Log in
GET A FORMULATION
Log in
GET A FORMULATION

COIL Privacy Notice

Last Updated: April 18, 2025

COIL Health makes customized skin and health care affordable and accessible. We use the information you share with us to help provide you with a customized experience from when you start interacting with us to when you receive your own personalized treatment plan

The purpose of this Privacy Notice (“Privacy Notice”) is to explain how we may collect, use, store, disclose, or otherwise process your personal information when you interact with us through the COIL Health website located at https://coil.health (the “Website”), our products and Services, and/or other communication channels under our control such as email, telephone, or social media that link to this Privacy Notice (collectively, the “Services”). All capitalized terms not otherwise defined in this Privacy Notice have the same meaning as set forth in the COIL Health Terms of Service, available here: https://coil.health/terms-of-service/. If you are a resident of California, Colorado, Connecticut, or Virginia, please view our State Privacy Notice Addenda.

COIL Health, Inc., and its subsidiaries, Malcolm Pyles, MD, our fully owned and operated brands, including Agency, and our contracted health care entities (collectively, “COIL Health,” “we,” “us,” or “our”) take your privacy and trust in us seriously. We are committed to protecting the privacy and security of your information

When you access or use the Services, you are creating a customer relationship with COIL Health that enables you to access and use the Services as a “Website User”. As part of that relationship, Website Users can review our products and Services, our resources, and provide information, including personal information that we do not consider to be health information. Once a Website User completes and submits our patient intake process and agrees to the Informed Consent to Treatment via Telehealth (or, if applicable, the Parent/Guardian Informed Consent to Treatment via Telehealth), that user is treated as a “Patient User.” We may have previously, now or in the future own and/or operate a COIL Health mobile application (collectively, the “Platform”).

The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. All capitalized terms not otherwise defined in this Privacy Notice have the same meaning as set forth in the COIL Health Terms of Service, available here: https://coil.health/terms-of-service/

By creating, registering, or logging into an account through the Service, or otherwise accessing or using the Service, you are acknowledging the most recent version of this Privacy Policy. We will update this Privacy Policy when necessary to reflect material changes in the Service or how we use personal information, and as required by applicable law. If we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the “Last updated” date at the top of the Privacy Policy. If we make material changes to this Privacy Policy, we will provide notice or obtain consent regarding such changes as may be required by law.

If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such an individual to act on such an individual's behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.

Employees, job applicants and independent contractors who are California residents receive a supplemental privacy notice that applies to their relationship with COIL Health. In the event of any conflict or inconsistency with this Privacy Notice, the terms of that supplementary privacy notice will control.

Table of Contents

  • Collection of Information
  • Sources of Information
  • Use of Information
  • Sharing of Information
  • Cookies and Other Tracking Technology
  • Persons Under the Age of 16
  • Security of Information
  • Retention of Information
  • Your Choices
  • International Transfers
  • Updates
  • Contact Us

1. Collection of Information

Personal Information

Personal information means information associated with or used to identify or contact a specific person. When you set up an account with COIL Health, you are creating a direct customer relationship with COIL Health that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you provide information to COIL Health, including but not limited to, your name, email address, shipping address, phone number and certain transactional information, which we do not consider to be “protected health information” or “medical information. ”Personal information we collect about Website Users and Patient Users may include:

  • Identifiers such as first and last name, date of birth, sex or gender, physical address, email address, phone number, etc.
  • Audio, visual, and other electronic information such as photographs for purposes other than diagnosis or treatment
  • Commercial information such as order history, subscriptions, products purchased or considered, payment information, and shipping history
  • Internet and network activity information such as IP address, geolocation information, device information, log data, and cookies and similar technologies
  • Inferences drawn from any of the information collected, such as a user’s preferences, characteristics, and behavior, etc.

Health Information

Health information is a type of personal information that includes any identifying information we collect relating to your medical history, including symptoms, diagnoses, treatment and outcomes. Health information we collect about Patient Users may include

  • Audio, visual, and other electronic information such as photographs for purposes of diagnosis or treatment
  • Medical history such as medical conditions, medications, allergies, treatment options, prescriptions, and any other health-related information for purposes of diagnosis or treatment.
  • Commercial information such as your order and shipping history

However, in using certain components of the Service, you may provide certain health or medical information that may be protected under applicable laws. COIL Health is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”). One or more of the Labs, Pharmacies or Medical Groups (as defined in our Terms and Conditions) may or may not be a “covered entity” or “business associate” under HIPAA, and COIL Health may in some cases be a “business associate” of a Pharmacy or Medical Group. It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with COIL Health, the Medical Groups, the Providers, the Labs, or the Pharmacies. To the extent COIL Health is deemed a “business associate” however, and solely in its role as a business associate, COIL Health, may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide to COIL Health, the Medical Group or the Providers (“PHI”). In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, “Protected Information”), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.The Medical Groups and Providers have adopted a Notice of Privacy Practices that describes how they use and disclose Protected Information. By accessing or using any part of the Service, you acknowledge receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).

By accessing or using any part of the Service, you understand that any information that you submit to COIL Health that is not intended and used solely for the provision of diagnosis and treatment by the Medical Group and Providers, laboratory services by the Labs or prescription fulfillment by the Pharmacies, is not considered Protected Information, and will be subject only to our Privacy Policy and any applicable state laws that govern the privacy and security of such information. For purposes of clarity, information you provide to COIL Health in order to register and set up an account on the Platform, including name, date of birth, username, email address, shipping address, and phone number, are not considered Protected Information.

2. Sources of Information

This Privacy Notice applies to information we collect information about you from the following categories of sources:

You (Actively)

You may actively provide us information when you use our Services such as through our website, emails or other electronic communications, social media, surveys, sweepstakes and promotions, customer support, or any other online or offline interactions.

  • Name and contact information, such as your name, email address, phone number, and billing and physical addresses.
  • Demographic data, such as your gender, date of birth and zip code.
  • Social plug-ins, such as third-party websites, networks, platforms, servers and/or application information (e.g., Facebook, Twitter, Instagram).
  • Payment information, such as your credit card number, financial account information, and other payment details.
  • Content and files, such as photographs, videos, documents, and other files you upload to the Service. This includes email messages and other communications you send to us.

Sensitive personal information:

  • Government ID. We may collect government-issued identifiers such as driver’s license, passport number, and social security numbers.
  • Account access information. We collect information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.
  • Sensitive demographic data. We collect information about racial or ethnic origin.
  • Contents of communications. We collect the contents of communications that you make via the Service.
  • Biometric information. We or our service providers may use biometric information to verify your identity prior to your use of the Service.
  • Health data. We collect and analyze information concerning your health. This may include information relating to your browsing activity on our site and your use of our app, the purchases you make via our platform, interests you express or we infer based on your interactions with us, and other interactions between you and the Service.
  • Sexuality. We may collect and analyze information about your sex life or sexual orientation.

You (Passively)

You may also passively provide us information through your interactions and use of our Services such as your IP address, access times, hardware and software information, device information, device event information (e.g., crashes, unsuccessful logins, browser type), the web pages you’ve viewed or engaged with before and/or after using the Services, and other relevant information. We may use cookies and other tracking technology to collect this information. For more information on the cookies and other tracking technology we use, please see the Cookies and Other Tracking Technology section below. If you actively provide information, but do not complete the sign up for Services, our website cookies may store the data provided.

Third Parties
We may receive information from third parties such as affiliates, business partners, and service providers to operate our business and improve your experience and interactions with us.

Publicly Available Databases
We may receive information that is available publicly, either online or offline, to operate our business and improve your experience and interactions with us.

3. Use of Information

COIL Health and our service providers may use information (including personal information) for the following business or commercial purposes:

  • To provide teledermatology and related services to our Patient Users via our licensed medical providers (including those who provide healthcare services, drugs, or medical devices)
  • To send you information about COIL Health, the Labs, the Pharmacies, the Medical Groups, the Providers, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages. Additionally, to communicate with you by letter, email, text, telephone, or other forms of communication, including on behalf of your Provider(s), to facilitate telehealth Service.
  • To verify your identity as the holder of an account with us
  • To administer your account, process payments, troubleshoot issues, detecting fraudulent or illegal activity, verifying your identity, and meeting our legal obligations and provide you with customer support
  • To communicate with you about the Services, and to deliver any administrative notices or alerts and communications relevant to your use of the Services
  • To allow you to participate in sweepstakes, contests, or other promotions
  • To market our Services that we believe may be of interest
  • To tailor the features, performance and support of the Services to you and your preferences
  • Utilize your de-identified data for the purposes of research and development
  • To provide, operate, analyze usage of, and improve the Services, including performing research and development
  • To investigate, detect, deter, prevent, report, defend against, or take other action regarding security incidents, abusive behavior, suspected fraud, malicious or illegal activities, or violations of our Terms of Service or other policies
  • To make sure our terms, policies, and agreements with you and any third parties are enforced
  • To comply with applicable laws and regulations.

4. Sharing of Information

We understand the importance of protecting the confidentiality of your information and limit our disclosure of your personal and/or health information to the following possible business or commercial purposes:

  • To third-party service providers acting on our behalf or to entities with whom we may collaborate with to offer and deliver the Services
  • To licensed medical providers (including those who provide healthcare services, drugs, or medical devices) so that they may provide you with the teledermatology and related products and services you request
  • To market and communicate about our products, Services, events and other offerings including across our subsidiaries, affiliates, and related companies
  • To personalize communications and marketing (whether regarding our Services or third-party services we believe you may find interesting to enhance your experience and enjoyment using our services) and to measure the effectiveness of communications and marketing (directly or via third parties)
  • In order to protect the safety and security of COIL Health, the Services, our operations, our systems, our properties, our customers, or any other related person or entity
  • In order to investigate, detect, deter, prevent, report, defend against, or take other action regarding security incidents, abusive behavior, suspected fraud, malicious or illegal activities, or violations of our Terms of Service or other policies
  • In order to establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others
  • In order to comply with applicable laws or legal processes such as a court order or subpoena
  • In connection with any reorganization, restructuring, merger, sale, acquisition, financing, dissolution, or other transfer of assets under the condition that the recipient agrees to respect your information in a manner that is consistent with this Privacy Notice

5. Cookies and Other Tracking Technology

We use cookies and other tracking technologies to automatically collect information about your use of our Services. Cookies are small files containing a unique string of information that your computer or mobile device saves when you visit certain websites. A number of cookies we use will last only for the duration of your web session and expire when you close your browser. Other cookies last longer and are used to recognize your device when you return to the Website.

Generally, we use first-party and third-party cookies for the following purposes: to make our Services function properly; to provide a secure browsing experience during your use of our Services; to collect information about your use of our Services to help us improve and optimize our Services; to remember your preferences for your convenience; and to market our Services, including by showing ads or content on our Services or on third-party sites. To the extent permitted by applicable law, we may also use such technologies to deliver customized content and advertising to Website Users whose activity on the Website indicates that they are interested in particular products or Services. We use the following types of cookies on our Services:

  • Essential/Strictly Necessary Cookies, which are needed for the Website or Services to operate as reasonably expected by you
  • Functional or Preference Cookies, which remember your name or choices.
  • Performance or Analytic Cookies, which collect passive information about your use of the Website or Services
  • Advertising or Targeting Cookies, which are used to make advertising messages more relevant and personalized to you based on your inferred interests

Note that we do not deploy non-essential third-party cookies or similar tracking technologies on our webpages that are made available after Patient log in.

Depending on whether you would like to manage a first-party or third-party cookie, you will need to take the following steps:

  • First-Party Cookies: You can enable, disable, or delete cookies via our Cookie Banner, or via the browser you are using to access our Services. To do this, follow the instructions provided by your browser (usually located within the “Settings”, “Privacy and Security” or “Help” tabs). Please note, if you set your browser to disable cookies, you may not be able to access secure areas of our Services, and/or parts of the Services may not work properly for you. You can find more information about how to change your browser cookie settings at https://www.allaboutcookies.org. Third-Party Cookies: You can disable cookies from third parties via our Cookie Banner or by using your browser settings or, if available, directly opting-out of cookie collection with the third-party cookie service provider via their website. The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at the following websites: Network Advertising Initiative, Ad Choices, Facebook, Google Ads. California residents may also opt-out of sharing of information through these cookies by visiting https://COIL.Health/donotsell/ and following the instructions there, as described in our California and Other States Privacy Notice Addendum.
  • Other Third-Party Technologies. We may use other companies’ analytics, tracking and provided tools that receive information when you use our Services, including technology from Google, Meta and others, to help us track, segment, and analyze usage of the Services, and to help us or those companies serve more targeted advertising on the Services and across the Internet. These tools may use technology such as cookies, tags, pixels, SDKs, and similar technologies to track online activity. The companies may also combine information they collect from your interaction with the Services with information they collect from other sources. We may not have access to information these companies collect using cookies or other tracking technologies.
  • Location Information. You may be able to adjust the settings of your browser or device so that information about your precise physical location is not sent to us or third parties by (a) disabling location services within the browser or device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. See your device settings for more information. Certain web and mobile browsers allow you to send a signal to inform websites that you do not want your online activities tracked. Except as set forth in our California and Other States Privacy Notice Addendum with respect to global privacy control settings, at this time, we do not currently respond to “Do Not Track” signals or similar mechanisms.

California Privacy Rights

  • If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (CCPA), you have certain rights with respect to that information.
  • Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained.
  • Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this Privacy Policy. You may make such a “request to know” by emailing us at privacy@coil.health.
  • Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, email us at privacy@coil.health.

Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.

Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data sharing described in this Privacy Policy may be considered a “sale” or “sharing” under those definitions. In particular, we let advertising and analytics providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage, non-product identifying transaction data), device data, and geolocation data through our sites and apps when you use our online services, but do not “sell” or “share” any other types of personal information. If you do not wish for us or our partners to “sell” or “share” personal information relating to your visits to our sites for advertising purposes, you can make your request by visiting our Privacy Center or using a Global Privacy Control. If you opt-out using these choices, we will not share or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA.

However, we will continue to make available to our partners (acting as our service providers) some personal information to help us perform advertising-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.

We do not knowingly sell or share the personal information of minors under 16 years of age. Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law.

To opt-out from such additional purposes, please visit “Your Privacy Choices” on the bottom of our webpage or use the Global Privacy Control described in the “Choice and Control” section of this Privacy Policy. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us

Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account. Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA. Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by emailing privacy@coil.health. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.

6. Persons Under the Age of 16

Persons under the age of 13 are prohibited from using our Services. Persons between the ages of 13 and 18 or the applicable state age of majority may only use our Services with the legal authorization of their parent or legal guardian. COIL Health does not knowingly collect any information from persons under the age of 13 (or from persons between the age of 13 and 18 or the applicable state age of majority without appropriate authorization).

Please contact us if you believe we have collected user information about a child without the required consent from their parent or guardian so we can take corrective action. If we discover that we have collected user information about an individual under the age of 13, we will work to promptly delete this information.

For each Request for Removal of Minor Information, please state “Removal of Minor Information” in the email or letter subject line, and clearly state the following in the body of the request:

  • The nature of your request
  • The identity of the content or information to be removed
  • The location of the content or information on the Platform (e.g. by providing the URL)
  • That the request is related to the "Removal of Minor Information"

Your name, street address, city, state, zip code and email address, and whether you prefer to receive a response to your request by mail or email

Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires COIL Health to maintain the content or information; when COIL Health maintains the content or information on behalf of your Providers (as defined in our Terms and Conditions) as part of your electronic medical record; when the content or information is stored on or posted to the Site by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when COIL Health anonymizes the content or information, so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.

The foregoing is a description of COIL Health’s voluntary practices concerning the collection of personal information through the Service from certain minors, and is not intended to be an admission that COIL Health is subject to the Children’s Online Privacy Protection Act, the Federal Trade Commission’s Children’s Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.

7. Security of Information

COIL Health understands the importance of securing your information. We are continuously implementing and updating our administrative, technical, and physical security measures to protect your information. For example, we use firewalls to monitor and control our network traffic, encryption to secure our data transmissions, and cryptographic hash functions to store or share certain data.

Please be aware that using the Internet comes with inherent risks. No method of data transmission or method of physical or electronic storage can be guaranteed to be perfectly secure. There is some risk that an unauthorized third party may find a way to circumvent our security or that a transmission of your information over the Internet will be intercepted.

COIL Health takes the measures stated above to provide a level of security appropriate to the risks of processing your information. You acknowledge and accept that we cannot guarantee the security of your information. Aside from our efforts in securing your information, it is your responsibility to protect the security of your account credentials and keep your password confidential. If you notice suspicious activity or believe that your account may have been compromised in some way, please contact us immediately at privacy@COIL.Health.

8. Retention of Information

We may retain your information as required or permitted by applicable laws and regulations. For example, if you are a resident of certain jurisdictions you may be able to request to have your personal information deleted. If your request is granted, we may still be required by medical laws to retain your health information for a period of time. If you are a Patient User, your medical records will be retained by COIL Health for a period of at least ten (10) years, unless a longer period is required by state or federal law, after which they may be destroyed. If you are younger than twenty-three (23) years of age on the date the records may potentially be destroyed, your records will be kept at least until you reach the age of 23 or as required by state or federal law. Additional information for California residents about our data retention practices is available in our California and Other States Privacy Notice Addendum.

9. Your Choices and Privacy Rights

Transactional Communications. In order to provide our Services to you, we may send you communications related to your transactions, security, or the administration of this website. Transactional emails are emails we send you relating to your account or in connection with providing you the Services such as emails changing your password, emails in response to your support request, and emails from your medical provider(s). Please be aware that you cannot opt out of transactional emails.

Marketing Communications. From time to time, COIL Health may also send you marketing emails to provide you with free newsletters, surveys, offers, and other promotional materials. If you wish to stop receiving marketing emails from us, you can opt out by clicking the unsubscribe link at the bottom of any marketing email or by contacting us at hello@coil.health.

Text Messages. You may opt in to receive COIL Health transactional and/or COIL Health marketing text messages. If you decide you no longer wish to receive text messages (including operational, marketing, or transactional) from us, you can opt-out of receiving future COIL Health text messages by replying “STOP.” However, you acknowledge that opting out of receiving text messages may impact your use of the Services.

Your Account Information. You may access your COIL Health account information by going to the “ Account Details” page. You can edit your account information as necessary, such as your email address, name, phone number, and more. When you update your account information, we may keep a copy of your previous account details for our records and to prevent fraud or other activities that violate our terms, policies and agreements. However, if you do not provide us with some of your personal information, such as your name or email, we will no longer be able to provide you with access to our Services.

Privacy Rights. If you are a resident of California or other states with specific consumer privacy laws, please see our California and Other States Privacy Addendum.

In addition to the privacy rights we provide to residents of the states listed in our California and Other States Privacy Rights Addendum, we provide the following privacy rights:

Access: You can submit a request for access to your personal information by emailing hello@coil.health. Prior to fulfilling your request, we will need to verify your identity, which may require additional pieces of information. We use the information submitted via the form strictly for verification purposes.

To be removed from a mailing list, email us at hello@coil.health. To unsubscribe from text marketing messages, please reply STOP to the message. To unsubscribe from marketing emails, please use the link located at the bottom of the marketing email.

10. International Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Services.

11. uPDATES

We may update this Privacy Notice from at any time at our sole discretion. You can reference the date on the top to determine when this Privacy Notice was last updated. Any changes will become effective when we post the revised Privacy Notice. Your use of the Services following this notice means that you acknowledge and accept the revised Privacy Notice.

12. Contacting Us

If you have questions or concerns about this Privacy Notice, please contact us at privacy@coil.health. For any other questions, please send an email to hello@coil.health.

© 2025 COIL Health, Inc. All rights reserved.