privacy policy

STATE100 PRIVACY POLICY
Effective Date: 3/28/26
IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY, CALL 911 IMMEDIATELY.
Introduction
STATE100 PLLC ("STATE100," "we," "our," or "us") is committed to protecting your privacy and safeguarding your personal and health information. This Privacy Policy describes how we collect, use, disclose, and protect information when you visit our website, create an account, or receive medical services through STATE100 (collectively, the "Services").
For purposes of this Privacy Policy, "Personal Information" means information that identifies or can reasonably be linked to an individual. Certain information collected by STATE100 is also Protected Health Information ("PHI") and is governed by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and applicable state laws.
This Privacy Policy also serves as our Notice of Privacy Practices (NPP) as required by HIPAA. It describes your rights regarding your health information and how we may use and disclose that information.
This Privacy Policy is incorporated into and governed by our Terms & Conditions.
If you do not agree to this Privacy Policy, do not use the Services.
1. Our Role as a Medical Practice
STATE100 is a licensed medical practice (PLLC) providing clinical care through licensed physicians and physician assistants via telehealth. We are not an advertising platform or data broker.
We do not sell your Personal Information or Protected Health Information. We do not share health information with third parties for their own marketing purposes.
2. Information We Collect
A. Information You Provide
We collect information you provide directly, including: name, date of birth, and contact details; account credentials; medical history, symptoms, medications, and allergies; intake forms, questionnaires, and consent documents; communications with providers or staff; payment and billing information (processed by third-party payment processors); and identity verification when required by law.
B. Health Information
When you receive care, we collect and maintain medical records including: clinical notes and assessments, prescriptions and treatment plans, laboratory results, and follow-up and care coordination communications.
C. Automatically Collected Information
When you use our website, we may collect: IP address and device/browser information, pages viewed and site interactions, and cookies and similar technologies for basic analytics and site functionality.
We do not use sensitive health data for behavioral advertising. Any third-party analytics tools we use are configured to minimize data collection and do not have access to your health information.
3. How We Use Your Information
We use your information to: provide medical care and telehealth services; communicate about appointments, care, and treatment plans; coordinate labs, pharmacies, and clinical services; process payments and subscriptions; maintain medical records and comply with legal obligations; improve website performance and user experience; and protect against fraud, misuse, or security threats.
We do not use your health information for unrelated marketing purposes.
4. How We Share Information
We may share information as permitted or required by law, including for the purposes described below.
A. Treatment, Payment, and Healthcare Operations
We may share your information with: STATE100 providers and clinical staff; laboratories performing diagnostic testing; pharmacies fulfilling prescriptions; and administrative and billing vendors.
B. Service Providers
We use HIPAA-compliant vendors (e.g., EMR systems, payment processors, hosting providers) who are contractually required to safeguard your information through Business Associate Agreements.
C. Legal Requirements
We may disclose information when required to comply with: laws or regulations, court orders or subpoenas, and public health reporting obligations.
D. What We Do Not Do
We do not sell your Personal Information or Protected Health Information to any third party. We do not share your health information with third parties for their own marketing purposes. We do not use your health information for targeted advertising.
5. Telehealth Communications
Telehealth services may involve video, audio, secure messaging, email, or phone communications. While we use reasonable safeguards, electronic communications are not risk-free.
By using telehealth services, you acknowledge and accept these risks.
6. Cookies & Analytics
STATE100 uses limited cookies and analytics tools to: enable website functionality, understand site usage, and improve performance.
You may disable cookies via browser settings, though some features may not function properly.
Do Not Track Disclosure: Some browsers offer a "Do Not Track" feature. Our website does not currently respond to Do Not Track signals, but we limit tracking to essential analytics as described above and do not track users across third-party websites.
7. Your Privacy Rights
A. Rights Under HIPAA
Under HIPAA, you have the right to: access your Protected Health Information; request corrections to your health records; request restrictions on certain uses and disclosures; receive an accounting of disclosures of your PHI; request confidential communications (e.g., contact at a specific phone number or address); and receive a paper copy of this Privacy Policy upon request.
B. State-Specific Privacy Rights
Depending on your state of residence, you may have additional privacy rights under state law, including the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act, or other state privacy laws. These rights may include the right to know what information we collect, the right to delete certain information, and the right to opt out of certain data sharing.
C. How to Exercise Your Rights
To exercise your privacy rights, submit a written request to:
Email: hello@state100.com
We will respond within the timeframes required by applicable law (generally 30 days for HIPAA requests, with a possible 30-day extension if needed).
D. Right to File a Complaint
You have the right to file a complaint if you believe your privacy rights have been violated.
You may file a complaint with STATE100 by contacting our Privacy Officer at hello@state100.com.
You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by visiting www.hhs.gov/ocr/complaints or by calling 1-800-368-1019.
We will not retaliate against you for filing a complaint.
8. Data Security
We implement administrative, technical, and physical safeguards designed to protect your information, including HIPAA-compliant systems, encrypted data transmission, secure access controls, and regular security assessments.
However, no system is completely secure, and we cannot guarantee absolute security.
Breach Notification: In the event of a breach of unsecured Protected Health Information, we will notify affected individuals as required by HIPAA and applicable state law. Notifications will be provided without unreasonable delay and no later than 60 days after discovery of the breach, or sooner if required by state law.
9. Children’s Privacy
STATE100 does not provide services to individuals under 18 years of age and does not knowingly collect information from minors. If we learn that we have collected information from a minor, we will delete that information promptly.
10. Data Retention
We retain information as required by medical, legal, and regulatory standards and as necessary to operate our practice.
Medical Records: We retain medical records for a minimum of 7 years from the date of last treatment, or longer as required by applicable state law.
Account Information: Non-medical account information is retained as long as your account is active and for a reasonable period thereafter for legal, operational, and record-keeping purposes.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted on our website with a revised effective date.
For material changes that significantly affect how we use or disclose your Protected Health Information, we will make reasonable efforts to notify you (such as by email or prominent website notice) before the changes take effect.
Continued use of the Services after changes are posted constitutes acceptance of the updated policy.
12. Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your information is handled, contact:
STATE100 PLLC
Attn: Privacy Officer
Email: hello@state100.com
Website: www.state100.com
13. Medical Disclaimer
Information on this website is for general informational purposes only and does not replace professional medical advice. Use of the website alone does not establish a provider-patient relationship.
If you are experiencing a medical emergency, call 911 or go to the nearest emergency room immediately.