Privacy Policy

ADAM HEALTH PRIVACY NOTICE

Welcome to our Privacy Notice. Adam Health develops and provides innovative health and wellness products, including the Adam Sensor, a device that helps you gain insights into your nighttime erectile patterns as part of your overall wellness journey. Our “Services” include the products, apps, and website that allow you to track, understand and optimize your health and wellness.      

Within this notice, the “App” refers to the mobile application we provide for your smartphone, which connects to the Adam Sensor and displays your insights and data. The “Site” is our website at https://talktoadam.com, where you can learn about our products, place orders, and access support. The “Services” encompass all these elements and related features that enable you to use our products and tools.

This notice explains how we collect, use, and protect your personal information when you interact with our App, Site, and Services

1. What we collect when you visit our Site, make an order, or use our Services

Whenever you visit our Site, place an order, or actively use our Services, we gather information that allows you to browse, perform actions, and get support. This includes account identifiers, such as your email and password; details about your device and browser; diagnostic and performance data about the Site and App; sensor data linked to your account if you choose to provide it; shipping and payment details used to process orders (which are securely handled by our payment providers such as Shopify); and support interactions like emails or chat transcripts.

We also collect location information necessary to determine your country and, for users in the United States, your state. We use Shopify to determine users' country-level location and the paid service ipwhois.io to determine U.S. users' state-level location. Additionally, we gather data from your interactions, such as usage analytics (which pages you visit, how long you stay, device info like OS and IP address) to keep the Service operating smoothly and troubleshoot issues.

What we collect during activity: 

  • Using the Site or placing an order: your account info, device details, order details, payment info, and delivery address, processed securely through our payment processors.

  • Using the App (including onboarding): device identifier (device ID), sensor data, usage data, and account info. During account creation, we automatically capture and store the device ID to help prevent fraud and improve login security. You will get an OTP (one-time password) via email at sign-up; once you verify ownership, we store the device ID. This device identifier is required to verify that a login attempt is coming from a recognised device as part of the security and authentication systems. For this reason, it cannot be opted out of or removed. On future sign-ins, OTPs are only sent if no device ID exists or 30 days have passed. 

  • Health Data which includes any information about your health including your medical history and/or current health status including but not limited to data regarding test results, diagnoses and medications. Through the Adam Sensor and our App, we collect data related to your nocturnal penile tumescence (NPT), such as frequency and duration.

  • Support and queries: support emails, chat transcripts, survey responses, and any other communication you send.

2. How we use your information

We use the data we collect to operate and improve our Services. This includes managing your account, processing orders, providing support, ensuring security, and improving our products.We analyze how the Service is used, either in an anonymized form that cannot identify you personally or in a pseudonymized form (using a user ID), to fix issues, improve the Service, and develop new features. 

If you choose to opt in to our analytics, your data will be processed in a pseudonymized way, allowing us to provide you with more personalized insights in the future. If you do not opt in, we will only analyze data in an anonymized and aggregated form that cannot be linked back to you. 

You can change your choice at any time through your account settings or by contacting support. Your decision to opt in or out does not affect your use of the core Service.

We only send marketing messages if you opt in, and you can unsubscribe at any time. We also process data as required by law, for lawful requests, and to ensure the security of your account and our services.

3. How we protect your data

We are committed to protecting your personal information with a comprehensive approach. Our systems are designed with security best practices, including encryption of data both in transit (using TLS/HTTPS protocols) and at rest on our cloud infrastructure. We restrict access to sensitive data, such as your health information, to only those employees or contractors who need it to support your account or deliver our services, and they can only access it via role-based permissions and multi-factor authentication.

We regularly conduct security audits and vulnerability assessments, and we work with third-party experts to test our systems’ defenses through ongoing security assessments. Our cloud environments are configured with strict network controls and private architectures to prevent unauthorized access. To help prevent data breaches, we monitor activity logs and audit trails, enabling us to detect suspicious activity early and respond swiftly.

While we employ these safeguards, no system is entirely immune from cyber threats. In the rare event of a data breach, we will follow applicable laws to notify you and relevant authorities promptly, provide guidance on steps to protect yourself, and take all necessary measures to mitigate any harm caused.

4. How long do we keep your data for?

We keep your personal data only as long as necessary. This includes:

  • Active accounts: Sensor data, health data, and account details are stored while your account is active. If you delete your account, we remove your health data from active systems within 30 days and delete backups and inactive copies within 120 days unless you request we anonymise your data for research.

  • Inactive accounts: If an account remains inactive for 24 months, we will notify you. If you do not respond, we will delete your health data after 30 days. We may keep encrypted backup copies for up to an additional 12 months to allow account recovery, unless you request earlier deletion.

  • Identifiers and metadata: When you delete your account, identifiers like your email are deactivated and stored securely for legal and security purposes for approximately 6–7 years (in compliance with applicable law), then permanently destroyed.

  • Financial and transactional data: These records are retained for the period required by law, typically around 6 years.

  • Aggregated or anonymised data: Pseudonymised or anonymised datasets used for research and machine learning training may be retained indefinitely, as they do not personally identify you.

5. Your rights

Your rights over your personal data depend on where you live. The legal bases we rely on to process personal data (EU/UK) and the specific rights you can exercise in the EU/UK and in the United States (with short, practical notes for California, Washington, Illinois and other states). Each subsection explains what the right means, when you might use it, and how to ask us to act.

EU and UK Residents 

Our Legal Basis for Processing your Personal Data

When EU or UK law applies, we only process personal data where we have a lawful basis. The main bases we rely on are:

Consent: for sensitive health data (e.g., NPT readings) we ask for your explicit consent before collection or use. You can withdraw consent at any time; withdrawal stops future processing that relied on consent but does not affect prior lawful processing.

Contract performance: we process data needed to provide the Services you requested (for example creating your account, delivering products, or processing payments).

Legitimate interests: for limited purposes such as fraud prevention, security and product improvement we rely on our legitimate interests, but we balance those interests against your rights and will stop processing if your rights override our interests.

Legal obligation: where the law requires us to keep certain records (tax, accounting, legal claims), we rely on that obligation.

EU & UK residents — what rights you have and how they work

You have several important rights under the GDPR and UK Data Protection Act. Below we explain each right in plain terms and give an example of when you might use it.

  • Right of access. What it is: Ask us whether we hold personal data about you and request a copy.

  • Right to rectification. What it is: Ask us to correct inaccurate or incomplete personal data.

  • Right to erasure (“right to be forgotten”). What it is: Request deletion of your personal data where we have no legal reason to keep it.

  • Right to restrict or object to processing. What it is: Ask us to pause specific processing activities (restriction) or object to processing based on our legitimate interests. When to use it: If you believe our use of your data (for example certain analytics) is causing you harm, or you want us to stop processing your data for research based on legitimate interests.

  • Right to data portability. What it is: Request a copy of the personal data you provided to us in a common, machinereadable format so you can move it elsewhere. Please note,  this right ONLY applies where processing is based on your consent or is necessary to perform a contract with you. It covers data you provided, not inferred or aggregated/anonymised data, and does not include information that would unlawfully disclose another person’s data or our trade secrets. We may redact or refuse requests where fulfilling them would be unlawful, would disproportionately affect others’ rights, or would require disproportionate effort. We will verify your identity before responding and normally reply within one month

  • Right to withdraw consent. What it is: Withdraw any consent you previously gave (for example for marketing or processing special category health data). When to use it: If you change your mind about a consent you previously granted. What we’ll do: Stop the processing that relied on that consent going forward (unless we have another lawful basis to continue).

How to submit requests to exercise your rights: Contact support@talktoadam.com. We normally respond to verified requests within one month. Complex requests may take up to two additional months; we will notify you if we need more time.

United States Residents 

If you live in the United States, these are the privacy rights that may apply to you and what they mean in practice. State privacy laws vary, so some rights will only apply if you live in a particular state and the law covers our services.

First, a short summary you can expect: we do not sell personal information as commonly defined by U.S. privacy laws. Depending on your state, you may be able to ask us to tell you what data we collect and share, request a copy of your data, correct inaccuracies, delete data we collected from you, get a portable copy of data you provided, opt out of certain sharing for advertising, or limit how we use sensitive data like health metrics. If a state law applies to you, we will follow that law’s rules.

California (CCPA / CPRA)
If you live in California and the CCPA/CPRA applies, you can ask us to disclose the categories of personal information we’ve collected about you and the categories of recipients we shared it with, request access to specific pieces of data we hold, request deletion of personal information we collected from you (subject to legal exceptions), ask us to correct inaccurate information, get a portable copy of certain data you provided, opt out of sale or certain sharing for targeted ads, and ask us to limit use of sensitive personal information. To make a California request, email support@talktoadam.com with “California privacy request” in the subject line. We’ll verify your identity and respond within the timeframes required by law (generally 45 days).

Consumer Health Data Privacy Policy - Washington, Nevada and Texas.

Certain states, including Washington Nevada and Texas, have specific laws protecting "consumer health data." This is covered in the separate Consumer Health Data Privacy Policy.

Other state privacy laws (Virginia, Colorado, Connecticut, Utah, etc.)
Several other states have privacy laws that give residents rights similar to California’s: to access, delete, correct, get a portable copy of certain data, and opt out of targeted advertising in some cases. If you live in one of those states and the law applies to us, you can submit a request and we will follow the law’s verification and response process.

How to make a request
Send your request to support@talktoadam.com. Tell us the email address linked to your account, the state where you live, and what you want us to do (for example, “send me a copy of my data” or “delete my account data”). We will ask for enough information to verify your identity before we act, to make sure we only release data to the right person. If you are making a request through an authorized agent, include written authorization as required by law.

Timing and verification
We typically respond to verified U.S. state privacy requests within 45 days. If we need more time because a request is complex, we will tell you and explain why. If we cannot fulfill your request because the law requires us to keep certain records (for example for tax, fraud prevention, or legal claims), we will explain the reason and describe any partial remedies available.

6. Do Not Sell / Do Not Track / privacy signals

Adam Health does not sell personal information If a particular state treats a specific transfer as a “sale” or “sharing,” you may exercise the applicable opt-out right by contacting support@talktoadam.com or through our privacy portal. We honour recognized privacy opt-out signals such as the Global Privacy Control (GPC) where technically feasible and where required by law. You may also manage tracking through the Site’s cookie controls, your browser settings and device privacy controls.

7. International transfers

Adam Health is based in the United Kingdom and uses cloud infrastructure that may involve transfers of personal data between the UK, the European Economic Area and other jurisdictions including the United States. Transfers from the EEA or UK to countries outside those jurisdictions are protected by appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and by technical and organisational measures (for example encryption). We take steps to ensure your personal data receives an adequate level of protection wherever it is processed.

8. Location & geolocation data

If you enable location features on your device and in the App, we may collect your device’s approximate or precise location.  Separately, we also determine location from your IP address (via Shopify and ipwhois.io) to identify your country and, for U.S. visitors, your state. Location data helps us provide certain location-based features, but this service is optional. Once you disable location sharing in your device or App settings, we will stop collecting location data. You can disable location in your device settings: 

  • On iOS, go to Settings → Privacy & Security → Location Services → Adam Health, then select “Never” or “While Using the App,” and turn off Precise Location.

  • On Android, go to Settings → Location → App permissions → Adam Health, then deny location access or allow only while using the app.

Cached location data may continue to exist in backups until it is securely deleted in accordance with our retention policies.

9. Children

The Services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe we have collected data of a minor by mistake, please contact support@talktoadam.com, and we will delete it promptly.

10. Marketing communications

We will only send promotional messages if you have opted in. You can unsubscribe at any time by using the link in our emails or by contacting support@talktoadam.com. Account notifications, security alerts, and communications necessary for providing the Service will be sent regardless of your marketing preferences.

11. Feedback and reviews

 When you share feedback or reviews, we collect the comments, ratings, and any contact details you include. By submitting feedback, you grant us a worldwide, royalty-free license to use, display, and share it, including for marketing purposes. 

You have the right to withdraw this consent at any time by contacting support@talktoadam.com. Please note that feedback posted publicly may remain visible until manually removed, depending on the platform.

12. Complaints and dispute resolution — contact us first

If you have a privacy concern, please contact support@talktoadam.com so we can try to resolve it. If we cannot resolve your complaint, UK residents may refer unresolved complaints to the Information Commissioner’s Office (ICO) (https://ico.org.uk). EU residents may complain to their local supervisory authority. U.S. residents may contact the relevant state regulator or Attorney General; for California the California Attorney General enforces CCPA/CPRA. We ask that you contact us first so we can attempt to resolve your concern quickly.

13. Processors, key vendors and third-party services

We work with trusted thirdparty companies to help run our services smoothly. These companies handle things like hosting our website and app, processing payments, shipping your orders, providing online analytics to understand how customers use our site, and supporting customer questions, such as AWS (cloud hosting), Shopify (shopping platform and location tracking), and ipwhois.io (which helps us identify U.S. states). 

These companies only process your personal data based on our instructions and are legally required to keep your data safe, including implementing technical and organizational security measures such as encryption and access controls. We rely on their compliance with these requirements to help protect your information. 

14. How to contact us

If you have questions, want to exercise your rights, or need support, contact support@talktoadam.com

15. Changes to this Privacy Notice

We may update this notice from time to time to reflect changes in our practices, new services, or changing laws. When we do, we will post the latest version here with a fresh “Last updated” date. Major updates may also be communicated directly.