iHealth Privacy Policy

Last modified: June 3, 2024

1. Introduction

iHealth Labs, Inc.,(“iHealth,” or“we,” or “our,” or “us”) respects your privacy, and we are committed to protecting it through our compliance with this policy.This Privacy Policy (our “Privacy Policy”) explains our practices regarding the collection, use maintenance, protection and disclosure of certain information in connection with use of our websitehttps://www.ihealthlabs.com (our “Website”) and our mobile application (our “Application”), devices, products, services, portals, and other related materials and technologies (collectively with the Website and Application, our “Services”)

NOTE, IHEALTH IS NOT A MEDICAL GROUP. ANY TELEMEDICINE CONSULTS OBTAINED THROUGH OUR WEBSITE, APPLICATION OR SERVICES ARE PROVIDED BY INDEPENDENT MEDICAL PRACTITIONERS (EACH, A “PROVIDER”). YOUR PROVIDER IS RESPONSIBLE FOR PROVIDING YOU WITH A NOTICE OF PRIVACY PRACTICES DESCRIBING ITS COLLECTION AND USE OF YOUR HEALTH INFORMATION, NOT IHEALTH. IF YOU DO NOT AGREE TO BE BOUND BY THOSE TERMS, YOU ARE NOT AUTHORIZED TO ACCESS OR USE OUR WEBSITE, APPLICATION, OR SERVICES, AND YOU MUST PROMPTLY EXIT OUR WEBSITE OR APPLICATION. IN THE EVENT OF A CONFLICT BETWEEN THIS PRIVACY POLICY AND THE NOTICE OF PRIVACY PRACTICES, THE NOTICE OF PRIVACY PRACTICES SHALL PREVAIL.

This policy applies to information we collect:

• On our Website and Application;
• hrough our Services;
• through telephone, email, video, text, and other electronic messages between you and our Services;
• when you interact with our advertising and applications on third party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

• us through any other means, including on any other website operated by iHealth or any third party;
• any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use our Services. Where you access or use our Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

2. Children Under the Age of 18

We do not knowingly collect personal information from children under the age of 18 without consent from their parents or legal guardians. If you are under the age of eighteen (18) and wish to create an account with iHealth, your parent or legal guardian must create the account, submit your personal information, and agree to our Terms of Use and this Privacy Policy on your behalf. If you are under the age of 13, you may only use our Services and access our Website and Application with the supervision and consent of your parents or legal guardians, including the Provider consultation services. If we learn that we have collected personal information from someone under the age of 13 that was not provided with the supervision and consent of the minor’s parents or legal guardian, we will promptly delete that information. If you believe we have impermissibly collected personal information from someone under the age of 13, please contact us at support@iHealthlabs.com or call us at (855) 816-7705.

California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see State Specific Privacy Rights in Section 10 for more information.

3. Information We Collect About You and How We Collect It

Generally
We collect several types of information from and about users of our Services, specifically information:

• by which you may be personally identified, such as name, postal address, telephone number, email address, date of birth, gender, health and medical information, credit card or debit card number (for product purchases) (“Personal Data”); and
• about your Internet connection, the equipment you use to access our Website, Application or use our Services and usage details, such as traffic data, logs, referring/exit pages, date and time of your visit to our Website, or use our Application or Services, error information, clickstream data, and other communication data and the resources that you access and use our Website, Application or Services.

We collect this information:

• directly from you when you provide it to us, for example, when you use our remote patient monitoring devices to obtain your biometric information, such as your pulse rate, oxygen saturation, glucose levels, temperature and weight;
• automatically as you navigate through the Website and Application. Information collected automatically may include usage details, IP addresses, and information collected through cookies; and
• From third parties, for example, from your Provider, or a clinic or hospital in which you are receiving health care (a “Facility”).

Information You Provide to Us
The information we collect on or through our Service includes information that you provide to us or grant us access to when you use our Services and the details of transactions you carry out through our Website or Application and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website or Application. Your Provider or Facility may provide us with your medical history and communications between you and your Provider, including but not limited to information collected in the course of providing support or monitoring related to an individual’s use of the Services, such as biometric information collected through our digital health technologies, surveys, photographs taken and uploaded to the Services by you, or during the audio or video communications with your Provider.

The information we collect through the Services may be maintained or associated with Personal Data we collect in other ways or receive from third parties, such as your Provider or Facility.

Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website and Application, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns:

• Usage Details. Details of your visits to our Website and Application, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Website and use of our Application, error information, clickstream data, and other communication data and the resources that you access and use on the Website and Application;
• Device Information. Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and Application version information;
• Stored Information and Files. Where video files and photographs are submitted through the Application, the Application collects metadata and other information associated with those photographic and videographic images; and
• Real-time Location Data. The Application collects real-time information about the location of your device. If you do not want us to collect this information do not download the Application or delete it from your device. For more information, see Choices About How We Use and Disclose Your Information

The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). We may use cookies to receive and store certain types of information whenever you interact with our Website and Application through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Website or Application. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website or Application. 
• Analytics Services. We use Mixpanel, a web and mobile application analytics service provided by Mixpanel, Inc. (“Mixpanel”) to collect certain information relating to your use of the Application. Mixpanel is integrated into our Application to help us analyze how users use the Application.
• Hotjar. Our Website uses Hotjar’s services, a third party service provider, which records a user’s activities on our Website to help us better understand our users experience. For example, Hotjar records your interaction with our Website through your keyboard strokes, mouse movements and clicks, and how you scroll across multiple pages to find out how our user’s interact with different features and elements. This information enables us to build and maintain our Website and Services with user feedback. Hotjar uses cookies, session recording and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link. You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this"Do Not Track" link.

Information We Collect From Third Parties

• Account information for third party services. If you provide your third-party account credentials to us or otherwise sign in to the service through a third party site or service, you understand some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us if you authorize such transmissions, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy; for example, information from your public profile, if the third party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third party service.
• Information from Providers. We may request from your Provider or a Facility where you are receiving care. Your coverage, benefit, and related information on your behalf in order to provide the Service to you. Such requests do not include reviewing any prior authorization, referral, or medical necessity requirements.
• Information from our service providers. We receive information collected by third parties about your use of the Services. For example, we may use analytics service providers to analyze how you interact and engage with the Service, so we can learn and make enhancements to offer you a better experience. Some of these entities may use cookies, web beacons and other technologies to collect information about your use of the Service and other websites, which may include tracking activity across time and unaffiliated properties, including your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. Third parties may also help us provide you with customer support, and provide us with information so that we may help you use our Service.

4. How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Data:

• to provide, process, fulfill, support, and administer Services ordered by you or your Provider or Facility;
• to present our Website and Application and their contents to you;
• to provide you with information, devices, products, or services that you or your Provider or Facility requests from us;
• to process, fulfill, support, and administer transactions and orders for devices, products and Services ordered by you;
• to provide you with notices about your iHealth account;
• to administer surveys about our Services;
• to fulfill any other purpose for which you provide it;
• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us or your Provider or Facility and us, including for billing and collection;
• in any other way we may describe when you provide the information; and
• for any other purpose with your consent.

We may also use your information to contact you about devices, products and Services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications. For more information, see Choices About How We Use and Disclose Your Information.

Some information iHealth collects constitutes protected health information (“PHI”) under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”). As set forth above, your Provider or Facility will provide you with a Notice of Privacy Practices describing its collection, use, and disclosure of your health information. iHealth will use and disclose PHI only as permitted in accordance with the Notice of Privacy Practices and we only collect the PHI we need to fully perform our Services and to respond to you or your Provider or Facility. We may use your PHI to contact you to the extent permitted by law, to provide requested services, to provide information to your insurers, to obtain payment for our services, to respond to your inquiries and requests, and to respond to inquiries and requests from your insurers. We may combine your information with other information about you that is available to us, including information from other sources, such as from your insurers, in order to maintain an accurate record of our participants. PHI will not be used for any other purpose, including marketing, without your consent.

5. Use of AI

iHealth uses AI-powered chat tools to enhance customer service, support staff and our mobile application. iHealth’s AI-powered tools are used only as a knowledge base for our staff to better assess and help verify symptoms shared through our Application and , increase administrative efficiency. Staff are trained to manage AI outputs effectively.

Our customer interacting tool is used to help answer frequently prompted queries, for coordinated scheduling and to provide real-time assistance. iHealth’s AI-powered tool is not a human doctor or medical professional, nor does it replace a human medical professional. All AI interactions are monitored by human supervisors to ensure accuracy and appropriate responses.

Customers and staff will be notified when interacting with AI tools. All quoted information shared by AI is cited, and verified by staff. Personal data is collected and processed in compliance with privacy laws, ensuring data security and confidentiality. We monitor and improve our AI systems, including feedback and the technical advancements made in Artificial Intelligence to better serve our staff and our users. Users can provide feedback and appeal AI-based decisions to human reviewers at support@iHealthlabs.com . Procedures are in place for reporting and correcting errors in our process.

Our AI tools are regularly evaluated to ensure fair and equitable treatment for all users. iHealth fosters a culture that is committed to preventing discrimination and bias in our company as well as our tools. Our AI-powered tools comply with all relevant federal, state, and local regulations, including the guidelines provided by the Department of Health and Human Services for AI in public benefit programs.

Staff is capable of overriding our AI customer-interfacing tool at the request of customers. Customers and staff can opt-out of interacting with AI tools at any time and request human assistance.

6. Disclosure of Your Information

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this privacy policy:

• to a Provider, Facility and/or healthcare team for healthcare purposes;
• to our affiliates, contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. The services provided by these organizations include providing IT and infrastructure support services;
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by iHealth about the users of our Services are among the assets transferred;
• for any other purpose disclosed by us when you provide the information; and
• with your consent.

We may also disclose your Personal Data:

• to comply with any court order, law, or legal process, including to respond to any government or regulatory request; and
• to enforce or apply our Terms of

  Usehttps://ihealthlabs.com/pages/terms-and-conditionsand other agreements, including our agreements with your Provider or Facility including for billing and collection purposes; and

• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of iHealth, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

7.Choices About How We Use and Disclose Your Information

We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.

In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

California residents may have additional personal information rights and choices. Please see State Specific Privacy Rights for more information.

8.Your Rights Regarding Your Information and Accessing and Correcting Your Information

You can review and change your Personal Data by logging into our Website or Application and visiting the profile page of our Application or Website. You may also notify us through theContact Informationbelow of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

California residents may have additional personal information rights and choices. Please see State Specific Privacy Rights for more information.

With respect to any PHI iHealth may obtain, you have certain rights under HIPAA to access your data, to restrict use and disclosure of it, to request communication methods, to request corrections to your data, to receive an accounting of disclosures and to receive notice of any breach. See iHealth’s Notice of Privacy Practices for more information.

9. Do Not Track Signals

Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, but we currently do not use automated data collection technologies to collect information about your online activities over time and across third party websites or other online services (behavioral advertising).

10. Data Security

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.

The safety and security of your information also depends on you. Where you have chosen a password for the use of our Website or Application, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through our Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in our Services.

11. State Specific Privacy Rights

The law in some states may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these states, please see the privacy addendum for your state that is attached to this Privacy Policy.

12. Changes to Our Privacy Policy

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Services. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you.

13. Contact Information

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below.

How to Contact Us:

iHealth Labs, Inc.

880 W. Maude Ave.

Sunnyvale, CA 94085

Telephone: (855) 816-7705

Email:support@iHealthlabs.com

iHealth Privacy Addendum for California Residents

Effective Date:August 2, 2021

Last Reviewed on: August 4, 2023

This Privacy Addendum for California Residents (“Privacy Addendum”) supplements the information contained in the iHealth Privacy Policy that this is attached to and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”), as amended, and any terms defined in the CCPA have the same meaning when used in this notice. Personal Information that is regulated under the CCPA may represent a limited portion of Personal Data as described in the iHealth Privacy Policy; therefore, this Privacy Addendum applies solely to the Personal Information as defined below. We may update this Privacy Addendum for California Residents as necessary and in the event of changes in the CCPA. Note that this notice does not apply to our personnel. Please contact your supervisor if you are personnel and would like additional information about how we process your personal information.

INFORMATION WE COLLECT

Our Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, iHealth collects and has collected Personal Information through its Services from its consumers, as provided below.

Categories of Personal Information iHealth has collected in the preceding 12 months:

• Identifiers (e.g., name, mailing address, email address, unique personal identifier, online identifier, Internet Protocol address (IP address), or other similar identifiers)
• Personal Information categories listed in the California Customer Records statute (e.g., name, address, telephone number, bank account number, credit card number, debit card number, medical information, or health insurance information. Note, some of this information may overlap with other categories)
• Protected classification characteristics under California or federal law (e.g., age (40 years or older), race, color, ancestry, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions)
• Commercial information (e.g., records of products purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
• Biometric information (e.g., physiological and biological characteristics, or other identifier or identifying information, such as, physical patterns, and sleep, health, or exercise data)
• Internet or other similar network activity (e.g., browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement)
• Geolocation data (e.g., physical location or movements)
• Inferences drawn from other Personal Information (e.g. profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes)

Personal Information does not include information that is: (a) publicly available information from government records; (b) deidentified or aggregated consumer information; or (c) certain information excluded from the scope of CCPA, including health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA).

Categories of sources from which iHealth has collected Personal Information:

• Directly from you. For example, from forms you complete when using our Services
• Indirectly from you. For example, from our operating systems and platforms
• Service providers
• Business partners who we partner with to offer our Services, such as your Provider or a Facility where you are receiving care

USE OF PERSONAL INFORMATION

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

• To fulfill or meet the reason you provided the information. For example: if you share your name and contact information to ask a question about our products, we will use that Personal Information to respond to your inquiry. We may also save your information to help you check out faster and to provide recommendations for future purchases.
• To provide, support, develop and improve our Services and products.
• To create, maintain, and secure your account with us.
• To process your requests, purchases, transactions, and payments and prevent transactional fraud.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and to monitor and improve our responses.
• To help maintain the safety, security, and integrity of our Services and products, databases and other technology assets, and business.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• Undertaking internal research for technological development and demonstration.
• As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of iHealth assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by iHealth about our customers are among the assets transferred.

iHealth will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

SHARING PERSONAL INFORMATION

We do not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate your Personal Information to another organization for monetary or other valuable consideration. However, iHealth may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We share your Personal Information with the following categories of third parties:

• Service providers
• Business partners, such as your Provider or a Facility where you are receiving care

Disclosures of Personal Information for a business purpose:

In the preceding twelve (12) months, iHealth has disclosed the following categories of Personal Information for a business purpose:

• Identifiers
• California Customer Records Personal Information categories
• Protected classification characteristics under California or federal law
• Commercial information
• Biometric information
• Internet or other similar network activity
• Geolocation data
• Inferences drawn from other Personal Information

We disclose your Personal Information for a business purpose to the following categories of third parties:

• Service providers.
• Business partners, such as your Provider or a Facility where you are receiving care

Sales of Personal Information:

We do not sell your Personal Information. In the preceding twelve (12) months, iHealth had not sold any Personal Information.

YOUR RIGHTS AND CHOICES

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Access request rights

You have the right to request that iHealth disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will disclose to you:

• The categories of Personal Information we collected about you.
• The categories of sources for the Personal Information we collected about you.
• Our business or commercial purpose for collecting that Personal Information.
• The categories of third parties with whom we share that Personal Information.
• The specific pieces of Personal Information we collected about you.
• If we disclosed your Personal Information for a business purpose, the Personal Information categories that each category of recipient obtained.

Deletion request rights

You have the right to request that iHealth delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:

• Calling us at (855) 816-7705; or
• Emailing us at support@iHealthlabs.com.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf (an “Authorized Representative”), may make a verifiable consumer request to access or delete your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request to access or delete must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an Authorized Representative. Before completing your request, we will verify that the request came from you by asking you one or more knowledge-based questions about you.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. With few exceptions, we will only review and fulfill a request from your Authorized Representative if (a) you grant the Authorized Representative written permission to make a request on your behalf, (b) you or the Authorized Representative provides us notice of that written permission, and (c) we are able to verify your identity in connection with that notice and the request.

Making a verifiable consumer request does not require you to create an account with us.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to the contact information you provided in that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data access requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

We do not sell the Personal Information of consumers and therefore do not provide any opt-in or opt-out capabilities on our Services or otherwise.

NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

CHANGES TO OUR CALIFORNIA ADDENDUM

We reserve the right to amend this Privacy Addendum at our discretion and at any time. When we make changes to this Privacy Addendum, we will post the updated notice on the Website and update the notice’s effective date.Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

CONTACT INFORMATION

If you have any questions or comments about this Privacy Addendum, the ways in which iHealth collects and uses your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone:(855) 816-7705

Email:support@iHealthlabs.com

Postal Address:

iHealth Labs, Inc.

ATTN: Mingwei Guan, Corporate Compliance Officer

880 W. Maude Ave.

Sunnyvale, CA 94085