1,430,119
Humans Served
1,430,119
Humans Served
CodyMD
Last Updated: April 13, 2025
This document describes how Awesome Studios, LLC d/b/a CodyMD collects, uses, shares, and protects your information. It is organized in two parts:
Part A — General Privacy Policy covers personal information collected through informational services (health education, wellness content, AI-powered tools). Part A applies to all users.
Part B — HIPAA Notice of Privacy Practices covers Protected Health Information (PHI) created in connection with clinical telehealth services. Part B applies only when you receive clinical services and is effective upon your acceptance of the Clinical Services Addendum (Part B of the Terms of Use).
This document should be read together with our Terms of Use.
PART A — GENERAL PRIVACY POLICY
Applies to all users. Effective upon account creation.
When you create an account or use the Platform, we may collect your name, email address, phone number, date of birth, gender, username and password, and general profile information. We also collect the content of messages, questions, and feedback you provide, including conversations with our AI tools.
Important: General health questions you ask through informational services are not Protected Health Information under HIPAA. They are Personal Information governed by this Part A. If you transition to clinical services, information collected during clinical encounters becomes PHI governed by Part B.
We automatically collect IP address, browser type, operating system, device identifiers, pages visited, dates/times of access, referring URLs, clickstream data, and approximate geographic location. We collect this through cookies, web beacons, pixels, and similar technologies.
We may receive information from analytics providers, identity verification services, and social media platforms (if you link your account).
We use Personal Information to:
Provide, maintain, and improve the Platform.
Process account registration and manage your account.
Respond to inquiries and provide support.
Personalize your experience and show relevant content.
Communicate about the Platform, including updates and promotions (with consent where required).
Detect and address fraud, security issues, and technical problems.
Comply with legal obligations and enforce our Terms of Use.
Conduct research and analytics using aggregated or de-identified data.
CodyMD does not sell your Personal Information.
Service providers: Third parties performing services on our behalf (hosting, analytics, support), bound by confidentiality obligations.
Legal requirements: When required by law, court order, or subpoena.
Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
With your consent: When you explicitly authorize sharing.
Essential cookies: Required for Platform functionality.
Analytics cookies: Help us understand usage patterns.
Preference cookies: Remember your settings.
You can control cookies through browser settings. Disabling cookies may affect functionality. We do not respond to Do Not Track signals.
Access: Request access to your Personal Information.
Correction: Request correction of inaccurate information.
Deletion: Request deletion, subject to legal retention requirements.
Object/Restrict: Object to or restrict processing in certain circumstances.
Portability: Request a copy in a structured, machine-readable format.
Withdraw consent: Where processing is based on consent.
Non-discrimination: We will not discriminate for exercising your rights.
Contact privacy@cody.md to exercise any right. We respond within 45 days or as required by applicable law.
California residents have additional rights including the right to know, delete, correct, and opt out. CodyMD does not sell Personal Information. Contact privacy@cody.md.
Residents of Washington, Oregon, Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws may have additional rights. Contact privacy@cody.md.
We implement administrative, physical, and technical safeguards to protect your information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
Account information: Retained while active, plus a reasonable period after closure.
Usage data: Up to 24 months in identifiable form, then aggregated or de-identified.
Conversation data: Retained for service improvement; deletable on request subject to law.
The Platform is not for individuals under 13. We do not knowingly collect information from children under 13. Contact privacy@cody.md if you believe we have.
The Platform is operated from the United States. If you access from outside the US, your information may be transferred to and processed in the US. Clinical services are not available outside the US.
The Platform may link to third-party services. This Privacy Policy does not apply to them. Review their privacy policies.
We may update this Privacy Policy from time to time. Material changes will be noted with an updated date and, where required, additional notice.
Awesome Studios, LLC d/b/a CodyMD
2442 NW Westover Road, Suite 201, Portland, OR 97210
Privacy: privacy@cody.md | General: info@cody.md
PART B — HIPAA NOTICE OF PRIVACY PRACTICES
Applies only when you receive clinical services. Effective upon acceptance of the Clinical Services Addendum.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Part B applies to Protected Health Information (PHI) created, received, maintained, or transmitted in connection with clinical services through the CodyMD platform. It supplements Part A, which governs Personal Information from informational services. CodyMD operates as a Business Associate under HIPAA with respect to PHI handled on behalf of independent providers and contracted medical groups. CodyMD maintains Business Associate Agreements as required by HIPAA.
PHI is individually identifiable health information created or received in connection with clinical services, including medical history, symptoms, diagnoses, treatment plans, prescriptions, laboratory results, clinical notes, and billing information related to clinical care. General health questions asked through informational services (Part A) are not PHI.
We use and disclose PHI only as permitted by HIPAA, the HITECH Act, and applicable state law:
Treatment: To facilitate care by your provider, coordinate care, and transmit prescriptions.
Payment: To process payments, billing, and fee collection.
Healthcare operations: Quality assessment, credentialing, training, and compliance.
Required by law: To comply with laws, court orders, or administrative requests.
Public health and safety: Disease reporting, abuse reporting, and to avert serious threats to health or safety.
With your authorization: For any other purpose, with your signed written authorization.
Marketing, sale of PHI, and most uses of psychotherapy notes require your written authorization. You may revoke authorization at any time in writing.
We may de-identify PHI using HIPAA’s safe harbor or expert determination methods. De-identified data is not subject to this Notice and may be used for research, analytics, and product development.
Right to access
Inspect and obtain copies of your PHI. We provide it in your requested format if producible. Reasonable fees may apply.
Right to amend
Request corrections to your PHI. We may deny under certain circumstances with a written explanation.
Right to an accounting of disclosures
Request an accounting of certain disclosures made in the prior six years, excluding treatment, payment, operations, and authorized disclosures.
Right to request restrictions
Request restrictions on certain uses. We must agree to restrict disclosures to a health plan for services you paid out of pocket in full.
Right to confidential communications
Request that we communicate by alternative means or at alternative locations. We accommodate reasonable requests.
Right to a copy of this notice
Obtain a paper copy at any time, even if you previously received one electronically.
Right to authorize and revoke
Uses not described here require your written authorization, revocable at any time in writing.
To exercise any right, contact privacy@cody.md. We respond within 30 days.
Washington residents may have additional rights under the My Health My Data Act for consumer health data outside HIPAA’s scope. CodyMD obtains consent before collecting or sharing such data and honors withdrawal and deletion requests.
Where state law provides greater protections than HIPAA, we comply with the more protective standard. Contact privacy@cody.md for state-specific rights.
CodyMD implements safeguards per HIPAA and the HITECH Act: encryption in transit and at rest, access controls, audit logging, workforce training, incident response, and regular security assessments.
Medical records: Minimum 7 years from last encounter, or longer per state law.
Billing records: Minimum 7 years for tax and financial reporting.
PHI no longer needed is securely destroyed or de-identified.
In the event of a breach of unsecured PHI, CodyMD notifies affected individuals, HHS, and where required, the media, per HIPAA, the HITECH Act, and state law. Notification includes a description of the breach, information types involved, protective steps, CodyMD’s response, and contact information.
Service providers accessing PHI are bound by Business Associate Agreements. Laboratories and pharmacies are independent entities with their own HIPAA obligations.
If you believe your privacy rights have been violated:
CodyMD Privacy Officer
Awesome Studios, LLC d/b/a CodyMD
2442 NW Westover Road, Suite 201, Portland, OR 97210
U.S. Department of Health and Human Services, Office for Civil Rights
https://www.hhs.gov/hipaa/filing-a-complaint | 1-800-368-1019
CodyMD will not retaliate against you for filing a complaint.
Material changes will be noted with an updated effective date. The revised Notice applies to all PHI we maintain.
Awesome Studios, LLC d/b/a CodyMD
2442 NW Westover Road, Suite 201, Portland, OR 97210
Privacy/HIPAA: privacy@cody.md | Records: records@cody.md | General: info@cody.md
End of CodyMD Privacy Policy. Effective as of April 13, 2026.
Humans Served
Humans Served
CodyMD
Last Updated: April 13, 2025
This document describes how Awesome Studios, LLC d/b/a CodyMD collects, uses, shares, and protects your information. It is organized in two parts:
Part A — General Privacy Policy covers personal information collected through informational services (health education, wellness content, AI-powered tools). Part A applies to all users.
Part B — HIPAA Notice of Privacy Practices covers Protected Health Information (PHI) created in connection with clinical telehealth services. Part B applies only when you receive clinical services and is effective upon your acceptance of the Clinical Services Addendum (Part B of the Terms of Use).
This document should be read together with our Terms of Use.
PART A — GENERAL PRIVACY POLICY
Applies to all users. Effective upon account creation.
When you create an account or use the Platform, we may collect your name, email address, phone number, date of birth, gender, username and password, and general profile information. We also collect the content of messages, questions, and feedback you provide, including conversations with our AI tools.
Important: General health questions you ask through informational services are not Protected Health Information under HIPAA. They are Personal Information governed by this Part A. If you transition to clinical services, information collected during clinical encounters becomes PHI governed by Part B.
We automatically collect IP address, browser type, operating system, device identifiers, pages visited, dates/times of access, referring URLs, clickstream data, and approximate geographic location. We collect this through cookies, web beacons, pixels, and similar technologies.
We may receive information from analytics providers, identity verification services, and social media platforms (if you link your account).
We use Personal Information to:
Provide, maintain, and improve the Platform.
Process account registration and manage your account.
Respond to inquiries and provide support.
Personalize your experience and show relevant content.
Communicate about the Platform, including updates and promotions (with consent where required).
Detect and address fraud, security issues, and technical problems.
Comply with legal obligations and enforce our Terms of Use.
Conduct research and analytics using aggregated or de-identified data.
CodyMD does not sell your Personal Information.
Service providers: Third parties performing services on our behalf (hosting, analytics, support), bound by confidentiality obligations.
Legal requirements: When required by law, court order, or subpoena.
Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.
With your consent: When you explicitly authorize sharing.
Essential cookies: Required for Platform functionality.
Analytics cookies: Help us understand usage patterns.
Preference cookies: Remember your settings.
You can control cookies through browser settings. Disabling cookies may affect functionality. We do not respond to Do Not Track signals.
Access: Request access to your Personal Information.
Correction: Request correction of inaccurate information.
Deletion: Request deletion, subject to legal retention requirements.
Object/Restrict: Object to or restrict processing in certain circumstances.
Portability: Request a copy in a structured, machine-readable format.
Withdraw consent: Where processing is based on consent.
Non-discrimination: We will not discriminate for exercising your rights.
Contact privacy@cody.md to exercise any right. We respond within 45 days or as required by applicable law.
California residents have additional rights including the right to know, delete, correct, and opt out. CodyMD does not sell Personal Information. Contact privacy@cody.md.
Residents of Washington, Oregon, Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws may have additional rights. Contact privacy@cody.md.
We implement administrative, physical, and technical safeguards to protect your information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
Account information: Retained while active, plus a reasonable period after closure.
Usage data: Up to 24 months in identifiable form, then aggregated or de-identified.
Conversation data: Retained for service improvement; deletable on request subject to law.
The Platform is not for individuals under 13. We do not knowingly collect information from children under 13. Contact privacy@cody.md if you believe we have.
The Platform is operated from the United States. If you access from outside the US, your information may be transferred to and processed in the US. Clinical services are not available outside the US.
The Platform may link to third-party services. This Privacy Policy does not apply to them. Review their privacy policies.
We may update this Privacy Policy from time to time. Material changes will be noted with an updated date and, where required, additional notice.
Awesome Studios, LLC d/b/a CodyMD
2442 NW Westover Road, Suite 201, Portland, OR 97210
Privacy: privacy@cody.md | General: info@cody.md
PART B — HIPAA NOTICE OF PRIVACY PRACTICES
Applies only when you receive clinical services. Effective upon acceptance of the Clinical Services Addendum.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Part B applies to Protected Health Information (PHI) created, received, maintained, or transmitted in connection with clinical services through the CodyMD platform. It supplements Part A, which governs Personal Information from informational services. CodyMD operates as a Business Associate under HIPAA with respect to PHI handled on behalf of independent providers and contracted medical groups. CodyMD maintains Business Associate Agreements as required by HIPAA.
PHI is individually identifiable health information created or received in connection with clinical services, including medical history, symptoms, diagnoses, treatment plans, prescriptions, laboratory results, clinical notes, and billing information related to clinical care. General health questions asked through informational services (Part A) are not PHI.
We use and disclose PHI only as permitted by HIPAA, the HITECH Act, and applicable state law:
Treatment: To facilitate care by your provider, coordinate care, and transmit prescriptions.
Payment: To process payments, billing, and fee collection.
Healthcare operations: Quality assessment, credentialing, training, and compliance.
Required by law: To comply with laws, court orders, or administrative requests.
Public health and safety: Disease reporting, abuse reporting, and to avert serious threats to health or safety.
With your authorization: For any other purpose, with your signed written authorization.
Marketing, sale of PHI, and most uses of psychotherapy notes require your written authorization. You may revoke authorization at any time in writing.
We may de-identify PHI using HIPAA’s safe harbor or expert determination methods. De-identified data is not subject to this Notice and may be used for research, analytics, and product development.
Right to access
Inspect and obtain copies of your PHI. We provide it in your requested format if producible. Reasonable fees may apply.
Right to amend
Request corrections to your PHI. We may deny under certain circumstances with a written explanation.
Right to an accounting of disclosures
Request an accounting of certain disclosures made in the prior six years, excluding treatment, payment, operations, and authorized disclosures.
Right to request restrictions
Request restrictions on certain uses. We must agree to restrict disclosures to a health plan for services you paid out of pocket in full.
Right to confidential communications
Request that we communicate by alternative means or at alternative locations. We accommodate reasonable requests.
Right to a copy of this notice
Obtain a paper copy at any time, even if you previously received one electronically.
Right to authorize and revoke
Uses not described here require your written authorization, revocable at any time in writing.
To exercise any right, contact privacy@cody.md. We respond within 30 days.
Washington residents may have additional rights under the My Health My Data Act for consumer health data outside HIPAA’s scope. CodyMD obtains consent before collecting or sharing such data and honors withdrawal and deletion requests.
Where state law provides greater protections than HIPAA, we comply with the more protective standard. Contact privacy@cody.md for state-specific rights.
CodyMD implements safeguards per HIPAA and the HITECH Act: encryption in transit and at rest, access controls, audit logging, workforce training, incident response, and regular security assessments.
Medical records: Minimum 7 years from last encounter, or longer per state law.
Billing records: Minimum 7 years for tax and financial reporting.
PHI no longer needed is securely destroyed or de-identified.
In the event of a breach of unsecured PHI, CodyMD notifies affected individuals, HHS, and where required, the media, per HIPAA, the HITECH Act, and state law. Notification includes a description of the breach, information types involved, protective steps, CodyMD’s response, and contact information.
Service providers accessing PHI are bound by Business Associate Agreements. Laboratories and pharmacies are independent entities with their own HIPAA obligations.
If you believe your privacy rights have been violated:
CodyMD Privacy Officer
Awesome Studios, LLC d/b/a CodyMD
2442 NW Westover Road, Suite 201, Portland, OR 97210
U.S. Department of Health and Human Services, Office for Civil Rights
https://www.hhs.gov/hipaa/filing-a-complaint | 1-800-368-1019
CodyMD will not retaliate against you for filing a complaint.
Material changes will be noted with an updated effective date. The revised Notice applies to all PHI we maintain.
Awesome Studios, LLC d/b/a CodyMD
2442 NW Westover Road, Suite 201, Portland, OR 97210
Privacy/HIPAA: privacy@cody.md | Records: records@cody.md | General: info@cody.md
End of CodyMD Privacy Policy. Effective as of April 13, 2026.