Privacy Statement

HealthTap, Inc. Privacy Statement

HealthTap, Inc. and its affiliates ("HealthTap," "we," "our," and/or "us") value the privacy of individuals who use our website (the "Site"), mobile application, and related services, including the HealthTap Premium Services, (collectively, our "Services").

This privacy statement ("Privacy Statement") explains how we collect, use, and share information from or about individuals who use our Services ("Members"). It describes what information other members or doctors can see when they use our Services. This Privacy Statement also tells you about your rights and choices with respect to Personal Information, and how you can contact us if you have any questions or concerns. By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Statement describes. In addition to this Privacy Statement, your use of our Services is also subject to our Terms of Use.

For the purpose of this Privacy Statement, "Personal Information" means any information that, by itself or in combination with other information, identifies or can reasonably be used to identify an individual, such as their name, email address, telephone number, address, date of birth, or healthcare information. Personal Information does not include information that is anonymized. "Protected Health Information" has the meaning defined in the Health Insurance Portability and Accountability Act ("HIPAA"), and is not Personal Information for the purposes of this Privacy Statement, but is rather subject to our Notice of Privacy Practices described below.

A. Information We Collect

We may collect a variety of information from or about you or your devices from various sources, as described below.

You can browse many areas of the Site and/or our applications without providing any Personal Information. However, at certain areas of the Site, we may ask that you provide Personal Information. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide your Personal Information when requested, you may not be able to use our Services if that information is necessary to provide you with our Services or if we are legally required to collect it.

Information You Provide to Us

Registration and Profile Information. We collect the information you provide when you create a HealthTap account, including your name, email address, password, and date of birth. We will also receive any optional information you choose to add to your HealthTap Profile ("Profile"), such as your health goals, medications, medical conditions, location, and other information. Health conditions and treatment recommendations often depend on your age, gender, and where you live. Having robust Profile information lets HealthTap give you a personalized experience, and it helps HealthTap doctors give you an appropriate treatment plan.

Payment Information. When you add a credit card or payment method to your Profile or make a purchase through our Services, we will collect that payment card information / a third party service provider that handles payments for us will receive your payment card information.

Communications. If you contact us directly, we may receive additional information about you. For example, when you contact us for customer support, we will receive your name, email address, phone number, the contents of a message or attachments that you may send to us, and other information you choose to provide. If you subscribe to our newsletter, then we will collect certain information from you, such as your email address. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.

Carrers. If you decide that you wish to apply for a job with us, you may submit your contact information, cover letter, and your resume online. We will collect the information you choose to provide on your resume, such as your education and employment experience. You may also apply through LinkedIn. If you do so, we will collect the information you make available to us on LinkedIn.

Information We Collect When You Use Our Services

Location Information. When you use our Services, including our mobile application, if you allow us, we may receive your precise location information. We use your location information to connect you with local doctors in order to comply with regulations and to personalize and improve your experience by suggesting service providers that are located near to you. Service providers including but not limited to pharmacies, doctors, and lab test centers. We also use your location information to help our doctors develop an appropriate treatment plan for you. This location information is also used to help troubleshoot network connectivity and user experience issues. We also infer the general physical location of your device and the geographic regions our Members come from. For example, your internet protocol ("IP") address may indicate your general geographic region.

Device Information. We receive information about the device and software you use to access our Services, including IP address, web browser type, operating system version, phone carrier and manufacturer, installed applications, device identifiers, mobile advertising identifiers, and push notification tokens.

Usage Information. To help us understand how you use our Services and to help us improve them, when you use our Services, we automatically receive information about your interactions with our Services, such as the pages or other content you view, any content you post, and the dates and times of your visits.

Information from Cookies and Similar Technologies. A cookie is a small piece of data that a website can send to your computer's internet browser, which is then stored on your computer's operating system. Cookies are how websites recognize users and keep track of their preferences. We and third-party partners collect information using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. For more information about our use of cookies, please see our Cookie Policy.

Please review your web browser's "Help" file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.

Information We Receive from Third Parties

Virtual Consult Summaries. At the end of every virtual visit (meaning a consultation between a doctor and a patient through our Services using text chat and/or video), the doctor will prepare a note about the virtual visit (the "Consult Summary"), which may include health information such as symptoms, diagnosis, and treatment. These Consult Summaries will become part of your Profile. When you initiate virtual visits using our Services, the doctor that you see or chat with will be able to view all past Consult Summaries to be able to give you appropriate care.

Social Media Accounts. We may obtain Personal Information about you from third party social media services, such as Facebook and Twitter, if you choose to link our Services with third party social media accounts ("Social Media Account") by either: (i) providing your Social Media Account login information to HealthTap through the Services; or (ii) allowing HealthTap to access your Social Media Account, as is permitted under the applicable terms and conditions that govern your use of the respective Social Media Account.

B. HealthKit Data

If you choose to connect your HealthTap and HealthKit accounts, HealthTap will only have access to information from your HealthKit which you select and direct to be shared with HealthTap. Once you've selected which data to share, the information is sent to HealthTap from your HealthKit and incorporated into the medical record maintained by HealthTap on your behalf. The data in your medical record is used solely for the purposes of enabling a medical provider to provide you with health care services when you engage in a telehealth visit. The only party outside of HealthTap that may have access to the HealthKit data is a medical provider from one of HealthTap's partners if you request care from them to enable them to view your medical record. Your HealthKit data will not be shared with any other third parties, (including for any advertising, marketing or data mining purpose), except as such disclosure is required by applicable law. HealthTap may use the data in your medical record to communicate with you, to the extent you agree through this privacy policy and in preferences within the app, and in an aggregated, non-identifiable form for health product development and internal analytics.

C. How We Use the Information We Collect

HealthTap uses the information we collect for the following purposes:

• To operate, provide, maintain, improve and enhance our Services;
• To personalize your experience on our Services, such as by providing tailored content and recommendations. For example, we use your email address to help you create, log into, and manage your account on our Services. This lets us personalize your experience and give you relevant information. It also powers the features that help you better understand, engage with, and track your health and to present you with personalized, relevant information;
• To understand and analyze how you use our Services and to develop new products, services, features, and functionality;
• To build a profile about you and make automated decisions based on your information to generate better answers to your health questions and effectively triage your symptoms. This information is not used for marketing;
• To connect you with a doctor that suits your needs;
• For marketing and advertising purposes, such as developing and providing promotional and advertising materials that may be relevant, valuable or otherwise of interest to you. We also may use the information that we learn about you to assist us in advertising our Services on third party websites. Where required under applicable law, we will only send you marketing communications with your consent;
• To communicate with you via email, text messages, push notifications and phone calls, in order to provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support;
• To facilitate transactions and payments;
• To facilitate the connection of Social Media Accounts to our Services to provide information from Social Media Accounts to your Profile. Depending on the Social Media Accounts you choose and subject to the privacy settings that you have set in such Social Media Accounts, we will access, make available and store (if applicable and as permitted by the social media service and authorized by you) the information in your Social Media Accounts so that it is available on and through your Profile on the Services;
• For our business purposes, such as audits, for quality assurance purposes, to find and prevent fraud, and respond to trust and safety issues that may arise;
• For compliance purposes, including enforcing our Terms of Use or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency;
• For other purposes for which we provide specific notice at the time the information is collected;
• To aggregate or otherwise de-identify information collected through the Services and use and disclose it for other business purposes after the data can no longer be reasonably linked to an identifiable person; and
• To market and advertise products and services, including through inferred interests from interactions with our websites and apps.

If you are located in the European Economic Area ("EEA"), we only process your Personal Information based on a valid legal ground, including when:

• Consent. You have consented to the use of your Personal Information, for example for marketing purposes or to track your online activities via Cookies and similar technologies.
• Contract. We need your Personal Information to provide you with our Services, for example for account registration and management or to respond to your inquiries.
• Legal Obligation. We have a legal obligation to use your Personal Information, for example to comply with tax and accounting obligations, or abide by local, state and Federal laws.
• Legitimate Interest. We or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of our Services. We only rely on our or a third party's legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.

D. How We Share the Personal Information We Collect

We may share or otherwise disclose Personal Information in the circumstances described below.

Affiliates. We may disclose Personal Information to our affiliates or partners to provide the Services or for other purposes for which the information was collected.

Vendors and Service Providers. We may share Personal Information we receive with vendors and service providers in connection with the provision of the Services.

Our service providers, such as prescription services, may be responsible for providing notices to Members. In the event Personal Information is (a) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (b) transferred to a third party acting as a data controller, Members will be given, where practical and appropriate, an opportunity to opt out of having non-sensitive Personal Information used or transferred. For sensitive information, including health related information, members will opt in before such use or transfer.

In some instances, HealthTap may retain other service providers to perform functions on our behalf, including, but not limited to, website developers, IT services providers, shipping or direct mail organizations, storage facilities, or entities assisting us in a recruitment process.

Analytics Partners. We may make certain Personal Information available to third parties for analytics purposes, including: (a) for HealthTap's business or marketing purposes, such as to track sales leads; or (b) to leverage third-party tools to understand Members' interests, habits, and usage patterns, and/or functionality available through our Services. We only share your Personal Information with analytics partners to improve our own service and/or to deliver healthcare to you. We do not sell your Personal Information to advertisers.

As Required by Law and Similar Disclosures. We may access, preserve, and disclose Personal Information if we believe doing so is required or appropriate, in our sole discretion, to: (a) comply with any applicable law, regulation, legal process or governmental request, such as a court order or subpoena, or otherwise cooperate with law enforcement or governmental agencies; (b) take precautions against liability; (c) protect your, our, or others' rights, property, or safety; (d) investigate and defend ourselves against any third-party claims or allegations; and (e) protect the security or integrity of our Services and any facilities or equipment used to make our Services available. For the avoidance of doubt, the disclosure of Personal Information may occur if you post any objectionable content on or through the Services.

Member Content. Our Services are social services in which you can pose questions and find answers to other Members' questions. Your questions will be visible and searchable by other users by default and might be read, collected, and used by others. Please note that our Terms of Use do not allow you to include Personal Information (such as your name, email address, or phone number) in any publicly available questions posted to our Services. HealthTap cannot control how such content is seen or used. We are not responsible for the other Members' use of available Personal Information, so you should carefully consider whether and what to post. Please visit the customer service help center at https://support.healthtap.com to request removal of Personal Information.

Social Media Services. Our Services may allow you to, upon your direction, share Personal Information with certain social media services, such as Facebook, Twitter, Pinterest, and Google Plus. Please consider any impact on your privacy and anonymity when posting content to any and all social media services. You understand and agree that the use of Personal Information by any social media services will be governed by the respective privacy policies of those social media services and your settings on their platforms. We encourage you to review their privacy policies.

Marketing. We do not rent, sell, or share Personal Information about you with non affiliated companies for their direct marketing purposes, unless we have your permission.

Virtual Doctor Visits. We may share Personal Information with HealthTap doctors in order to facilitate your treatment and care. Like an in-person patient-doctor interaction, HealthTap virtual consults are confidential, but not anonymous. When using HealthTap Premium Services, your Profile information, such as your real name and health information, are visible to doctors with whom you see or chat with in a virtual visit. This Profile information is not visible to other Members or to doctors who are not providing care or services in a virtual visit.

By initiating a virtual consult, you consent to sharing your name and the health information in your Profile with doctors who treat you in virtual visits.

Documents and files (including reports and images) uploaded to your Health Files are encrypted in transit and at rest, and are not accessed, processed, shared, or distributed except for the purposes of and in connection with providing the Services to you, as requested by you or your doctor, or as otherwise required by law.

Mergers, Sales, or Other Asset Transfers. We may disclose and otherwise transfer Personal Information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.

E. International Transfers of Personal Information

HealthTap may transfer Personal Information for the purposes described in this Privacy Statement to a third party acting as a data controller or as an agent. If we intend to disclose Personal Information to a third party acting as a data controller or as an agent we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle (the "Principles"). When providing our Services, we disclose Personal Information as provided in our agreement with Members.

We remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

By providing any information, including Personal Information, on or to the Services, you acknowledge and consent that your information may be transferred across national borders, including to countries outside the EEA, such as the United States.

If you are located in the EEA or Switzerland, we comply with applicable legal requirements for the transfer of Personal Information to countries outside of the EEA or Switzerland. We may transfer Personal Information to countries for which adequacy decisions have been issued (e.g., Canada), use contractual protections for the transfer of Personal Information, or rely on third parties' Privacy Shield certifications, where applicable. You may contact us as specified below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA or Switzerland.

HealthTap complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union and/or Switzerland, to the United States. HealthTap has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, visit https://www.privacyshield.gov/, and to view our certification, click here. For more information on our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, please see our Privacy Shield Notice below.

F. Security

We make commercially reasonable efforts to protect Personal Information by using physical and electronic safeguards designed to protect the integrity and security of the Personal Information we maintain. We also use certain physical, organizational, and technical safeguards designed to comply with the Health Insurance Portability and Accountability Act ("HIPAA") security standards for interactions subject to HIPAA security regulations. HealthTap takes commercially reasonable precautions, considering the risks involved in the processing and the nature of the Personal Information, designed to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. However, as no electronic transmission or storage of Personal Information can be entirely secure, we can make no guarantees as to the security or privacy of Personal Information.

G. Information Retention

We take measures to retain your Personal Information for a period that is no longer than necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law. When determining the retention period, we take into account various criteria, such as the type of Services provided to you, the nature and length of our relationship with you, the impact on the Services we provide to you if we delete some Personal Information from or about you, and mandatory retention periods provided by law and the relevant statute of limitations.

H. Your Choices and Rights

Sharing Preferences. We provide you with settings to allow you to set your sharing preferences for content you post to our Services.

• Optional Profile Information. You can add, edit, or delete optional Personal Information appearing in your Profile at any time in your account settings under edit profile link.
• Required Account Information. Certain Personal Information is required for account functionality and can be edited but not deleted. For example, you can edit, but not remove, the email address and password required for login.
• Health Records. You can amend your health information and can add information to your Consult Summaries to make your information more accurate or complete. Accordingly, if you would like to request access to, or to limit the use or disclosure of Personal Information, please contact the doctor to which you provided the Personal Information in connection with our Services. If you contact us with the name of the doctor to which you provided Personal Information, we will refer your request to that doctor and support them in responding to your request.
• Public Content. You can request the removal of Public Content by visiting the customer service help center at https://support.healthtap.com.

I. Marketing Communications. You can unsubscribe from our marketing communications, such as announcements of new features or special offers, via the link provided in the promotional emails. HealthTap will never share your email address or other contact information to third parties for their own marketing purposes without your explicit permission. Even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us.

J. Notifications. We will ask you if you want to receive notifications when you open an account with HealthTap. If you agree, HealthTap may send you email, SMS, or mobile push notices, providing you with account-related reminders or updates, or letting you know that you have a message on our Services. You may opt out at any time by adjusting your notification settings in the settings page.

K. Do Not Track. There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

L. Deactivating Your Account. To deactivate your account, sign in, go to the settings page, and choose the deactivate your account option. You will receive an email confirming that your account has been deactivated. Your public questions that have received answers will continue to appear anonymously on our Services even if you deactivate your account.

M. European Privacy Rights. If you are located in the EEA or Switzerland, you are entitled to reach out to us via the contact details in this Privacy Statement and ask us for an overview of your Personal Information or ask for a copy of such Personal Information. In addition, you may request us to update and correct inaccuracies, delete your Personal Information, restrict our processing of your Personal Information, or exercise your right to data portability, and to transfer your Personal Information to another company. In some cases, you may object to the processing of your Personal Information and, where we have asked you for your consent to process your Personal Information, you can withdraw it at any time. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent was withdrawn. We always enjoy hearing from you and appreciate your business. Should you nonetheless have unresolved concerns, you have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place.

N. Children

Our Services are not intended for or directed to children under 18 years of age, and we do not knowingly collect Personal Information from children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, then you may alert us at [email protected]. If we learn that we have collected any Personal Information from children under 13, then we will promptly take steps to delete such information and terminate the child's account.

O. Google

Our Services use several services provided by Google, Inc. ("Google"), including the services described below.

Google Analytics. This Site uses Google Analytics, a web analytics service that uses cookies, which we use for the purpose of understanding how Members use our Services, compiling reports on website activity, and providing other information relating to website activity and internet usage. Google will not associate your IP address with any other information held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, if you delete cookies and/or prevent new ones, you will likely have to reenter preferences and settings every time you visit a website, and some services and functionalities may not work.

You can prevent Google's collection and use of data such as cookies and IP address by downloading and installing the browser plug-in available here.

• https://tools.google.com/dlpage/gaoptout?hl=en-GB

More information about how Google uses advertising cookies can be found here.

• http://www.google.com/analytics/terms/gb.html

Google Maps. We use visual mapping services on the Site and/or our applications, please be aware that the Google Maps/Earth Terms of Service, including the Google Privacy Policy, at https://www.google.com/intl/en-US_US/help/terms_maps.html also applies.

Google reCAPTCHA. We use Google reCAPTCHA on the Site and/or our applications and it is also subject to Google's Privacy Policy and Terms of Use, which are available for your review.

P. Third Party Sites

Our Services may contain links to third-party sites. When you click on one of these links, you are visiting a website operated by someone other than HealthTap, and the operator of that website may have different privacy policies. HealthTap is not responsible for the individual privacy practices of those sites. Please be aware that this Privacy Statement does not apply to your activities on these third-party sites or any information you disclose to these third parties. We encourage you to read the privacy policies of third-party sites before providing any information to them.

Q. Contact HealthTap

HealthTap is responsible, or the "data controller", for the processing of your Personal Information processed in connection with the Services. If you have any questions, comments, or concerns about our processing activities, please email us at [email protected], or via traditional mail to 209 E. Java Dr #61987, Sunnyvale, CA 94088.

You can also use our Contact Us page to make requests regarding managing and processing your information.

R. Changes To This Privacy Statement

We reserve the right to change this Privacy Statement at any time. We will post any adjustments to the Privacy Statement on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or share Personal Information previously collected from you through the Services, we will notify you through the Services, by email, or other communication.