Privacy Policy

Last updated: 15 April 2026

1. Introduction

Quantum Men's Health ("we", "our", "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit www.quantummenshealth.com (the "Site") and any connected patient app, when you contact us, when you book or attend a consultation, when you purchase products or services, and when a prescription is issued or dispensed on your behalf.

We operate in accordance with applicable US federal law — including the Health Insurance Portability and Accountability Act (HIPAA) where we act as a Covered Entity — and applicable state laws, including the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA) and other state consumer-privacy and telehealth statutes in the states in which we operate.

The data controller / business is Quantum Men's Health US, Inc., a Delaware corporation, with its principal office at 251 Little Falls Drive, Wilmington, DE 19808. Clinical services are provided by independently licensed US physicians and pharmacies and, where applicable, through professional corporations affiliated with us.

2. Information we collect

• Identity & contact details: name, date of birth, sex, address, ZIP code, phone, email.
• Account & verification data: username, password (hashed), government-issued photo ID where required to verify identity for prescribing.
• Protected Health Information (PHI) / health information: medical history, presenting symptoms, lifestyle data, examination findings, laboratory results, treatment records, prescriptions issued, dispensing records, follow-up notes, AI-assisted assessment outputs (ADAM), pharmacy correspondence and insurance information where provided.
• Payment data: billing address and partial card details. Full card numbers are processed by our PCI-DSS compliant payment service provider (Stripe) and are not stored on our servers.
• Order & subscription data: products purchased, shipping address, dispensing pharmacy, refill status.
• Technical data: IP address, device identifiers, browser type, operating system, referring URLs, pages viewed and analytics data.
• Communication data: messages, appointment requests, chat transcripts and call recordings where you have been informed.
• Marketing preferences where you have opted in.

3. How we use your information

• to provide telehealth consultations, diagnosis, prescribing, dispensing and follow-up care through independently licensed clinicians and pharmacies;
• to verify your identity and eligibility to receive a prescription, particularly for testosterone and other DEA Schedule III–controlled substances;
• to manage appointments, patient records, refills and correspondence;
• to process payments, refunds and subscription billing;
• to arrange dispensing and delivery via our licensed pharmacy partner(s) our licensed pharmacy partner;
• to operate ADAM, our AI-assisted assessment tool, in support of (not as a replacement for) clinical decision-making by a licensed clinician;
• to respond to queries, complaints and requests for records;
• to comply with legal, regulatory, clinical-governance and tax obligations, including DEA, FDA, state medical boards and state boards of pharmacy requirements;
• to improve our Site, services and clinical pathways;
• to send service messages and, only with your consent, marketing communications.

4. Sharing your information

• with licensed clinicians, nurses and pharmacists involved in your care;
• with our pharmacy partner(s) and accredited laboratories;
• with your designated primary-care physician, with your authorisation;
• with IT, hosting, telehealth-platform, communications and analytics providers who act as HIPAA Business Associates or service providers under written agreements;
• with payment processors (Stripe) and shipping carriers;
• where required by law, subpoena, court order or regulator (including FDA MedWatch reporting, DEA inspections and state-board inquiries).

We do not sell your Protected Health Information. We do not use PHI for third-party marketing. With respect to categories of personal information that are not PHI, we do not sell or "share" (as defined under the CCPA/CPRA) your information for cross-context behavioral advertising without your consent.

5. HIPAA and your health information

To the extent we act as a HIPAA Covered Entity, use and disclosure of your Protected Health Information is governed by our Notice of Privacy Practices, which is provided to you at the start of care and is available on the Site. Where we use third-party vendors to create, receive, maintain or transmit PHI, we enter into Business Associate Agreements.

6. Your rights

Depending on the state in which you reside, you may have some or all of the following rights:

• the right to access or receive a copy of your personal information or medical record;
• the right to request correction of inaccurate information;
• the right to request deletion of your personal information, subject to our legal obligation to retain medical and prescribing records;
• the right to request restriction on certain uses and disclosures of your PHI;
• the right to an accounting of disclosures of your PHI;
• the right to opt out of the sale or sharing of personal information and of targeted advertising (we do not sell or share PHI);
• the right to limit use of sensitive personal information (CCPA/CPRA);
• the right to non-discrimination for exercising any of these rights;
• the right to appeal our response to a rights request, where state law provides.

To exercise any of these rights, contact our Privacy Officer using the details in section 9, or submit a verifiable consumer request through the process described there. We will respond within the time frame required by applicable state law.

7. Data security and retention

We maintain administrative, technical and physical safeguards designed to protect the confidentiality, integrity and availability of your information, including encrypted storage and transmission, role-based access controls, audit logging, multi-factor authentication for staff accounts, workforce training and written Business Associate Agreements. We retain medical records for the period required by the law of the state in which care is delivered (typically seven to ten years for adult records, and into adulthood for minors). Non-clinical business records are retained only as long as reasonably necessary for the purposes described in this policy.

8. Cookies, tracking and do-not-track

The Site uses cookies, pixels and similar technologies to operate the Site, remember your preferences, measure traffic and (with consent where required) deliver marketing. You may manage your preferences through the cookie banner or the "Cookie settings" link in the footer. We honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing where applicable. Because there is no industry-wide standard for Do-Not-Track signals, we do not separately respond to DNT.

Full details are set out in our separate Cookie Policy.

9. Contact us / Privacy Officer

HIPAA Privacy Officer Quantum Men's Health US, Inc. 251 Little Falls Drive, Wilmington, DE 19808 Email: privacy@quantummenshealth.com General enquiries: info@quantummenshealth.com

To file a HIPAA complaint you may also contact the U.S. Department of Health and Human Services, Office for Civil Rights (www.hhs.gov/ocr). California residents may also contact the California Privacy Protection Agency (cppa.ca.gov).

10. Children

Our Site and services are intended for users aged 18 or over. We do not knowingly collect personal information from children under 13 in accordance with the Children's Online Privacy Protection Act (COPPA).

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be notified via the Site or by email where appropriate.

Last updated: 15 April 2026

1. Introduction

Quantum Men's Health ("we", "our", "us") respects your right to privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit www.quantummenshealth.ie (the "Site"), when you contact us, when you book or attend a consultation, when you purchase products or services, and when a prescription is issued or dispensed on your behalf.

We comply with the EU General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, the ePrivacy Regulations 2011, and our professional obligations under the Medical Council, the Health Products Regulatory Authority (HPRA) and the Pharmaceutical Society of Ireland (PSI).

The data controller is Jura Health Ltd, trading as Quantum Men's Health, registered in Ireland (company number: registration details to be confirmed), with its registered office at registered office details to be confirmed.

2. What information we collect

We may collect and process the following categories of personal data:

• Identity & contact details: name, date of birth, gender, address, Eircode, phone number, email address.
• Account & verification data: username, password (hashed), photo ID where required to verify identity for prescribing.
• Health information (special category data): medical history, presenting symptoms, lifestyle information, examination findings, blood test and laboratory results, treatment records, prescriptions issued, dispensing records, follow-up notes and any clinical correspondence.
• Payment data: billing address and partial card details. Full card numbers are processed by our PCI-DSS compliant payment service provider (Stripe) and are never stored on our servers.
• Order & subscription data: products purchased, delivery address, dispensing pharmacy, repeat-prescription status.
• Technical data: IP address, device and browser type, operating system, referring URLs, pages viewed, session duration and other analytics data.
• Communication data: messages, appointment requests, chat transcripts, call recordings (where you have been informed) and enquiries submitted via our contact forms, email or phone.
• Marketing preferences where you have opted in.

3. How we use your information

We use your personal data to:

• provide medical consultations, diagnosis, prescribing, dispensing and follow-up care;
• verify your identity before issuing a prescription or controlled-drug therapy;
• manage appointments, patient records, repeat orders and correspondence;
• process payments, refunds and subscription billing;
• arrange delivery of medicines and devices via our regulated pharmacy partner our PSI-registered pharmacy partner;
• respond to your queries, complaints and requests for records;
• meet our legal, regulatory, clinical-governance and tax obligations as an Irish healthcare provider and online retailer;
• improve our website, services and clinical pathways;
• send service messages (appointment reminders, prescription updates) and, only with your consent, marketing communications.

4. Legal basis for processing

We rely on the following lawful bases under GDPR:

• Article 9(2)(h) GDPR — provision of healthcare, medical diagnosis and the management of health services, on the basis of professional confidentiality.
• Article 6(1)(b) — performance of a contract with you (consultation, prescription, product purchase, subscription).
• Article 6(1)(c) — compliance with our legal obligations (including record-retention duties under Irish medical and pharmacy law).
• Article 6(1)(a) / 9(2)(a) — your explicit consent (e.g. marketing, sharing records with your GP, recording calls).
• Article 6(1)(f) — our legitimate interests in operating, securing and improving the Site, provided your rights and freedoms do not override those interests.

5. How we store and protect your data

We take all reasonable steps to ensure your information is stored securely, including:

• encrypted digital storage and TLS-encrypted transmission;
• access restricted to authorised clinical and administrative staff on a need-to-know basis;
• audit logging of all access to clinical records;
• multi-factor authentication for staff accounts;
• regular security reviews, vulnerability scanning and staff data-protection training;
• written data-processing agreements with all sub-processors.

We retain your personal data only for as long as necessary. Clinical records are retained for 8 years from the last entry, in line with HSE and Medical Council guidance (longer where the patient is a minor or where retention is otherwise required by law).

6. Sharing your data

We share data only when necessary and lawful, including:

• with prescribing doctors, nurses and pharmacists involved in your care;
• with our regulated dispensing pharmacy partner to fulfil prescriptions;
• with accredited laboratories that process your blood or pathology samples;
• with your nominated GP or hospital, with your consent;
• with our IT, hosting, video-consultation, communications and analytics providers under written processing agreements;
• with payment processors (Stripe) and delivery couriers;
• where required by law, regulation, court order or a request from a competent authority (HPRA, PSI, Medical Council, Revenue, An Garda Síochána).

We never sell your personal data and we never share it for third-party marketing.

7. International transfers

Our primary servers are located within the EEA. Where a sub-processor is located outside the EEA (for example certain analytics or AI providers in the United States), we rely on Standard Contractual Clauses and additional safeguards as required by Chapter V GDPR.

8. Your data protection rights

Under GDPR you have the right to:

• access your personal data and obtain a copy;
• request correction of inaccurate data or completion of incomplete data;
• request erasure ("right to be forgotten"), subject to our legal duty to retain clinical records;
• restrict or object to certain processing;
• request data portability in a structured, machine-readable format;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 — www.dataprotection.ie.

To exercise any of these rights, contact our Data Protection Officer using the details in section 11.

9. Cookies and website tracking

The Site uses cookies and similar technologies to enable core functionality, remember your preferences, measure traffic and (with consent) deliver marketing. Strictly necessary cookies are set on the basis of legitimate interest; all other cookies are set only after you give consent through our cookie banner. You can withdraw consent at any time via the "Cookie settings" link in the footer or through your browser settings.

Full details, including the categories of cookies we use and their retention periods, are set out in our separate Cookie Policy.

We do not knowingly permit malware, spyware or viruses on the Site.

10. Children

Our Site and services are intended for users aged 18 or over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Contact us

If you have any questions or wish to exercise your rights:

Data Protection Officer Quantum Men's Health (Jura Health Ltd) registered office details to be confirmed Email: dpo@quantummenshealth.ie General enquiries: info@quantummenshealth.ie

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be notified via the Site or by email where appropriate.

Last updated: 15 April 2026

1. Introduction

Quantum Men's Health ("we", "our", "us") respects your right to privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit www.quantummenshealth.co.uk (the "Site") and the connected patient app at app.quantummenshealth.co.uk, when you contact us, when you book or attend a consultation, when you purchase products or services, and when a prescription is issued or dispensed on your behalf.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and our professional obligations under the General Medical Council (GMC), the General Pharmaceutical Council (GPhC), the Care Quality Commission (CQC) and the Medicines and Healthcare products Regulatory Agency (MHRA).

The data controller is Quantum Men's Health UK Limited, a company registered in England & Wales (company number: registration details to be confirmed), with its registered office at registered office details to be confirmed, registered with the Information Commissioner's Office (registration number: registration details to be confirmed).

2. What information we collect

• Identity & contact details: name, date of birth, sex, address, postcode, phone, email.
• Account & verification data: username, password (hashed), photo ID where required to verify identity for prescribing.
• Health information (special category data): medical history, presenting symptoms, lifestyle data, examination findings, blood and laboratory results, treatment records, prescriptions issued, dispensing records, follow-up notes, AI-assisted assessment outputs (ADAM) and clinical correspondence.
• Payment data: billing address and partial card details. Full card numbers are processed by our PCI-DSS compliant payment service provider (Stripe) and are never stored on our servers.
• Order & subscription data: products purchased, delivery address, dispensing pharmacy, repeat-prescription status.
• Technical data: IP address, device and browser type, operating system, referring URLs, pages viewed, session duration and analytics data.
• Communication data: messages, appointment requests, chat transcripts, call recordings (where you have been informed) and enquiries.
• Marketing preferences where you have opted in.

3. How we use your information

• to provide medical consultations, diagnosis, prescribing, dispensing and follow-up care;
• to verify your identity before issuing a prescription, particularly for testosterone and other Schedule 4 controlled drugs;
• to manage appointments, patient records, repeat orders and correspondence;
• to process payments, refunds and subscription billing;
• to arrange dispensing and delivery via our GPhC-registered pharmacy partner our GPhC-registered pharmacy partner;
• to operate ADAM, our AI-assisted assessment tool, in support of (not as a replacement for) clinical decision-making by a GMC-registered doctor;
• to respond to queries, complaints and Subject Access Requests;
• to meet legal, regulatory, clinical-governance and tax obligations;
• to improve our website, services and clinical pathways;
• to send service messages and, only with your consent, marketing communications.

4. Lawful basis for processing

• Article 9(2)(h) UK GDPR — provision of healthcare and the management of health services, on the basis of professional confidentiality.
• Article 6(1)(b) — performance of a contract.
• Article 6(1)(c) — compliance with legal obligations (e.g. record-retention duties under the Health and Social Care Act 2008 and MHRA pharmacovigilance requirements).
• Article 6(1)(a) / 9(2)(a) — explicit consent (e.g. marketing, sharing records with your GP, recording calls).
• Article 6(1)(f) — legitimate interests in operating, securing and improving the Site, where your rights and freedoms do not override those interests.

5. How we store and protect your data

• encrypted digital storage and TLS-encrypted transmission;
• access restricted to authorised clinical and administrative staff on a need-to-know basis;
• audit logging of all access to clinical records;
• multi-factor authentication for staff accounts;
• regular security reviews, penetration testing and DSPT-aligned controls;
• written data-processing agreements with all sub-processors.

We retain GP-equivalent adult clinical records for 10 years from the last entry, in line with the NHS Records Management Code of Practice. Children's records are retained until the patient's 25th birthday (or 26th if entered when aged 17). Pharmacy records are retained as required by the Human Medicines Regulations 2012.

6. Sharing your data

• with prescribing doctors, nurses and pharmacists involved in your care;
• with our GPhC-registered dispensing pharmacy partner;
• with accredited UK laboratories that process your samples;
• with your nominated NHS GP, with your consent;
• with our IT, hosting, video-consultation, communications and analytics providers under written processing agreements;
• with payment processors (Stripe) and couriers;
• where required by law or regulation, including reports to the MHRA's Yellow Card Scheme, the CQC, the GPhC, the GMC, HMRC or the police.

We never sell your personal data and we never share it for third-party marketing.

7. International transfers

Our primary servers are located within the UK or EEA. Where a sub-processor is located outside the UK (for example certain analytics or AI providers in the United States), we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU SCCs, or an applicable adequacy regulation.

8. Your data protection rights

Under UK GDPR you have the right to:

• access your personal data and obtain a copy;
• request correction or completion of inaccurate data;
• request erasure, subject to our legal duty to retain clinical records;
• restrict or object to certain processing;
• request data portability;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — www.ico.org.uk.

To exercise any of these rights, contact our Data Protection Officer using the details in section 11.

9. Cookies and website tracking

The Site uses cookies and similar technologies to enable core functionality, remember your preferences, measure traffic and (with consent) deliver marketing. Strictly necessary cookies are set on the basis of our legitimate interest; all other cookies are set only after you give consent through our cookie banner under PECR. You can withdraw consent at any time via the "Cookie settings" link in the footer.

Full details are set out in our separate Cookie Policy.

10. Children

Our Site and services are intended for users aged 18 or over. We do not knowingly collect personal data from children.

11. Contact us

Data Protection Officer Quantum Men's Health UK Limited registered office details to be confirmed Email: dpo@quantummenshealth.co.uk General enquiries: info@quantummenshealth.co.uk ICO registration: registration details to be confirmed

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be notified via the Site or by email where appropriate.