Fx
FaxRx
FeaturesHow it worksPricing

Legal

Privacy Policy

Last updated July 9, 2026

This Policy explains what we collect, how we use it, who we share it with, and the choices you have. Because our customers fax patient information, protecting that information is central to how we operate.

In plain terms: we collect what we need to run the Service, we protect it with encryption and access controls, we never mine your fax content, and when your faxes contain patient information we handle it under a signed HIPAA Business Associate Agreement that controls for that information.

Contents

  1. 1. Overview
  2. 2. Information we collect
  3. 3. How we use information
  4. 4. Fax content and Protected Health Information
  5. 5. Service providers and subprocessors
  6. 6. Cookies, analytics, and advertising
  7. 7. Data retention
  8. 8. How we protect information
  9. 9. Your choices and rights
  10. 10. US state privacy rights (California and others)
  11. 11. Security incidents
  12. 12. Children
  13. 13. Where we operate
  14. 14. Changes to this Policy
  15. 15. Contact us

1. Overview

This Privacy Policy explains how FaxRx ("FaxRx," "we," "us," or "our") collects, uses, shares, and protects information when you use our online fax service (the "Service"). FaxRx serves pharmacies, prescriber clinics, and other healthcare practices that send and receive prescription, referral, and clinical faxes.

Because our customers routinely transmit Protected Health Information (PHI), our handling of that information is also governed by a Business Associate Agreement (BAA) that we execute with every customer, and by our HIPAA Compliance commitments. Where this Policy and the BAA differ with respect to PHI, the BAA controls.

2. Information we collect

Account information

Name, work email address, organization name, phone number, mailing address, and professional identifiers (such as an NPI number) provided during registration and onboarding.

Billing information

Your subscription plan, billing history, and credit balance. Card details are collected and stored by our payment processor; we do not store full card numbers on our servers.

Fax content

The documents you send and receive through the Service, including cover sheets and attachments. These documents may contain PHI. We treat all fax content as confidential and handle it as described in Section 4.

Usage and log data

Fax send and receive records, page counts, delivery status, feature usage, and audit events for key actions. Authentication activity, such as sign-in events, is recorded by our identity provider.

Device information

Technical data collected automatically, such as browser type, IP address, and device identifiers, used to operate and secure the Service.

3. How we use information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including sending and receiving your faxes.
  • Process payments and manage subscriptions and credit balances.
  • Send transactional messages such as delivery confirmations, received-fax notifications, and account notices.
  • Provide customer support and respond to your requests.
  • Monitor, secure, and troubleshoot the Service, and detect and prevent fraud or abuse.
  • Meet our legal, tax, and regulatory obligations.

We do not use the content of your faxes for advertising or to build marketing profiles. We do not sell or share your personal information as those terms are defined under applicable privacy law, except as described in Section 6 regarding cookies on our marketing website.

4. Fax content and Protected Health Information

Fax documents are stored in encrypted cloud storage and are accessible only to your organization through authenticated access, and to the limited FaxRx personnel and subprocessors who need access to operate the Service. We do not read, analyze, or share the content of your faxes except as needed to deliver them, to provide the Service at your direction, or as required by law.

Where fax content includes PHI, we use and disclose it only as permitted by the Business Associate Agreement and applicable law. When you enable email delivery of received faxes, the fax document is sent as an attachment to the addresses you configure, using TLS-secured transport where the receiving mail server supports it; because email delivery to mailboxes we do not control uses opportunistic encryption, we cannot guarantee end-to-end encryption once a message leaves our systems. We keep the surrounding email metadata, including attachment file names, free of patient identifiers.

5. Service providers and subprocessors

We use a small set of vetted service providers ("subprocessors") to operate the Service. Each is engaged under contractual confidentiality and data-protection terms, and any subprocessor that may create, receive, maintain, or transmit PHI is engaged under a Business Associate Agreement. We use these categories of providers:

  • Fax transport - carriers that transmit and receive faxes over the telephone network.
  • Encrypted cloud storage - storage of fax documents at rest, under a Business Associate Agreement.
  • Authentication and identity - secure sign-in and account management.
  • Payment processing - subscription billing and card handling; card data stays with the processor.
  • Transactional email delivery - sending received-fax notifications and account emails.
  • Application hosting and database - running the Service and storing account records.
  • Error monitoring and website analytics or advertising - keeping the Service reliable and measuring our marketing website.

We do not publish the names of our subprocessors on this page. A current list of named subprocessors, and confirmation of the Business Associate Agreements in place with those that handle PHI, is available to customers on request at hello@fax-rx.com.

6. Cookies, analytics, and advertising

We use essential cookies for authentication and session management, which are required for the Service to function. On our public marketing website we also use analytics and advertising cookies, including a third-party advertising platform's conversion-tracking tag, to measure traffic and the performance of our advertising. Providing data to advertising and analytics vendors may be treated as a "sale" or "share" under some state privacy laws even where no money changes hands; see Section 10 for your related choices. You can control non-essential cookies through your browser settings and, where available, a Global Privacy Control signal. We do not use fax content for analytics or advertising.

7. Data retention

We retain information for as long as needed to provide the Service and to meet our legal obligations:

  • Account data is retained for the life of your account and for a limited period after closure to allow reactivation and to meet legal requirements.
  • Fax documents and transmission records are retained while your account is active. You may archive individual faxes at any time.
  • Billing records are retained for the period required by tax and accounting law (generally up to seven years). These records do not contain fax content.

On termination of your account, we return or destroy the Protected Health Information we hold as described in the Business Associate Agreement, except where retention is required by law or return or destruction is not feasible, in which case we continue to protect it under the BAA and limit further use.

8. How we protect information

We use encryption in transit and at rest, strict per-organization access controls, authenticated access to stored documents, and audit logging. No system can be guaranteed perfectly secure, but we work continuously to protect your data. For a fuller description of our controls, see our Security page.

9. Your choices and rights

Depending on your location and role, you may have the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Request deletion of your information, subject to legal and contractual retention requirements.
  • Export your data in a portable format.
  • Opt out of non-essential communications.

Because much of the information in the Service is submitted by our customer organizations, requests involving PHI or an organization's records may be routed to the responsible organization. To exercise a right, contact us at hello@fax-rx.com; we will respond within the time required by applicable law.

10. US state privacy rights (California and others)

Protected Health Information handled under HIPAA and our Business Associate Agreement is exempt from state consumer-privacy laws and is not covered by this Section. For other personal information - such as the account, billing, and device data described in Section 2 - residents of California and other states with comprehensive privacy laws (including Virginia, Colorado, and Connecticut) may have rights to:

  • Know the categories of personal information we collect, the sources, and the business purposes for using it.
  • Access, correct, delete, or obtain a portable copy of their personal information.
  • Opt out of any "sale" or "sharing" of personal information and of targeted advertising.
  • Limit the use of sensitive personal information.
  • Not be discriminated against for exercising these rights, and to appeal a decision on a request.

To exercise these rights, or to submit a request through an authorized agent, contact us at hello@fax-rx.com. Where offered, we honor browser-based opt-out signals such as Global Privacy Control for the advertising cookies described in Section 6.

11. Security incidents

If a security incident affects your personal information, we will notify affected individuals and customers as required by applicable state and federal breach-notification law. For incidents involving Protected Health Information, we follow the HIPAA breach-notification commitment described on our HIPAA Compliance page, which provides for notice without unreasonable delay and no later than 60 days after discovery.

12. Children

The Service is a business tool intended for organizations and is not directed to individuals under 18. We do not knowingly collect personal information directly from children through the Service.

13. Where we operate

FaxRx is operated from the United States, and the information we process is stored and processed primarily in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed there.

14. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The "Last updated" date above reflects the current version, and continued use of the Service after an update takes effect constitutes acceptance of the revised Policy.

15. Contact us

Questions or requests about this Policy or your information? Contact us at hello@fax-rx.com.

Terms of ServicePrivacy PolicyHIPAA ComplianceSecurity
Back to home
Fx
FaxRxPharmacy Fax

Online fax built for pharmacies, prescriber clinics, and the practices that fax alongside them.

Product

FeaturesHow it worksPricing

Account

Sign inGet startedContact

Legal

PrivacyTermsHIPAASecurity
© 2026 FaxRx. All rights reserved.HIPAA-friendly, encrypted, and ready in minutes.