Biofourmis Privacy Policy

THIS PRIVACY POLICY AND NOTICE (“NOTICE”) DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice is related solely to the Biofourmis Service and is different from a Notice of Privacy Practices governing any health care services you may receive from your health care providers.

This Notice is being provided to you by Biofourmis Inc., a company incorporated in Delaware ("Biofourmis", "us", "we" or "our"). We discover, develop and deliver clinically-validated software-based therapeutics for complex chronic conditions to provide better outcomes for patients and advanced tools for clinicians to deliver personalized care and cost-effective solutions.

This Notice applies to our or any third party wearable medical devices that are used in conjunction with our Software (as defined below) (each a "Device" and collectively the “Devices”), the Biovitals™ DTx platform or any other software that we make available to you (“Software”), the Biofourmis web applications and mobile applications (each an “App” and collectively the “Apps”) and all of the services available therein (collectively referred to in this Notice as the “Biofourmis Service”) that may be provided by one or more of our affiliates.

Biofourmis contracts with and provides services to various health care providers, which are “covered entities” under the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”). At the heart of Biofourmis is our Biovitals™ Analytics Engine, which predicts clinical exacerbation in advance of a critical event. It allows clinicians to deliver more personalized care and enables better patient outcomes. Biofourmis is the owner and operator of the Biovitals Analytics Engine and of the other platforms and services that constitute the Biofourmis Service and does not provide healthcare services. We are required by law, as a “business associate” (as that term is defined under HIPAA) of our HIPAA covered entity clients, to maintain the privacy of “protected health information.” “Protected health information” or “PHI” includes any individually identifiable information that we obtain from you or others that relates to your past, present, or future physical or mental health, the health care you have received, or payment for your health care. Pursuant to the HIPAA business associate agreements that we enter into with our covered entity clients, we may use and disclose your PHI only in accordance with the rules and procedures set out in those business associate agreements.

This Notice provides you with information about our practices with respect to the privacy of your PHI. This Notice also discusses the uses and disclosures we may make with respect to your PHI. This Notice also describes the risks of using electronic communications and electronic storage of your health information. We reserve the right to change the terms of this Notice from time to time and to make the revised Notice effective for all PHI we maintain.

Any collection, use or disclosure of your PHI by our covered entity clients is not be governed by this Notice and any such collection, use or disclosure is subject to the relevant privacy policies or notices of such covered entities.

1. What information do we collect about you?

If you are a user of the Biofourmis Service, we may collect information that personally identifies you and the type of information collected depends on the type of user you are.

We will indicate if the collection and provision of certain categories of personal data is mandatory. For any such categories, we may not be able to provide you with access to the Biofourmis Service if you do not provide us with the required information.

Please see below for more details on the types of personal data that we may collect from you.

When you (as a patient) activate an App

When activating an App, you may be asked to enter PHI about yourself, such as user name, password and email address. Depending on the specific Device you use, it can also collect additional PHI data such as your heart rate, respiration rate, blood pulse wave and body temperature on an ongoing basis and transmit this data to our covered entity clients. We use this information to personalize your results provided under the Biofourmis Service – for example, to provide personalized health models which predict or signal health deterioration, health improvement and medication effect to your medical practitioner, hospital, etc. The type and categories of data collected depends on the Device that is used. To see the full list of data that your Device collects, please consult the brochures that were provided together with your Device or the App.

When you provide us with personal data through your Device, you represent to us that such personal data is your own and does not relate to a third party. The personalized Biofourmis Service provided to you will be based on such personal data. Therefore, please do not share your Device with anyone.

When you create a Biofourmis account

When you create a Biofourmis account, we ask for some personal data, including your name, email address and telephone number.

When you visit our Sites

Biofourmis collects industry standard data from everyone who visits our Sites — even if you don’t have a Biofourmis account. This includes log data that automatically records information about your visit, such as your browser type, operating system, the URL of the page that referred you, the different actions you performed, and the IP address you used to access pages on the Site. We use this type of information to provide you with an experience that’s relevant to your location based on the IP address, to prevent Site misuse, and to ensure the Site is working properly. We also collect data from cookies. To see the full list of cookies we use and how we use them, please read our Cookie Policy below.

When you sync your data

When you sync your data, your PHI recorded on your Device is transferred from your Device to our servers. This data is stored and used to provide the Biofourmis Service and is associated with your account. Each time you sync your PHI, we log data about the transmission. Some examples of the log data are the sync time and date, device serial number, device battery level, and the IP address used when syncing.

When you contact us for help

Whenever you contact Biofourmis for help, we collect your name and email address along with additional information you provide in your request so that we can provide you with assistance and improve the Biofourmis Service.

Information from third parties

We may obtain your PHI from third party sources (e.g. healthcare providers, insurance providers, etc.) that is necessary to provide you with the Biofourmis Service. Examples of such personal data we may obtain from third party sources include your name and contact details.

2. How we use your personal data

If you are a user of the Biofourmis Service

Biofourmis will process your PHI on behalf of the applicable covered entity client in accordance with the business associate agreement into which we enter with such covered entity client. Such business associate agreements generally enable us to use and disclose your PHI only to:

Provided that the business associate agreement that governs our use and disclosure of your PHI allows us to do so, we may (i) use some of your anonymized and de-identified data to research, understand and improve the Biofourmis Service; to troubleshoot the Biofourmis Service; to detect and protect against error, fraud or other criminal activity; and to protect the security or integrity of the Biofourmis Service; and (ii) use and disclosure your aggregated, de-identified data with partners and the public in a variety of ways, such as by providing medical or health-related research or reports. If we provide this information, we perform appropriate procedures so that the data does not identify you and we contractually prohibit recipients of the data from re-identifying it back to you.

3. Retention of your personal data

We will only retain your PHI for the period of time that is specified in the business associate agreement we have entered into with our covered entity client.

4. Access to your personal data

Pursuant to our business associate agreements with our covered entity clients, we must use protect your PHI in accordance with the provisions of such business associate agreements and with HIPAA, which includes applying certain administrative, technical and physical safeguards to ensure the privacy and security of your PHI.

Deletion of your account with us will not automatically delete the PHI held about you. If you would like to request that we delete all PHI together with the deletion of your account, please contact us at privacy@biofourmis.com. Our ability to comply with your deletion request is subject to any applicable legal, contractual or other requirement to maintain certain records of your PHI. In that regard, please note that the deletion of your PHI from our database will result in us not being able to provide you with the Biofourmis Service.

5. Storage and security of your personal data

We will maintain the security of your PHI and protect it from misuse, interference and loss and against unauthorized collection, copying, access, modification or disclosure in accordance with our business associate agreements with our covered entity clients and HIPAA. We will destroy any PHI we hold about you which is no longer required under the terms of this Notice. Where you have chosen a password to access the Biofourmis Service, you are responsible for keeping your password confidential. Do not share your password with anyone.

Due to the nature of the internet, we do not provide any guarantee or warranty regarding the security of your personal data during transmission to or storage by us and you acknowledge that you disclose your personal data to us at your own risk. Please contact us immediately if you become aware or have reason to believe there has been any unauthorized use of your personal data in connection with the Biofourmis Service.

The personal data you provide to us or that is disclosed to us by our covered entity clients may be transferred to and stored with a cloud service provider with servers that are located in various jurisdictions. Some of these countries may not have the same or substantially similar privacy laws than those of your home jurisdiction. In those circumstances, Biofourmis will ensure that recipients in those countries will provide you with a standard of protection that is at least comparable to the protection of your home jurisdiction.

6. Risks Associated with Electronic Communications and the Storing of Your PHI Electronically

We understand the importance of protecting your PHI and take our security obligations seriously. We take a number of steps to safeguard the privacy and security of your PHI. However, any device or application connected to the Internet is susceptible to a security breach, despite the level of administrative, technical, and physical safeguards employed. Additionally, the Biofourmis Service may include an option to communicate with your healthcare provider electronically or via SMS texting. This means that there is a risk that unauthorized persons may be able to access and read your PHI. By using the Biofourmis Services, you agree that you have read, understand, and accept this risk.

7. Cookie Policy

Some of the information that we collect will not personally identify you but will instead track your use of the Biofourmis Service or the Sites so that we can better understand how the Biofourmis Service is used by end users and in turn enhance and improve your experience in using the Biofourmis Service. This information can be obtained through the use of cookies. Cookies are a small data file transferred to your device that recognises and identifies your device and allows your device to 'remember' information for future use. We may collect technical information from your web browser or mobile device or your use of our services through a web browser or mobile device, for example, performance data about your device, carrier/operating system including device and connection type and IP address. Unless you have elected to remain anonymous through your device and/or the web browser, the abovementioned information may be collected and used by us automatically through your use of the Biofourmis Service or the Sites.

You have a number of options to control or limit how we and our partners use cookies and similar technologies, including for advertising.

The Sites do not respond to Do Not Track signals because we do not track our users over time and across third-party websites to provide targeted advertising. However, we believe that you should have a choice regarding interest-based ads served by our partners, which is why we outline the options available to you above.

8. Changes to our Privacy Policy/Notice

Biofourmis reserves the right to amend all or any part of this Notice. Any changes will be communicated to you through the Sites, Biofourmis Service and/or, where appropriate, through e-mail notification. Your continued use of the Site or the Biofourmis Service with us after any such changes are communicated to you constitutes your agreement to this Notice as amended.

9. Other Apps

The Apps or Sites may have links to other apps or websites. We are not responsible for the security or privacy of any information collected by such apps or websites and, while we do not permit those apps or websites to track your use of the Biofourmis Service or the Sites, we are unable to control whether such tracking mechanisms are implemented by those apps or websites. You should exercise caution and review the privacy statements applicable to the third-party websites and services you use. The use of online tracking mechanism by those third-party websites and services is subject to those third parties' own privacy policies, and not this Notice.

10. Effect of Notice

This Notice applies in conjunction with any other policies, notices, contractual clauses and consent statements that apply in relation to the collection, use and disclosure of your personal data by us.

11. Contact Us

All comments, queries and requests relating to our use of your personal data are welcomed and should be addressed to our Privacy Officer at privacy@biofourmis.com. If you believe that your privacy rights have been violated, please contact us We will not take action against you for filing a complaint. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services at:

https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.

This Notice is effective as of February, 2023.