How your information moves through WellMensRX.

What this document is and who it applies to.

WellMensRX ("we," "us," "our") operates a telehealth platform for men's health. This Privacy Policy describes how we collect, use, share, and protect information when you visit our websites, complete an intake, receive treatment through our platform, or otherwise engage with us.

It applies to everyone who interacts with our platform, including visitors who never create an account and patients who complete an intake and receive a prescription. By using our services, you acknowledge you have read and understood this policy.

We handle Protected Health Information (PHI) under HIPAA. For the specific notice describing our HIPAA uses and disclosures of PHI, see our Notice of Privacy Practices.

Information we collect about you.

Personal information you give us

• Name, email, mailing address, phone number
• Date of birth and gender
• Payment method (tokenized — we never store full card numbers)
• Account credentials and communication preferences
• SMS consent status and opt-in preferences

Protected Health Information (PHI)

As a telehealth provider, we collect PHI under HIPAA:

• Medical history, current conditions, and current medications
• Intake answers, provider notes, and treatment plans
• Prescription and refill history
• Any lab or diagnostic information shared with your provider

Information collected automatically

• Device information: IP address, browser type, device identifiers
• Usage information: pages viewed, session timestamps, referring URL
• Approximate location from IP, used for state eligibility and shipping

How we use your information.

To provide care and run the service

• Processing intakes and fulfilling prescriptions
• Connecting you with licensed physicians for telehealth review
• Managing your account, orders, refills, and support
• Processing payments and preventing fraud

For communications

• Transactional email and SMS: order confirmations, shipping updates, refill reminders, account alerts
• Health-related information and treatment reminders
• Marketing email and SMS with your consent — promotions, deals, new formulas

For marketing and retargeting

Once you have entered what we call "our flow" — by visiting a product page, starting an intake, submitting an email, or interacting with our ads — we may use your email address and limited non-health interaction data (pages viewed, products clicked, funnel stage, purchase status) to:

• Send you marketing emails about promotions, deals, and refill reminders
• Deliver retargeting ads on platforms including Meta (Facebook/Instagram), Google, TikTok, and similar ad networks
• Build look-alike audiences using hashed, non-health data only
• Measure campaign performance and conversion attribution

We do not use HIPAA-protected health information for marketing. Your intake answers, diagnoses, prescription history, and clinical communications stay inside HIPAA-protected systems and are never used for advertising or shared with ad platforms. What ad platforms see is limited to hashed email, page URL, whether a purchase happened, and the dollar amount.

For analytics and compliance

• Analyzing usage patterns to improve the service
• Monitoring for security threats and fraud
• Meeting legal obligations, including prescription-records laws

Who we share information with.

We do not sell your personal information for money. We share information with the following categories of recipients:

Treatment and fulfillment

• Your reviewing physician and care team — to evaluate intake and manage treatment
• Partner compounding pharmacies — to prepare and ship your prescription
• Payment processors — to process charges (tokenized payment data only)
• Shipping carriers (USPS, UPS, FedEx) — to deliver your order

Service providers

• Infrastructure and security vendors — bound by contract to HIPAA-compliant handling, used only to operate the platform
• Email service providers — to deliver transactional and marketing messages
• SMS gateways — contractually prohibited from using your mobile information for any purpose other than delivering our messages. Your phone number and SMS consent status are never shared with third parties for their own marketing.

Marketing and advertising platforms

We share hashed email addresses and non-health interaction data with ad platforms including Meta, Google, TikTok, and similar networks for retargeting, look-alike audiences, and campaign measurement. State privacy laws classify this as "sharing for cross-context behavioral advertising" — what California treats as a "sale" or "share" even though no money changes hands for your data. You have the right to opt out (see below).

We never share your intake answers, diagnoses, prescription history, or any HIPAA-protected health information with ad platforms.

Legal and business

• Law enforcement or regulators — only if legally compelled, and we will notify you unless prohibited
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may transfer as part of the transaction; we will notify you of any such change

How to opt out of marketing and retargeting.

You can opt out of any of our marketing at any time, at no cost, without losing access to care.

HIPAA compliance.

We comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. Our administrative, physical, and technical safeguards include policies for managing PHI, workforce training, access controls, audit logs, encryption, and secure transmission.

Permitted uses and disclosures (TPO)

Under HIPAA, we may use and disclose your PHI without your authorization for:

• Treatment — to provide, coordinate, or manage your healthcare
• Payment — to bill and collect payment for services
• Healthcare Operations — for quality assessment, training, and business management

For the full Notice of Privacy Practices describing these uses in detail, see our Notice of Privacy Practices.

Breach notification

In the event of a breach affecting your personal information, we will notify you in accordance with applicable law, including HIPAA breach notification requirements. Notification will be provided without unreasonable delay and no later than 60 days after discovery.

How we protect your information.

• 256-bit SSL/TLS encryption for data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication for workforce access
• Regular security assessments and penetration testing
• SOC 2 Type II compliant infrastructure

No method of transmission or electronic storage is 100% secure. While we follow industry-standard safeguards, we cannot guarantee absolute security of information transmitted over the internet.

Data retention

We retain personal information as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Medical records and PHI are retained in accordance with state and federal healthcare record retention requirements — typically a minimum of 6 to 10 years. When retention requirements expire, records are securely destroyed.

Your rights over your information.

HIPAA rights

• Access: inspect and obtain copies of your PHI
• Amendment: request corrections to inaccurate PHI
• Accounting of disclosures: receive a list of certain disclosures
• Restriction: request restrictions on certain uses or disclosures
• Confidential communications: ask us to contact you by specific means or at a specific address

State privacy rights (CCPA, VCDPA, CPA, CTDPA, UCPA and similar)

If you live in a state with a consumer privacy law, you have the rights to know, correct, delete, opt out of sale or sharing for behavioral advertising, limit use of sensitive personal information, and not be discriminated against for exercising those rights. Residents of Virginia, Colorado, and Connecticut also have the right to appeal a denied request.

For a plain-English walkthrough of these rights and how to exercise them, see Your privacy choices. The fastest way to submit a request is by emailing privacy@wellmensrx.com. We respond within 15 business days and fulfill valid requests within 45 days.

SMS rights

• Opt-out: reply STOP to any message to stop receiving SMS. You will receive a one-time confirmation and no further texts.
• Help: reply HELP for assistance or email support@wellmensrx.com.
• Frequency: varies with account activity and the message types you opted into.
• Rates: standard message and data rates from your carrier may apply.
• Not required: consent to receive SMS is not a condition of purchase.

Cookies, analytics, and tracking technologies.

We use cookies, pixels, and similar tracking technologies to remember preferences, understand how the site is used, improve functionality, and deliver relevant marketing. You can control cookies through browser settings, though disabling them may affect how the site works.

Third-party analytics and advertising

• Google Tag Manager — tag management and analytics orchestration
• Microsoft Clarity — user-experience analytics and session recordings
• Meta (Facebook/Instagram) Pixel and Conversions API — attribution and retargeting
• Google Ads — attribution and retargeting
• TikTok Pixel — attribution and retargeting
• Everflow — affiliate and conversion tracking

These services may collect information about your browsing behavior and interactions with our site. None of them receive HIPAA-protected health information from us. To opt out of retargeting at the platform level, use the ad-preferences page for each platform, enable Global Privacy Control in your browser, or email privacy@wellmensrx.com.

Children's privacy.

Our services are not intended for anyone under 18. We do not knowingly collect information from children. If we learn we have collected information from a minor, we will delete it promptly.

International users and data storage.

Our services are intended for residents of the United States. Data is stored on infrastructure located in the United States. We do not ship internationally and do not direct our services to users outside the U.S.

Changes to this policy.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes that significantly affect your rights, we will provide reasonable notice through the service or by email before the change takes effect. Your continued use of our services after the update means you accept the revised policy.

Get in touch.