Embirwell

Privacy Policy

Last updated: April 5, 2026

Embirwell (“we,” “us,” or “our”) is committed to protecting the privacy of everyone who uses our website, mobile applications, and virtual menopause care services (collectively, the “Services”). This Privacy Policy describes how we collect, use, disclose, and safeguard your information. By accessing or using our Services, you agree to the practices described in this policy.

1. Information We Collect

We collect information in several ways depending on how you interact with our Services.

Information You Provide

  • Account information: name, email address, date of birth, phone number, and login credentials when you create an account.
  • Health information: symptom assessments, medical history, current medications, allergies, and other health details you share through consultations or intake forms. This information is considered Protected Health Information (PHI) under HIPAA.
  • Payment information: billing address and payment card details. Payment processing is handled by our PCI-compliant third-party payment processor; we do not store full credit card numbers on our servers.
  • Communications: messages you send to our care team, support inquiries, and feedback.

Information Collected Automatically

  • Device and usage data: IP address, browser type, operating system, referring URLs, pages visited, and interaction patterns within our Services.
  • Cookies and similar technologies: we use cookies, pixels, and local storage to maintain sessions, remember preferences, and analyze how our Services are used. See Section 6 below for details.

2. How We Use Your Information

  • To deliver care: facilitate consultations, create treatment plans, prescribe medications, and provide ongoing menopause management.
  • To operate our Services: process payments, verify identity, manage your account, and respond to support requests.
  • To improve our Services: analyze usage trends, conduct quality improvement activities, and develop new features.
  • To communicate with you: send appointment reminders, care updates, service announcements, and, with your consent, promotional materials.
  • To comply with legal obligations: fulfill regulatory requirements, respond to lawful requests, and enforce our agreements.

3. How We Share Your Information

We do not sell your personal information or Protected Health Information. We may share information in the following circumstances:

  • Healthcare providers: with licensed clinicians in our network who are involved in your care, pharmacies that fill your prescriptions, and laboratories that process your tests.
  • Service providers: third-party vendors who help us operate our Services (e.g., cloud hosting, payment processing, analytics). These vendors are contractually obligated to protect your information and, where applicable, sign Business Associate Agreements under HIPAA.
  • Legal requirements: when required by law, regulation, court order, or governmental request, or to protect the rights, safety, or property of Embirwell, our patients, or others.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

4. HIPAA and Protected Health Information

As a provider of healthcare services, Embirwell is subject to the Health Insurance Portability and Accountability Act (HIPAA). Your Protected Health Information (PHI) is handled in accordance with our Notice of Privacy Practices, which describes in detail how your health information may be used and disclosed and how you can exercise your rights regarding that information. You can view our full HIPAA Notice at /hipaa.

5. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information. These include encryption of data in transit and at rest, access controls, regular security assessments, and employee training. While no system can guarantee absolute security, we are committed to maintaining industry-standard protections for all personal and health information.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you signed in and maintain your session.
  • Remember your preferences and settings.
  • Understand how you interact with our Services so we can improve them.
  • Deliver relevant content and measure the effectiveness of communications.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services. We do not use cookies to track or store Protected Health Information.

7. Your Rights and Choices

Depending on your state of residence, you may have rights regarding your personal information, including:

  • Access and portability: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate information.
  • Deletion: request that we delete your personal information, subject to certain exceptions (e.g., legal retention requirements).
  • Opt out of marketing: unsubscribe from promotional emails at any time by clicking the unsubscribe link in any marketing email or contacting us directly.

For rights related to your Protected Health Information, please see our HIPAA Notice.

8. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Medical records are retained in accordance with applicable state and federal law, which typically requires retention for a minimum of six to ten years following the last date of treatment. Non-medical personal information is retained for the duration of your account and for a reasonable period afterward to comply with legal obligations and resolve disputes.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, providing additional notice (such as an email notification or an in-app alert). Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: