skip to main content
MSD Manual LogoMSD ManualConsumer Version
Search icon

Mobile App Specific Privacy Policy

MSD Manual App – Privacy Notice

Effective Date: April 6, 2026

This Privacy Notice (“Notice”) explains how the MSD Manual mobile application (“App”) collects, uses, discloses, and protects personal data in all regions where it is offered. The App is a reference resource for health care professionals and the public.

If anything in this Notice conflicts with a mandatory local legal requirement, the local requirement will apply to users in that location.

 

Who We Are

The controller of personal data processed through the App is:

Merck & Co., Inc., Rahway, NJ, USA (“MSD,” “we,” “us,” “our”).

Registered address: 126 E. Scott Avenue, Rahway, NJ 07065, USA.

Email: msdmanualsinfo@msd.com

Website: www.msdmanuals.com

Data Protection Officer and EU/UK Representative: msd_privacy_office@msd.com

 

Scope and Audience

This Notice applies to the App and any in‑App features, communications, and services. It does not cover external websites or services that we do not control. If you follow a link to another service, its privacy notice governs.

The App is intended for adults and health care professionals. It is not directed to children under the age of 18. See “Children’s Privacy” below.

 

The Data We Collect

We collect only the data needed to operate and improve the App. Depending on your device, settings, and choices, we may process:

  • Device and usage information, such as device model, operating system, language, time zone, App version, screens viewed, and basic interaction events.
  • Diagnostics and crash information, such as error and crash logs, performance data, and stability signals.
  • Push notification identifiers, such as device tokens necessary to deliver notifications you have enabled.
  • QR code scan results, limited to recognized MSD content or URLs; we do not store the image of the scan.
  • Video playback telemetry related to our educational content (e.g., buffering, start/stop events).
  • Download management data for offline access to selected videos and content within the App.
  • Network request metadata necessary to securely connect to our servers.

     

    We do not access your photo library, contacts, microphone, or precise location unless you grant permission and the feature requires it. If a feature requests a device permission, it will be used only for that feature.

     

    Special categories of data: The App provides medical reference content but is not designed to collect health information about you. We ask that you do not enter personal health information into the App.

     

    Purpose, Legal basis, and Data elements

     

    Where required, we identify the legal basis for each purpose. In some regions the chosen legal basis may vary depending on local law. We use your data for the following purposes:

     

    Purpose Data Elements Legal Basis
    Operate core App features (content delivery, secure networking, offline downloads) Device identifiers, IP-derived coarse location, App version, network metadata Legitimate interests
    Improve performance and fix bugs (diagnostics, crash logs) Crash logs, device/OS data, performance metrics Legitimate interests or consent where required by ePrivacy/telecom rules
    Measure basic, first‑party audience usage Event counts, screens viewed, session duration Legitimate interests; or consent where required by ePrivacy/telecom rules
    Deliver push notifications you enable Notification tokens, App locale, topic subscriptions Consent
    Secure the App and prevent abuse Security logs, IP‑level metadata, device signals Legitimate interests; compliance with legal obligations
    Respond to inquiries and rights requests Contact details, request details Legal obligation; legitimate interests; consent where applicable

     

     

    In‑App Consent and Your Choices

    When required by local law, the App will display a clear, purpose‑based consent prompt before any non‑essential data collection begins. Non‑essential purposes are off until you opt in. You can change your choices at any time in the App’s Privacy or Settings screen.

    You can also control:

  • Notifications using the device’s operating system settings or the App’s settings.
  • Permissions (camera, storage, etc.) using the device’s settings; if you revoke a permission, related features may not function.

    •  

    In-App Tracking

  • The App uses certain tracking technologies to collect usage data and improve App performance. Some tracking is essential for the App to function properly, while other tracking supports analytics and diagnostics.
  • Where required by applicable law, we will obtain your consent before enabling non-essential tracking. Essential tracking necessary for the App's basic functionality does not require consent. You may withdraw your consent at any time through the App's settings, and we will disable non-essential tracking accordingly.

    •  

    Third‑Party Service Providers

    To provide the App, we use vetted service providers who process data on our behalf under contracts that require appropriate security and confidentiality. These may include:

     

  • Google Firebase (Analytics, Crashlytics)
  • Google Play Services
  • Microsoft Azure Notification Hubs
  • Brightcove (video streaming)
  • Networking and media libraries (e.g., Retrofit, OkHttp, Gson, Picasso) used for secure functionality

    •  

    We do not sell your personal information. We do not share personal information with third parties for their independent marketing purposes.

     

    Data Localization

    Your personal data collected through the App is primarily processed and stored on servers located in the United States and the European Economic Area. Where local law requires data to be stored within a specific jurisdiction, we will comply as described below.

     

    Where required by local law, your personal data will be stored within the applicable jurisdiction. This includes without limitation users in China, Russia, India, Indonesia, and Vietnam. Cross-border transfers from these jurisdictions will only occur where permitted and in compliance with applicable legal requirements.

     

    Data localization laws are evolving, and we will update this section as necessary. For questions about where your data is stored, please contact us using the information in the "Contact Us" section of this Privacy Notice.

     

    International Data Transfers

    We are headquartered in the United States and may process your data in the United States and other countries that may not provide the same level of data protection as your home country. Where required, we implement appropriate safeguards, such as Standard Contractual Clauses, and assess local laws to protect your data.

     

    EU/EEA and UK users: We rely on Standard Contractual Clauses and Binding Corporate Rules to transfer data to countries outside your region. You can request a copy of relevant transfer safeguards using the contact details above.

     

    Retention

    We keep personal data only as long as necessary for the purposes described above or as required by law. Key retention periods are:

     

  • Diagnostics and crash logs: [90 days]
  • Analytics events: [14–26 months]
  • Notification tokens: retained while you are subscribed and deleted when you opt out or uninstall
  • Security logs: [up to 12 months]

When retention is no longer necessary, we delete or de‑identify the data.

Security

We use technical and organizational measures to protect personal data, including encrypted transport (HTTPS), access controls, logging, and secure software practices. No system is perfectly secure, but we work to prevent unauthorized access, use, or disclosure.

 

EU/EEA and UK

You may have the right to request access, rectification, erasure, restriction, objection, and data portability, and to withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with a supervisory authority in your country of residence or work. Contact details for EU data protection authorities are available upon request.

 

United States (California and other state laws)

California residents have the right to request access, correction, deletion, information about categories of personal information collected, and to opt out of sale or sharing for cross‑context behavioral advertising, if applicable. We do not sell personal information. We do not share personal information for cross‑context behavioral advertising.

Residents of other U.S. states with similar privacy laws may have comparable rights. You can submit a request using the methods described in this Notice.

 

Other Regions

Residents of other jurisdictions may also have rights to access, correct, delete, or challenge our processing. We will handle requests consistent with applicable local law.

 

How to Exercise Your Rights

Your rights depend on your location. We will honor all rights that apply to you under local law. You can make a request by using our web form under your country or region at msdprivacy.com. To protect privacy, we may ask you to verify your identity. If we cannot honor your request, we will explain why, subject to legal restrictions.

Appeals: If you are in a U.S. state that provides an appeal right, you may appeal our response by contacting msd_privacy_office@msd.com within 45 days of our decision.

 

Children’s Privacy

The App is not directed to children under the age of 18 or the age defined by local law. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.

Automated Decision‑Making and Profiling

We do not use personal data to make decisions that produce legal or similarly significant effects about you solely by automated means. We do not profile users for targeted advertising within the App.

 

Google Play Data Safety and Platform Disclosures

Our Google Play Data Safety disclosure and any in‑App disclosures are intended to reflect the practices described in this Notice. If there is any discrepancy, the more protective disclosure will govern, and we will promptly correct inconsistencies.

 

Changes to This Notice

We may update this Notice from time to time. We will change the “Effective Date” above and, if changes are material, provide a more prominent notice (for example, an in‑App message or prompt). Your continued use of the App after an update means you acknowledge the updated Notice.

 

Contact Us

If you have questions or concerns about this Notice or our privacy practices, contact us at the addresses described in the “Who We Are” section above.