Privacy Policy

Access Fuze

Platform Connecting Providers With Our Pharmacy Partner

Last Updated: April, 2026

This Privacy Policy explains how Access Fuze (“Access Fuze,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you access or use our website, ordering portal, tools, and related services (collectively, the “Services”).

Access Fuze is a portal used by licensed medical professionals and medical entities for 503A-related ordering and fulfillment workflows. By using the Services, you agree to this Privacy Policy.

Eligibility and NPI Requirement

The Services are intended solely for licensed medical professionals and medical entities (such as clinics and practices) and their authorized staff.

NPI Required. We require a valid, active National Provider Identifier (NPI) to access the Services in full. We may also request additional credentialing or documentation (including state licensure, DEA registration where applicable, and proof of business) to verify eligibility and maintain account access.

Information We Collect

Information you provide

We may collect:

Account and contact information: name, business name, email, phone number, business address, username/password, role/title.
Credential verification information: NPI (required), state license information, DEA registration (if applicable), proof of business (W-9, business registration, practice website, or other documents we reasonably request).
Ordering and fulfillment information: products ordered, quantities, shipping details, order history, returns, and communications related to orders.
Patient and prescription-related information (PHI may be included): information submitted through the portal that relates to a patient and/or prescription workflow (for example patient name, date of birth, shipping information, prescription details, prescriber details, and other identifiers), to the extent provided by authorized users as part of ordering and fulfillment.

Information collected automatically

We may collect:

Device and usage data: IP address, device type, browser type, pages viewed, clicks, timestamps, and error logs.
Security and audit data: login events, authentication activity, access logs, and signals that help detect fraud or unauthorized access.
Cookies and similar technologies: to keep users authenticated, maintain session security, remember preferences, and support portal performance.

Information from third parties

We may receive information from:

Credential verification sources: databases used to validate NPI, licensing, and DEA status (as applicable).
Service providers: hosting, security, identity verification, customer support tools, payment processors (if applicable), shipping/logistics tools, and analytics providers used for portal performance and security.
503A pharmacies and operational partners: information required to process, fulfill, document, and support orders.

How We Use Information

We use information to:

Provide, operate, maintain, and secure the Services.
Create and manage accounts, authenticate users, and enforce access controls.
Verify NPI and other credentials and confirm eligibility.
Process orders and support 503A ordering workflows, including routing order details to the appropriate 503A pharmacy or partner for fulfillment (as applicable).
Provide customer support and communicate with you (order updates, access notices, security alerts).
Prevent fraud, misuse, unauthorized access, and security incidents.
Comply with legal, regulatory, and contractual requirements.
Improve the Services (performance, troubleshooting, and user experience).

How We Share Information

We may share information as follows:

With 503A pharmacies and operational partners

We share information necessary to process and fulfill orders, including patient and prescription-related information when required for the workflow, with participating 503A pharmacies and related partners.

With service providers

We share information with vendors who help us operate the Services (hosting, security, identity verification, customer support tools, payment processors if applicable, and shipping/logistics providers). They are permitted to use information only to perform services for us and are expected to protect it.

For compliance, safety, and legal reasons

We may disclose information if we believe it is necessary to:

comply with law, regulation, or legal process,
enforce applicable terms and policies,
protect the rights, safety, and security of Access Fuze, customers, partners, or others,
investigate suspected fraud or security issues.

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction subject to reasonable safeguards.

With your direction

We may share information when you instruct us to or consent.

We do not sell personal information in exchange for money.

Cookies and Similar Technologies

We use cookies and similar technologies to keep users logged in, maintain security, and support portal functionality and performance. You can control cookies through your browser settings, but disabling cookies may limit portal functionality.

Communications

We send operational communications such as verification notices, order confirmations, shipping updates, security alerts, and support responses. If we send promotional communications, you can opt out using the unsubscribe link or by contacting us.

Data Retention

We retain information for as long as necessary to provide the Services, maintain accurate records, comply with legal and regulatory obligations, resolve disputes, enforce agreements, and maintain security. Retention periods vary depending on record type and compliance requirements.

Security

We maintain reasonable administrative, technical, and organizational safeguards designed to protect information, including patient-related information submitted through the Services. No method of transmission or storage is guaranteed to be 100% secure. You are responsible for safeguarding your login credentials and ensuring only authorized staff access your account.

HIPAA and Protected Health Information (PHI)

Because Access Fuze is a 503A order portal, the Services may collect, store, and transmit patient and prescription-related information that may constitute Protected Health Information (PHI).

How we handle PHI

We use and disclose PHI only as necessary to provide the Services, including to support ordering, documentation, fulfillment, customer support, compliance, and security. We limit access to PHI to authorized personnel and authorized users and implement safeguards designed to protect PHI from improper access, use, or disclosure.

Relationship to Covered Entities and BAAs

Clinics and medical practices using Access Fuze may be “covered entities” under HIPAA. When Access Fuze performs functions on behalf of a covered entity that involve PHI, Access Fuze may be considered a business associate under HIPAA.

Business Associate Agreement (BAA). Where required, Access Fuze will support execution of a Business Associate Agreement (BAA) with covered entities and will require appropriate agreements with relevant vendors who handle PHI on our behalf.

Patient rights notices

This Privacy Policy is not a substitute for a covered entity’s HIPAA Notice of Privacy Practices. Patients should contact their healthcare provider directly regarding their HIPAA privacy rights.

Your Choices and Rights

Depending on your location, you may have rights to request access to, correction of, or deletion of certain information, subject to legal and operational exceptions (for example compliance recordkeeping, transaction history, and security logs).

California (CCPA/CPRA)

If you are a California resident, you may have rights to know, access, delete, or correct certain personal information and to opt out of certain data “sharing” as defined by law (if applicable). We will verify your request before fulfilling it.

Third-Party Links

The Services may contain links to third-party websites. We are not responsible for their privacy practices.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date above indicates when changes become effective. Continued use of the Services after changes means you accept the updated policy.