Last Updated: March 25, 2026
NextDayDoctor MSO LLC ("NextDayDoctor," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, mobile application, and related services (collectively, the "Platform").
Please read this Privacy Policy carefully. By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Platform.
NOTICE REGARDING HEALTH INFORMATION: This Privacy Policy covers personal information collected through your use of our website and platform technology. If you receive healthcare services through NextDayDoctor, the use and disclosure of your Protected Health Information ("PHI") is separately governed by the Notice of Privacy Practices issued by Tristan Cooper MD PLLC (the "Medical Practice"). Please review that notice carefully. Where this Privacy Policy and the Notice of Privacy Practices address the same information, the Notice of Privacy Practices controls with respect to PHI.
NextDayDoctor MSO LLC operates as a Management Services Organization ("MSO") — a technology and administrative services company. We do not practice medicine. Medical services are provided by the Medical Practice and its independently licensed healthcare providers.
As a Business Associate to the Medical Practice under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations, NextDayDoctor handles PHI only as permitted by HIPAA and our Business Associate Agreement with the Medical Practice. We maintain administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI.
Business Associates: Third-party vendors who access PHI on our behalf — including our cloud infrastructure provider, messaging service provider, and communications provider — are required to enter into Business Associate Agreements obligating them to protect PHI to the same standard required of us under HIPAA.
Your medical records rights are described in the Notice of Privacy Practices. These rights survive account termination — closing your account does not extinguish your right to access or obtain copies of your medical records. Requests for medical records should be directed to the Medical Practice as described in the Notice of Privacy Practices.
PHI and account deletion: Because HIPAA requires us to retain medical records for a minimum of six (6) years from the date of creation or last effective date, we cannot delete PHI associated with your clinical care on request during that retention period, even if you request deletion of your account or personal information under applicable privacy laws.
We collect information you voluntarily provide when using the Platform, including:
When you use the Platform to access telehealth services, we collect and handle:
If you interact with any AI-powered features on the Platform (including AI chat agents or health information tools), we collect the content of those interactions in order to provide responses and improve AI feature performance. AI interaction data that contains or relates to your health condition, symptoms, medications, or clinical history may constitute PHI and will be handled in accordance with our HIPAA obligations. You should not input sensitive health information into AI features unless the interface is identified as a secure, HIPAA-compliant channel.
When you access the Platform, we automatically collect certain technical information, including:
Our iOS and Android mobile applications may request the following device permissions:
We do not access device permissions for purposes other than those described above.
We may receive information about you from third parties, including:
Certain categories of personal information we collect are classified as "sensitive personal information" under applicable state privacy laws, including the California Privacy Rights Act ("CPRA"). These categories include:
We use sensitive personal information only as necessary to provide the services you request and as otherwise required or permitted by law. We do not use sensitive personal information for purposes of inferring characteristics unrelated to your care or for cross-context behavioral advertising.
We use the information we collect to:
We do not use PHI for marketing or advertising purposes.
Our Platform uses an automated system to match patients with available healthcare providers. This matching process evaluates: (1) the state where you are located at the time of your request against providers' state license portfolios; (2) your preferred language; (3) the type of service requested; and (4) your age or the age of the patient, to determine whether pediatric or adult provider credentials are required.
The outcome of this matching process determines which providers are available to you. No human review of individual matching decisions occurs in real time. If you believe a matching result is incorrect or you have been unable to access care due to a matching outcome, please contact us at support@nextdaydoctor.com.
We use cookies, web beacons, and similar tracking technologies to collect information about your interactions with the Platform.
We use Google Analytics to collect and analyze information about how users interact with the Platform. Google Analytics collects data such as pages visited, session duration, and general location. We have configured Google Analytics to not receive PHI, and we do not send health-related information to any analytics platform.
Most web browsers accept cookies by default. You may modify your browser settings to decline cookies; however, doing so may impair certain Platform functionality. You may opt out of interest-based advertising through the Digital Advertising Alliance (www.aboutads.info) or the Network Advertising Initiative (www.networkadvertising.org).
We currently do not respond to "Do Not Track" signals from browsers.
We may share your information in the following circumstances:
Practice-Level Data Isolation: The Platform operates with practice-level data siloing. Clinical records (encounter notes, prescriptions, imaging, lab orders, uploaded documents) created by one Practice are accessible only to that Practice's authorized staff. Staff from one Practice cannot access clinical records created by a different Practice, even for patients seen by both. If you are treated by more than one Practice using the Platform, each Practice maintains a separate, isolated view of your care with that Practice only.
We implement appropriate administrative, physical, and technical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include encryption of data in transit and at rest, access controls, and regular security assessments.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
Security of PHI: PHI transmitted through the Platform is encrypted. Secure messaging and telehealth sessions use encrypted channels. We do not send PHI through unencrypted email.
In the event of a breach of unsecured PHI, we will notify affected individuals as required by HIPAA's Breach Notification Rule (45 CFR Part 164, Subpart D), typically within sixty (60) days of discovery. We will also notify the U.S. Department of Health and Human Services and, where required, the media in accordance with applicable law.
For breaches of non-health personal information, we will notify affected individuals in accordance with applicable state data breach notification laws.
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
PHI and Medical Records: Clinical records associated with your care are retained for a minimum of six (6) years from the date of creation or the date last in effect, whichever is later, as required by HIPAA. Some states require longer retention periods. We comply with the longer applicable period.
Non-Health Information: Account information and non-health personal data are retained for the duration of your account and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.
When we no longer need your information and are not required to retain it, we will securely delete or anonymize it.
You may update or correct your account information at any time by logging into your account or contacting us at support@nextdaydoctor.com. Note that we may retain certain information as required by law, including HIPAA's retention requirements, even if you request deletion.
You may opt out of receiving promotional emails by following the unsubscribe instructions in those emails or by contacting us at support@nextdaydoctor.com. If you opt out, we may still send you non-promotional communications about your account, appointments, or legal notices.
You may opt out of SMS messages by replying "STOP" to any text message from us. You may disable push notifications through your device settings. Opting out of SMS or push notifications does not affect your ability to receive email communications.
We do not sell your personal information for money. However, sharing data with advertising partners for cross-context behavioral advertising may constitute "sharing" under applicable law. California residents and residents of other states with applicable privacy laws may opt out of such sharing by contacting us at privacy@nextdaydoctor.com or by adjusting your cookie preferences.
You have the right to request correction of inaccurate personal information we hold about you. To submit a correction request, contact us at privacy@nextdaydoctor.com.
When you contact our support team by phone, voicemail messages and records of the interaction may be retained for quality assurance, training, and legal compliance purposes.
If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"):
To exercise these rights, contact us at privacy@nextdaydoctor.com. We may need to verify your identity before processing your request. We will respond within 45 days as required by law, with an extension of up to 45 additional days where reasonably necessary.
If you are a Nevada resident, you have the right to opt out of the sale of certain covered information to third parties. While we do not currently sell covered information as defined under Nevada Revised Statutes § 603A, you may submit a verified opt-out request by contacting us at privacy@nextdaydoctor.com. We will respond within 60 days.
Residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive consumer privacy laws may have rights similar to those described in Section 12, including rights to access, correct, delete, and opt out of certain data processing activities. To exercise any such rights, please contact us at privacy@nextdaydoctor.com. We will respond in accordance with the applicable law of your state of residence.
The Platform is intended for use only by individuals who are at least 18 years of age. We do not knowingly collect personal information from individuals under the age of 18 except as provided below.
A parent or legal guardian may register an account and provide information about a minor dependent for the purpose of booking and managing the minor's healthcare appointments. In such cases, the parent or guardian is the account holder and is responsible for the accuracy and appropriate use of the minor's information. The minor's health information may constitute PHI and is handled accordingly.
If you are a parent or guardian and believe your child under 18 has provided personal information to us without your authorization, please contact us at support@nextdaydoctor.com so we can investigate and, where appropriate, delete such information.
The Platform may contain links to third-party websites or services not owned or controlled by NextDayDoctor. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. Our disclosure of your information to third-party service providers is governed by Section 7 above and the applicable Business Associate Agreements.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at the address associated with your account and by posting the updated Privacy Policy on the Platform, updating the "Last Updated" date at the top. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Platform.
For questions about this Privacy Policy, to exercise your privacy rights, or to report a privacy concern, please contact us at:
NextDayDoctor MSO LLC Email: privacy@nextdaydoctor.com Address: 9205 West Russell Road, Suite 240, Las Vegas, Nevada 89148
For matters specifically related to your medical records or PHI, please also contact the Medical Practice as directed in the Notice of Privacy Practices.
Effective Date: March 25, 2026
