1. Overview

Menopathway provides a decentralised, clinician-led menopause and women’s health platform supported by longitudinal analytics and AI-assisted decision support. We are committed to protecting your privacy and safeguarding health information.

2. Who we are

Data controller: Menopathway Ltd (“Menopathway”, “we”, “us”).
Contact: [email protected]
Registered address: [insert registered address]

Where you access clinical care through Menopathway, certain clinicians or clinical partner organisations may act as independent data controllers for the care they provide. Where this applies, they will provide their own privacy information.

3. The data we collect

3.1 Account and identity data

• Name, email address, and account identifiers
• Authentication data (passwords are stored in hashed form)
• Subscription status and plan information (where applicable)

3.2 Health and clinical data (special category data)

• Symptom tracking entries and check-ins (frequency, severity, patterns)
• Menopause stage information and preferences you provide
• Medication and HRT information you enter or that is recorded during care
• Clinical notes and care plans (where clinician care is provided)
• Diagnostic orders and lab results (where diagnostics are offered)
• Risk prompts, trend summaries, and other outputs generated from your data

3.3 Usage, device, and technical data

• IP address, device and browser information
• Pages viewed and feature usage (to improve performance and safety)
• Security logs (e.g., access attempts, rate limiting events)

3.4 Communications

• Messages you send to clinicians or support
• Enquiry form submissions and correspondence

3.5 Employer and corporate context (if applicable)

If your employer provides access to Menopathway, we may process limited participation information needed to deliver the service. Employers receive aggregated and anonymised analytics only. We do not share individual health data with employers.

4. Legal bases for processing

We process personal data under the UK GDPR using one or more of the following lawful bases:

• Contract: to provide the service you request (UK GDPR Article 6(1)(b)).
• Legitimate interests: to operate, secure, and improve the platform, where balanced against your rights (UK GDPR Article 6(1)(f)).
• Consent: for certain optional features and communications (UK GDPR Article 6(1)(a)).

For health information (special category data), we rely on additional conditions, including:

• Health or social care: provision and management of health care (UK GDPR Article 9(2)(h)) where applicable.
• Explicit consent: where required for particular processing activities (UK GDPR Article 9(2)(a)).

5. How we use your data

• Provide the service: deliver symptom tracking, insights, and clinically governed workflows.
• Support clinician-led care: enable consultations, care plans, follow-ups, and documentation where offered.
• Diagnostics: support test ordering, results delivery, and integration into longitudinal views where applicable.
• Safety and governance: maintain audit trails, access controls, incident handling, and clinical safety processes.
• Improve the platform: use de-identified and aggregated data to enhance reliability, safety, and performance.

6. AI and automated processing

Menopathway uses analytics and AI models to support longitudinal symptom intelligence, pattern detection, and clinical decision support. These systems are designed for decision support and do not provide autonomous diagnosis or prescribing. Clinicians remain responsible for clinical decisions.

• We aim to provide explainable outputs (supporting signals and rationale) where possible.
• We monitor models and platform behaviour for safety and reliability.
• You may request clarification or human review of certain outputs where applicable.

7. Sharing your data

We do not sell your personal data.

7.1 Clinicians and care teams

If you choose to engage with clinician-led care, we share relevant information with the clinicians involved in your care.

7.2 Diagnostics and lab partners

Where you use diagnostics, we may share necessary details with accredited laboratory partners and logistics providers to fulfil tests and return results.

7.3 Service providers (processors)

We use vetted service providers for secure hosting, email delivery, monitoring, and support. They are bound by contractual confidentiality, security obligations, and instructions to process data only for Menopathway.

7.4 Employers, public sector, and population analytics

Employers and public-sector partners may receive aggregated, anonymised insights to support service planning and governance. These insights are designed to avoid identifying individuals.

7.5 Legal and safety

We may disclose information where required by law, to protect rights and safety, or to investigate suspected fraud or security incidents.

8. International transfers

We aim to keep data within the UK where possible. If data is processed outside the UK, we use appropriate safeguards such as contractual protections and security measures to protect your data.

9. Security

We use technical and organisational measures appropriate to the sensitivity of health data, including encryption in transit and at rest, role-based access controls, audit logging, and security monitoring.

10. Data retention

We retain personal data only as long as needed for the purposes described above, including to deliver the service, meet legal obligations, and support clinical governance. Where clinical care is delivered, retention may be affected by medical record obligations.

11. Your rights

You have rights under UK GDPR, including the right to access, correct, delete, restrict processing, and port your data in certain circumstances. You may also object to some processing and withdraw consent where we rely on consent.

To exercise your rights, contact [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

12. Cookies and analytics

We use essential cookies and similar technologies required for security and core functionality. We may use privacy-focused analytics to understand overall site usage without selling personal data. Where required, we will provide a cookie notice and choices.

13. Children’s privacy

Menopathway is intended for adults (18+). We do not knowingly collect personal data from children.

14. Changes to this policy

We may update this policy to reflect changes in our services, regulation, or security practices. Material changes will be communicated appropriately.

15. Contact

Privacy enquiries: [email protected]
Menopathway Ltd, [insert registered address]