PRIVACY POLICY

I. Who is Wellnite?

Our mission is to make high-quality mental healthcare accessible regardless of zip code or insurance coverage.

Wellnite, Inc. is not a medical group or a healthcare provider. Wellnite, Inc. provides software-as-a-service technologies that allow its users, among other capabilities, to obtain telemedicine consultations provided by independent medical practitioners. These practitioners are responsible for providing you with a Notice of Privacy Practices describing the collection and use of your health information, not Wellnite.

II. Key Terms & Definitions and Our Privacy Policy

It is helpful to start by explaining some of our key terms and definitions used in this Privacy Policy.

When does our Privacy Policy apply?

This Privacy Policy describes the types of information we may collect from you when:

• You visit or use our Platform;
• We communicate in e-mail, text message, and other electronic messages between you and us; and
• We communicate in person, such as on the phone or through a telehealth visit.

When does our Privacy Policy not apply?

This Privacy Policy does not apply to information collected by any other website operated either by us or by a third party, unless the website is listed or links to this Privacy Policy. It also does not apply to any website that we may provide a link to or that is accessible from our Platform.

This Privacy Policy does not apply to information collected from users who log-in to the password-protected and secure portions of our Platform (“Secure Platform”). The Secure Platform allows users who obtain the Services (“Customers”) to perform certain functions or obtain the Services (such as telehealth visits from Providers). All information collected and stored by us or added by Customers into such Secure Platforms is considered Protected Health Information ("PHI") and/or medical information and is governed by applicable state and federal laws that apply to that information. How we use and disclose such PHI is in accordance with the applicable Notice of Privacy Practices provided to you by the providers. We will not use or disclose information collected from the Secure Platform or received from your Provider for advertising, marketing, or other use-based data mining purposes. We will not sell any PHI.

Our Privacy Policy and Terms of Use.

This Privacy Policy is incorporated into our Terms of Use, which also apply when you use our Platform.

III. Personal Information

What is Personal Information or Personal Data?

Information from and about you that may be able to personally identify you. We treat any information that may identify you as personal information. For example, your name and e-mail address are personal information.

What types of Personal Information do we collect?

We collect and process special categories of personal data, including health-related information. We only process this data with your explicit consent or where necessary for the provision of our services. We may collect and use the following personal information (hereinafter, collectively referred to as “Personal Information”):

Health Information

Some Personal Information we collect may constitute PHI under HIPAA. As set forth above, your Provider will provide you with a Notice of Privacy Practices describing their collection and use of your health information, not Wellnite. We will only collect and use PHI for the purposes of providing the Services and we only collect the minimum amount necessary to fully perform and provide the Services on our Platform. We may combine your PHI with Personal Information that we have either obtained from you or through a third-party, such as your Provider, health insurer, employee benefits program, or other health care providers. PHI will not be used for any other purpose, including marketing, without your consent

How do we collect your Personal Information?

We collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned. When collecting sensitive information, we will obtain explicit consent unless otherwise permitted by law.

We ensure that all data collection methods are lawful and transparent under GDPR and all the jurisdictions we operate. We will always inform you about the purposes of data collection and obtain your consent where required. For instance, for users in Brazil, we will provide clear information about the processing of personal data and obtain consent when required by the LGPD. For users in South Africa, we will collect personal information directly from the data subject unless an exception under POPIA applies. For users in New Zealand and Australia, we will take reasonable steps to ensure that the individual is aware of the collection of personal information, the purpose of collection, and their rights regarding the information.

We collect most of this Personal Information directly from you. For example, when we speak to you by phone, text message, and e-mail. Additionally, we will collect information from you when you visit our Website or App and fill out forms or purchase our Services. We may also collect Personal Information in the following ways:

• When You Use A Product Feature. When you choose to use any of our products or services features, we collect additional information from you related to those services.
• When You Use A Subscription.When you choose to subscribe to any of our products or services, we collect additional information from you related to those services.
• When you make payments through the Platform.We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
• When You Contact Us.When you contact Wellnite directly, such as when you contact our customer support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.

We will also collect information automatically as you navigate through our Platform. We use the following technologies to automatically collect data:

• Cookies. We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Platform or Services through your computer or mobile device. A “cookie” is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. Some of the cookies we use are "session" cookies, meaning that they are automatically deleted from your hard drive after you close your browser at the end of your session. Session cookies are used to optimize performance of the Website and to limit the amount of redundant data that is downloaded during a single session. We also may use "persistent" cookies, which remain on your computer or device unless deleted by you (or by your browser settings). We may use persistent cookies for various purposes, such as statistical analysis of performance to ensure the ongoing quality of our Platform and/or the Services. We and third parties may use session and persistent cookies for analytics and advertising purposes, as described herein. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access or use certain parts of our Platform or the Services. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.
• Facebook Pixel and Instagram. We use Facebook Pixel and Instagram, a web analytics and advertising service provided by Facebook Inc. (“Facebook”) on our Platform. With its help, we and our customers can keep track of what users do after they see or click on a Facebook or Instagram advertisement, keep track of users who access our Platform or advertisements from different devices, and better provide advertisements to our target audiences. The data from Facebook Pixel and Instagram is also saved and processed by Facebook. Facebook can connect this data with your Facebook or Instagram account and use it for its own and others advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/  . Please click here if you would like to withdraw your consent for use of your data with Facebook Pixel https://www.facebook.com/settings/?tab=ads#_=_.
• FullStory. We use a third-party analytics provider called “FullStory” for certain types of use analytics. To learn more about FullStory and how FullStory stores this data, please view FullStory’s privacy policy here: https://www.fullstory.com/legal/privacy/.
• Smartlook.We use a third-party analytics provider called “Smartlook” for certain types of technical troubleshooting and analytics. To learn more about Smartlook and how Smartlook stores this data, please view Smartlook’s privacy policy here: https://help.smartlook.com/docs/privacy-statement-summary.
• Google Analytics.We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of our Platform. Google Analytics uses cookies, to help our Platform analyze how users use our Website. You can find out more about how Google uses data when you visit our Platform by visiting “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/). For more information, please visit Google and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.
• Google Ads (AdWords).Google Ads (AdWords) remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout– for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en.
• HotjarOur Platform uses Hotjar's services, a third party service provider, which helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and enables us to build and maintain our Platform and Services with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link. You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link .
• Microsoft Bing Ads.Our Website uses Bing Ads technology to collect and store data that is used to track user activity on our Website. On our website a Bing UET tag is integrated. This service enables us to track user activity on our Website when it has reached our Website via advertisements from Bing Ads. If the page visitor reaches our website via such an ad, a cookie is set on their computer. This enables us to track, among other things, the length of time spent on our Website, which areas of the Website were accessed, and which advertisements have reached our Website. The collection of the data generated by the cookie and related to the use of our Website as well as the processing of this data can be prevented by deactivating the setting of cookies by visiting your browser setting. In addition, based on the user’s preferences Microsoft may be able to track usage behavior across multiple electronic devices through cross-device tracking, enabling it to display personalized advertising on or in Microsoft websites and apps. This behavior can be disabled by the site visitor at https://choice.microsoft.com/en-us/opt-out. For more information on Bing analytics services, visit the Bing Ads Web site. For more information about privacy at Microsoft and Bing, see the Microsoft Privacy Policy.
• Mixpanel.Mixpanel is provided by Mixpanel Inc. (“Mixpanel”). You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of the Mixpanel service please visit Mixpanel’s site. For more information on what type of information Mixpanel collects, please visit Mixpanel’s terms of use.
• Stripe. We use Stripe as our payment processor. In order to allow Stripe to function properly, a cookie is stored on your browser, which assists Stripe in detecting and preventing fraud. These are considered session cookies and typically only remain on your browser for 24 hours. For more information on Stripe, please visit their privacy policy.
• Twitter. We use Twitter Pixel, a remarketing service, provided by Twitter, Inc. for marketing and advertising purposes. To learn more about how Twitter uses your Personal Information, we encourage you to visit Twitter’s privacy policy at https://twitter.com/en/privacy.
• Other third-party tools. We use other third-party tools which allow us to track the performance of our Platform. These tools provide us with information about errors, app and website performance, and other technical details we may use to improve our Platform and/or Services. For more information related to these third-party analytics providers please reviewHow do we collect your Personal Information?.

How do we use your Personal Information?

Under GDPR, we process your personal data based on one or more of the following legal bases:

1. Your consent. Where you have given explicit consent for the processing of your personal data for one or more specific purposes.
2. Performance of a contract.Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
3. Compliance with a legal obligation. Where the processing is necessary for compliance with a legal obligation to which Wellnite is subject.
4. Protection of vital interests. Where processing is necessary for the purposes of legitimate interests pursued by Wellnite or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
5. Performance of a task carried out in the public interest.
6. For the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

In addition to the GDPR legal bases for processing, we adhere to legal basis in all the jurisdictions we operate. We will clearly communicate the specific legal bases for each processing activity when requested.

We may use your Personal Information for the following purposes:

• Operate, maintain, supervise, administer, and enhance our Platform or the Services, including monitoring and analyzing the effectiveness of content on the Platform, aggregate site usage data, and other usage of the Platform and/or the Services such as assisting you in completing the registration process.
• Provide our Products and Services to you, in a custom and user-friendly way.
• Provide you with information, Products, or Services that you request from us or that may be of interest to you.
• Promote and market our Platform and/or the Services to you. For example, we may use your Personal Information, such as your e-mail address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about Products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third-party websites. You can opt out of receiving these e-mails at any time as described below.
• To provide you notices or about your account.
• Contact you in response to a request.
• To notify you about changes to our Platform and/or the Services or any Products we offer or provide through them.
• Fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• Anonymize and aggregate information for analytics and reporting.
• To respond to law enforcement requests, court orders, and subpoenas and to carry out our legal and contractual obligations.
• Authenticate use, detect fraudulent use, and otherwise maintain the security of our Platform and the safety of others.
• To administer surveys and questionnaires.
• To provide you with information about goods and services that may be of interest to you, including through newsletters.
• Any other purpose with your consent.

How do we share your Personal Information?

When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms under GDPR.

We may share Personal Information with third parties in certain circumstances or for certain purposes, including:

• Our business purposes.We may share your Personal Information with our affiliates, vendors, service providers, and business partners, including our data hosting and data storage partners, analytics and advertising providers, technology services and support, and data security advisors. We may also share your Personal Information with professional advisors, such as auditors, law firms, and accounting firms.
• Your healthcare providers or family. With your consent, we may share your information, including information collected from your use of our Platform, with your healthcare providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.
• With your consent. We may share your Personal Information if you request or direct us to do so.
• Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
• Business Transfer. We may share your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users are among the assets transferred.
• To enforce our rights.We may share your Personal Information to enforce any applicable terms and conditions and Terms of Use, and to ensure the safety and security of our Services and our users.
• De-identified information.We may also disclose de-identified information, so that it cannot be reasonably used to identify any individual, with third parties for marketing, advertising, research, or similar purposes.
• To improve our Platform. We may use your Personal Information for internal testing, research, analysis, and product development, including to develop and improve our website/application, and to develop, improve, or demonstrate our products and services.
• To market our products and services. We may share your Personal Information with affiliates and third parties to market our products and services.
• Third Party Analytics. We use Google Analytics and Mixpanel to understand and evaluate how visitors interact with our Platform and/or the Services. These tools help us improve our Platform and/or the Services, performance, and your experience.

Your choices about how we share your Personal Information.

Under GDPR, you have the following additional rights:

1. Rights related to automated decision-making and profiling
2. Right to Access: You have the right to request access to your personal data that we process.
3. Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
4. Right to Erasure: You have the right to request the deletion of your personal data under certain conditions.
5. Right to Restrict Processing: You have the right to request the restriction of processing of your personal data under certain conditions.
6. Right to Data Portability: You have the right to request your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
7. Right to Object: You have the right to object to the processing of your personal data under certain conditions.
8. Right to Withdraw Consent: You have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority within the EEA if you believe that the processing of your personal data infringes upon your rights under GDPR

In addition to the GDPR legal bases for sharing your information, we adhere to legal basis in all the jurisdictions we operate. We will clearly communicate the specific legal bases for each processing activity when requested.

To exercise these rights, please contact our Data Protection Officer at privacy@wellnite.com.

This section of our Privacy Policy provides details and explains how to exercise your choices. We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Information for our advertising to you, and other targeted advertising. We do not control the collection and use of your information collected by third parties. These third parties may aggregate the information they collect with information from their other customers for their own purposes. You can opt out of third parties collecting your Personal Information for targeted advertising purposes in the United States by visiting the National Advertising Initiative's (NAI) opt-out page  and the Digital Advertising Alliance's (DAA) opt-out page.

Each type of web browser provides ways to restrict and delete cookies. Browser manufacturers provide resources to help you with managing cookies. Please see below for more information.

• Google Chrome
• Internet Explorer
• Mozilla Firefox
• Safari Desktop
• Android Browser
• Opera
• Opera Mobile

For other browsers, please consult the documentation that your browser manufacturer provides.

If you do not wish to have your e-mail address used by Wellnite to promote our own Products and Services, you can opt out at any time by clicking the unsubscribe link at the bottom of any e-mail or other marketing communications you receive from us or logging onto your Account Preferences page. This opt-out does not apply to information provided to Wellnite as a result of a product purchase, or your use of our Platform and/or the Services. You may have other options concerning marketing and communication preferences through our Platform.

You may also see certain ads on other websites because we participate in advertising networks. Ad networks allow us to target our messaging to users through demographic, interest-based, and contextual means. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs, and web beacons. The networks use this information to show you advertisements that may be tailored to your interests.

How do I access and correct my Personal Information?

For GDPR compliance, we will respond to your requests to access, correct, or delete your personal data within 30 days. In certain circumstances, we may need to extend this period to 60 days, in which case we will notify you. These timeframes may vary by jurisdiction, for instance:

• - Canada (PIPEDA): We will respond within 30 days, with a possible 30-day extension if needed.
• - Brazil (LGPD): We will respond immediately or within 15 days.
• - South Africa (POPIA): We will respond within a reasonable time.
• - New Zealand (Privacy Act 2020): We will respond without undue delay and within 20 working days.
• - Australia (Privacy Act 1988): We will respond within 30 days.

In certain circumstances, we may need to extend these periods, in which case we will notify you.

You can review and change your Personal Information by logging into our Services and visiting either your “Dashboard”, “Account” or “Profile” sections of our Platform. You may also Contact Us  to inform us of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

Personal Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider:

1. The amount, nature, and sensitivity of the personal data
2. The potential risk of harm from unauthorized use or disclosure of your personal data
3. The purposes for which we process your personal data
4. Whether we can achieve those purposes through other means
5. The applicable legal requirements

In some circumstances, you can ask us to delete your data. See 'Your Rights' section for further information.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

IV. Who may use the Services?

This Privacy Policy applies to all personal uses of our Platform globally and you should not use the Platform and/or the Services if you do not agree to the Privacy Policy and Terms of Use. If you are located in the United States, your information is stored in the United States. By using or downloading the Platform, you agree that your Personal Information, including any information about your health that you provide directly to us or that we collect through your use of the Platform and/or the Services, may be transferred to and stored in the United States.

If you are located in the EEA, we will ensure that any transfer of your personal data outside the EEA is done in accordance with GDPR requirements, including the use of Standard Contractual Clauses or other approved transfer mechanisms.

V. Children’s Privacy

Wellnite understands the importance of protecting children’s privacy in the interactive online world. Our Platform is not designed for, or intentionally targeted at, children.

No one under the age of legal digital consent in their country or jurisdiction should submit any Personal Information on the Platform without parental consent, and if we learn that we have collected or received Personal Information from a child under the age of legal digital consent without parental consent, we will delete that information. It is not our policy to intentionally collect or maintain information about anyone under the age of legal digital consent.

The age of legal digital consent varies by country:

• - Under GDPR, the default age of digital consent is 16 years. However, individual EU member states can lower this age to 13, 14, or 15.
• - In Brazil, the processing of personal data of children under 12 years old requires specific consent from parents or legal guardians.
• - In South Africa, special attention is given to the processing of personal information of children under the age of 18.
• - In New Zealand and Australia, additional safeguards apply when collecting personal information from children under 13.
• - In Canada, the Office of the Privacy Commissioner has stated that anyone under the age of 13 is not able to give meaningful consent.

If you are the parent or guardian of a child under the age of legal digital consent whom you believe might have provided us with their Personal Information, you may Contact Us  to request the Personal Information be deleted.

VI. Does Wellnite respond to Do Not Track signals?

Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our Platform is not currently set up to respond to those signals.

VII. Data Security

We have taken steps and implemented administrative, technical, and physical safeguards designed to protect against the risk of accidental, intentional, unlawful, or unauthorized access, alteration, destruction, disclosure, or use. The Internet is not 100% secure and we cannot guarantee the security of information transmitted through the Internet. Where you have been given or you have chosen a password, it is your responsibility to keep this password confidential.

The sharing and disclosing of information via the Internet is not completely secure. We strive to use best practices and industry-standard security measures and tools to protect your data. However, we cannot guarantee the security of Personal Information transmitted to, on, or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Platform, in your operating system, or mobile device.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with GDPR and all other jurisdictions requirements, for example, but not limited to; PIPEDA (Canada), LGPD (Brazil), POPIA (South Africa), Privacy Act 2020 (New Zealand), and the Privacy Act 1988 (Australia), we have implemented appropriate security safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. These measures are regularly reviewed and updated.

VIII. Changes to our Privacy Policy

We may update our Privacy Policy periodically to reflect changes in our privacy practices, laws, and best practices. We will post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on our Website’s homepage. If we make material changes to our practices with regards to the Personal Information we collect from you, we will notify you by e-mail to the e-mail address specified in your account and/or through a notice on the Platform. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically accessing the Platform and reviewing this Privacy Policy to check for any changes.

When we make material changes to this Privacy Policy, we will seek renewed consent from users in accordance with GDPR and all other jurisdictional requirements.

IX. Contact Us

Data Protection Officer contact information:

Att: Paulo Gonzalez

privacy@wellnite.com

You have the right to make a complaint to the privacy regulatory authority in your jurisdiction if you believe we have violated your privacy rights or applicable privacy laws.

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on the Platform.

How to Contact Us:

Wellnite, Inc.

Data Privacy E-mail: privacy@wellnite.com