PRIVACY
POLICY.

If you are a patient or visitor browsing the directory, we collect standard log files and analytics data to ensure platform stability and improve our user interface:

• Log Files: Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and number of clicks. These are not linked to any information that is personally identifiable. Log files are retained for 90 days and then purged automatically.

• Cookies and Web Beacons: We use cookies to store information including visitors' preferences and the pages on the website that the visitor accessed or visited. This information is used to optimize the users' experience. Specifically:

  • Session cookies expire after 24 hours and are used for site navigation continuity.
  • Preference cookies persist for up to 2 years and remember display settings you configure.

  We do not use third-party advertising cookies or tracking pixels. You may disable cookies in your browser settings; however, some site features may not function correctly.

• Search Queries: We temporarily store search queries (such as cities and medical specialties) to power our caching layer (Redis) and significantly improve search speed for future users. This data is aggregated, completely anonymized, and automatically deleted after 7 days. No personally identifiable information is retained from search activity.

• Review Submissions: When you submit a provider review, we collect the following information:

  • Your name (displayed publicly on the review)
  • Your email address (kept private; used only for identity verification and review moderation correspondence)
  • Star rating (1–5) and written comment
  • IP address and submission timestamp (retained to prevent spam and abuse; not displayed publicly)

  Reviews are stored indefinitely as part of the public record unless you request deletion. See Data Retention and Deletion below.

NPI Telehealth operates exclusively as a directory service, not a healthcare provider or covered entity. We do not collect, store, or process Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA).

When you click a link to book an appointment or visit a doctor's external telehealth portal, you are leaving our site and engaging directly with the provider. You should review their respective independent privacy agreements and HIPAA Notices of Privacy Practices securely provided prior to your consultation.

Depending on your jurisdiction, you have the following rights regarding your personal information:

• Right to Know / Access: Request a summary of the personal information we hold about you and how it is used.

• Right to Delete: Request deletion of your personal data (e.g., a review you submitted, your email address on file).

• Right to Correct: Request correction of inaccurate personal information associated with your submissions.

• Right to Opt-Out of Sale: We do not sell data, so no opt-out is required — but you may request confirmation at any time.

• Right to Non-Discrimination: We will never deny service or treat you differently for exercising any privacy right.

• Right to Data Portability (GDPR): EU/EEA residents may request a machine-readable copy of their personal data.

• Right to Restrict Processing (GDPR): EU/EEA residents may request we limit processing of their data in certain circumstances.

How to exercise your rights: Email admin@npitelehealth.com with subject line "Privacy Rights Request" and describe your request. We will respond within 45 days for CCPA requests and within 30 days for GDPR requests. We may ask you to verify your identity before fulfilling the request.

We retain different types of data for different periods based on operational necessity:

• Server Log Files: Retained for 90 days, then automatically deleted.

• Search Cache (Redis): Retained for 7 days, then automatically purged. All entries are anonymized.

• Provider Reviews: Retained indefinitely as part of the public record, unless you submit a deletion request. Upon verified request, your review and associated personal data (name, email, IP) will be removed within 30 days.

To request deletion of your data, email admin@npitelehealth.com with subject line "Data Deletion Request". We will confirm receipt and complete your request within 30 days.

NPI Telehealth is not directed to children under the age of 13 and is intended solely for use by adults seeking general healthcare provider information. We do not knowingly collect personally identifiable information from children under 13.

If you are a parent or guardian and believe your child has submitted personal information to us (such as through a review submission), please contact us immediately at admin@npitelehealth.com and we will promptly delete that information from our records.

In the event of a data breach that may affect your personal information, NPI Telehealth will take the following steps:

• Investigate: We will promptly investigate the nature, scope, and cause of the breach.

• Notify Affected Users: We will notify affected individuals via email within 30 days of discovering a confirmed breach, where contact information is available.

• Report to Authorities: We will report to relevant regulatory authorities as required by applicable law (e.g., state attorney general offices, supervisory authorities under GDPR).