🎉 $25 OFF your evaluation — Use code 25OFF at checkout

MMJ.com
Menu
Login to AccountGet Your Card

Privacy Policy

Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

MDJ Technology LLC, doing business as MMJ.com ("Company," "we," "us," or "our"), is committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and telehealth services.

As a healthcare service provider, we are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable federal and state privacy laws.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us, including:

Identity Information:

  • Full legal name
  • Date of birth
  • Government-issued identification (driver's license, state ID, passport)
  • Photograph for identity verification

Contact Information:

  • Email address
  • Phone number
  • Mailing address
  • State of residence

Account Information:

  • Username and password
  • Account preferences
  • Communication preferences

1.2 Medical Information (Protected Health Information)

As a healthcare service, we collect medical information necessary for your evaluation, including:

  • Medical history
  • Current medications
  • Qualifying conditions and symptoms
  • Previous treatments and their effectiveness
  • Healthcare provider notes from your consultation
  • Medical marijuana certification records

1.3 Payment Information

  • Credit/debit card numbers (processed by secure third-party payment processors)
  • Billing address
  • Transaction history

1.4 Automatically Collected Information

When you use our website, we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website
  • Date and time of access
  • Cookies and similar tracking technologies

1.5 Telehealth Session Information

  • Audio and video data during live consultations (not recorded unless you consent)
  • Chat messages exchanged during consultations
  • Session duration and technical quality metrics

2. How We Use Your Information

2.1 To Provide Healthcare Services

  • Conducting telehealth evaluations for medical marijuana certification
  • Processing and issuing medical marijuana certifications
  • Communicating with you about your appointment and certification
  • Providing follow-up care and renewal reminders
  • Coordinating care with other healthcare providers when authorized

2.2 For Treatment, Payment, and Healthcare Operations

Under HIPAA, we may use and disclose your Protected Health Information (PHI) for:

  • Treatment: To provide, coordinate, and manage your healthcare
  • Payment: To obtain payment for services provided to you
  • Healthcare Operations: To support our business activities, improve services, and ensure quality care

2.3 For Business Operations

  • Processing payments and refunds
  • Communicating with you about your account
  • Sending appointment reminders and service updates
  • Responding to your inquiries and support requests
  • Improving our website and services
  • Analyzing usage patterns and trends

2.4 For Legal and Compliance Purposes

  • Complying with federal, state, and local laws
  • Responding to legal processes (subpoenas, court orders)
  • Reporting to public health authorities as required by law
  • Protecting our legal rights and preventing fraud

2.5 With Your Authorization

We may use your information for purposes not described above only with your explicit written authorization. You may revoke such authorization at any time.

3. How We Share Your Information

3.1 State Medical Marijuana Programs

We share necessary information with state medical marijuana programs as required for your certification, including:

  • Your name and contact information
  • Certifying physician information
  • Qualifying condition(s)
  • Certification date and validity period

3.2 Healthcare Providers

We may share your information with:

  • Licensed physicians conducting your telehealth evaluation
  • Other healthcare providers with your authorization
  • Healthcare providers in emergencies when you cannot provide consent

3.3 Service Providers

We use trusted third-party service providers to help operate our business, including:

  • Payment processors (e.g., Stripe, Square)
  • Telehealth platform providers
  • Email service providers
  • Cloud hosting services
  • Customer support platforms

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

3.4 Legal Requirements

We may disclose your information when required by law, including:

  • Court orders and subpoenas
  • Government requests and investigations
  • Public health reporting requirements
  • To protect our legal rights or defend against legal claims

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.

3.6 We Do NOT Sell Your Information

We do not sell, rent, or trade your personal or medical information to third parties for marketing purposes.

4. HIPAA Compliance and Patient Rights

4.1 HIPAA Protections

As a covered entity under HIPAA, we implement comprehensive safeguards to protect your Protected Health Information (PHI):

Administrative Safeguards:

  • Workforce privacy and security training
  • Access controls and authorization procedures
  • Incident response and breach notification procedures
  • Regular risk assessments

Physical Safeguards:

  • Secure facilities and workstations
  • Device and media controls
  • Visitor access controls

Technical Safeguards:

  • Encryption of data in transit and at rest
  • Unique user identification and access controls
  • Automatic logoff and audit controls
  • Transmission security

4.2 Your HIPAA Rights

Under HIPAA, you have the following rights regarding your PHI:

Right to Access: You may request copies of your medical records and PHI. We will provide these within 30 days of your request.

Right to Amend: You may request corrections to your PHI if you believe it is inaccurate or incomplete. We may deny the request in certain circumstances but will explain why.

Right to an Accounting of Disclosures: You may request a list of certain disclosures of your PHI made in the past six years.

Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI. We are not required to agree to all restrictions but will honor reasonable requests.

Right to Request Confidential Communications: You may request that we communicate with you in a specific way or at a specific location (e.g., only by email, or to a specific phone number).

Right to a Copy of This Notice: You may request a paper copy of this Privacy Policy at any time.

4.3 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@mmj.com
  • Phone: 1-888-MMJ-8178
  • Mail: MMJ.com Privacy Officer, 6090 Royalton Road PMB 316, Cleveland, OH 44133

We will respond to your request within 30 days. There may be a reasonable fee for certain requests (e.g., copies of records).

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted using AES-256 encryption at rest and TLS 1.3 in transit
  • Access Controls: Role-based access limiting who can view your information
  • Authentication: Multi-factor authentication for sensitive systems
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Auditing: Regular security audits and vulnerability assessments
  • Training: Annual security and privacy training for all staff

5.2 Payment Security

All payment transactions are processed through PCI-DSS compliant payment processors. We do not store your full credit card number on our servers.

5.3 Security Incident Response

In the event of a data breach affecting your personal or medical information, we will:

  • Notify you within 60 days as required by HIPAA
  • Notify the Department of Health and Human Services
  • Take immediate steps to contain and remediate the breach
  • Provide credit monitoring services if appropriate

5.4 Your Role in Security

You can help protect your information by:

  • Using strong, unique passwords
  • Not sharing your account credentials
  • Logging out after sessions, especially on shared devices
  • Notifying us immediately of any suspected unauthorized access

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us provide a better user experience and understand how you use our site.

6.2 Types of Cookies We Use

Essential Cookies: Required for the website to function properly. These cannot be disabled.

  • Session management
  • Security tokens
  • Load balancing

Performance Cookies: Help us understand how visitors interact with our website.

  • Page views and navigation paths
  • Error reporting
  • Performance metrics

Functionality Cookies: Remember your preferences and settings.

  • Language preferences
  • Login information
  • Customization choices

Advertising Cookies: We may use these for remarketing purposes.

  • Ad targeting
  • Conversion tracking

6.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

6.4 Do Not Track

We currently do not respond to "Do Not Track" browser signals, as there is no industry standard for implementation.

7. Third-Party Services

7.1 Analytics

We use analytics services (such as Google Analytics) to understand website usage. These services may collect information about your browsing behavior. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7.2 Advertising

We may use advertising platforms to reach potential patients. These platforms may use cookies and similar technologies for ad targeting.

7.3 Social Media

Our website may include social media features. These features may collect your IP address and set cookies. Your interactions with these features are governed by the privacy policies of the respective social media platforms.

8. Data Retention

8.1 Medical Records

We retain medical records in accordance with HIPAA requirements and state medical record retention laws, typically for a minimum of six years from the date of last service.

8.2 Account Information

We retain your account information for as long as your account is active or as needed to provide services. If you request account deletion, we will delete or anonymize your information within 30 days, except as required by law.

8.3 Payment Information

Transaction records are retained for seven years for tax and accounting purposes.

8.4 Communication Records

Customer service communications are retained for three years.

9. Children's Privacy

9.1 Age Restriction

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

9.2 Minor Patients

In states where minors may qualify for medical marijuana, a parent or legal guardian must provide consent and manage the minor's account.

9.3 Parental Rights

If you believe we have collected information from a child without proper parental consent, please contact us immediately at privacy@mmj.com.

10. State-Specific Privacy Rights

10.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: You may limit how we use sensitive personal information.

To exercise these rights, contact us at privacy@mmj.com or call 1-888-MMJ-8178.

10.2 Other State Laws

Residents of other states with privacy laws (Virginia, Colorado, Connecticut, etc.) may have similar rights. Contact us to exercise your rights under applicable state laws.

11. International Users

11.1 United States Only

Our Services are intended for use only within the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

11.2 No GDPR Compliance

As we only serve U.S. patients, we do not comply with GDPR or other international privacy regulations. If you are located outside the United States, please do not use our Services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification for significant changes

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

MDJ Technology LLC (MMJ.com)
Attn: Privacy Officer
6090 Royalton Road PMB 316
Cleveland, OH 44133

Email: privacy@mmj.com
Phone: 1-888-MMJ-8178

To file a HIPAA complaint: You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:

14. Notice of Privacy Practices (HIPAA)

This Privacy Policy serves as our Notice of Privacy Practices under HIPAA. It describes how medical information about you may be used and disclosed and how you can get access to this information.

Please review it carefully. Your privacy is important to us.

By using MMJ.com, you acknowledge that you have read and understand this Privacy Policy.

Last Updated: December 2025