Last Modified: July 12, 2023

Healia, Inc. ("Healia", the "Company", "us", "we", or "our") takes your privacy very seriously. Please read this privacy Policy ("Policy") carefully, as it contains important information on who we are, and how and why we collect, store, use, and share your personal information that we obtain when you access and any website owned, operated or powered by the Company, which includes any and all services, information, content, features, functionality and tools available on or through such website (the "Website"). It also explains your rights in relation to your personal information and how to contact us in the event you have a complaint.

Your use of our Website is also governed by our Terms of Service (the "Terms of Service"), any additional terms made available to you in connection with certain features, functionality, tools, content and promotions available on or through the Website ("Supplemental Terms"), and any and all policies and rules referenced herein or therein, posted on the Website, or otherwise communicated to our Users (the "Website Policies"). To the extent that a provision of the Terms of Service, Supplemental Terms or Website Policies conflicts with this Privacy Notice, such provision shall control.

Please read this Privacy Notice carefully before you use our Website or communicate with us.

BY ACCESSING OR USING OUR WEBSITE OR COMMUNICATING WITH US OUTSIDE OF THE WEBSITE, YOU ARE ACCEPTING AND CONSENTING TO THE PRACTICES DESCRIBED IN THIS PRIVACY NOTICE, WHICH MAY BE UPDATED AND AMENDED FROM TIME TO TIME. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY NOTICE, YOU MUST NOT ACCESS OR USE OUR WEBSITE OR OTHERWISE COMMUNICATE WITH US.

Information We Collect

We collect information that you provide directly to us, including when you register for an account, use the Website and its services, respond to a survey or provide other feedback about the Website, or contact us with questions or comments about the Website.

Personally Identifiable Information

Some of the information we collect through your use of our Website or communications with us may personally identify you ("Personally Identifiable Information"). The types of Personally Identifiable Information you may submit in connection with use of the Website may include, but are not limited to:

Information Generated from Use of the Website

We also collect certain technical information when you access, browse and use our Website, including information that we automatically receive and record from your browser or mobile platform on our server logs. This technical information helps us operate and provide our Website to you, and includes standard information about visits and system capabilities, such as:

Technical information from your use of the Website is treated as "Non-Personally Identifiable Information," unless it is combined with Personally Identifiable Information, or unless otherwise required by applicable law.

Information from Other Sources

We may receive certain information about you from the organizations or entities on behalf of which we provide the Website to you and/or on behalf of which you access or use the Website. We may also supplement the technical information we collect from your use of the Website with information collected by third parties.

Information from Other Sources

Personally Identifiable Information

We may use the Personally Identifiable Information we collect, to:

• create and manage your account;
• provide the Website to you;
• operate our Website, including, without limitation, providing quotes, and submitting and monitoring health insurance applications, access management, payment processing, Website administration, internal operations, troubleshooting, data analysis, testing, research, statistical and survey purposes;
• send you information that enables you to use our Website;
• contact you about activity on your account;
• provide you access to, and updates regarding health insurance and other related offers via text message;
• respond to your requests, feedback or inquiries;
• notify you about updates, information, or alerts regarding our Website;
• protect and enforce our rights and the rights of other Users against unlawful activity, including identify theft and fraud, and other violations of our Terms of Service;
• protect and enforce our rights arising under any agreements entered into between you and us, including billing and collection;
• protect the integrity and maintain the security of our Website, including secured areas of the Website;
• operate, evaluate and improve our business, including conducting surveys and market research, developing new products, services, and promotions (such as, for example, special events, programs, offers, contests), analyzing, enhancing and marketing existing products, services, and promotions, managing our communications; performing accounting, auditing, and other internal functions;
• provide you with information and advertisements about products, services, and promotions, from us or third parties, that may interest you; and
• administer your participation in such products, services, and promotions.
• aggregate the data with similar data from other users in an anonymized manner ("Anonymized Data").

In addition, we may use your information as described in any notice provided at the time you provide the information and for any other purpose for which you may provide consent.

Non-Personally Identifiable Information

In addition to the uses described above, we may also use Non-Personally Identifiable Information to:

• deliver content (including advertising) tailored to your interests and the manner in which you use our Website;
• present content in a manner that is optimized for your device; and
• measure and analyze the effectiveness of advertising we serve you.

We may also combine technical information about your use of our Website with information that we obtain from other users to use in an aggregate or anonymous manner for similar purposes.

How Information May Be Shared

Personally Identifiable Information

We will not sell or share your Personally Identifiable Information with third parties for the third party's own direct marketing purposes without your express consent. We may share your Personally Identifiable Information with:

• the organizations or entities on behalf of which we are providing the Website to you and/or on behalf of which you access or use the Website, such as your employer, and other companies associated with those organizations or entities in order to enable their systems to operate with the Website;
• your licensed insurance agent, if applicable;
• our service providers to the extent reasonably necessary to enable us operate our business and provide our Website to you, as described in this Privacy Notice (e.g., to an e-mail service provider in order to enable us to e-mail you);
• a buyer or other successor in interest to the Company in the event of a merger, divestiture, restructuring, reorganization, dissolution, liquidation, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personally Identifiable Information held by us about our Users is among the assets transferred;
• other third parties with your express consent for any purpose disclosed by us when you provide the information; and
• you, upon your written request.

We may also share Personally Identifiable Information with law enforcement agencies, government officials, or other third parties as necessary for the purpose of:

• complying with any court order, law or legal process, including to respond to any government or regulatory request;
• preventing fraud protection and credit risk reduction;
• investigating potential unauthorized access or misuse of our Website or other breach of our Terms of Service, Supplemental Terms, Website Policies or other agreements;
• protecting the assets or property, and enforcing the rights of the Company, including for billing and collection purposes; and
• protecting the rights, property, or safety of our users or others.

Non-Personally Identifiable Information

In addition, we may share Non-Personally Identifiable Information, including aggregated or anonymized data:

• with our partners about how our Users collectively use our Website, so that our partners may also understand how often people use their services and our Website;
• with analytics companies, search engines, or other service providers that help us improve our Website;
• to report to our affiliates, licensors and service providers, advertising partners and ad networks about the use of various aspects of the Website; and
• with other users or prospective users of the Website.

Cookies and Beacons

We may use cookies, beacons and similar automatic data collection technologies, now or in the future, to support the functionality of our Website. These technologies help us provide a better experience when you visit our Website and allows us to improve our Website. The technologies we may use for this automatic data collection may include:

• Browser Cookies. A browser cookie is a small file placed on the hard drive of your computer. That cookie then communicates with our servers or those of other companies that we authorize to collect data for us, and allows recognition of your personal computer. We associate cookies with Personally Identifiable Information only if you use the logged in areas of the Website, order a Service, use the personalization services available as part of the Website, or ask us to contact you with additional marketing information. We do not otherwise collect Personally Identifiable Information from browser cookies and we do not associate browser cookies with your Personally Identifiable Information. You may use the tools available on your computer or other device to set your browser to refuse or disable all or some browser cookies, or to alert you when cookies are being set. However, if you refuse or disable all browser cookies, you may be unable to access certain parts or use certain features or functionality of our Website. Unless you have adjusted your browser settings so that it refuses all cookies, we may use cookies when you direct your browser to our Website.
• Beacons. Our Website and e-mails may contain small electronic files known as beacons (also referred to as web beacons, clear GIFs, pixel tags and single-pixel GIFs) that permit us to, for example, count Users who have visited those pages or opened an e-mail and for other website-related statistics. Beacons in e-mail marketing campaigns allow us to track your responses and your interests in our content, offerings and web pages. You may use the tools in your device to disable these technologies as well.
• Other Tracking Technologies. Our Website may also use other tracking technologies such as embedded scripts, location-identifying technologies, and other similar technologies. These technologies execute on our Website or in your browser and allow us to recognize you when you return to the Website and understand how our users use and interact with our Website.

Your Choices

We offer you certain choices in connection with the information we collect from you.

Email Communications

You may have the opportunity to receive certain communications from us related to our Website. If you provide us with your e-mail address in order to receive communications, you can opt out of marketing e-mails at any time by following the instructions at the bottom of our e-mails and adjusting your e-mail preferences. Please note that certain e-mails may be necessary for the operation of our Website. You will continue to receive these e-mails, if appropriate, even if you unsubscribe from our optional communications.

Cookies/ Beacons

If you wish to minimize information collected by cookie or beacon, you can adjust the settings of your browsers to notify you when you receive a cookie, which lets you choose whether or not to accept it. You can also set your browser to automatically reject any cookies. You may also be able to install plug-ins and add-ins that serve similar functions. However, please be aware that some features and services on our Website may not work properly if we are not able to recognize and associate you with your account. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.

Updating Information

The accuracy of the information we have about you is very important. To review, correct or delete your Personally Identifiable Information, please contact us at support@healiahealth.com. For more information about your choices, or to review or correct your Personally Identifiable Information, please follow the prompts on the Website, or contact us as indicated in the “Contact Us” section of this Privacy Notice. We will retain your information for as long as your account is active or as needed to provide the Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Securing Your Information

The security of your information is important to us, and we have established administrative, technical, and physical safeguards designed to protect your Personally Identifiable Information against unauthorized alteration, access, loss, theft, use or disclosure. Unfortunately, no system can guarantee complete security of your information. As a result, we cannot ensure or warrant that your information, including your Personally Identifiable Information, is secure from unauthorized third parties. Thus, your use of the Website and communication with us about them is at your own risk.You are responsible for protecting your password(s) and for the security of information that you transmit to us over the internet.

Children

Our Website is directed to and is intended to be used only by persons who are 18 years of age or older. We do not knowingly collect information from children under 18. If you are under 18 years of age, you are not permitted to register for an account or otherwise submit any Personally Identifiable Information to us, including your name, address or e-mail address. By registering for an account or submitting any Personally Identifiable Information to us, you represent and warrant that you are 18 years of age or older. If we discover that we have received any Personally Identifiable Information directly from a child under the age of 18, we will suspend the associated account and remove that information from our database as soon as possible. By registering for an account or otherwise submitting any Personally Identifiable Information to us, you represent and warrant that you are 18 years of age or older. For the avoidance of doubt, this restriction does not apply to information collected from a parent or legal guardian who provides information regarding a dependent child under the age of 18 in connection with health insurance or other related purpose.

Third Party Websites

Our Website may contain links to third party websites and services. Please note that these links are provided for your convenience and information, and the websites and services may operate independently from us and have their own privacy policies or notices, which we strongly suggest you review. This Privacy Notice applies to Healia and our Website only. We do not accept any responsibility or liability for the policies or practices of any third parties. If you choose to access any websites or services linked from our Website, please check the applicable policies before you use or submit any personal data to such website or service.

International Jurisdictions

The Website is hosted in the United States of America and is subject to U.S. state and federal law. The Website is not intended to subject Healia to the privacy laws or jurisdiction of any state, country or territory other than that of the United States, including the European Union. Healia does not represent that the Site is appropriate for use in any particular jurisdiction. Those who access the Site do so at their own initiative and are responsible for complying with all local laws, rules and regulations. If you are accessing our Website from other jurisdictions, please be advised that you are transferring your personal information to us in the United States, and by using our Website, you consent to that transfer and use of your personal information in accordance with this Privacy Notice. You also agree to abide by the applicable laws of applicable states and U.S. federal law concerning your use of the Website and your agreements with us. Any persons accessing our Website from any jurisdiction with laws or regulations governing the use of the Internet, including personal data collection, use and disclosure, different from those of the jurisdictions mentioned above may only use the Website in a manner lawful in their jurisdiction. If your use of the Website would be unlawful in your jurisdiction, you may not use the Website.

Changes to our Privacy Policy

Healia may, in its sole discretion, change this Privacy Notice from time to time. Any and all changes to this Privacy Notice will be reflected on this page and the Effective Date will be stated at the top of this Privacy Notice. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. Users should regularly check this page for any changes to this Privacy Notice. Healia will always post new versions of the Privacy Notice on the Website. In the event that an amendment materially alters your rights or obligations, we may notify you of the amendment, such as by posting a notification to the home page of the Website, or sending a notification to you at the address we have on file for you, if any.

Your continued use of the Website or communication with us after the updated Privacy Notice has been posted (or any other indication of your consent) will constitute your acceptance of the updated Privacy Notice. Please note that we may condition your continued access to our Website on your consent to changes to this Privacy Notice.

Contact Us

If you have questions or comments relating to this Privacy Notice, or if you would like us to update information we have about you or your preferences, please contact us by email at support@healiahealth.com.

Notice to California Residents / Your California Privacy Rights

The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights with respect to their personal information that is collected by businesses. If you are a California resident, please review Appendix 1.

Appendix 1

Additional Terms for California Residents

California residents who provide personal information in obtaining services for personal, family, or household use may be entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for direct marketing uses. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing, if any, will be included in our response.

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive your request and confirm your identity, we will disclose to you:

• The categories of personal information we collected about you. The categories of sources for the personal information we collected about you. Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
• The specific pieces of personal information we collected about you (also called a data portability request).

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
7. Comply with a legal obligation.
8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you are age 16 or older, you have the right to direct us to not sell your personal information at any time. We do not sell the personal information of consumers we actually know are less than 16 years old, unless we receive affirmative authorization from either the consumer who is between 13 and 15 years old, or the parent or guardian of a consumer less than 13 years old. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing us at support@healiahealth.com

We will not discriminate against you for exercising any of your privacy rights. Unless permitted by law, we will not: deny you goods or services, charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, provide you a different level or quality of goods or services, or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.