Privacy Policy - Appy Health

Last Updated: January 6, 2025

Table of Contents

  I. SCOPE AND PURPOSE: ............................................................... 3

  II. WHAT DOES APPY HEALTH DO? .................................................. 4

  III. MEMBER CHOICE REGULATORY COMPLIANCE ................................. 5

  IV. WHAT PERSONAL INFORMATION DO WE COLLECT?.......................... 6

  V. HOW DO WE COLLECT YOUR INFORMATION? .................................. 7

  VI. HOW DO WE USE YOUR INFORMATION? ........................................ 8

  VII. HOW DO WE SHARE YOUR INFORMATION? .................................... 9

  VIII. RETENTION AND PROTECTION OF DATA ................................... 11

  VIII. COOKIES AND AUTOMATED DATA COLLECTION TECHNOLOGIES ...... 12

  IX. SOCIAL MEDIA AND OTHER INTEGRATIONS? ................................. 13

  X. STATE CONSUMER PRIVACY RIGHTS ........................................... 14

  XI. FEDERAL CONSUMER PRIVACY RIGHTS ....................................... 16

  XII. MEMBER DATA PORTABILITY AND INTEROPERABILITY ................... 17

  XIII. PROTECTED HEALTH INFORMATION ......................................... 18

  XIV. PERSONAL DEMOGRAPHIC AND PREFERENCES ............................ 19

  XV. MEMBER HEALTH, DENTAL, AND VISION PLAN COVERAGES ............. 20

  XVI. MINORS ............................................................................ 23

  XVII. INTERNATIONAL TRANSFER .................................................. 24

  XVIII. UPDATES TO THIS PRIVACY POLICY ....................................... 25

  XIX. CONTACT ......................................................................... 26

I. SCOPE AND PURPOSE:

I. Scope and Purpose:

This privacy policy (“Policy”) describes how Appy Health, Inc. and our parent
companies, subsidiaries, and affiliated companies (“Appy Health,” “we,” “us,” “our”,
and/or “Appy”) may collect, use, and share information about you that we obtain
through www.AppyHealth.com and other websites and applications that link to this
Policy (collectively, the “Site”). This Policy also applies to any information we collect
offline, such as when you visit our offices, a provider’s office, attend a Appy Health or
provider sponsored events, or interact with our representatives at other events, or in
other contexts in which we make this Policy available to you.

This Policy does not apply to Appy Health product offerings that have their own
privacy policies, or to websites of third parties to which we provide links. We do not
control and are not responsible for the privacy practices of the websites of other
entities and we urge you to review any applicable third-party privacy policies for
yourself.

Our processing of data on behalf of the Appy Health “Members” aka (Employees,
Patients, and Healthcare Consumers) choice technology solution and is governed by
the 21st Cures Act and agreements we enter in with our affiliated practices, clinics,
health systems, and company “Clients”, which may include Business Associate
Agreements as applicable and required under the Health Insurance Portability and
Accountability Act (HIPAA). Your healthcare provider may also have its own privacy
practices and/or policies that govern its collection and use of your data. We are not
responsible for how your healthcare provider treats your information, and we
recommend you review their privacy policies.

                     COPYRIGHT © 2025, BY APPY HEALTH, INC.                             3

II. WHAT DOES APPY HEALTH DO?

II. What does Appy Health Do?
Appy Health is the 21st Century Cures Act member choice technology solution for healthcare
consumers, patients, and employees aka (Members). As the member’s choice platform, it provides
a secure, single- source, single sign-on solution to store, manage, and share thousands of data
elements and a high-touch enegagement experience across the Members behavioral, clinical, and
wellness care continuum.

The Appy Health Member Choice technology encompasses the exact architecture required to meet
the 21st Cures Act legislation, where the Appy Health Member solely owns, manages, and can
secuely share their Protected Health Information (PHI), Health Benefit Plan Coverages, and
personal demographic information with the Members approved care providers.

Members can easily review complex health benefits by plan coverages, establish care coordination
and navigation to healthcare professionals that accept the member’s health plan coverages, and
deliver a high-touch experience where the member is an active participant in their continuity of
care.

III. MEMBER CHOICE REGULATORY COMPLIANCE

III. Member Choice Regulatory Compliance
The Appy Health Member choice technology is governed by the 21st Century Cures Act. The
information that Appy Health collects on behalf of the Member, is solely owned and controlled by the
active Appy Health Member. All Information collected is directly from the Members request, and
information received from the Members request must be received digitally and in the industry data
exchange format.

IV. WHAT PERSONAL INFORMATION DO WE COLLECT?

IV. What Personal Information Do We Collect?

Personal information is data that can be used to identify you. The types of personal
information that we collect depend on your interactions with us. We collect personal
information that generally fall into the following categories:

Identifiers, such as your name, email address, or IP address.

Information contained in our customer records, such as postal address or telephone
number.

Commercial information, such as information regarding products or services you
purchased.

Internet or other electronic network activity information, such as how you interact
with our website.

Professional or employment information, such as your job title or employer.

Health plan coverages, such as your benefit coverages, eligibility, and in-network, out-
of-network out of pocket cost.

Geolocation data, such as your general location information (e.g., city/state) which
may be collected or derived from your IP address. In addition, some of our services may
request your precise location information via GPS-based functionality to allow certain
features to work. We will ask your permission before we collect or use precise location
information, in accordance with any applicable legal requirements to the extent precise
geolocation information is considered “sensitive” information under applicable law.

V. HOW DO WE COLLECT YOUR INFORMATION?

V. How Do We Collect Your Information?

We may collect information from you in the following ways:
• We collect information you provide directly to us, such as when you voluntarily
enter information into fields on the Sites, sign up for or request certain services or
information, agree to participate in our surveys, or call our customer service.

• Depending on how you interact with us, we may ask for your name,
practice/organization name, address, email address, telephone number, and type
of user (for example, patient, provider or partner). If you have an account with us,
we may also collect your username or other login information (e.g., Practice ID)
you use to log into or access your account. If you visit our offices or attend in-
person Appy Health events, we may collect information to protect the health and
safety of our personnel, clients, guests, and the general public, such as health
and travel information or any other information you provide to us.

• When you access our Sites, we may collect information about your visit and your
device using automatic data collection technologies as described in the “Cookies
and Automated Data Collection Technologies” section below. This information
may include IP address, geolocation information, browser type and version,
device type, mobile device identifiers, and information reflecting how you
searched, browsed, and were directed to the Sites, including mouse movement,
click, touch, scroll, and keystroke activity.

• We may also collect information from other sources, such as lead generation
companies, social networks, and business partners that offer co-branded
services or help us sell or distribute our products. We may also collect
information from other users of our services or from available sources.

VI. HOW DO WE USE YOUR INFORMATION?

VI. How Do We Use Your Information?

We use your information:
• In ways that you would expect us to based on why we collected it. For example, if
you contact us with a request for information about our products or services, we
will use your information to respond to your request.
• To provide, enhance and improve our services, including to optimize our Sites’
functionality and identify our visitors’ and users’ areas of interest. For example,
when you participate in our surveys, screeners, and/or information gathering
sessions, or otherwise provide feedback, we may use that feedback to develop
new products and services.
• To identify and authenticate you, such as to determine and validate whether you
are an existing user of our services or products or a prospective client.
• To enable cross-device/cross-context tracking for an account you may have with
us. For example, you might use multiple browsers on a single device, or use
various devices (such as desktops, smartphones, and tablets), which can result
in your having multiple accounts or profiles across various contexts and devices.
Cross-device/cross-context technology may be used to connect these various
accounts or profiles and the corresponding data from the different contexts and
devices so you can more easily use your account(s).
• To communicate with you, such as you send you emails, notifications,
solicitations, invitations, newsletters, awareness campaigns, and
announcements.
• To maintain the safety, security, and integrity of our Sites and services, and for
our own internal legal compliance purposes.
• To protect the health and safety of our personnel, clients, guests, and the general
public.
• For other purposes explained at the time of collection, or for other business
purposes consistent with the context of the collection of your information.
We may use information that does not identify you and could not reasonably be used to
identify you (including information that has been aggregated, anonymized, or de-
identified) for any purpose except as prohibited by applicable law.

VII. HOW DO WE SHARE YOUR INFORMATION?

VII. How Do We Share Your Information?
Appy Health Inc. does not share, sell, rent or lease its member lists to third parties.

Appy Health Inc. collects and uses the Member information to operate the Appy Health
Member Choice technology via its website(s) and mobile solution to deliver the services
the Member has requested.

Appy Health Inc. may also use the Members identifiable information to inform you of
other products or services available with the Member is signed in to the Appy Health
Member Choice technology.

Members can opt-out of receiving product or service offerings by visiting the Appy
Health website https://appyhealth.com/ or the mobile app, in the Members profile,
settings section and select opt-out of receiving product and service offerings.

We share information outside of Appy Health in the following circumstances:
• With Appy Health clinical, mental, and wellness service provider clients that
provide services you have requested.
• With our related entities and/or affiliates for business purposes including, but not
limited to, customer support, marketing, technical and business operations. We
also may share information with affiliates for commercial purposes.
• When you make your information public or otherwise accessible to other users
through the Sites, such as information that you post related to reviews of partners
or on the Success Community. Please think carefully before posting such
information as you are solely responsible for the content you post and the
potential use of such information by others. Once you have posted information,
you may not be able to edit or delete such information.
• With our members, when you engage in our surveys as an authorized user,
through the onboarding process, through surveys collecting feedback on how we
are doing, surveys administered post interaction with us related to support or
training, and other surveys, including focus groups and usability design activities
such as click tests, card sorts, and other surveys and tests you participate in. We
typically notify you in advance that we will share your information with our
customers if you complete a survey.

We also share information with other entities in the following situations:
• Where you have given us your consent to share or use information about you.

• When we believe that we need to share information about you to provide a
service that you have requested from us or from others.
• Where we are required by law or other legal process to disclose information, and
where required, in response to a lawful request by public authorities, including
meeting national security or law enforcement requirements.
• Where we believe that it is necessary to avoid liability or violations of the law.
• To protect the rights, property, life, health, security, and safety of us, the Sites, or
anyone else.
• To an actual or potential buyer (and its agents and advisers) in connection with
any actual or proposed purchase, merger, or acquisition of all or any part of our
business.
• At your request or direction, such as when you choose to share information with
a social network about your activities on the Sites; or
• To any other person with notice to you and your consent to the disclosure.
Notwithstanding the above, we may share information that does not identify you and
could not reasonably be used to identify you (including information that has been
aggregated, anonymized, or de-identified) except as prohibited by applicable law.

With respect to deidentified patient information, we disclose such deidentified
information to third parties only when permissible pursuant to our contractual
commitments with our customers and in accordance with Health Insurance Portability
and Accountability Act (“HIPAA”) requirements or other applicable law. We employ the
safe harbor method or the expert determination method, as enumerated under
HIPAA. Those third parties to whom the deidentified data is disclosed are third
party service providers/vendors with whom we have relationships and/or
academic researchers and/or institutions that are contributing to healthcare.

VIII. RETENTION AND PROTECTION OF DATA

VIII. Retention and Protection of Data

The Appy Health member choice technology is 100% Microsoft Azure cloud-powered
application that complies with the stringent healthcare regulations and standards. The
Azure security and compliance platform encompasses the exact architecture required
for HIPAA, HL7, and FHIRE data exchange, security, Patient Health Information privacy
legislation, and compliance.

While we maintain your information, we protect it using administrative, physical, and
technical security safeguards designed to protect your information. When we collect
certain sensitive information, we encrypt the transmission of that information using
secure socket layer technology (SSL). Despite these measures, we cannot guarantee
the security of the information we maintain about you.

We retain information for different periods of time depending on the purposes for which
we collect and use it, as described in this Policy. We will not retain information for longer
than needed to fulfill these purposes unless a longer retention period is required to
comply with legal obligations. Also, there may be technical or other operational reasons
where we are unable to delete or de-identify your information. Where this is the case,
we will take reasonable measures to prevent further processing your information.

                      COPYRIGHT © 2025, BY APPY HEALTH, INC.                          11

VIII. COOKIES AND AUTOMATED DATA COLLECTION
TECHNOLOGIES

VIII. Cookies and Automated Data Collection Technology

Our Sites use cookies and similar technologies (such as pixels and pixel tags, ad tags,
Software Development Kits (“SDKs”) clear GIFs, session replay scripts, and Javascript).
Cookies are small text files placed on your device that help the Sites work and help us
gather statistical information about how visitors use the Sites, improve your experience,
and maintain security.

Cookies also help us deliver advertisements, some of which may be tailored to your
behaviors on the Sites. We engage third parties to help us deliver these advertisements,
and these third parties may collect your information over time and across our Sites (and
third-party sites) in order to associate different devices, you use and further gain
insights into the goods and services that may interest you.

To exercise your options with respect to cookies, please select “Cookie Preferences” on
the banner that is visible at the bottom of our website, or click link on the bottom of
www.AppyHealth.com labeled, “Cookie Preferences”.

IX. SOCIAL MEDIA AND OTHER INTEGRATIONS?

IX. Social Media and Other Integrations?

Some of our Sites and services may have social media and technology integrations that
are operated or controlled by separate entities. We also may collect information from
third party social media and marketing companies to enhance our data sets. Some
examples include:

• Links. Our Sites include links that hyperlink to websites, platforms, and other
services not operated or controlled by us.
• Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Sites
that allows you to “like” or “share” content on, or log in to, your account through
social media. If you choose to engage with such integration, we may receive
information from the social network that you have authorized to share with us.
Please note that the social network may independently collect information about
you through the integration.
• Brand Pages and Chatbots. We may offer our content through social media.
Any information you provide to us when you engage with our social media
content is treated in accordance with this Policy. Also, if you publicly reference
our Sites on social media (e.g., by using a hashtag associated with Appy Health
or Mobile Health in a tweet or post), we may use your reference on or in
connection with our Sites.
• Platform Linking. Our Sites may offer you the ability to link to another service or
partner to retrieve certain data about your account on that service. For example,
if you link your account to one of the partners in the Appy Health technology
solution, the linking may allow us to obtain information such as your username
and email address. For more information about how these platforms handle
information about you, please refer to their respective privacy policies and terms
of use.

Please note that when you interact with other entities, including when you leave our
Sites, those entities may independently collect information about you and solicit
information from you. The information collected and stored by those entities remains
subject to their own policies and practices, including what information they share with
us, your rights and choices on their services and devices, and whether they store
information in the U.S. or elsewhere. We encourage you to familiarize yourself with and
consult their privacy policies and terms of use.

X. STATE CONSUMER PRIVACY RIGHTS

X. State Consumer Privacy Rights

Rights for Residents of Applicable States
If you are a resident of a state with applicable consumer privacy laws, you may have the
following rights:

• To confirm whether we process your personal information.
• To access your personal information.
• To correct inaccuracies in your personal information.
• To delete your personal information that we have obtained.
• To receive a copy of your personal information in a portable and readily usable
format.
• To opt out of the sale or sharing of your personal information.
• To opt out of the processing of your personal information for purposes of (i)
targeted advertising or (ii) automated decision-making or profiling in furtherance
of decisions that produce a legal or similarly significant effect on you.

If you live in a state that requires specific consent prior to processing your sensitive
personal information for certain purposes, we will obtain such and you can withdraw
your consent at any time.

Residents of applicable states may exercise the above rights by:

• Submitting a request to the following email SUPPORT@APPYHEALTH.COM

We may ask you to provide us with information necessary to reasonably verify your
identity before responding to your request. We will consider all requests and provide our
response within the time period required by applicable law. Please note, however, that
certain information may be exempt from such requests. If we deny your request in
whole or in part, you may have the right to appeal the decision. In such circumstances,
we will provide you with information regarding the appeals process.

Response Timing and Format

We endeavor to respond to a Member request within forty-five (45) days of its receipt. If
we require more time (up to 90 days), we will inform you of the reason and extension
period in writing.

California Resident Privacy Notice
Below, please find the categories of information we may have collected about you and
the purposes for the collection, and the third parties with whom your personal
information may have been disclosed, shared. For more information on these practices,
please see Sections III-VI.

Categories of Purposes for the collection Third parties with
personal or sharing of personal whom personal
information information information may have
collected been disclosed,
shared, or sold

 •   Identifiers              •   To provide the Sites              •   Service providers
 •   Information              •   To improve the Sites              •   Third Party
     contained in our         •   To personalize the Sites              Partners
     members                  •   Marketing and advertising         •   Our related entities
     records                                                        •   Other users
                              •   Business operations
 •   Commercial                                                         through the Sites
                              •   Where you have given us
     information                                                        (when you make
                                  your consent
 •   Internet or other                                                  your information
                              •   As required by applicable
     electronic                                                         public or otherwise
                                  law
     network activity                                                   accessible
     information              •   To evaluate or conduct a
                                                                    •   With our customers
                                  merger, divestiture,
 •   Professional or                                                •   Where you have
                                  restructuring,
     employment                                                         given us your
                                  reorganization,
     information                                                        consent
                                  dissolution, or other sale
 •   Geolocation                  or transfer of some or all of
     data                         our assets
 •   Inferences
     drawn from
     other personal
     information

XI. FEDERAL CONSUMER PRIVACY RIGHTS

XI. Federal Consumer Privacy Rights

Appy is the Members secure HIPPA compliant, private single source technology where
the Membeer owns, manages, and shares across the Appy Health Members clinical,
behavioral, and wellness care continuums.

The 21st Century Cures Act

XII. MEMBER DATA PORTABILITY AND INTEROPERABILITY

XII. Member Data Portbility and Interoperabilty

Appy Health
Solution / Offerings Description
Technology

                                          Complete Member Protected Health Information (PHI) increases
                                          the clinical interaction between the Members physicians,
                 Complete Health Data
                                          healthcare professionals, eliminating time updating Member PHI
                                          internal records.

Interoperability
Digital notifications of a member’s admission, discharge, or
transfer to all applicable post-acute care services, PCP and
Prescribed Member other healthcare professionals identified by the Member as
Care Plan Visibility primarily responsible for the Members care and who needs to
receive information on the Members’ status for treatment, care
coordination, or quality improvement purposes.

                                          Protected Health Information (PHI) of the Member is
                 Autonomous, HIPPA
                                          documented and maintained by the Member in a single data
                 Compliant
                                          repository that is compliant with HIPPA regulations.

 Member
Controlled

                                          Member owned PHI empowers the Member to control, maintain
                 Member Owned             and share personal PHI, with the Members Care Team improving
                                          collaboration and accuracy



                                          The Appy Health mobile platform is 100% Microsoft Azure cloud-
                                          powered application that complies with stringent regulations
                 Encrypted Cloud-         and standards. The Azure Security & Compliance platform
                 Based Technology         encompasses the exact architecture required to meet HIPAA and
                                          HITRUST security, privacy, and compliance obligations, along
                                          with supporting documentation.



                 Member Managed

Portable, Secure, Member managed Protected Health Information (PHI) is fully
Protected Health
Private compliant with HIPPA laws and regulations
Information (PHI).

                 Transferable to any
                                          Member is in complete control of storing, sharing, and managing
                 authorized health care
                                          their Personal and Health Information with their care team
                 entity

XIII. PROTECTED HEALTH INFORMATION

XIII. Protected Health Information

Appy Health Solution /
Description
Technology Offerings

                              Member completes the “Reason for Visit” questionnaire during the
             Review of
                              digital appointment booking process to ensure the appropriate time
             Systems
                              and clinical resources are allocated for the clinical visit.

                              The Member's past medical history is documented and stored as a
             Past Medical     part of their care portfolio. The member can choose to share their
             History          health information during the diagnostic evaluation or when
                              considering a course of treatment.

                              The Member's past surgical history is documented and stored as a part
                              of their care portfolio. Physicians and Healthcare Professionals can
             Past Surgical
                              refer to this information during a diagnostic evaluation, when
             History
                              determining treatment eligibility and efficacy, or when considering a
                              course of treatment.


                              The members personal care team and others with whom the Member
             Family Health
                              chooses to share their health information will be able to access and
             History
                              refer to this information as it is relevant in diagnostic evaluation.


                              The Member's social history is documented and stored as a part of
             Social History
                              their care portfolio.

Member Health
Information
The Member’s past and current prescribed medications are
documented and stored as a part of their care portfolio. This
Medications information equips the physician to make a better-informed decision
when prescribing drugs, constructing dietary restrictions and
guidelines, and recommending vitamins and supplements to Members.

                              The Member's known allergies are documented and stored as a part of
                              their care portfolio along with any specific drug allergies. Physicians
             Allergies        and Healthcare Professionals can refer to and consider the Member’s
                              allergies in a diagnostic evaluation, constructing a treatment plan or
                              in a medical emergency.


                              The Member's Immunizations are documented and stored as a part of
             Immunizations
                              their care portfolio.


                              Member lab and imaging records are documented and stored as a part
                              of their care portfolio. The Member's personal care team and others
             Labs and
                              with whom the Member chooses to share their health information will
             Imaging
                              be able to access and refer to this information as it is relevant in
                              diagnostic evaluation and in determining a course of treatment.

XIV. PERSONAL DEMOGRAPHIC AND PREFERENCES

Appy Health
Solution / Offerings Description
Technology
Appy Health captures thousands of data clinical elements from
Demographics
numerous trusted industry resources.
Member contact preferences and approvals are essential to
Contact Preferences engagement. These include Member home number, work number,
mobile number, and email address.
A Member may include a copy of their driver’s license, both the
Driver’s License
front and back view for convenient documentation.
Members may document physical characteristics or defining traits
Physical Character
such as, height, weight, hair color, eye color and blood type.
The Members Address options include Home Address, Billing
Address Information
Address, and Mailing Address.
Members may list their emergency contact information, which
General Emergency Contacts
confirms the sharing of their PHI.
Information
Employer Members can manually add an employer’s information to their
Information profile or select from Appy Health approved Employers.

                                     Members who have served or are currently serving in the Military
                                     may select from the following: “Active”, “Ready Reserve”,
              Military Status
                                     “Veteran”, “Reserves”, “National Guard”, “United States Space
                                     Force”, service status categories and their Military branch.
                                     Members can document and share an Advanced Directive with
                                     family, outside parties, and hospitals with supporting
              Advanced Directives
                                     documentation if that Member can no longer make decisions for
                                     themselves.
                                     Members can select a preferred pharmacy where they desire
              Pharmacy
                                     medications to be sent by a physician or healthcare professional.
              Preferences
                                     Members may search by pharmacy name or by zip code.
              Privacy Policies       Members can review the Appy Health Terms of Use, Privacy Policy,
              Terms of Use           at their convenience.

              Preferred Language     Members can select their preferred language in settings.

              Assistance             Members can access assistance options including, interpreter
Settings      Callouts               assistance and direct assistance options.
                                     Appointment reminders, events, marketplace promotions,
              Notifications
                                     messaging, general notifications

              Data Privacy Sharing   Digitally share Health and Demographic data elements.

                                     Members can select Primary Care Physicians to be a part of their
              Primary Care           care team. Members can digitally book appointments or view,
              Physicians (PCP)       manage, and share a PCP’s prescribed care plan with family or
                                     care team Members.
                                     Members can select specialists to be a part of their care team.
                                     Members can digitally book appointments or view, manage, and
Member        Specialists
                                     share a specialist's prescribed care plan with family or care team

Preferred Care Members.
Team
Digitized care plan directives can be viewed and managed by the
Digitized Care Plan
Member. Members can share care plan directives with other
Directives
Members of their care team as well as family and loved ones.
HSA, FSA, Credit Card: Appy Health can collect Member payment
Pre-visit Payment responsibility on the day of Members’ scheduled visit. Additional
processing fees will apply.

XV. MEMBER HEALTH, DENTAL, AND VISION PLAN
COVERAGES

XV. Member Health, dental, and Vision Plan Coverages

Appy Health
Solution / Offerings Description
Technology

             In-Network              Members are directly navigated to In-Network providers based upon
             Confirmation            their specific health benefit plan requirements.

Insurance Image of Member
Members may utilize a digital copy of both the front and back of
Accepted Insurance Card (Front
their insurance card for quick accessibility and convenience.
and Back)

             Out-Of-Network          Members can select to see out of networks providers.



                                     Members can view current healthcare spend and monitor the status
             Active Status
                                     of their health benefits plan.

Insurance Health plan effective dates are documented for the Member to
Effective Dates
Verification reference as needed.

             Member Plan             A Member can review and reference his or her plan coverages to
             Coverages               make informed decisions on their healthcare journey.


                                     Specific plan coverage elements, including co-insurance, can be
             Co-Insurance
                                     stored, and referred to by the Member at their convenience.



                                     Specific plan coverage elements, including co-pays, can be stored,
             Co-Pays
                                     and referred to by the Member at their convenience.

Insurance
Eligibility
Specific plan coverage elements, including deductibles, can be
Deductibles
stored and referred to by the Member at their convenience.

             YTD Out-of-Pocket       Members can monitor YTD Out-of-Pocket costs and track deductible
             Totals                  satisfaction progress.

California Resident Privacy Notice
If you are a California resident, you may have the following rights with respect to the
personal information we process on your behalf:
• To request information about the categories of personal information we have
collected about you, the categories of sources from which we collected the
personal information, the purposes for collecting or sharing the personal
information, the categories of third parties with whom we have shared or sold
your personal information, and the specific pieces of personal information we
have collected about you.
• To request that we delete personal information that we have collected from you.
• To request that we correct inaccurate personal information that we maintain
about you.
• To opt out of the sale or sharing of your personal information.

California residents may exercise the above rights by:
Submitting a request to the following email SUPPORT@APPYHEALTH.COM
Only you, or someone legally authorized to act on your behalf, may make a verifiable
Member request related to your personal information. You may also make a verifiable
Member request on behalf of your minor child.

We may ask you to provide us with information necessary to reasonably verify your
identity before responding to your request. We may require you to use your email
address in order to perform such verification. We will consider all requests and provide
our response within the time period required by applicable law. Please note, however,
that certain information may be exempt from such requests. If we deny your request in
whole or in part, you may have the right to appeal the decision. In such circumstances,
we will provide you with information regarding the appeals process.

Response Timing and Format

We endeavor to respond to a Member request within forty-five (45) days of its receipt. If
we require more time (up to 90 days), we will inform you of the reason and extension
period in writing.

Any disclosures we provide will only cover the 12-month period preceding the Member
request’s receipt. The response we provide will also explain the reasons we cannot
comply with a request, if applicable.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users
(Members) of our Sites that are California residents to request certain information
regarding our disclosure of personal information to third parties for their direct marketing
purposes in particular: Members who are residents of California may request (i) a list of
the categories of personal information disclosed by us to third parties during the
immediately preceding calendar year for those third parties’ own direct marketing
purposes; and (ii) a list of the categories of third parties to whom we disclosed such
information. To make such a request, please write us at: Chief Compliance Officer,
Appy Health Inc., 526 Kingwood Drive, B380, Kingwood, TX 77339. We may require
additional information from you to allow us to verify your identity and we are only
required to respond to requests once during any calendar year.

XVI. MINORS

The Sites are intended for a general audience and are not intended for minors under the
age of eighteen. Appy Health does not wish to obtain any information from or about
such minors through the Sites. If you are under eighteen years old, do not use the Sites.

We do not knowingly gather personal information (as defined by the U.S. Children’s
Privacy Protection Act, or “COPPA”) about children under the age of 13. If you are a
parent or guardian and you believe we have collected information from your child in a
manner not permitted by law, contact us using the information in the “Contact” section
below. We will remove the data to the extent required by applicable laws.
We do not knowingly “sell,” as that term is defined under the CCPA, the personal
information of minors under 16 years old who are California residents.

XVII. INTERNATIONAL TRANSFER

We are based in the U.S. and the information we collect is governed by U.S. law. If you
are accessing the Sites from outside of the U.S., please be aware that information
collected through the Sites may be transferred to, processed, stored, and used in the
U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may
be different from those of your country of residence. Your use of the Sites or provision
of any information therefore constitutes your consent to the transfer to and from,
processing, usage, sharing, and storage of information about you in the U.S. and other
jurisdictions as set out in this Policy.

XVIII.UPDATES TO THIS PRIVACY POLICY

We reserve the right to make updates and revisions to this Policy at our discretion and
at any time. When we make changes to this Policy, we will post the updated notice
on http://www.appyhealth.com/and update the effective date. Any changes will be
effective as of the “Effective” date. Your continued use of our Sites following the posting
of changes constitutes your acceptance of such changes.

XIX.CONTACT

If you have any questions or comments about this Policy, the ways in which Appy Health collects
and uses your information described here, your choices and rights regarding such use, or you wish
to exercise your rights under an applicable state law, please contact us by:
• Submitting a request to the following email SUPPORT@APPYHEALTH.COM

Writing to:
Appy Health, Inc.
Attn: Chief Compliance Officer
526 Kingwood Drive, B380
Kingwood, TX 77339

If you have a disability and would like to access this Policy in an alternative format, please email
SUPPORT@APPYHEALTH.COM

Response Timing and Format

We endeavor to respond to a Members request within forty-five (45) days of its receipt. If we require more
time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the Memner request’s receipt.
The response we provide will also explain the reasons we cannot comply with a request, if applicable.