[DOING_BUSINESS_AS] — PRIVACY POLICY

Version 1.0 — Effective Date: April 15, 2026

This Privacy Policy is governed by the laws of the State of [COMPANY_STATE], United States. In the event of any conflict between translations of this document, the English-language version shall prevail.

1. IDENTIFICATION OF THE CONTROLLER

1.1. This Privacy Policy is issued by [DOING_BUSINESS_AS] ("[LEGAL_ENTITY_NAME]"), a privately held company organized under the laws of [COMPANY_STATE], with its principal office at [COMPANY_ADDRESS], registered under EIN [COMPANY_REGISTER_NUMBER] (hereinafter referred to as "[DOING_BUSINESS_AS]," "we," "us," or "our").

1.2. For questions or requests regarding this Privacy Policy or your Personal Data, contact us at:

2. DEFINITIONS

2.1. For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below: 2.1.1 —"Platform" — the website and mobile application operated by [DOING_BUSINESS_AS]. 2.1.2 —"User" — any natural person who accesses or uses the Platform, whether as a Patient or a Healthcare Professional. 2.1.3 —"Patient" — a User who uses the Platform to search for, schedule appointments with, or communicate with Healthcare Professionals. 2.1.4 —"Healthcare Professional" — an independently licensed healthcare provider registered on the Platform to offer their services. 2.1.5 —"Personal Data" or "Personal Information" — information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular User or household. 2.1.6 —"Service Provider" — a third party that processes Personal Data on behalf of [DOING_BUSINESS_AS] for a business purpose, pursuant to a written contract. 2.1.7 —"Controller" — the entity that determines the purposes and means of processing Personal Data; for this Policy, [DOING_BUSINESS_AS].

3. SCOPE AND APPLICATION

3.1. This Privacy Policy applies to all Personal Data collected through the Platform and describes how [DOING_BUSINESS_AS] collects, uses, discloses, retains, and protects your Personal Information.

3.2. [DOING_BUSINESS_AS] is a technology platform that connects Patients with Healthcare Professionals. [DOING_BUSINESS_AS] does not store medical records, clinical notes, diagnoses, or treatment information. All clinical data remains under the sole custody and responsibility of the Healthcare Professional.

3.3. This Privacy Policy does not apply to the practices of Healthcare Professionals listed on the Platform, who are independent practitioners responsible for their own privacy and data protection obligations.

4. CATEGORIES OF PERSONAL DATA COLLECTED

4.1. We collect the following categories of Personal Data: 4.1.1 —Account Data: name, email address, telephone number, and encrypted password. 4.1.2 —Profile Data: for Healthcare Professionals, professional credentials, license number, specialty, and practice address. 4.1.3 —Usage Data: browser type, device information, IP address, operating system, pages visited, features used, and timestamps of interactions with the Platform. 4.1.4 —Location Data: approximate geographic location derived from IP address or, with your consent, precise location data used to display nearby Healthcare Professionals. 4.1.5 —Payment Data: payment-related information is collected and processed directly by our payment processor, Stripe, Inc. [DOING_BUSINESS_AS] does not store credit card numbers, bank account numbers, or other financial account details. We retain only transaction identifiers, amounts, dates, and payment status necessary for record-keeping purposes. 4.1.6 —Communication Data: messages exchanged between Patients and Healthcare Professionals through the Platform, and communications with our support team.

4.2. [DOING_BUSINESS_AS] does not collect or store medical records, health diagnoses, treatment plans, prescription information, or any other clinical data. The fact that a User searches for or books an appointment with a Healthcare Professional of a particular specialty may indirectly suggest a health interest; we treat this scheduling data with heightened care.

5. PURPOSES OF PROCESSING AND LEGAL BASES

5.1. We process your Personal Data for the following business purposes: 5.1.1 —Account creation and management — to create, maintain, and secure your account on the Platform. 5.1.2 —Service delivery — to connect Patients with Healthcare Professionals, facilitate scheduling, and enable communication between them. 5.1.3 —Payment processing — to process transactions through our payment processor (Stripe) and maintain financial records as required by law. 5.1.4 —Platform improvement — to analyze usage patterns, diagnose technical issues, and improve the functionality and user experience of the Platform. 5.1.5 —Legal compliance — to comply with applicable federal, state, and local laws, regulations, and legal processes. 5.1.6 —Security and fraud prevention — to detect, investigate, and prevent fraudulent, unauthorized, or illegal activity. 5.1.7 —Communications — to send service-related notices, respond to inquiries, and, with your consent, send promotional communications.

5.2. We do not sell, rent, or trade your Personal Data to third parties for monetary or other valuable consideration. We do not share your Personal Data for cross-context behavioral advertising.

6. DISCLOSURE OF PERSONAL DATA

6.1. We may disclose your Personal Data to the following categories of recipients, solely for the purposes described in this Policy: 6.1.1 —Payment processors: Stripe, Inc. processes payment transactions on our behalf. Stripe's privacy policy governs their use of your payment data. 6.1.2 —Healthcare Professionals: when you book or request an appointment, relevant account and scheduling data is shared with the selected Healthcare Professional. 6.1.3 —Infrastructure providers: cloud hosting and infrastructure service providers that store and process data on our behalf, subject to data processing agreements. 6.1.4 —Legal and regulatory authorities: when required by law, subpoena, court order, or government request, or when necessary to protect our rights, safety, or property.

6.2. [DOING_BUSINESS_AS] does not maintain third-party integrations for advertising, analytics, or marketing purposes. We do not share your Personal Data with social media platforms, data brokers, or advertising networks.

7. YOUR RIGHTS AND CHOICES

7.1. Depending on your state of residence, you may have some or all of the following rights regarding your Personal Data: 7.1.1 —Right to know / access: request information about the categories and specific pieces of Personal Data we have collected about you. 7.1.2 —Right to delete: request the deletion of your Personal Data, subject to legal retention obligations. 7.1.3 —Right to correct: request the correction of inaccurate Personal Data. 7.1.4 —Right to portability: receive your Personal Data in a structured, commonly used, and machine-readable format. 7.1.5 —Right to opt out of sale or sharing: [DOING_BUSINESS_AS] does not sell or share your Personal Data, so this right is satisfied by default. 7.1.6 —Right to non-discrimination: we will not discriminate against you for exercising any of your privacy rights.

7.2.California residents (CCPA/CPRA): in addition to the rights above, California consumers have the right to know, delete, correct, and opt out of the sale or sharing of their Personal Information. In the preceding 12 months, [DOING_BUSINESS_AS] has not sold Personal Information and has not shared Personal Information for cross-context behavioral advertising. To submit a request, contact us at [CONTACT_EMAIL]. We will respond within 45 days of receiving a verifiable consumer request, extendable by an additional 45 days with notice.

7.3.Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other state privacy laws: residents of states with comprehensive privacy legislation may exercise their applicable rights by contacting us at [CONTACT_EMAIL].

7.4. To exercise any of these rights, email [CONTACT_EMAIL] or use the "My Account" section of the Platform. We may need to verify your identity before processing your request.

8. DATA RETENTION

8.1. We retain your Personal Data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

8.2. Specific retention periods: 8.2.1 —Account Data: retained for the duration of your account. Upon account deletion, removed within 30 days, except as noted below. 8.2.2 —Payment and financial records: retained for 7 years from the date of the transaction for tax and accounting compliance (IRS guidelines). 8.2.3 —Usage and access logs: retained for up to 12 months from the date of collection, then deleted or anonymized. 8.2.4 —Communication Data: retained for the duration of the account, then deleted upon account deletion.

8.3. When data must be retained beyond account deletion for legal compliance, [DOING_BUSINESS_AS] will anonymize or pseudonymize the data so that it can no longer be linked to you.

9. DATA SECURITY

9.1. [DOING_BUSINESS_AS] implements technical and administrative safeguards designed to protect your Personal Data from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to, encryption of data in transit and at rest, role-based access controls, and audit logging of sensitive operations.

9.2. NO METHOD OF TRANSMISSION OVER THE INTERNET OR METHOD OF ELECTRONIC STORAGE IS 100% SECURE. WHILE WE STRIVE TO USE COMMERCIALLY ACCEPTABLE MEANS TO PROTECT YOUR PERSONAL DATA, WE CANNOT GUARANTEE ITS ABSOLUTE SECURITY.

10. CHILDREN'S PRIVACY

10.1. The Platform is not directed to children under the age of 13. We do not knowingly collect Personal Data from children under 13. If we become aware that we have inadvertently collected Personal Data from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly.

10.2. If you believe that a child under 13 has provided us with Personal Data, please contact us immediately at [CONTACT_EMAIL].

11. MEDICAL DISCLAIMER

11.1. [DOING_BUSINESS_AS] IS A TECHNOLOGY PLATFORM THAT CONNECTS PATIENTS WITH HEALTHCARE PROFESSIONALS. [DOING_BUSINESS_AS] DOES NOT PROVIDE, DIRECTLY OR INDIRECTLY, MEDICAL, DIAGNOSTIC, OR THERAPEUTIC SERVICES.

11.2. HEALTHCARE PROFESSIONALS REGISTERED ON THE PLATFORM ARE INDEPENDENT PRACTITIONERS. [DOING_BUSINESS_AS] DOES NOT MAINTAIN AN EMPLOYMENT, PARTNERSHIP, OR AGENCY RELATIONSHIP WITH THESE PROFESSIONALS AND IS NOT RESPONSIBLE FOR THEIR ACTS, OMISSIONS, DIAGNOSES, OR TREATMENTS.

11.3. INFORMATION AVAILABLE ON THE PLATFORM IS FOR INFORMATIONAL AND SCHEDULING PURPOSES ONLY. IT DOES NOT REPLACE PROFESSIONAL MEDICAL CONSULTATION, DIAGNOSIS, OR TREATMENT.

11.4. [DOING_BUSINESS_AS] DOES NOT GUARANTEE THE AVAILABILITY, QUALITY, SUITABILITY, OR OUTCOME OF ANY SERVICE PROVIDED BY HEALTHCARE PROFESSIONALS REGISTERED ON THE PLATFORM.

11.5. THE USER ACKNOWLEDGES THAT DECISIONS REGARDING THEIR HEALTH ARE THEIR SOLE RESPONSIBILITY AND THAT THEY SHOULD ALWAYS SEEK QUALIFIED PROFESSIONAL GUIDANCE.

12. LIMITATION OF LIABILITY

12.1. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, [DOING_BUSINESS_AS] SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR USE OF THE PLATFORM OR THE ACTS OR OMISSIONS OF HEALTHCARE PROFESSIONALS.

12.2. THE PLATFORM IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. [DOING_BUSINESS_AS] MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

13. INTERNATIONAL DATA TRANSFERS

13.1. [DOING_BUSINESS_AS] operates across multiple countries. Your Personal Data may be transferred to, stored, and processed in countries other than your country of residence, including the United States.

13.2. When we transfer Personal Data internationally, we ensure that appropriate safeguards are in place in accordance with applicable law, including data processing agreements with recipients that impose equivalent protections.

14. CHANGES TO THIS POLICY

14.1. We may update this Privacy Policy from time to time. Material changes affecting your rights or obligations will be communicated at least 30 days in advance via email and a prominent notice on the Platform.

14.2. Your continued use of the Platform after the effective date of an updated Privacy Policy constitutes acceptance of the changes. If you do not agree with the changes, you should discontinue use of the Platform and request deletion of your account.

14.3. Previous versions of this Policy are available upon request.

15. GOVERNING LAW AND DISPUTE RESOLUTION

15.1. This Privacy Policy shall be governed by and construed in accordance with the laws of the State of [COMPANY_STATE], without regard to its conflict of laws provisions.

15.2. Any dispute arising out of or relating to this Privacy Policy shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) in accordance with its Consumer Arbitration Rules, conducted in [COMPANY_CITY], [COMPANY_STATE]. You may opt out of this arbitration provision by sending written notice to [CONTACT_EMAIL] within 30 days of accepting this Policy.

15.3. ANY ARBITRATION SHALL BE CONDUCTED ON AN INDIVIDUAL BASIS. YOU AGREE TO WAIVE YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION.

16. CONTACT

16.1. For questions, concerns, or requests related to this Privacy Policy or your Personal Data, contact us at: