2. Types of Personal Information We Collect
When you use our Services, we may collect the following types of information:

• Account profile and health information: We collect personal information that you (or your healthcare provider) provide to us when you use our Services, including your name, email address, gender, date of birth, height, weight, health conditions, and other such information;
• Business account and usage information: If you maintain a business account with us (such as healthcare providers), we maintain business contact information and authorized user profiles, payment information, usage data regarding our Services, and other such information;
• Survey information in response to questions we may send you, including for feedback and research purposes;
• Communications between you and us, such as via email, web form, mail, phone, or other channels; and
• Online User Activity described in the next section.

As noted above, any of your personal information and health-related information that we collect or process through our Services on behalf of your healthcare provider has special protections under HIPAA and is subject to that provider’s HIPAA Notice of Privacy Practices and our business associate agreement with them.
If you provide us with information regarding another individual (including a minor), you represent that you have that any necessary authorizations and consents to give us their information and to permit us to use their information in accordance with this Policy.

3. ONLINE USER ACTIVITY, COOKIES AND INFORMATION COLLECTED BY OTHER AUTOMATED MEANS
Cookies are a commonly-used web technology that allow websites or apps to store and retrieve certain information on a user’s system, and track users’ online activities. We and our service providers may collect information about your use of our Services by such automated means, including but not limited to cookies, pixels, software development kits (SDKs) and other similar technologies. These tools can help us automatically identify you when you return to our Services. Cookies help us review traffic patterns, improve our Services, and determine what Services are popular.
When you use the Services, the information we may collect by automated means includes, for example:

• Usage Details about your interaction with our Services (such as the date and time of use, pages visited, features used);
• Device Information including the IP address and other details of a device that you use to connect with our Services (such as device type, model and operating system information); and
• Location information where you choose to provide the website or app with access to information about your device’s location.

If a user does not want information collected through the use of cookies on our website, most browsers allow the visitor to reject cookies, but if you choose to decline cookies, you may not be able to fully experience the interactive features our Services provide. Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. We restrict the third party collection, use and disclosure of Online User Activity that constitutes PHI, consistent with applicable laws.

4. How We Use Your Information
We use the information we collect about you or that you provide to us for purposes allowed by applicable laws, including to:

• Provide, maintain, and improve our Services, including to establish and maintain any account or user ID that is created for your use of our Services, and to process transactions or interactions, and for personalizing your experience and providing tailored content;
• Respond to your requests, questions and comments and provide customer support through email, phone and other available communications channels, and to otherwise communicate with you, including sending you updates and providing information about our Services;
• Provide you with information, products, or services that your healthcare provider, health plan, or you request from us, or other administrative notices;
• Operate, evaluate, and improve our Services, including to diagnose and improve our technology and user engagement;
• Comply with and enforce as needed applicable legal requirements, industry standards, our policies and our contractual rights;
• Monitor performance, protect the security and integrity of our Services, and support health care operations and otherwise use such information as permitted under HIPAA, as applicable; and
• For any other purpose specified at the point of collection or as described in your express authorization.

We may use and disclose non-personal, non-individual statistics or demographic information in aggregate form without restriction.

5. How We Share Information
We will not share your personal information with third parties without your consent, except in the following circumstances:

• As you direct us, such as with healthcare providers and health plans, care managers or care coordinators, and for other purposes that you specify;
• We may share information with our related subsidiaries and affiliates, subject to the terms of
this Policy;
• We may share your information as permitted by law, including, for example, with third-party service providers that provide and support a technology, business, or other professional function for us (examples include IT services, maintenance and hosting of our Services, and other vendors). We only provide such vendors with information so they can perform their required functions on our behalf;
• We may disclose your information about you (i) if required by law or legal process such as a court order, (ii) when we believe disclosure is necessary to protect the rights, property, or safety of ourselves or others, or (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity; and
• We may transfer the information we maintain in connection with contemplated or completed merger, acquisition, sale or other transfer of some or all business assets, provided that we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Policy.

Where appropriate, we will limit sharing of your information in accordance with the choices you have provided us and applicable law.
We may disclose aggregated and/or deidentified information that does not identify an individual.

6. YOUR PRIVACY CHOICES
We offer you certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you.

• Cookies: Web browsers may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites and mobile apps may not function correctly.
• Text messages: Some Services may allow you to enroll in our service-related text message program. If you affirmatively consent to receive text messages from us and enroll in such a program, you will receive updates via text unless you opt-out of the text message program. These messages may be unencrypted. Message frequency may vary based on the Services. If at any time you would like to stop receiving text message notifications, please text “STOP” in reply to our message, we will send you a reply message to confirm that you have been unsubscribed and you will no longer receive messages from us. If you want to join again, just sign up as you did the first time and we will start sending messages to you again. If at any time you forget what keywords are supported, just text “HELP” back to us and we will respond with instructions on how to use our service as well as how to unsubscribe.
• Marketing emails: We will not use your PHI for marketing except as permitted by HIPAA, such as with your written authorization. If you wish to opt out of receiving any marketing emails or other such communications from us, please notify us as provided below. You may choose not to receive marketing emails from us by clicking on the unsubscribe link in the marketing emails you receive from us.
• Patient records: You are entitled under HIPAA to exercise certain rights regarding your PHI, such as access to patient records. Certain information will be available to you when you log in to the Services and access your account, but for more information, please see your applicable HIPAA Notice Of Privacy Practices and/or contact your healthcare provider.
• Account: If at any time you wish to delete your account, along with its associated data, you can log into the Minerra Health app and request its removal. Please note we may retain any data to the extent required by law.

7. STATE-SPECIFIC NOTICES
Certain states, including California, may provide rights to individuals and households with respect to the collection and use of personal information collected by businesses subject to the law. This may include the right to request that a business: (i) provide a copy personal information maintained about the individual; (ii) correct or delete personal information maintained about the individual (subject to certain exceptions); or (iii) not sell or share personal information about the individual to a third party (excluding qualified service providers). Note that we do not use sensitive personal information except for the reasons provided, and we do not engage in individual profiling based on personal information within the scope of these state laws. It can be unlawful to discriminate against an individual for exercising such rights. You can submit such requests to us via the contact information provided below and we will endeavor to fulfill any obligations that are legally-required, otherwise we will respond to requests in our discretion. However, please note that your PHI is not subject to such laws and is instead subject to HIPAA, as detailed in your applicable HIPAA Notice Of Privacy Practices.

8. LINKS TO OTHER WEBSITES AND THIRD-PARTY CONTENT
Our Services may contain links to other websites or apps. Please be aware that we are not responsible for the content or privacy practices of such other websites or apps, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or app that collects personal information.

9. HOW WE PROTECT INFORMATION
We implement reasonable administrative, technical and physical security measures designed to protect your personal information from unauthorized access, use, or disclosure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee the absolute security of your information. We will make any legally required disclosures in the event of any compromise of personal information. To the extent the law allows us to provide such notification via e-mail or conspicuous posting on the Services, you agree to accept notice in that form.

10. Data Retention
We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and as directed by your healthcare provider, unless a longer retention period is required or permitted by law.

11. HEALTHCARE PROVIDERS
If you (on behalf of yourself or your organization) are a healthcare provider under a contractual relationship with us to use these Services in connection with your practice, we may collect your business contact information and other data regarding your use of our Services for analytics, marketing or promotional activities, to the extent permitted by law and our contractual relationship. This may include advertising products or services that may be of interest to you. In addition to communicating with you regarding your and your patients’ use of the Services, we may from time to time contact you to provide announcements, alerts, surveys, or other marketing or general communications. In order to improve our Services, we may be notified when you open an email from us or click on a link therein.

12. Children’s Privacy
Our Services are not intended for users under the age of 13 and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

13. INTERNATIONAL DATA TRANSFERS AND USE
Our Services are controlled and operated by us from the United States, and are not intended to subject us to the laws or jurisdiction of any other country or jurisdiction. Any information you provide through use of the Services may be stored and processed, transferred between and accessed from the United States and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Policy regardless of where your personal information is stored or accessed.

14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Your continued use of our Services after the posting of the revised Privacy Policy constitutes your acceptance of the updated Privacy Policy.

15. Contact Us
If you have any questions, concerns or comments about this Privacy Policy, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us by mail to 3790 EI Camino Real, Unit 563 Palo Alto, CA 94306 or via email to info@minerrahealth.ai.