Privacy Policy

Last updated: October 7, 2025

  1. Introduction

Bummed, Inc. (“Bummed”, “Company”, “we”, “us”, or “our”) respects the privacy of your Personal Data (defined below), and as such, we make every effort to ensure that your Personal Data is protected and private.

This Privacy Policy (our “Privacy Policy”) supplements our Terms  & Conditions (“Terms”), fully incorporates the Terms herein, and describes how Company and Medical Groups collect, use, maintain, protect, and disclose Personal Data about you in connection with the use of the website located at www.bummed.co, and any other related or affiliated websites and mobile applications (each, together with any sub-domains, content and services, the “Sites”), as well as the various product and/or service offerings made available on the Sites (collectively, “Site Offerings” or “Services”). By “Personal Data,” we mean information that is personally identifiable to you. Users with disabilities who wish to access this Privacy Policy in an alternative format can contact us by emailing us at: privacy@bummed.co; or sending us U.S. mail to: Bummed, Inc., at 3065 Brighton 2nd St #1035 Brooklyn, NY 11235.

Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Data and how we will treat it. If you do not agree with this Privacy Policy, your choice is to not use the Services. By accessing or using the Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

YOU SHOULD CAREFULLY READ THIS PRIVACY POLICY.

By accessing, browsing, and/or otherwise using the Sites and/or Site Offerings, you are creating a binding contract between you and us, and you are acknowledging that you have read, understood, and agreed to be bound by this Privacy Policy, in its entirety. If you do not agree with the terms and conditions of this Privacy Policy in their entirety and/or would prefer that we not collect, use, or disclose your Personal Data as described herein, you should not use the Sites and/or Site Offerings, or otherwise provide us with any information. Capitalized terms used but not defined herein shall have the same meanings as defined in the Bummed Terms.

INTRODUCTION

This Privacy Policy explains our online information practices and the choices you can make about the way your Personal Data is collected and used in connection with our Sites.

When we refer to “Personal Data” in this Privacy Policy, we are referring to any information that may be used, either alone or in combination with other information, to personally identify an individual, as well as the personal or material circumstances of an identified or identifiable individual. Different states and jurisdictions define Personal Data (and similar terms, such as personal information and personally identifiable information) to include different things, but Personal Data includes information, such as first and last name, email address, home or other physical address, telephone number, and other contact information. It may also include your computer or mobile device IP address, and geo-location information, if such data can be linked to a particular person.

This Privacy Policy applies only to Personal Data and other information provided by you and/or collected by us through the Sites. It does not apply to Personal Data and/or other information that we, or other parties, may collect through other means, such as through any business relationship between you and us. Other than where mandated by applicable law, this Privacy Policy also does not apply to information that you submit on other websites, even if we communicate with you on those other websites or provide a link to those websites through our Sites. For example, if you login via or post something on Meta®, Facebook®, LinkedIn®, X (formerly Twitter®), TikTok®, or other social media or networking sites, that information is governed by the privacy policies of those websites, not by this Privacy Policy.

  1. Children Under the Age of 13 and Majority

The Services are not intended for children under the age of 13. Children under the age of 13 are strictly prohibited from using the Services and accessing the Site. We do not knowingly collect Personal Data from persons who are under the age of 13. If you are under the age of 13, do not use or provide any information on the Services or on or through any of their features, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Data from a child under the age of 13, we will delete that information. If you believe we might have any Personal Data from a child under the age of 13, please contact us at privacy@bummed.co.

If you access or use the Services or access the Site, you represent and warrant that you are either at least 18 years old or otherwise have adequate authority and capacity to consent to use the Services under applicable state laws, federal laws or the authorization of a parent or legal guardian who agrees to be bound by the Terms and this Privacy Policy. If you are under 18 and lack sufficient authority to access or use the Services, do not use or provide any information on the Services.

  1. Personal Data We Collect About You

We collect different types of Personal Data about you. This section is intended to describe the Personal Data that we may collect about you.

We collect Personal Data that you provide to us (e.g., during the registration, email submission, and/or checkout process) to fulfill your request to receive additional information or for the purpose of handling the contractual relationship that you have with Bummed. We only use and store your Personal Data if we have a legal basis for doing so, including where you have given us your express consent, where we have a legitimate business interest or pursuant to a contractual relationship between you and Bummed. Please be advised that users may withdraw consent at any time by using the options made available in this Privacy Policy.

We collect the following types of Personal Data from and about users of the Services:

  • name, postal address, billing address, shipping address, e-mail address, mobile telephone number, driver’s license (or other government identification) information, including number, photo, and other associated information, date of birth, credit or debit card number (for payment purposes only), photos of you, your medical history, and health information;
  • traffic data, location data, logs, referring/exit pages, date and time of your visit to the Services, error information, clickstream data, and other communication data and the resources that you access and use on the Services; and
  • your Internet connection, the equipment you use to access the Services, and usage details.
  1. How We Collect Your Personal Data

Providing Personal Data is Your Choice. However, if you choose to make use of the Sites, you may need to provide certain Personal Data to us. If you choose not to provide mandatory Personal Data, you may still visit parts of our Sites but you may be unable to access certain Site Offerings, options, programs, offers, and services that involve our interaction with you. If you do provide us with Personal Data as described below, you agree that it will be accurate and complete, and it is your responsibility to keep it current.

The types of Personal Data you may be asked to provide, and the circumstances in which we request it, are described below. We present the information below based on the categories of information collected, but please be aware that similar specific pieces of information may apply to multiple categories. For example, your name and email address may be included within the categories described below.

We collect Personal Data:

  • directly from you when you provide it to us, such as:
    • information that you provide by filling in forms on the Services (this includes information provided at the time of registering to use the Services, using Medical Groups Provider consultation services, purchasing products, reporting a problem with the Services, or requesting further services), and your User Contributions (as described in Section 7);
    • records and copies of your correspondence (including email addresses), if you contact us; and
    • details of transactions you carry out through the Services and of the fulfillment of your requests (you may be required to provide financial information before placing a request through the Services).
  • automatically as you navigate through the Services (information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies) – see additional detail in Section 5 below; and
  • from third parties, for example, our business partners.
  1. Personal Data Collected Through and Use of Automatic Data Collection Technologies

As you navigate through and interact with the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

  • details of your visits to the Services, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to the Services, error information, clickstream data, and other communication data and the resources that you access and use on the Services; and
  • information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, and browser type.

The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve the Services and to deliver a better and more personalized service by enabling us to:

  • estimate our audience size and usage patterns;
  • store information about your preferences, allowing us to customize the Services according to your individual interests; or
  • recognize you when you return to the Services.

The technologies we use for this automatic data collection include, among others:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer or mobile device. On your computer or device, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting, you may be unable to access certain parts of the Services. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Services. For more information please see our Cookie Policy below.
  • Pixels. Pixels are transparent images embedded in a website, email, or ad, and which contain a link to an external server. When a user interacts with an email, navigates to our Services, or views an ad, the user’s browser downloads the invisible image file. That action triggers a request from the pixel server, providing the server owner with knowledge of who downloaded the pixel as well as information like the operating system used, the type of browser used, the time the pixel was interacted with, the IP address, and more.
  • Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of certain parts of the Services. Google Analytics uses cookies and other tracking technologies to help the Services analyze how users use the Services. You can find out more about how Google uses data when you visit the Services by visiting “How Google uses information from sites or apps that use our services”, (located at www.google.com/policies/privacy/partners/). For more information regarding Google Analytics please visit Google’s website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.
  1. How We Use Your Personal Data

We use your Personal Data for the business purposes described below:

  • provide the Services to you;
  • provide products and Services to you;
  • provide you with information you request from us;
  • enforce our rights arising from contracts;
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • notify you about changes;
  • provide you with newsletters, advertisements, and other promotional communications;
  • to contact you in response to a request;
  • to fulfill any other purpose for which you provide it;
  • for any other purpose with your consent; and
  • provide you with notices about your User Account.

With your consent, we may also use your information to contact you about goods and services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications or by contacting us at privacy@bummed.co.

  1. Disclosure of Your Personal Data

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy.

We may disclose or share Personal Data that we collect or you provide as described in this Privacy Policy:

  • to service providers and other third parties we use to support our business (the services provided by these organizations include providing IT and infrastructure support services, and ordering, marketing, and payment processing services);
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Company about the Service users are among the assets transferred;
  • to fulfill the purpose for which you provide it (for example, we may disclose your personal information to a health care provider);
  • for any other purpose disclosed by us when you provide the information; and
  • for any purpose for which we have your consent.

We may also disclose your Personal Data:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • to enforce or apply our Terms and other agreements, including for billing and collection purposes; and
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others (this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

In addition, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

You also may provide information (hereinafter, “posted”) to other users of the Services or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable.

  1. Choices About How We Use and Disclose Your Personal Data

We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for our advertising to you, and other targeted advertising.

We strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

  • Tracking Technologies and Advertising. You can set your browser or operating system to refuse all or some cookies or to alert you when cookies are being sent. In addition, you can activate or deactivate certain cookies through our Cookie Policy. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly.
  • Promotional Offers from Company. If you do not wish to have your email address used by Company to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us or by contacting us. This opt out does not apply to information provided to Company as a result of a Service purchase or your use of our Services.
  • Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative (“NAI”) websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

We do not control the collection and use of your information collected by third parties as described in our Terms. These third parties may aggregate the information they collect with information from their other customers for their own purposes.

  1. Your Rights Regarding Your Personal Data 

You may contact us at privacy@bummed.co regarding any of your rights under applicable state laws; any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible; or to delete your Account. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

See state-specific sections below on your rights under specific state laws.

  1. Do Not Track Signals

We currently do not use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.

Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals.

  1. Data Security

Information transmitted over the Internet is not completely secure, but we do our best to protect your Personal Data. The safety and security of your information also depends on you. Where you have chosen a password for the use of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.

Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to the Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services or in your operating system.

  1. Washington and Nevada Individuals.

For individuals in Washington and Nevada, please refer to our Consumer Health Data Privacy Policy for additional information about the processing of your Personal Data that is “consumer health data” as defined under those laws.

  1. California Individuals. 

For individuals in California, you have rights under the California Consumer Privacy Act of 2018. Please see additional information below that is intended to satisfy our obligations under the CCPA to disclose certain information to you.

Personal Information We Collect About You. In the preceding 12 months, we have collected the following categories and specific types of consumer personal information:

Categories of Personal InformationSpecific Types of Personal Information Collected
Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers)See Personal Data We Collect About You
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.See Personal Data We Collect About You
Characteristics of protected classifications under California or federal lawSee Personal Data We Collect About You
Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)None
Biometric informationSee Personal Data We Collect About You
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Website, application, or advertisement)See Personal Data We Collect About You
Geolocation dataSee Personal Data We Collect About You
Audio, electronic, visual, thermal, olfactory, or similar informationSee Personal Data We Collect About You
Professional or employment-related informationSee Personal Data We Collect About You
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)None
Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudesSee Personal Data We Collect About You
Sensitive Personal InformationSee Personal Data We Collect About You

How Your Personal Information is Collected. We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website and apps. See How We Collect Your Personal Data and Personal Data Collected Through and Use of Automatic Data Collection Technologies.

Why We Use Your Personal Information. We collect and/or share consumer personal information for the business purposes described in How We Use Your Personal Data and Disclosure of your Personal Data.

Who We Share Your Personal Information With. In the preceding 12 months, we have sold or shared consumers’ personal information as described in Disclosure of your Personal Data.

Categories of Personal Information We Sold or Shared. In the preceding 12 months, we have sold or shared the following categories of personal information: identifiers; Information that identifies, relates to, describes, or is capable of being associated with, a particular individual; Internet or other electronic network activity information as described in Disclosure of your Personal Data.

Categories of Personal Information We Disclosed for a Business Purpose. In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose: identifiers; Information that identifies, relates to, describes, or is capable of being associated with, a particular individual; Internet or other electronic network activity information as described in Disclosure of your Personal Data.

How Long Your Personal Information Will Be Kept. We will keep your personal information while you have an account with us or while we are providing Services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that we treated you fairly; or
  • To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

When it is no longer necessary to retain your personal information, we will delete or anonymize it.

Your Rights Under the CCPA. You have the right under the California Consumer Privacy Act of 2018 (CCPA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

Disclosure of Personal Information We Collect About You

You have the right to know, and request disclosure of:

• The categories of personal information we have collected about you, including sensitive personal information;

• The categories of sources from which the personal information is collected;

• Our business or commercial purpose for collecting, selling, or sharing personal information;

• The categories of third parties to whom we disclose personal information, if any; and

• The specific pieces of personal information we have collected about you.

Please note that we are not required to:

• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;

• Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or

• Provide the personal information to you more than twice in a 12-month period.

Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose

In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, you have the right to know:

• The categories of personal information about you that we sold or shared and the categories of third parties to whom the personal information was sold or shared; and

• The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.

You have the right to opt-out of the sale of your personal information or sharing of your personal information for targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, we will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information.

To opt-out of the sale or sharing of your personal information, contact us at privacy@bummed.co.

Right to Limit Use of Sensitive Personal Information

You have the right to limit the use and disclosure of your sensitive personal information to the use which is necessary to:

Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;

To perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, if the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business; (3) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business; and

  • As authorized by further regulations.

You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.

Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

• Delete your personal information from our records; 

• Direct any service providers or contractors to delete your personal information from their records; and

• Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort.

Please note that we may not delete your personal information if it is reasonably necessary to:

• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

• Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes;

• Debug to identify and repair errors that impair existing intended functionality;

• Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law;

• Comply with the California Electronic Communications Privacy Act;

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

• Comply with an existing legal obligation; or

• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Right of CorrectionIf we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.
Protection Against Retaliation

You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

• Deny goods or services to you;

• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;

• Provide a different level or quality of goods or services to you; or

• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate or provide a different level or quality of Services to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, or discounts consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information.

How to Exercise Your Rights. If you would like to exercise any of your rights as described in this Privacy Policy, you can do so by contacting us at privacy@bummed.co.

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

To exercise your rights, you will need to provide us with:

  • Enough information to identify you (e.g., your full name, address, and account information);
  • Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
  • A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person’s behalf.

Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

Shine the Light

California Civil Code Section 1798.83 permits our customers who are California State residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. We may, in certain limited instances, disclose your Personal Data to third parties who perform administrative functions on our behalf. California State residents may request the following information regarding our disclosure of your Personal Data to third parties:

  1. How your Personal Data was disclosed to third parties;
  2. A list of certain categories of Personal Data that we have disclosed to certain third parties during the immediately preceding calendar year; and
  3. A list of certain categories of third parties that received Personal Data from us during that calendar year.

To make such a request, please send an email to privacy@bummed.co. Please note that we are only required to respond to one request per customer each year.

  1. Individuals in Other States 

You may have rights under other state consumer privacy laws, including Colorado, Connecticut, Oregon, Texas, Utah, and Virginia. Please contact us at privacy@bummed.co if you have questions or would like to exercise a right under these laws.

PRIVACY PROVISIONS FOR NON-CALIFORNIA US RESIDENTS

These privacy provisions for residents of the United States supplement the information contained in the Privacy Policy set forth above. These Privacy Provisions describe how to exercise your rights under the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.

Your Rights and Choices
Depending on where you live and subject to certain exceptions, you may have some or all of the following rights:

Access to Specific Information and Data Portability Rights
You may have the right to request that we confirm whether or not we have or currently are processing your personal data, and you may have the right to request a copy of your personal data that we have collected from you.

Deletion Request Rights
You may have the right to request that we delete any of your personal data that we collected from or about you, subject to certain exceptions. In some cases, strictly for regulatory compliance purposes and to better evidence/honor opt-out/unsubscribe requests (and for no other purposes), we may retain certain items of your personal data on a de-identified and aggregated basis in such a manner that the data no longer identifies you.

Right to Correct
You may have a right to request that we correct inaccurate personal data we maintain about you. We will take into account the nature of the personal data and the purposes for which we process it. We may require documentation from you in order to process your request, including your name, email address, phone number, and request details.

Exercising Access, Data Portability, Deletion, and Correction Rights
To exercise your access, data portability, deletion, and/or correction rights described above, please submit a verifiable user request to us by either:

  1. Emailing us at: privacy@bummed.co; or
  2. Sending us U.S. Mail to: 3065 Brighton 2nd St #1035, Brooklyn, NY 11235

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm that the personal data relates to you. Making a verifiable user request does not require you to create an account with us. We will only use personal data provided in a verifiable user request to verify the requestor’s identity or authority to make the request.

Response Timing and Format
We endeavor to respond to all verifiable user requests within forty-five (45) days of the receipt thereof. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable user request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Changes to these Privacy Provisions
We reserve the right to amend these US Privacy Provisions in our discretion and at any time. When we make changes to these US Privacy Provisions, we will notify you by email or through a notice on the Sites’ respective homepages.

  1. International Users

The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Any information you provide to us through use of the Services may be stored and processed, transferred between and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your Personal Data in accordance with this Privacy Policy regardless of where your Personal Data is stored/accessed.

  1. Changes to Our Privacy Policy

We may change this Privacy Policy at any time. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Services’ home page and invite you to review (and accept, if necessary) the changes. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting the Services and reviewing this Privacy Policy to check for any changes.

  1. Contact Information

If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below.

How to Contact Us:

Via Email: privacy@bummed.co

Via Mail: 3065 Brighton 2nd St #1035 Brooklyn, NY 11235

Consumer Health Data Privacy Policy

Last updated: October 7, 2025

This notice supplements the Privacy Policy and applies to personal data defined as “consumer health data” subject to the Washington State My Health My Data Act (MHMDA), the Nevada Health Data Privacy Act (NHDPA), or other applicable state consumer health privacy law.

Consumer Health Data We Collect

As described in the Personal Data We Collect About You section of the Privacy Policy, the data we collect depends on the context of your interactions with us and the choices you make (including your privacy settings), the Services you use, your location, and applicable law. Because consumer health data is defined very broadly, many of the categories of data we collect could also be considered consumer health data.

Examples of consumer health data may include:

  • Information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions). For example, we may collect such information through surveys or other communication with you for research studies and improving product accessibility.
  • Measurements of bodily functions, vital signs, or characteristics, including photographs, which may also be considered biometric information under the MHMDA, the NHDPA, or other applicable state consumer health privacy law.
  • Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies.
  • Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health.
  • Other information that may be used to infer or derive data related to the above or other health information.

Sources of Consumer Health Data

As described further in the How We Collect Your Personal Data section of the Privacy Policy, we collect personal data (which may include consumer health data) directly from you, from your interactions with our Services, from third parties, and from publicly available sources.

Why We Collect and Use Consumer Health Data

We collect and use consumer health data for the purposes described in the How We Collect Your Personal Data and Personal Data Collected Through and Use of Automatic Data Collection Technologies sections of the Privacy Policy. Primarily, we collect and use consumer health data as reasonably necessary to provide you with the Services you have requested or authorized. This may include delivering and operating the Services and their features, personalization of certain Service features, ensuring the secure and reliable operation of the Services and the systems that support them, troubleshooting and improving the Services, and other essential business operations that support the provision of the Services (such as analyzing our performance, meeting our legal obligations, developing our workforce, and conducting research and development).

We may use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law – for example, for advertising or marketing purposes. See the Choices About How We Use and Disclose Your Personal Data section of the Privacy Policy and the How to Exercise Your Rights section below for more details on the controls and choices you may have.

Our Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described in the Disclosure of Your Personal Data section of the Privacy Policy. In particular, we may share personal data, including consumer health data, with your consent or as reasonably necessary to complete any transaction or provide any Service you have requested or authorized, as described above.

For example, we share your content with third parties when you tell us to do so. And we may disclose data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process.

Third Parties With Which We Share Consumer Health Data

As necessary for the purposes described above, we share consumer health data with the following categories of third parties:

  • Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and Services may need access to data to provide those functions.
  • Business partners. We may share consumer health data with other companies, for example, where you use a Service that is cobranded and jointly operated with another company, or where you use our Services to interact with another company.
  • Financial institutions & payment processors. When you make a purchase or enter into a financial transaction, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
  • Parties to a corporate transaction. We may disclose consumer health data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
  • Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our Services and operate our business.
  • Government agencies. As described in our Privacy Policy, we disclose data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.
  • Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.
  • Other users and individuals. If you use our Services to interact with other users of the Service or other recipients of communications, we will share data, including consumer health data, as directed by you and your interactions.
  • The public. You may select options available through our Services to publicly display and disclose certain information, such as your profile, demographic data, content and files, or geolocation data, which may include consumer health data.

How to Exercise Your Rights

If you are covered by the MHMDA, the NHDPA, or other applicable consumer health privacy law then you may have certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You can request to exercise such rights using the various tools and mechanisms described in the Choices About How We Use and Disclose Your Personal Data section of the Privacy Policy. For example, depending on the Service you use, you can access and make choices about your data through product controls. You can also access and clear some of your data through your web browser. And if you want to access or control consumer health data processed by us that is not available via those tools or directly through the Service you use, you can always contact us at privacy@bummed.co.

If your request to exercise a right is denied, you may appeal that decision by contacting our support team at privacy@bummed.co. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint, the Nevada State Attorney General at https://ag.nv.gov/complaints/file_complaint/, or other regulatory authority as applicable.

COOKIE POLICY

As noted above, our Sites use and allow certain third parties to use cookies. By using our Sites, you consent to the use of cookies as described in this cookie policy.

  1. What are cookies?
    1. Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing when you visit a website. Some cookies are deleted once you close your browser or application (session cookies), while other cookies are retained even after you exit so that you can be recognized when you return (persistent cookies).
    2. Cookies used on our Sites are generally divided into the following categories:
      1. Essential cookies: These are cookies that are required for the operation of our Sites, such as cookies that enable you to log into secure areas.
      2. Analytics cookies: These are cookies that automatically collect information about your use of the Sites. These help us understand how our visitors are using our Sites and how they navigate through the Sites. These cookies record only hashed statistical data, not Personal Data. As mentioned above, we use Google® Analytics and to analyze user behavior, so these third parties will place these types of cookies on our Sites.
      3. Functional cookies: These are cookies that remember choices that you make when you visit our Sites, such as language options. They help us to personalize your visit to the Sites.
      4. Targeting cookies: These are cookies that record your visit to our Sites, the pages of the Sites that you visit, and the links you followed. They will recognize you as a previous visitor to the Sites and track your activity on our Sites and other websites that you visit after you leave the Site. To opt out of our use of targeting cookies in connection with your visit(s) to the Sites, please adjust the settings in your browser to block cookies.
    3. How do we use cookies?
      1. We use cookies to make our Sites work more efficiently, to analyze how our Sites are used so that we can improve the Sites, Site Offerings and the other products and services we offer, and to personalize your visit to the Sites, such as by remembering your IP address when you return to the Sites and by setting language preferences.
      2. We may combine data collected via cookies with Personal Data about you, e.g., tracking items you put into your shopping cart (including when you have abandoned your cart) combined with mobile device numbers you have consented for our use to send SMS cart reminder texts.
    4. What are your choices regarding cookies?
      1. Most web browsers automatically accept cookies, but you can usually change your settings to prevent that, such as by having your device warn you each time a cookie is being sent or choosing to turn off all cookies. This can be done through your web browser settings, and because each browser is different, you should look at your browser’s “Help” menu to learn how to modify your cookie settings. You can also learn more about how to opt out of targeted behavioral advertising from many major third party network advertisers by reviewing the information here and here. To opt out of cookie usage on our Sites, please adjust the settings in your browser to block cookies.
      2. If you do disable cookies from your browser, you may not be able to access certain sections of the Sites that use essential cookies, and this may make your experiences on the Sites less efficient.
Logo

Prescription care for constipation, hemorrhoid, anal fissure treatment and prevention.

    Instagram Tiktok

    Products

    Support

    Our policies

    Compounded medications are not subject to FDA approval. More information about our medications is in our FAQs. Bummed does not provide any medical advice, legal advice, or representations in any way regarding any legal or medical issues associated with care you receive from the independent medical providers who deliver care on the Bummed platform. More information is available in our FAQs.

    Copyright © 2025 Bummed. All Rights Reserved.

    Verify Approval for www.bummed.co
    Home
    Shopping
    Account