensitivity of information requested utilizing more stringent verification methods, including but not limited to requesting additional information from you and/or requiring you to sign a declaration under penalty of perjury. In certain circumstances, we may decline a request to exercise a privacy right, particularly where we are unable to verify your identity. 

We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm the personal information relates to you. Making a request does not require you to create an account with us. We will only use the personal information provided in a request to verify the requestor’s identity and authority to make a request. 

Authorized Agent. You may designate an authorized agent to submit a request on your behalf. To do so, you must (1) verify your own identity directly with us; and (2) provide the authorized agent with written documentation of their authority to act on your behalf, such as: (a) a power of attorney; or (b) sufficient evidence to show that you have provided the authorized agent signed permission to act on your behalf and directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.

Response Timing and Format. Once you have submitted a request, we will respond within the time frame permitted by the applicable law.

If you have an account with us, we will deliver our response to the contact address on that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. 

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Appeals. You may appeal our decision to your request regarding your personal information. To do so, please contact us by emailing privacy@fullscript.com. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

Security of Personal Information

We endeavor to protect the personal information you entrust to us. We have implemented reasonable and appropriate technical, physical, and administrative security measures to protect the confidentiality of personal information and protect against accidental or unlawful destruction or accidental loss, alteration, or unauthorized disclosure or access. These measures are designed to provide a level of security appropriate to the risk represented by the processing and the nature of the data. In the event we share personal information with service providers or other restricted third parties, we require such service providers to have appropriate security measures and we restrict the ways in which they may use or disclose personal information. 

Transmitting personal information is at your own risk (for example, the internet and mobile networks cannot be guaranteed to be secure). While we attempt to protect and safeguard your personal information in our possession, no system or network is perfect and can be guaranteed to be 100% secure, and we cannot promise that information about you will remain secure in all circumstances. The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. You are solely responsible for all uses of your password, even if such uses were not authorized by you. If you suspect an unauthorized use or security breach of your personal information, please contact us immediately.

Transfer, Processing, and Storage of Personal Information

We may transfer personal information between Fullscript offices in Canada and the US, or to third parties as described above, which may be located in various countries around the world. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal information that we transfer in line with this Privacy Statement, requiring that our business partners or service providers adhere to this Privacy Statement and the applicable privacy regulations in your home country.

Patient/Client Data Storage for Practitioners

If you are a Patient Account, your use of our Services is solely through your Practitioner. Fullscript will share personal information with your Practitioner for the purposes of making the Platform available and facilitating the provision of Services to you on behalf of your Practitioner. Your use of the Platform and Services is also subject to your Practitioner’s privacy policies; please contact your Practitioner if you have any questions about their policies or terms.

If you are a Practitioner, you acknowledge that, with respect to other users’ personal information that you obtain or transmit through your use of your Fullscript account or through a Fullscript communication or transaction, you will only use such information as strictly necessary for permissible transactions or activity under your Fullscript account. Practitioners remain solely responsible for compliance with the applicable laws related to the collection and handling of personal information and other user information, including health information.

Use of Cookies, Chatbots and Other Web Technologies

General Tracking Technologies: Like many websites and other online platforms, Fullscript uses automatic data collection and tracking technologies, such as cookies, SDKs, embedded web links, pixels, and web beacons, to collect website visitor information, such as traffic and usage patterns. These tools collect certain standard information that your browser sends to us. Examples include your browser type and the address of the website from which you arrived at our website. We automatically receive and record information on our server logs from your browser, including IP addresses, cookie information, browsing history, and the Fullscript website pages requested. We utilize this information for advertising purposes, as well as analytical purposes, which allow us to improve our Platform, Services, and your experience.

We partner with third parties to manage our advertising on other websites. Our third-party partners may use cookies or similar technologies in order to provide you with Fullscript’s advertising based on your browsing activities and interests. This permits us to reach people who have previously visited our website and show them relevant advertisements when they visit other websites across the internet. You may be able to opt-out of your information being used for these purposes by submitting an opt-out request, noted above in “How to Submit Privacy Requests.” When you opt out of receiving targeted advertisements, this does not mean you will no longer see advertisements from Fullscript. It means that the online advertisements that you do see will not be tailored for you based on your particular interests. We may still collect information about you for any purpose permitted under the Policy Statement, including for analytics.

Chatbots: We are committed to providing you with exceptional service and support. As part of this commitment, we offer an interactive chatbot service powered by Ada to assist you with inquiries and improve your experience with our Platform and Services. Ada uses artificial intelligence to understand and respond to your questions in real-time. It is designed to provide quick access to information on a range of topics, from order details to account support inquiries. Through chatbot, Ada may collect certain personal information during the interaction including your name, contact information, inquiry details, and any voluntary details provided during the chat. However, personal information collected by Ada is solely on our behalf and is used solely for the purpose of responding to your inquiries and providing you with relevant information and assistance.

Your Choices and Selecting Your Communication Preferences

We give you the choice of receiving a variety of information related to our Services. You can manage your communication preferences through the following methods:

• By updating your communication preferences in your account settings when logged in to your Fullscript account.
• By following the instructions included in each promotional email from us to unsubscribe from that particular mailing.
• By emailing, chatting with, or calling our Customer Success team at 1-866-807-3828.
• By stopping push notices through your mobile device settings.
• By following the instructions in the SMS messages you receive. Note that certain opt-outs may only apply to certain types of SMS messages.

These choices do not apply to service notifications or other required communications that are considered part of certain Services, which you may receive periodically unless you stop using or cancel the Services in accordance with our Terms of Service.

By using our Services, or otherwise providing personal information to us, you acknowledge that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use. 

Minor Privacy

Our Services are not for minors or those under the age of 18. Fullscript does not knowingly collect personal information from minors or those under 18 years of age without appropriate parental or guardian consent. Individuals who are minors or those under the age of 18 should not attempt to provide us with any personal information. We will cancel the registration of a Fullscript account initiated by a minor or an individual under 18 years of age upon becoming aware of such registration. Parents may create and manage Dependent Accounts for minors through their own Fullscript account, and are responsible for providing any required consents and ensuring that the information submitted is accurate and limited to what is necessary. Parents have the right to terminate the registration of a child under age 18. If you think we have received personal information from minors or those under the age of 18, please contact us immediately.

How to Contact Us

We value your opinions. Should you have questions or comments directly pertaining to this Privacy Statement, please contact us at:

Email: privacy@fullscript.com

Phone: 1-866-807-3828

Mail: 

Fullscript
Attn: Privacy Officer
360 Albert Street, 2nd Floor
Ottawa, Ontario, Canada K1R 7X7

Fullscript
Attn: Privacy Officer
1750 Elm St., Floor 12
Manchester, NH 03104

Changes to Our Privacy Statement

We may amend this Privacy Statement from time to time. If we amend this Privacy Statement, we will post the updated Privacy Statement on the website and update the Privacy Statement’s effective date. You acknowledge and understand that you should visit this page periodically to be aware of and review any such revisions. By continuing to use our Services after such revisions are in effect, you are acknowledging that you have read and understand the revisions.  

Personnel and Job Applicant Notice 

This Personnel and Job Applicant Notice (“Job Applicant Notice”) supplements the information contained above in the Privacy Statement and applies to the personal information of job applicants, contractors, and individuals operating as personnel of service providers that are California residents, in relation to Fullscript and its affiliates. As a summary, Fullscript uses your personal information in connection with the hiring/job application process, vetting and communicating with service providers and vendors, financial accounting, and carrying out its business relationships with its service providers and vendors. 

We collect personal information in several ways, including when you provide it directly to us, when your company or organization provides it to us, or when our service providers or business partners provide it to us.

We may collect the following categories of personal information:

• Identifiers: name, email address, mailing address, IP address, phone number, social security number, online identifiers.
• Protected classification information: age, disability information, veteran or military status, race, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions or events), national origin, citizenship and sexual orientation.
• Internet/electronic activity: website interactions during application process and use of internal networks.
• Professional/employment related information: resumes/CVs, references, and background checks.
• Inferences: inferences drawn or created from personal information listed above, including job application vetting.
• Sensitive personal information: government-issued identification numbers and related document verification information, and account log-in credentials used to access our recruiting or application systems, where required or provided.

We may use these categories of personal information for the following business purposes:

• Job application processing and communication;
• Onboarding;
• Human resource administration, such as benefits, payroll and other employment-related purposes;
• Compliance with federal and state equal employment opportunity laws;
• Maintaining and administering vendor and contractor relationships, contracts, and payments;
• Preventing unauthorized access to or use of Fullscript facilities and property, including information systems, electronic devices, network, and data; and
• Improving efficiency, logistics, and supply chain management.

In addition to the business purposes set forth above, we may use these categories of personal information:

• To fulfill or meet the reason you provided the personal information;
• To comply with our health and safety obligations;
• To establish, exercise, or defend legal claims;
• To comply with applicable law, court orders, subpoenas, or governmental regulations;
• To respond to requests by public authorities, including for the purpose of meeting national security or law enforcement requirements;
• In the event of a merger, acquisition, disposition of all or substantially all of the relevant assets of the business, bankruptcy, or similar event (including due diligence related thereto); 
• As described to you when collecting your personal information; and
• As otherwise authorized or required by applicable law.

We retain personal information for as long as necessary for the purpose for which it was initially collected, including the purposes identified above. However, we retain job application information for unsuccessful applicants beyond consideration of the immediate position for which the application is submitted as a reference in case future positions become available and are of interest. Application information for successful applicants becomes part of the applicant’s employment file and is treated accordingly.

We share the categories of personal information identified above with our service providers and affiliates. The business purpose for such disclosures are the purposes listed above.

Please see the “Your Rights and Choices” section above for an explanation of your rights and how to exercise them. In regards to employment-related personal information, we do not “sell” such information as defined under California privacy law and we do not share such information with third parties for targeted advertising. If you have any questions, please contact privacy@fullscript.com.