Privacy policy

Last Updated: 07/09/2025

Please read this privacy notice carefully.

The following describes electroCore’s privacy practices, including its policy for information received from or about you during interactions and visits to our websites. The amount and type of information received depends on how you interact with electroCore and how you use the websites. Data privacy is very important to electroCore, Inc. (and its affiliates) (together, “electroCore”). We also understand that your privacy is very important to you.

This Privacy Statement explains the types of personal data we collect, how that data is collected, used, processed, and protected, and how you can exercise privacy rights you may have regarding the management of your personal data. This Privacy Statement applies to information that we gather through electroCore websites (including https://www.electrocore.com/, https://www.gammacore.com/, https://www.neurometrix.com/, https://quellfibromyalgia.com/, and https://quellrelief.com/) and by way of our interactions with you through our devices or otherwise.

Please read our Terms of Use (https://www.electrocore.com/terms-of-use/) to understand the general rules about your use of our websites. You may be subject to additional terms that may apply when you access particular services or materials on certain areas in the websites, or by following a link from the websites.

HOW TO CONTACT US

For questions about this Privacy Statement or electroCore’s privacy practices, please contact CustomerService@electrocore.com or 888-903-2673.

WHAT PERSONAL DATA electroCore COLLECTS

We may collect, use, store, process, and/or share personal data from the following broad categories:

Identity Data: Includes, for example, name, marital status, title, social security or similar national identification number, date of birth, and gender.
Contact Data: Includes, for example, physical address, billing address, email address, and telephone number(s).
Financial Data: Includes, for example, bank account, payment card details, insurance information, and payroll data.
Transaction Data: Includes, for example, details related to payments and other details regarding services you have received from electroCore or on its behalf.
Technical Data: Includes, for example, internet protocol (IP) address, login data, browser type and version, time zone and location settings, location, browser plug-in types and versions, operating system, platform, and other technology on the devices you use to access electroCore’s website(s).
Profile Data: Includes, for example, your username and password to access any authenticated area of our website(s), your preferences, and feedback and survey responses.
Usage Data: Includes, for example, information about how you use our website(s), products, and services.
Marketing and Communications Data: Includes, for example, your preferences in receiving materials regarding our products and services, and communications from electroCore and third parties, in addition to your communication preferences.
Special Categories of Personal Data: Includes information that most people would consider sensitive, for example, details about your race or ethnicity, sexual orientation, information about your health, and genetic and biometric data.

If you decide (without request by electroCore) to send electroCore information that will identify you, for example, in a message containing comments about our websites or product(s), electroCore will use such information to identify you but will not generally use it except to address or resolve the matter identified in your message.

HOW electroCore COLLECTS PERSONAL DATA ABOUT YOU

Information that you provide to us directly and voluntarily

You may choose to interact with us directly by completing forms or corresponding with us by electronic or written means or even by speaking to us over the phone. For example, you might sign up to receive educational, disease awareness, promotional or other information from electroCore; you might provide us with feedback or complete a survey; you might send us unsolicited information; or might otherwise express interest in our activities or product(s). During such interactions, we will ask you to provide certain information voluntarily, which may include various categories of data like Identity Data, Contact Data, and in some instances, Special Categories of Personal Data.

Information that we collect automatically

When you visit and interact with our website(s) or product(s), we may collect certain information automatically from you and about you, such as Technical Data, which may include information from your device like your IP address, device type, unique device identification numbers, browser-type, preference settings, broad geographic location (e.g., country or city-level location) and other technical information. Some of this information is collected using cookies and similar tracking technologies. Collecting this information enables us to better understand the visitors who come to our website(s), where they come from, and what content on our website(s) is of interest to them. We use this information, including information collected using such technologies, for our internal analytics and marketing purposes to improve the quality and relevance of our website(s) to our visitors, to track and respond to concerns, and to comply with regulatory monitoring and reporting obligations. You can find more information about our use of cookies and other tracking technologies in our “Cookies and Other Tracking Technologies” section below.

Information we receive from third parties (like social media platforms or publicly available sources)

We may receive categories of personal data about you from various third parties and public sources when you engage with our content or product(s) on platforms other than our own website(s). These categories of personal data may include:

Technical Data from analytics providers such as Google, advertising networks, and search information providers.
Contact Data, Financial Data, and Transaction Data from providers of technical, payment, and delivery services.
Identity Data and Contact Data from publicly available sources.
Special Categories of Personal Data, which may include health data, from, e.g., our service providers, collaborators or business partners who assist us in our work and the offerings we may provide.

Please note that third-party platforms (e.g. Facebook and LinkedIn) are governed by their own privacy policies and practices, which we do not control. We encourage you to review the privacy statements of any third-party platform you visit or use to understand how your personal information is collected, used, and shared by those services. Our receipt and use of personal data from these platforms will comply with this Privacy Statement.

HOW electroCore USES YOUR PERSONAL DATA

electroCore and/or our affiliates or service providers may use your personal data for various relevant purposes, including, for example, to:

Communicate with you;
Provide you with services or products in which you expressed interest;
Help us develop additional products and services that are likely to be of interest to you, or others like you, or those you care for;
Investigate or respond to issues such as complaints, security threats or preventative measures against bad actors;
Help us evaluate and modify our existing products and services;
Comply with or fulfill a request that you have made;
Maintain and develop our business or professional relationship with you (as applicable);
Conduct aggregated statistical studies and research related to our products and services and the use of
website(s) to help us understand trends and needs;
As necessary, recognize you and allow you to log on to certain pages and features for which you have registered;
Exercise our legal and regulatory rights and obligations, including taking actions in furtherance of study participant safety; and
Conduct and evaluate audits (such as compliance or corporate audits).

MARKETING USE OF YOUR PERSONAL DATA

electroCore strives to provide you with choices regarding certain personal data uses, particularly around communications related to us, our products and services. We may use your categorized Identity Data, Contact Data, Technical Data, Usage Data, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and materials may be relevant for you. We have established the following personal data control mechanisms:

Opting in. You will receive certain communications from us if you have requested information from us and opted-in to receive such communications.
Consent to third-party marketing. We will not share your personal data for marketing purposes with any company outside of electroCore and its service provider network unless you provide your express opt-in consent to do so.
Opting out. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you. Remember, however, that even if you opt-out of receiving these marketing communications, electroCore will still communicate with you to provide an offering that you request.
Online Analytics. electroCore may use third-party web analytics services (such as, for example, Google Analytics) on our website(s) to collect and analyze the information discussed in this Statement, and to engage in auditing, research or reporting. The information (including your IP address) collected by various analytics technologies will be disclosed to or collected directly by these service providers, who evaluate information, including by noting the third-party website(s) from which you arrive, analyzing usage trends, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by visiting.

HOW electroCore SHARES YOUR PERSONAL DATA

We do not sell your personal data. We may share your personal data with the following categories of parties for the purposes described in this Statement:

Internal and Affiliated Parties: Individuals or groups within our company or within our family of companies (which includes electroCore UK and electroCore Germany GmhH), like subsidiaries, parents or related corporate entities.
Partners: Entities, service providers, consultancies or academic institutions, or data processors with whom we have formal professional relationships.
External Third Parties: Entities or individuals whose services we have formally retained to perform services on our behalf and help further our business requirements, including, without limitation, professional services, research, communications, technological maintenance, data storage, system administration, and data analysis and processing.
Parties as part of a business transaction: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement.
Government and Legal Authorities: Government agencies, regulators, authorities, court or third parties as may be advisable under or required by law and/or when advisable or necessary to establish or defend our legal rights or to protect your vital interests or those of other persons.
To other persons or entities, only with your proper consent

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

electroCore COMMUNICATIONS

Where permitted by law, we may contact you periodically by e-mail, mail, SMS or telephone to provide marketing information regarding programs, products, services and content that we believe may be of interest to you.

You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, and in case of SMS, reply “STOP” to the message. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under “How to Contact Us” above.

electroCore’s BASIS FOR HANDLING YOUR PERSONAL DATA

electroCore will only collect, process, and use the personal data described above where applicable laws allow us to do so. Simply put, we will do so only when we have your consent and/or when we have a legitimate business interest. We may process your personal data based upon more than one lawful basis and legitimate interest depending upon the specific purpose(s) for which we are using the personal data. electroCore’s primary legitimate interests include the research, development, production, and promotion of the innovative health and wellness solutions at the heart of our corporate
mission.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How To Contact Us” section above.

We will normally collect personal information from you only (i) where we need the personal data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).

COOKIES AND OTHER TRACKING TECHNOLOGIES

We may automatically collect some personal data when you visit and engage with our website(s) by means which may include Internet server logs, cookies, beacons, and/or other tracking technologies.

electroCore’s websites currently use a form of tracking technology called “cookies.” Cookies are small files that are automatically stored on your computer when you visit a website. Cookies are used to (a) recognize your device; (b) store your preferences and settings; (c) understand the web pages of the website you have visited; (d) perform searches and analytics; and (e) assist with security functions. Cookies perform many functions, such as allowing you to navigate between pages efficiently, remembering your preferences, and generally improving the user experience.

A cookie’s life span may vary depending on what the individual providers have set for them. Some cookies disappear as soon as you close your browser window, where others may exist for several years. The web analytics and advertisement-related cookies on electroCore’s websites have a typical life span of up to 24 months. The life span is reset after each visit to the web site.

If you do not wish to have cookies on your system, you can set your browser preferences to refuse them or to alert you when cookies are being sent. If you block certain cookies, it may result in portions of the website(s) from functioning or appearing as intended. You are able to change your settings to notify you when a cookie is being placed or to block cookies altogether. For additional information, consult your browser’s “Help” section because controls and settings vary by browser. If you choose to decline all cookies, you may not be able to fully experience all the features of our website(s). Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Websites linked to this Privacy Statement do not currently respond to these “do-not-track” signals.

A web server log is a file where website activity is stored. An IP address is a number assigned to your device whenever you access the Internet that allows devices and servers to recognize and communicate with each other. electroCore may collect IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or service providers to conduct website and application analysis and performance reviews.

Beacons are small strings of code that are placed in websites, email messages, and/or online ads. Sometimes called “tracking pixels” or “pixel tags,” beacons are most often used in conjunction with cookies to track activity on websites. Since beacons are typically used in combination with cookies, if you disable cookies, the beacons will only detect an anonymous website visit. When used in an email, beacons enable us to know whether you have received or opened the email and may be used for other analytics, personalization, and advertising.

HOW electroCore PROTECTS YOUR PERSONAL DATA

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, impermissibly altered, disclosed, used, or accessed in an unauthorized way while it is under our control. The measures we deploy are designed to provide a level of security appropriate to the risk of processing your personal data. In addition, we limit access to your personal data to those employees, agents, designees, and other third parties who have a business need to do so. Those parties will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have implemented reasonable procedures to guard against and address data breaches. In the unlikely event of a breach implicating your personal data that requires notification, we will do so and fulfill all our related legal obligations.

WHY AND HOW electroCore RETAINS YOUR PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In other words, for as long as we have an ongoing legitimate business need to do so.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Once we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

CHILDREN

We do not knowingly collect any personal information from children under the age of 13 through our websites. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Statement by instructing their children never to provide personal information to us without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us at CustomerService@electrocore.com.

EFFECT OF OTHER PRIVACY STATEMENTS OR NOTICES

electroCore may have additional privacy statements or notices that are directed to and tailored for the different ways personal data is collected from various audiences or under specific circumstances. For example, applicants for employment or employees may be provided with a separate privacy statement.

If you receive a privacy statement or notice provided to you for a specific purpose, the terms of the more specific statement or notice will control to the extent that other statements or notices may differ from this Privacy Statement.

LINKS TO OTHER WEBSITES

electroCore may offer links to other sites that we believe may offer useful information to visitors of our website(s). The inclusion of a link on the electroCore website(s) does not imply our endorsement of the linked site or service. electroCore is not responsible for content that exists on third-party websites. When you click on one of these links, you will be transferred from the website and be connected to the site of the organization or company that you selected. At such point, this Privacy Statement will not apply to your activity on the non-electroCore website(s). Each of these linked sites or platforms maintains its own independent privacy policies and procedures, which you should consult before providing any of your personal information.

Please note that linked third-party websites may also use cookies or other tracking technologies. We cannot control the use of cookies or other tracking technologies by any such third-party websites or platforms. For example, when you link from this site to a third-party website, that website may have the ability to recognize that you have come from our site by using cookies. If you have any questions about how third-party websites use cookies, you should contact such third parties directly.

NOTICE TO CALIFORNIA RESIDENTS

California’s Shine the Light Law (California Civil Code Section 1798.83) permits certain California residents who are individual customers to request certain information regarding its disclosure of “personal information” to third parties for their direct marketing purposes. To make such a request, please contact us using our contact information listed in the “How to Contact Us” section above.

Be sure to include your name and address. You can include your email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by law.

NOTICE TO NEVADA RESIDENTS

Section 603A of the Nevada Revised Statutes permits certain Nevada residents who are “consumers” to submit a request at any time to an “operator” of a website in Nevada, directing the operator not to make any sale of any “covered information” the operator has collected or will collect about the consumer. electroCore does not currently “sell” or plan to sell covered information as defined in the Nevada law. If you are a Nevada resident, you may submit a verified request by sending an email or contacting us using the information provided in the “How to Contact Us” section above.

SUPPLEMENTAL EUROPEAN ECONOMIC AREA and UNITED KINGDOM PRIVACY STATEMENT

If you are located within the European Union (“EU”), European Economic Area (“EEA”) or United Kingdom (“UK”), please read this section carefully as it will supplement the other provisions of this Privacy Statement.

1. How We Use Your Personal Data

We will use your personal data only when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:

Where you have given us your consent, for a specific purpose.
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and
fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Where necessary for scientific research purposes.
Where we need to protect your vital interests or the vital interests of another natural person.
Where it is needed in order to perform a task in the public interest or to exercise official authority.

Generally, you will have the right to withdraw your consent at any time by contacting us using the contact information listed in the “How to Contact Us” section above.

We have set out below, in a table format, a description of all the ways we may use your personal data, and which of the corresponding legal bases we rely upon to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need additional details about the specific legal basis we are relying on to process your personal data, where more than one basis has been set out in the table below.

Purpose/Activity	Category of personal data	Lawful basis for processing
To engage you as a new vendor or other service provider, contractor or employee	(a) Identity (b) Contact	(a) Performance of a contract with you (b) Necessary for our legitimate interests (c) To operate our business
To process and deliver products or services including: (a) Managing payments, fees and charges (b) Collecting and recovering money owed to us	(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (c) To operate our business (d) To keep our business records updated (e) To recover debts due to us
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Privacy Statement (b) Asking you to provide feedback or take a survey (c) Other communications as a contractor or an employee (d) Responding to your requests	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Financial (g) Professional or Employment-related	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (d) To keep our business records updated (e) To study how customers use our products/services (f) To manage our employee relationships
To enable you to complete a survey	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (c) To study how customers use our products/services (d) To obtain feedback and grow our business
To administer and protect our business and our intranet and website(s) (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Contact (c) Profile (d) Technical (e) Usage	(a) Necessary for our legitimate interests (b) For running our business (c) For provision of IT services and network security (d) To prevent fraud (e) Necessary to comply with a legal obligation
To deliver relevant content on website(s) and marketing to you and understand the effectiveness of our marketing activities	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical	(a) Necessary for our legitimate interests (b) To study how customers use our products and services (c) To develop our products and services (d) To grow our business (e) To inform our marketing strategy
To use data analytics to improve our website(s), products/services, marketing, customer relationships and experiences	(a) Technical (b) Usage	(a) Necessary for our legitimate interests (b) To define types of customers for our products and services (c) To keep our website(s) updated and relevant (d) To develop our business (e) To inform our marketing strategy
To make suggestions and recommendations to you about goods or services that may be of interest to you	(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile	(a) Necessary for our legitimate interests (b) To develop our products and services (c) To grow our business

2. Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

3. International Transfers of Personal Data

Specifically, website servers for US data are primarily located in Virginia, USA and web servers for European data are located in the UK. Personal data is not routinely transferred outside of the EEA or Switzerland except where necessary to respond to product complaints or inquiries. In such instances, we will take appropriate safeguards to ensure that your personal information will remain protected in accordance with this privacy notice. These include implementing the European Commission’s Standard Contractual Clauses or a similar mechanism.

electroCore is based outside the EEA, UK and Switzerland, so the processing of your personal data may involve a transfer of data outside the EEA or the UK. Your personal data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country.

Whenever we transfer your personal data out of the EEA, UK, or Switzerland, we ensure an adequate and similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries or entities that have been deemed by the applicable supervisory authority to provide an adequate level of protection for personal data;
We will only transfer your personal data to countries or entities pursuant to the terms of binding agreement to and compliance with standard contractual clauses or binding corporate rules, each as approved by the European Commission or other regulators, as applicable;
We will only transfer your personal data to countries or entities pursuant to the consent of the individual to whom the personal data pertains; or
We will only transfer your personal data to countries or entities as otherwise authorized by the EEA, UK, Switzerland or permitted by applicable requirements.

4. Your Data Protection Rights

This section provides information on the rights that you have under EEA or UK law in relation to your personal data. Under certain circumstances, individuals located in the EEA or the UK have the following data protection rights:

To access their personal data.
To correct their personal data.
To erase their personal data.
To object to the processing of their personal data.
To restrict the processing of their personal data.
To transfer their personal data.
To not be subject to a decision based solely on automated processing, including profiling.
To withdraw any consent that they have previously provided for the processing of their personal data.

To exercise any of the rights described above, please send a message to DPO@electrocore.com and put “GDPR request” in the subject line of your email.

For advice or to make a complaint concerning the management of your personal data, you can also contact the applicable Supervisory Authority within the EEA at this link (https://edpb.europa.eu/about-edpb/board/members_en); the Information Commissioner’s Office within the UK at this link (https://ico.org.uk/make-a-complaint/), or Switzerland’s Federal Data Protection and Information Commissioner at this link (https://www.edoeb.admin.ch/en/reporting-portals ).

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests in a timely fashion and as may be required by applicable law. Occasionally it may take us longer than usual if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

UPDATES TO THIS PRIVACY STATEMENT

We may update this Privacy Statement from time to time so please review this Privacy Statement each time you visit our websites. When this Statement is updated, we will take appropriate measures to inform you, consistent with the significance of the updates made. As may be required by applicable law, electroCore will seek your consent to any material changes to the Privacy Statement.