Skip to main content
ByAven

ByAven

Trust & Safety

Healthcare requires trust. Here is what we do — in concrete, specific terms — to protect your health, your data, and your privacy.

Our commitments

HIPAA Compliant

Active

All patient data is handled in compliance with HIPAA Privacy and Security Rules. We maintain Business Associate Agreements with all third-party vendors who handle protected health information.

Licensed US Providers

Verified

All ByAven providers hold active medical licenses in the states where they treat patients, verified through state medical boards. Licenses are monitored for status changes.

FDA-Approved Medications

Confirmed

Where available, ByAven providers prescribe FDA-approved medications. When compounded medications are prescribed, they are sourced from licensed 503B outsourcing facilities.

SSL/TLS Encrypted

Active

All data transmitted between your device and ByAven servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.

Secure Payments

In Progress

Card data is processed through PCI-DSS compliant payment infrastructure. ByAven never stores full card numbers. Payment processing will be handled through Authorize.net.

Our providers

Every ByAven provider undergoes a credentialing process before treating patients. This includes:

  • Active state medical license in every state where they practice
  • Board certification or board-eligibility in a relevant specialty
  • Active malpractice insurance
  • No history of disciplinary action for patient safety violations
  • Completion of ByAven-specific training on current menopause guidelines

You can independently verify any provider's license through your state medical board. Select your state on our state pages to find the appropriate verification link.

California medical boardTexas medical boardFlorida medical boardNew York medical boardAll states medical board

Data protection

What we protect

Protected Health Information (PHI) — your medical history, symptoms, prescriptions, and any information that identifies you as a patient — is treated with the highest level of security. PHI is stored encrypted, transmitted only over encrypted connections, and accessed only by your care team and ByAven staff with a clinical need.

What we never do

  • Sell your personal data or health information to third parties
  • Share PHI without your authorization (except as required by law)
  • Use your health data for advertising targeting
  • Store full credit card numbers
  • Track your individual behavior for commercial purposes

Technical measures

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls limiting data visibility
  • Audit logging of all access to patient records
  • Regular security reviews (TODO: formal audit schedule post-launch)
HIPAA Notice of Privacy PracticesPrivacy Policy

Medication safety

ByAven providers only prescribe medications that are clinically appropriate for your specific situation, based on current NAMS and ACOG guidelines.

FDA-approved medications

When available, ByAven providers prescribe FDA-approved hormone therapy and menopause medications from established pharmaceutical manufacturers.

Compounded medications

Compounded medications may be prescribed in specific clinical situations. When prescribed, we source from licensed 503B outsourcing facilities regulated by the FDA.

Pharmacy network

Prescriptions can be sent to your preferred local pharmacy or a licensed mail-order pharmacy that ships to your state.

No controlled substances

ByAven does not prescribe controlled substances via telehealth. If such medications are clinically indicated, your provider will refer you for appropriate in-person care.

Reporting concerns

Privacy concerns: Contact our Privacy Officer at privacy@byaven.com. You also have the right to file a complaint with the HHS Office for Civil Rights.

Adverse medication events: Report to the FDA MedWatch program at fda.gov/safety/medwatch or call 1-800-FDA-1088.

Provider concerns: Contact us at support@byaven.com. You may also file a complaint directly with your state medical board.

Third-party certifications

The following certifications are planned or in progress. We will update this section as they are completed.

Planned

LegitScript Certification

Certification for online pharmacies and healthcare providers. Pending application.

Planned

HITRUST CSF

Healthcare information security framework. Planned for post-launch phase.

Planned

SOC 2 Type II

Third-party audit of security, availability, and confidentiality controls.

Take the first step toward feeling like yourself again.

Personalized menopause care, designed by experts. Start with our free assessment.

Take the QuizLearn More