WEBSITE PRIVACY POLICY – HEXIS MD, INC.

WEBSITE PRIVACY POLICY – HEXIS MD, INC.

Last revised: April 29, 2024

Your Information. Your Rights. Our Responsibilities.

This notice describes how medical information about you may be used and disclosed and
how you can get access to this information. Please review it carefully.

1. INTRODUCTION
   

This Privacy Policy describes how HexisMD, Inc. collects and uses Personal Data about you through the use of our website and through email, text,
and other electronic communications between you and the Company.

HexisMD, Inc. (“HexisMD,” the “Company”, “we,” “our,” or “us”) respects your privacy,and we are committed to protecting it through our compliance with this policy.

This Privacy Policy (our “Privacy Policy”) describes the types of information we may collect from you during an office visit or that you may provide when you visit the website www.hexismd.com (our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE OUR SERVICES.

2. THE INFORMATION WE COLLECT AND THE SOURCES OF SUCH INFORMATION

We obtain information about you through the means discussed below when you use our Services. Please note that we need certain types of information so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use part or all of our Services.

3. INFORMATION YOU PROVIDE TO US

We collect a variety of information that you provide directly to us. For example, we collect information from you through:

• • Account  and product registration and administration of your account
  • Facilitation of your information to/from third-party Medical Practices and Pharmacy(s) for purposes of processing your request for a medical examination with a Medical Professional as well as facilitation of orders and requests for products necessary to treat the medical conditions
  • Questions, communications, or feedback you submit to us via forms or email
  • Your participation in research and surveys
  • Requests for customer support and technical assistance

The specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you includes:

• Name, address, telephone number, date of birth, and email address
• Information about your medical conditions, prescriptions, and other related health information
• Log-in credentials, if you create an account
• Billing information, such as shipping address, credit or debit card number, verification number, expiration date, and identity verification information, collected by our payment processors on our behalf
• Information about purchases or other transactions with us
• Information about your customer service and maintenance interactions with us
• Demographic information such as your gender and age
• User-generated content you post in public online forums on our Services
• Any other information you choose to directly provide to us in connection with your use of the Services.

4. INFORMATION WE COLLECT THROUGH AUTOMATED MEANS

We collect certain information about your use of the Services and the devices you use to access the Services, as described in this Section. As discussed further
below, we and our service providers (which are third party companies that work on our behalf), may use a variety of technologies, including cookies and similar tools, to assist in collecting this information.

Our Services.
When you use our Services, we collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar information.

Location Information.
When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and or postal code associated with an IP address) from your computer or mobile device. This information allows us to enable access to content that varies based on a user’s general location (e.g., to provide you with accurate sales tax information and to deliver content customized to your location). We will ask your permission before collecting your precise GPS location information. In such instances, we will use your precise geo-location information to provide customized services, content, promotional offers and other information that may be of interest to you. If you no longer wish for us and our service providers to collect and use GPS location information, you may disable the location features on your device. Please see your device manufacturer settings.

Our Use of Cookies and Similar Online Tools.
To collect the information discussed in this Section, we and our service providers use web server logs (files where website activity is stored), cookies (small text files placed on your computer or mobile device when you visit a site, that enables us to recognize your computer/device, store your preferences and settings, understand the parts of the Website you have visited and used, enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests, perform searches and analytics, and assist with security and administrative functions), tags, SDKs (a set of tools and/or code that we embed in our Services and software to allow third parties to collect information about how users interact with our Services), tracking pixels (tiny electronic tags with a unique identifier embedded in websites, online ads and/or email that are designed to collect usage information like ad impressions or clicks and email open rates, measure popularity of the Services, and access user cookies), and other similar tracking technologies. We use these technologies to offer you a more tailored experience.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.

5. PURPOSES FOR HOW WE USE YOUR INFORMATION

In connection with providing you with the Services, we may use your information for our business purposes to:

• • Carry out, improve, and manage the Services and, as applicable, facilitate the provision of health care services to you by Medical Practices and/or Medical Professionals, Pharmacy(s) or other health care providers and ensure that the physicians or health care providers have the services and support necessary for health care operations.
  • Engage in internal research to understand the effectiveness of our Services, improve our Services, and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified.
  • Communicate with you about the Services, your use of the Services, or your inquiries related to the Services and send you communications on behalf of Medical Practices and/or Medical Professionals, Pharmacy(s) or other health care providers utilizing the Services to meet your needs.
  • Communicate with you by email, postal mail, or phone about surveys, promotions, special events or our Services and those of our subsidiaries, affiliates, and parent companies and any of their related businesses and those of our third-party partners.
  • Provide you with technical support and customer service.
  • Verify your identity and administer your account, including processing your payments and fulfilling your orders.
  • Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.
  • Measure or understand the effectiveness of advertising and content we serve to you and others, and to deliver and customize relevant advertising and content to you. • Help us better understand your interests and needs, such as by engaging in analysis and research regarding use of the Services.
  • Comply in good faith with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others. • Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.

Combined Information.
For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use and share such combined information in accordance with this Privacy Policy.

Aggregate/De-Identified Data.
We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors.

6. NOTICE OF PRIVACY PRACTICES

THIS SECTION DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Protection of Protected Health Information (“PHI”).

Use and Disclosure of PHI.
The following categories explain the types of uses and disclosures of PHI that the Company may make.

For the Services– The Company may receive, transmit, use or disclose PHI for facilitation of your treatment with the Medical Practices and/or Medical Professionals, Pharmacy(s) or other health care providers, including disclosure to such healthcare providers who provide you with health care services.

For payment– The Company may use or disclose PHI to bill and collect payment for Services.

De-identified Information and Limited Data Sets– The Company may use and disclose health information that has been “de-identified” by removing certain identifiers making it unlikely that you could be identified. The Company also may disclose limited health information, contained in a “limited data set”. The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address.

Changes to the Notice of Privacy Practices.
The Company reserves the right to make changes to this notice and to our privacy policies from time to time.

7. ONLINE ANALYTICS

Online Analytics.
We may use third-party web analytics services (such as those of Google Analytics (including Google Signals, Google User-ID, and other Google Analytics features) and MixPanel) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; try to locate the same unique users across multiple browsers or devices to better tailor services and features; and provide certain features to you. If you have a Google account with personalized advertising enabled, through Google Signals, Google will also be able to gather for us analytics and engagement information from across the various devices you use to access the Services. To prevent Google from using your information for analytics (including cross-device tracking for personalization purposes), you may install the Google Analytics Opt-out Browser Add-on by clicking here. And to opt out of Google Signals, please open your “Settings” app, locate and tap “Google,” select “Ads,” and turn ON “Opt out of Ads Personalization.” You may also be able to disable cross device tracking through your Android or Apple device-based settings.

Notice Concerning Do Not Track.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.

8. HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We may share your information for our business purposes in the following ways:

Service Providers.
We provide access to or share your information with Medical Practices and/or Medical Professionals, Pharmacy(s) or other health care providers who use the information to perform services on your behalf to facilitate the Services.

Protection of the Company and Others.
By using our Services, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce our Terms of Use, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of the Company, its agents and affiliates, its users and/or
the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.

Business Transfers.
As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with
such restrictions.

Consent.
We may also disclose your information in other ways you direct us to and when we have your consent.

Aggregate/De-Identified Information.
We reserve the right to create Aggregate/De-Identified Data from the information we collect through our Services and our sharing of such Aggregate/De Identified Data is in our discretion.

9. THIRD PARTY SERVICES AND NOTICE ABOUT HEALTH INFORMATION

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices, including data privacy and security process
and standards of any third parties, including Medical Practices and/or Medical Professionals, Pharmacy(s) or other health care providers, the manufacturer of your mobile device and other IT hardware and software, and any other third-party mobile application, website, or service to which our Services may contain a link. These third parties may at times gather information from or about you. We have no control over the privacy practices of these third parties. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.

10. HOW WE PROTECT YOUR INFORMATION

The Company takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. As such, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services or via the Internet and that any such transmission is at your own risk. Further, we are not responsible for circumvention of any privacy settings or security measures of our Services. You should not expect, that your information or voice or data transmissions will always remain private, and we do not guarantee the performance or adequacy of our privacy settings or security measures. In the event that an unauthorized third party compromises our security measures, to the greatest extent afforded by law, we will not be responsible for any damages, directly or indirectly, caused by an unauthorized third party’s ability to view, use or disseminate your information. Where we have given you (or where you have chosen) a password that enables you to access our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The information you share in public areas may be viewed by any user of our Services.

11. CHILDREN’S INFORMATION

If you are below the age of 18, you are not permitted to use the Services. We do not knowingly collect personally identifiable information from children under 18. If we learn that we have inadvertently gathered personal information from a child under 18, we will take reasonable measures to promptly remove that information from our records.

12. LOPERATIONS OF OUR SERVICES IN THE UNITED STATES

Our Services are operated in the United States. Your information may be processed by us in the country where it was collected as well as other countries (including the United States) where laws regarding processing of your information may be less stringent than the laws in your country. By using our Services or providing us with your information, you consent to this transfer and processing.

13. YOUR NEVADA RIGHTS POLICY

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity; however, if you are a Nevada resident who has purchased services from us, you may submit a request to opt out of any potential future sales under Nevada law by customercare@hexismd.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change

14. YOUR CALIFORNIA RIGHTS POLICY

Individuals who are residents of California and have provided information to us may request certain information regarding our disclosure of Your Information to third parties for direct marketing purposes. Such requests must be submitted to us in writing at customercare@hexismd.com. California privacy rights requests must include the reference “Request for California Privacy Information” on the subject line and in the body of the message and must include the email address or mailing address, as applicable, for us to send our response. This request may be made no more than once per calendar year. We reserve the right not to respond to requests
submitted other than to the address specified above.

15. RETENTION OF YOUR INFORMATION

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

16. YOUR RIGHTS TO YOUR HEALTH INFORMATION

When it comes to your health information, you have certain rights.
This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record

• • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
  • We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your medical record

• • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

• • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • We will say “yes” to all reasonable requests.

Ask us to limit what we use or share

• • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

• • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

• • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights are violated

• • You can complain if you feel we have violated your rights by contacting us using the contact information at the bottom of this Privacy Policy.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
  • We will not retaliate against you for filing a complaint.

17. REVISIONS TO OUR PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Policy accessible through our Services, so you should review it periodically. The date this Privacy Policy was last revised is identified at the top of the document. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. If we make a material change to the Privacy Policy, we will provide you with appropriate notice in accordance with legal requirements. Your continued use of our Services after such amendments (and notice, where applicable) will be deemed your acknowledgment of these changes to this Privacy Policy.

18. CONTACTING US

If you have any questions about this Privacy Policy, please contact us at: customercare@hexismd.com. or at 1-800-480-4405.