Privacy policy

Last updated: April 21, 2026

This website (nycprx.com) and the related store are operated by Siya Rx Inc., a New York corporation doing business as 'New York City Pharmacy' (referred to throughout this policy as 'New York City Pharmacy,' 'we,' 'us,' or 'our').

New York City Pharmacy operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). New York City Pharmacy is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.
  • Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.
  • Account information including your username, password, security questions, preferences and settings.
  • Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
  • Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
  • Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
  • From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf;
  • From our partners or other third parties.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

  • Provide, Tailor, and Improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
  • Security and Fraud Prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
  • Communicating with You. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.
  • Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites. You can exercise your rights to opt-out of those uses here .
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy . Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

  • Right to Access / Know. You may have a right to request access to personal information that we hold about you.
  • Right to Delete. You may have a right to request that we delete personal information we maintain about you.
  • Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
  • Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to Opt out of Sale or Sharing for Targeted Advertising. Depending on where you reside, you may have a right to opt out of the "sale" or "share" of your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. You can exercise your rights to opt-out of those uses here. Please note that if you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out for the device and browser that you use to visit the website. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/. Other than the Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent from your web browser or device.
  • Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below. To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visit https://privacy.shopify.com/en.

We will not discriminate against you for exercising any of these rights. We may need to verify your identity before we can process your requests, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

 

Health Information Privacy

New York City Pharmacy is a licensed pharmacy operating in the State of New York and is a "covered entity" under the federal Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (together, "HIPAA"). In addition to the general privacy practices described elsewhere in this Privacy Policy, the following section governs our collection, use, disclosure, and safeguarding of Protected Health Information ("PHI") as defined under HIPAA (45 CFR § 160.103), and of other health-related information regulated under New York State law. In the event of any conflict between this Health Information Privacy section and the general provisions of this Privacy Policy, this section controls with respect to PHI.

1. Protected Health Information

PHI includes individually identifiable health information we receive or create in connection with dispensing prescription medications, providing pharmacist services, billing insurance plans, or otherwise furnishing healthcare services to you. Examples include your name and contact details when linked to a prescription, prescriber information, medication history, dosage and refill information, diagnosis or condition information received from a prescriber, insurance and payment information tied to a prescription claim, and communications with our pharmacists.

2. Uses and Disclosures of PHI Permitted Without Your Authorization

Consistent with 45 CFR §§ 164.502, 164.506, and 164.512, we may use and disclose PHI without your written authorization for the following purposes:

       Treatment: to dispense prescriptions, consult with your prescribers and other healthcare providers, coordinate refills, perform Medication Therapy Management (MTM), and furnish pharmacist clinical services.

       Payment: to bill and obtain payment from you, your health plan, pharmacy benefit manager (PBM), Medicare, Medicaid, or other payer, including prior authorization, claim adjudication, and coordination of benefits.

       Healthcare Operations: quality assurance and improvement, licensing and accreditation activities, pharmacy audits, training of pharmacy personnel and interns, and general administrative operations of the pharmacy.

       Public Health Activities: reporting to public health authorities authorized by law, including adverse drug event reporting to the U.S. Food and Drug Administration and immunization reporting to the New York City Citywide Immunization Registry (CIR) as required by 10 NYCRR § 66-1.3.

       Prescription Monitoring: reporting dispensing of controlled substances to the New York State Prescription Monitoring Program (I-STOP / PMP) as required under New York Public Health Law Article 33 and 10 NYCRR Part 80.

       Required by Law: disclosures compelled by federal, state, or local law, including court orders, subpoenas, and administrative requests; disclosures to the U.S. Department of Health and Human Services in connection with a HIPAA compliance investigation or enforcement action.

       Law Enforcement: limited disclosures to law enforcement officials as permitted under 45 CFR § 164.512(f).

       Health Oversight: disclosures to the New York State Board of Pharmacy, Department of Health, Office of Professional Discipline, Drug Enforcement Administration, and other regulatory authorities for oversight activities authorized by law.

       To Avert a Serious Threat: to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

       Workers' Compensation: as authorized under New York Workers' Compensation law.

3. Uses and Disclosures Requiring Your Written Authorization

Except as described in Section 2 above or as otherwise permitted by law, we will not use or disclose your PHI without your written authorization. Uses and disclosures that require your prior written authorization include, without limitation: (a) most uses and disclosures of psychotherapy notes; (b) uses and disclosures of PHI for marketing purposes, other than face-to-face communications and promotional gifts of nominal value; and (c) any sale of PHI. You have the right to revoke any authorization you have previously given, in writing, at any time, except to the extent we have already relied on it.

4. Your Rights Regarding Your PHI

Under HIPAA (45 CFR § 164.520 et seq.) and applicable New York law, you have the following rights with respect to your PHI held by the pharmacy:

       Right to Access and Inspect: You have the right to inspect and obtain a copy of PHI maintained in our designated record set, in the form and format you request if readily producible. We may charge a reasonable, cost-based fee as permitted by law.

       Right to Amend: You have the right to request that we amend PHI you believe is inaccurate or incomplete. We may deny your request in certain circumstances, and you will have the right to submit a statement of disagreement.

       Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures of your PHI that we have made during the six-year period preceding your request, subject to the exclusions set forth in 45 CFR § 164.528.

       Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your PHI for treatment, payment, or healthcare operations. We are not required to agree to every restriction; however, we must agree to a request to restrict disclosure to a health plan for a service you have paid for out-of-pocket in full, as required under 45 CFR § 164.522(a)(1)(vi).

       Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI by alternative means or at alternative locations (for example, by a specific phone number or mailing address).

       Right to a Paper Copy of the Notice of Privacy Practices: Regardless of whether you receive this notice electronically, you have the right to request and receive a paper copy at any time.

       Right to Be Notified of a Breach: You have the right to be notified following a breach of unsecured PHI, in accordance with the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414) and applicable New York breach-notification law.

5. Compliance with New York State Law

In addition to HIPAA, we comply with applicable New York State privacy and confidentiality laws, including:

       New York Education Law §§ 6530 and 6810 and the regulations of the New York State Board of Pharmacy concerning the confidentiality of prescription records and pharmacist-patient communications.

       New York Public Health Law Article 27-F concerning the confidentiality of HIV- and AIDS-related information, to the extent applicable to records we maintain.

       New York Public Health Law Article 33 and 10 NYCRR Part 80 concerning the handling and reporting of controlled substance prescriptions.

       The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), New York General Business Law §§ 899-aa and 899-bb, which requires reasonable administrative, technical, and physical safeguards for private information (including health information) and timely notification in the event of a data breach.

Where New York law provides privacy protections that are more stringent than HIPAA, we apply the more protective standard.

6. Safeguards

We maintain administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of PHI and other private information, consistent with the HIPAA Security Rule (45 CFR Part 164, Subpart C) and the SHIELD Act. These safeguards include workforce training, role-based access controls, unique user authentication, encryption of electronic PHI in transit and at rest where appropriate, secure destruction of records containing PHI, audit controls, and a designated Privacy Officer and Security Officer. While we use reasonable measures to protect your information, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Breach Notification

In the event of a breach of unsecured PHI, we will provide notification to affected individuals and, as applicable, to the Secretary of the U.S. Department of Health and Human Services and the media, in accordance with the HIPAA Breach Notification Rule (45 CFR §§ 164.400–414). We will also comply with applicable notification requirements under the New York SHIELD Act and any other applicable state laws.

8. HIPAA Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer using the contact information below. You may also file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR):

       By mail: U.S. Department of Health and Human Services, Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201

       By phone: 1-877-696-6775

       Online: https://www.hhs.gov/ocr/complaints/

We will not retaliate against you for filing a complaint.

9. Changes to Our Privacy Practices

We reserve the right to change our privacy practices and the terms of this Health Information Privacy section at any time, as permitted by law. Any revised terms will apply to PHI we already have about you as well as any PHI we receive in the future. We will post any material revisions on our website and, where required by law, provide additional notice.

10. HIPAA Privacy Officer and Contact Information

For questions about this Health Information Privacy section, to exercise any of your rights described above, or to file a HIPAA privacy complaint, please contact our Privacy Officer:

HIPAA Privacy Officer New York City Pharmacy

206 1st Avenue, New York, NY 10009

Phone: 212-253-8686

Email: chintan@nycprx.com

Fax: 212-253-2415

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority.

International Transfers

Please note that we may transfer, store and process your personal information outside the country you live in.

If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at Hello@nycprx.com or contact us at 206 1st Avenue, New York, NY, 10009, US