Privacy Policy.

Last updated: April 2026 · Effective: April 1, 2026

1. Introduction

Welcome to Calibr Health LLC ("Calibr Health," "we," "us," or "our"). We are a direct-to-consumer telehealth company operating at calibr.health, providing men's health services with a focus on testosterone replacement therapy (TRT) evaluation and treatment in the United States.

This Privacy Policy explains how we collect, use, share, and protect your personal information — including your health and medical information — when you visit our website, create an account, complete a health assessment, or use any of our services (collectively, the "Services").

Because our Services involve the collection and processing of sensitive health information, we take your privacy seriously. We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), applicable state privacy laws, and industry best practices for healthcare data security.

Please read this policy carefully. By accessing or using our Services, you agree to the practices described here.

2. Information We Collect

We collect information you provide directly, information generated through your use of our Services, and information from third-party service providers.

2.1 Personal identification information

• Full legal name
• Date of birth
• Email address
• Phone number
• Mailing and shipping address
• Government-issued ID (for identity verification, when required)

2.2 Health and medical information (Protected Health Information)

Because our Services involve clinical evaluation and treatment, we collect information that qualifies as Protected Health Information (PHI) under HIPAA, including:

• Chief complaints, symptoms, and health concerns you report
• Personal and family medical history
• Current and past medications, supplements, and dosages
• Allergies and adverse drug reactions
• Laboratory test results (e.g., testosterone levels, CBC, metabolic panel, PSA, estradiol, lipids)
• Diagnoses and treatment plans issued by licensed clinicians
• Prescription history
• Lifestyle information relevant to treatment (sleep, exercise, diet, alcohol and tobacco use)
• Communications between you and your care team

2.3 Payment information

• Credit or debit card number, expiration date, and security code
• Billing name and billing address

Payment card data is processed by our third-party payment processor (Stripe, Inc.) using industry-standard PCI-DSS compliant systems. Calibr Health does not store full card numbers on its own servers.

2.4 Account and communications data

• Username and encrypted password
• Account preferences and settings
• Messages and support communications sent to us
• Survey responses and feedback you voluntarily provide

2.5 Device and usage data

When you visit our website or use our Services, we automatically collect certain technical information, including IP address and approximate geographic location, browser type and version, operating system, device type and identifiers, pages viewed, links clicked, time spent on pages, referring URL, and date and time of your visit.

3. How We Use Your Information

3.1 Providing and delivering healthcare services

• Processing your health intake questionnaire and connecting you with a licensed clinician
• Facilitating telehealth consultations between you and your care team
• Communicating clinical evaluations, diagnoses, and treatment plans to you
• Processing and fulfilling medication prescriptions through our pharmacy partners
• Coordinating laboratory testing and communicating results
• Managing ongoing care, follow-up consultations, and treatment adjustments

3.2 Account management and communication

• Creating and maintaining your patient account
• Sending appointment reminders, care instructions, and treatment updates
• Responding to questions, support requests, and complaints
• Sending billing receipts and subscription-related notices

3.3 Payment processing

• Processing subscription payments and one-time charges
• Managing billing disputes and refund requests
• Preventing fraud and unauthorized transactions

3.4 Service improvement and analytics

We use aggregate and de-identified usage data to improve our website, clinical workflows, and patient outcomes.

3.5 Legal and regulatory compliance

We comply with applicable laws including HIPAA, respond to lawful requests, maintain records as required by medical and pharmacy regulations, and protect the rights and safety of Calibr Health, our users, and the public.

3.6 Marketing communications

With your consent, we may send you informational content about men's health, updates about our Services, or promotional offers. You may opt out at any time. We do not use your Protected Health Information for marketing purposes without your explicit authorization.

4. HIPAA Notice & Patient Rights

4.1 What is PHI?

PHI is any individually identifiable health information — including your name, date of birth, address, medical history, diagnoses, treatments, prescriptions, lab results, and payment information for healthcare services — that is created, received, maintained, or transmitted by a covered healthcare entity or its business associates.

4.2 Our role and OpenLoop as Business Associate

Calibr Health operates a consumer-facing telehealth platform. Our clinical services are delivered through OpenLoop Healthcare Partners, a healthcare technology company that provides HIPAA-compliant electronic medical records (EMR), clinician management, prescription routing, and pharmacy coordination services on our behalf.

OpenLoop acts as a Business Associate under HIPAA. We have entered into a Business Associate Agreement (BAA) with OpenLoop that restricts how PHI may be used, requires safeguards, mandates breach reporting, and obligates OpenLoop to assist us in fulfilling your HIPAA patient rights.

4.3 Permitted uses and disclosures of PHI

Under HIPAA, we may use and disclose your PHI without additional authorization for treatment, payment, healthcare operations, and as required by law. All other uses require your written authorization.

4.4 Your rights under HIPAA

• Right to access your medical records (response within 30 days; cost-based fee may apply)
• Right to amendment if you believe PHI is inaccurate (response within 60 days)
• Right to an accounting of disclosures (up to six years prior)
• Right to request restrictions on certain uses and disclosures
• Right to request confidential communications by alternative means or location
• Right to a copy of this notice
• Right to file a complaint with us at support@calibr.health or with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr or 1-800-368-1019. We will not retaliate against you for filing a complaint.

4.5 Breach notification

In the event of a breach of unsecured PHI, we will notify affected individuals as required by the HIPAA Breach Notification Rule (45 C.F.R. § 164.400–414), generally within 60 days of discovering the breach.

5. How We Share Your Information

We do not sell your personal information. We share your information only as described below.

5.1 Licensed clinicians (OpenLoop)

We share your health intake, medical history, and other relevant PHI with the licensed clinicians who evaluate and treat you through the OpenLoop platform. These clinicians are independent licensed practitioners; Calibr Health facilitates the platform connection.

5.2 Pharmacy partners

If a clinician issues a prescription, your PHI (name, address, prescription details, and relevant medical information) is transmitted to one of our licensed pharmacy partners — RedRock Pharmacy, Health Warehouse, Precision Medicine, or Triad Rx — for fulfillment and shipping. Pharmacies are HIPAA-compliant covered entities subject to their own privacy obligations.

5.3 Diagnostic and laboratory partners

If lab testing is required, we may share relevant information with licensed clinical laboratories. Lab results are returned to your treating clinician and made available to you.

5.4 Payment processors

We share necessary billing information with Stripe, Inc. and other payment processors. These vendors are PCI-DSS certified and contractually prohibited from using your data for any other purpose.

5.5 Technology and infrastructure providers

We use third-party vendors for hosting, analytics, customer support, and communications. These vendors process data only on our behalf, under data processing agreements.

5.6 Legal requirements and law enforcement

We may disclose information when required by law, regulation, or court order; to respond to subpoenas or warrants; to protect any person's safety; or to investigate fraud.

5.7 Business transfers

If Calibr Health is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

5.8 With your consent

We may share information with third parties not listed here when we have your explicit written consent.

5.9 We do not sell your data

Calibr Health does not sell, rent, or trade your personal information or PHI to data brokers, advertisers, or other third parties for their own commercial use.

6. Telehealth-Specific Disclosures

6.1 Nature of telehealth services

Calibr Health provides access to licensed clinicians through secure telehealth technology, including asynchronous questionnaires, secure messaging, and video or phone consultations. By using our Services, you consent to receiving healthcare via telehealth. See our full Telehealth Informed Consent for details.

6.2 Telehealth limitations

• Telehealth services may not be appropriate for all medical conditions or emergencies
• Clinicians are not physically present and must rely on information you provide and labs or records you share
• Technical failures may interrupt a telehealth consultation
• The quality of care may be affected if you do not provide complete and accurate medical information
• Telehealth does not replace an established relationship with a primary care provider

6.3 Emergency situations

6.4 State licensing and availability

Our clinical services are delivered by licensed clinicians who hold valid licenses in the state(s) where they practice. We make reasonable efforts to ensure clinicians caring for you are appropriately licensed in your state of residence. Calibr Health currently offers services in all 50 states plus Washington D.C. Some services may not be available in all 50 states or Washington D.C. Subject to change. See our states served page.

6.5 Transmission security

Telehealth communications, including health questionnaires, consultation notes, and messaging, are transmitted using secure, HIPAA-compliant encryption. All telehealth data is stored in HIPAA-compliant systems operated by OpenLoop Healthcare Partners.

7. Data Security

7.1 Technical safeguards

• Encryption in transit: TLS 1.2 or higher (HTTPS)
• Encryption at rest: AES-256 or equivalent
• Access controls: Role-based access and multi-factor authentication
• Audit logging: Access to PHI is logged and monitored
• Secure development: Platform built following secure software development practices

7.2 Administrative safeguards

• HIPAA privacy and security training for all personnel with PHI access
• Business Associate Agreements with all vendors handling PHI
• Regular risk assessments and vulnerability management
• Incident response and breach notification procedures

7.3 Physical safeguards

Data is hosted in SOC 2 certified data centers with physical access controls. Workstation use policies and device management apply to personnel accessing PHI.

7.4 Your responsibilities

Keep your password confidential, log out on shared devices, and notify us immediately at support@calibr.health if you suspect unauthorized access.

7.5 No absolute guarantee

While we implement industry-standard measures, no method of electronic storage or transmission is 100% secure. We will promptly notify you of any material breach as required by law.

8. Data Retention

8.1 Medical and health records

We retain PHI for a minimum of seven (7) years from your last clinical interaction, or as required by applicable state law (whichever is longer).

8.2 Account data

Your account data is retained for the duration of your account. After closure, we retain the minimum information needed to fulfill legal obligations, resolve disputes, and enforce agreements.

8.3 Payment records

Financial transaction records are retained for at least seven (7) years to comply with tax and accounting regulations.

8.4 Usage and analytics data

Aggregate and de-identified usage data may be retained indefinitely for analytics and service improvement.

8.5 Deletion requests

We will honor deletion requests to the extent permitted by law. Medical records subject to HIPAA retention cannot be fully deleted until the retention period has passed.

9. Your Privacy Rights

9.1 General rights (all users)

• Right to access a copy of personal information we hold about you
• Right to correction of inaccurate personal information
• Right to deletion subject to legal retention requirements
• Right to opt out of marketing at any time
• Right to data portability in a structured, machine-readable format

9.2 California residents — CCPA/CPRA rights

California residents have additional rights under the CCPA/CPRA, including the right to know, right to delete, right to correct, right to opt out of sale or sharing (we do not sell), right to limit use of sensitive personal information, and non-discrimination. Contact support@calibr.health to exercise. We respond within 45 days.

9.3 Virginia, Colorado, Connecticut, Texas, and other state residents

Residents of states with comprehensive consumer privacy laws have substantially similar privacy rights. Contact us to exercise your rights under applicable state law.

9.4 How to exercise your rights

Email support@calibr.health with the subject line "Privacy Rights Request." We may need to verify your identity. We will respond within the timeframes required by applicable law and will not charge a fee for reasonable requests.

10. Cookies and Tracking Technologies

10.1 What we use

• Essential cookies required for the website to function
• Analytics cookies (e.g., Google Analytics) — aggregated and de-identified
• Marketing cookies from advertising platforms — loaded only after you consent

10.2 Your choices

Configure your browser to refuse cookies, install the Google Analytics Opt-Out Browser Add-on, or visit optout.aboutads.info.

10.3 What we do not do

We do not use tracking cookies inside our secure patient portal, and we do not use your PHI for advertising targeting.

11. Children's Privacy

Calibr Health's Services are intended exclusively for adult men aged 18 years and older. We do not knowingly collect personal information from anyone under 18. We comply with the Children's Online Privacy Protection Act (COPPA).

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and notify account holders by email. Your continued use after changes constitutes acceptance of the revised policy.

13. Contact Information

• Email: support@calibr.health
• Mail: Calibr Health LLC
• Website: calibr.health

For HIPAA-related complaints you may also contact the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr, phone 1-800-368-1019, TDD 1-800-537-7697.