Synchronyx is fully compliant with the HIPAA Standards for Privacy, Electronic Transactions and Security (including the HITECH Act and the Omnibus Rule of 2013). We have implemented policies, processes, and procedures designed to ensure compliance with Federal security laws, regulations, and rules, and we monitor ongoing compliance efforts and maintain various reporting mechanisms that are required by law or requested by our customers. We recognize that it is a key responsibility for our business and will continue to provide all of our various programs and services in accordance with the relevant requirements of all federal laws and regulations, including, as applicable, HIPAA.

Questions regarding our HIPAA policies or compliance may be directed to: support@synchronyx.com.

This Policy applies only to information we collect at and through the Services. It does not apply to information we receive from third parties unless discussed herein. When we refer to “personal information” in this Policy, we mean information that can reasonably be used to identify you. Our Services may also contain links to third party sites that are not owned or controlled by Synchronyx. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Services and to read the privacy statements of each and every website that collects personal information.

If you have entered into a separate agreement with us, that separate agreement shall control, and only those terms within this Privacy Policy that do not conflict with such separate agreement shall apply. Additionally, if we have received your Personal Information through a pharmacy or other healthcare organization subject to a Business Associate Agreement under The Health Insurance Portability and Accountability Act of 1996 (HIPAA), then we will treat your personal information in accordance with the Business Associate Agreement, and only the terms within this Privacy Policy that do not conflict with such Business Associate Agreement shall apply.

Your Interaction with Us:

We collect personal information when you interact with us. The specific types of information we collect will depend on the forum in which you interact with us. For example, if you send us an email, we will collect your email address and the content of your email.

If you inquire about our Services through our Site, we may collect your contact information and information about your organization.

TapptTM System and Related Services.

We may collect personal information through our Tappt HealthTM System and related services and websites (collectively, the “TapptTM System”). This information may include:

If you are a patient:

• Your contact details such as your name, phone number, email address, mailing address, and zip code

• Date of birth

• Sex, Gender, Race, Ethnicity

• Language(s) spoken

• Medical condition(s) you are being treated for

• Your prescribed medication and medication dosing regimen

• Other prescription information

• Your pharmacy, healthcare provider, or insurance coverage

• Your responses on opt-in surveys, including reasons for missing medication doses, or your health

• Your preferences related to the TapptTM System

If you are a healthcare provider – in addition to your contact information (name, phone number, and email address), you may be asked to provide information regarding your professional qualifications (including discipline, specialty, and work address).

We collect this information from you directly, through your pharmacy, your healthcare provider, or healthcare organization. Please only provide information to us that you have permission to give. For example, if you provide personal information about another person to us, you must have that person’s consent to provide it to us.

General.

We may use a variety of technologies that automatically (or passively) collect certain non-personally identifiable information whenever you visit the Site or use certain parts of our Services (“Non-Personally Identifiable Information”). Non-Personally Identifiable Information may include the browser that you are using, the URL that referred you to our Site, and how and when you use the Services. We may use Non-Personally Identifiable Information for various reasons, such as providing and enhancing the Services for you and other users. In addition, we may collect your IP (internet protocol) address or other unique identifiers that identify the device from which you access the Site or Services. Your IP address is a number that is automatically assigned to your device and which our computers use to identify your device. This information does not identify you, but if we were to associate any Non-Personally Identifiable Information or information that identifies your device with your personal information, we will treat it as personal information.

Cookies.

A cookie is a data file placed on a computer or other device when it is used to access our Site or Services. Cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to our web pages. Cookies work by assigning a number to the user that has no meaning outside of the assigning website. If you do not want information to be collected through the use of cookies, your browser allows you to deny or accept the use of cookies. Cookies can be disabled or controlled by setting a preference within your web browser or on your device. If you choose to disable cookies on your device, some features of our Services may not function properly or may not be able to customize the delivery of information to you. You should be aware that we cannot control the use of cookies (or the resulting information) by third-parties, and use of third party cookies is not covered by our Policy.

At the present time, our Services do not respond to “Do Not Track” signals or similar mechanisms.

Analytics.

We use third party analytics partners to collect certain Non-Personally Identifiable Information about how our Services are used. We and our analytics providers use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Services through your computer or mobile device. By using the Services, you consent to the processing of data about you by our analytics partners in the manner and for the purposes set out by this Policy. Currently, our analytics partners include, without limitation, Google Analytics. In order to make sure you understand how our analytics partners handle your non-personally identifiable information and how they interact with our Services, you should visit the pages linked below for more information, as Synchronyx has no ability to control or monitor our analytics partners’ data collection or data use practices with respect to such information. Google Analytics uses cookies to help us understand how visitors use our Service and to compile reports on website activity. For more information regarding Google Analytics please visit https://www.google.com/analytics/terms/us.html. For information on how to opt-out of Google Analytics, please visit https://tools.google.com/dlpage/gaoptout/.

Location Information.

We may collect approximate (but not specific) location information through your use of the TapptTM System. We do not use this information for commercial purposes in any way.

Web Beacons.

Small graphic images or other web programming code called web beacons (also known as “1x1 GIFs” or “clear GIFs”) may be included in our Services. Web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored in a user’s computer hard drive, web beacons are embedded invisibly on web pages and are about the size of the period at the end of this sentence. Web beacons or similar technologies help us better manage content on our Services by informing us what content is effective, count users of the Services, monitor how users navigate the Services, count how many e-mails we sent were actually opened, or to count how many particular articles or links were actually viewed. We do not tie the information gathered by web beacons to our customers’ personal information.

Embedded Scripts.

An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on. We may use embedded scripts in providing the Services. If we do, the code is temporarily downloaded onto your device from our web server or a third party service provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter.

TapptTM System

We automatically collect information about your usage of the TapptTM System, such as your activity (for example, when the TapptTM Smart Label was scanned), information about your dose adherence (for example, when you forget a dose or take it late), when you respond to survey questions or interact with the TapptTM system.

If you are a healthcare provider, we automatically collect information about your usage of the TapptTM system (for example, activity log, or your reported actions taken in response to an alert).

In general, we collect personal information so that we can provide our Services, operate our business, and provide information that you request from us. Specifically, we collect and use personal information for the following purposes:

• Create and administer your account.

• Provide, operate, improve, maintain, and protect our Services.

• Provide you with technical and other support.

• Send you services and company updates, marketing communication, and other information about Synchronyx and our Services, and products and services of third parties that we think you may be interested in.

• Conduct research and analysis, and monitor and analyze trends and usage.

• Enhance or improve user experience, our business, and our services, including the safety and security thereof.

• Personalize our Services to you.

• Communicate with you and respond to inquiries.

• Operate our business and perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our services.

• As necessary to comply with any applicable law, regulation, subpoena, legal process, or governmental request.

• Enforce contracts and applicable Terms of Service, including investigation of potential violations thereof.

• Detect, prevent, or otherwise address fraud, security or technical issues.

• Protect against harm to the rights, property or safety of Synchronyx, our Services users, or the public as required or permitted by law.

The TapptTM System.

If you use our TapptTM System, in addition to the uses described above, we may use your personal information to provide individualized or specialized Services to you (for example, we may alert a care partner if you have a streak of missed doses captured by the TapptTM System), communicate with your pharmacy, and manage your account.

General.

We do not sell, share, rent or trade the information we have collected about you, including Personally Identifiable Information, other than as disclosed within this Privacy Policy. We do not use your Personally Identifiable Information for direct marketing purposes or share your Personally Identifiable Information with third parties for those third parties’ direct marketing purposes. We may share Non-Personally Identifiable Information, such as aggregated user statistics and log data, with third parties for industry analysis or for other business purposes.

The TapptTM System

In addition to the other applicable sharing identified in this section, if you use the TapptTM System, we share personal information with your pharmacy and/or healthcare organization about your use of the TapptTM Smart Label such as, for example, if you have a streak of missed doses captured by the TapptTM System, if you pause or discontinue taking a certain medication, or if you responded to a specific question in a survey that triggers an alert to the clinical team. We may also share such information with your designated health care provider.

Research partners

We may share personal information with third parties, such as research institutes, healthcare systems and healthcare providers. They may associate it with other information that they have about you, for improved healthcare, research purposes and the improvement of our Service.

Service Providers

We may share Personal Information, as is reasonably necessary, with our service providers, including vendors and suppliers that provide us with development services, technology (such as AWS), services, or content for the operation, development and maintenance of our Service or data and analysis on Service use, who are bound by an obligation of confidentiality, provided that we will only share Personal Information to the extent necessary with such service providers. We will enter into special contracts with such vendors strictly limiting the service providers’ ability to use and disclose personal information, and requiring the use of certain security measures by the service providers.

Providers of personalized third party content

From time to time, we may also ask whether you would like us to share your Personal Information with another company that may want to send you information about their products or services. If you consent to such transfer by us of your Personal Information to another company, please note that the information provided will be subject to such company’s privacy practices and shall not be within our control.

Content providers

We may also use personal information in order to provide you with personalized third party content or links to third party sites that might interest you. We provide this third party content and/or links to third party sites for information purposes only and are not liable for such content or sites.

Administrative and Legal Reasons.

We may share personal information with third party companies, organizations, governmental authorities, or individuals outside of Synchronyx if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

• Meet any applicable law, regulation, subpoena, legal process or governmental request;

• Enforce a contract, including but not limited to any applicable Terms of Service, including investigation of potential violations thereof;

• Detect, prevent, or otherwise address fraud, security or technical issues; or

• Protect against harm to the rights, property or safety of Synchronyx, our Services users, or the public as required or permitted by law.

Business Transfer.

We may, to the extent permitted by law, share personal information with our parent, subsidiaries and affiliates for internal, business related, marketing, and other lawful purposes. We also reserve the right to disclose and transfer personal information: (i) to a subsequent owner, co-owner or operator of the Services or our business; or (ii) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including, during the course of any due diligence process, all to the extent permitted by law. In such a case, unless otherwise directed by applicable law, your information would remain subject to the terms of the applicable Policy in effect at the time of such transfer.

Customized Programs

Synchronyx may offer you, from time to time and at our sole discretion, participation in customized programs, based on specified criteria (“Programs”). Participation in Programs may require sharing of Personal Information from and with additional third parties. If you choose to participate, you will be provided with additional information and consent requests for such sharing. Review the Programs terms and conditions for additional information.

Your Personal Information will not be combined with other information and will not be used for other purposes, except as explained in this Privacy policy. Please note that we are not subject to medical secrecy obligations.

Pharmacies and coupon companies

You may choose to share your Personal Information with pharmacies with which we partner or third party coupon companies, so that we may send you coupons or provide you with reminders to get your prescription refilled. If you choose to share your Personal Information in this manner, please note that such information may be disclosed to the coupon companies or pharmacies, and will be subject to their privacy practices.

While we take great care to keep your Personal Information confidential and secure, when you share your health or medication information with others or provide feedback regarding health matters, medications and otherwise, including by means of social media sites, or when you participate in a forum on the Service, any information disclosed by you in such way is solely your responsibility. You should exercise caution when disclosing any information (including Personal Information) in such ways, as you do not know who will access or use such information and for what purposes.

As Directed By You and With Your Consent.

Except as otherwise provided in this Policy, we share personal information with companies, organizations or individuals outside of Synchronyx only at your direction or when we have your consent to do so.

Aggregate Information.

We may de-identify or aggregate personal information so that you are not identified as an individual, and use and provide that information to third parties without restriction. We may analyze and/or combine all information we receive, including Health Information and information regarding your use of the Service, with information from other users to create aggregated data that may be disclosed to and utilized by us, our partners and by third parties without restriction, on commercial terms that we can determine in our sole discretion, for purposes such as: content marketing, research purposes, in order to understand behavior patterns, in order to increase adherence to medication regimens, marketing strategies and for entering into commercial contracts in order to provide our users with the Service. We may also provide aggregate usage information to third parties (or allow third parties to collect that information from you), who may use such information to understand how often and in what ways people use our Services. However, we never disclose aggregate usage or de-identified information to a third party (or allow a third party to collect such information) in a manner that would identify you as an individual person.

Choices.

You may contact us at support@synchronyx.com to request that we correct, delete, or rectify your personal information that is stored on our systems. Changes will be made as soon as practicable. Please note that in some cases, we may not be able to fulfill your request, or may be prohibited from correcting, deleting, or rectifying some or all of your personal information. We will let you know in such instances.

If you opt-in to use our Services, you agree to receive SMS text messages, that may include information to activate account, reminders, alerts, links to complete surveys, or other content. You also agree to receive phone calls from your clinical health care team, or from our representative staff with regards to your activity in the TapptTM system. You have the right to opt out of these Services at any time by contacting: support@synchronyx.com.

Additionally, you can always choose to stop receiving newsletters or other communications from us by clicking the “unsubscribe” link at the bottom of any Synchronyx marketing email message.

The TapptTM System.

If you use our TapptTM System, you may contact us at support@synchronyx.com to request that we correct, delete, or rectify your personal information that is stored on our systems. You may also submit a request to update your account information through our technical support form (https://forms.gle/bQRR9NQYkrWuVG999). You may also contact your pharmacy, health care provider, or healthcare organization to request changes to your personal information. We will make changes to such information on our systems if notified by pharmacy or health care provider to do so. Changes will be made as soon as practicable.

Retention of Information.

We retain personal information in accordance with applicable laws. The length of time we keep personal information depends on the type of information and whether we have an on-going business or legal need to retain it (for example, if you have an account with us, or to comply with applicable legal, tax or accounting requirements).

Our Service may link or refer to third party websites or services that we do not own or control. Any Personal Information you provide is provided directly to such third party and is subject to such third party provider’s privacy policy. This Privacy Policy does not apply to such other websites or services, and we are not responsible for the privacy practices or content of any websites or services not controlled by us, nor are we responsible for such third party’s use or misuse of your Personal Information. If you have any concerns, we urge you to review the terms of those other websites or services for more information about their applicable policies.

Our Service is intended for use by persons over the age of majority (as determined by applicable laws where such persons reside in: “Age of Majority”), unless we are provided with a valid parental or guardianship approval and consent, in accordance with the requirements of applicable laws. Under no circumstances should the Service be used by persons under the Age of Majority. We will not knowingly collect Personal Information from any person under the Age of Majority unless as described herein, and at our sole discretion. If you discover that a child has been using the Service without your consent, or that someone has been using the Service for or on behalf of your child without your consent, please contact us using the information below under “How to Contact Us” and we will take reasonable steps to delete the child’s information from our active databases. Synchronyx reserves the right to check its user base from time to time and remove users whom Synchronyx has grounds to believe they are in fact minors, including without limitation, restricting those user accounts, or deleting them, as Synchronyx may deem appropriate.

We employ industry standard and commercially reasonable security practices and procedures such as encryption, firewalls and SSL (Secure Socket Layers). We also implement security measures required by law. However, as effective as such technology and efforts may be, no security system is infallible and impervious from attack or hacking. Therefore, we cannot guarantee the security of our databases, nor can we guarantee that personal information won’t be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

We may update this Policy from time to time. Any changes will be effective immediately upon the posting of the revised Policy. We encourage you to periodically review this Policy for the latest information on our privacy practices.

California’s “Shine the Light” law, California Civil Code § 1798.83, requires that certain businesses respond to requests from their California customers (those with whom we have an established business relationship) asking about the business’ practices related to disclosing Personally Identifiable Information to third parties for the third parties’ direct marketing purposes. At this time, we do not provide Personally Identifiable Information to third parties for their direct marketing purposes.

Nevada consumers can opt out of the sale of their personal information. We do not sell personal information today, and we do not have plans to sell personal information in the future. However, Nevada customers have the legal right to opt out of the sale of their personal information, even if their information is not currently being sold. You may opt out by emailing a request to support@synchronyx.com. In your request, please specify that you wish to “Opt-out of Sale of Personal Information in Nevada.” Please allow 60 days for a response.

If you are located outside of the United States, please note that personal information we collect about you may be transferred to, processed and stored in the United States, unless otherwise noted. The data protection laws in the United States may differ from those of the country or jurisdiction in which you are located, and your personal information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Service or providing us with any information, you expressly and unambiguously consent to the transfer, processing and storage of your personal information in the United States.

Data protection laws in certain jurisdictions provide individuals with certain statutory rights with respect to their Personal Information.

For example, if you reside in the UK or the EU, you may have the right to request to: (a) receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, together with supplementary information; (b) receive a copy of Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format; (c) request rectification of your Personal Information that is in our control; (d) request erasure of your Personal Information; (e) object to the processing of Personal Information by us; (f) request to restrict processing of your Personal Information by us; and (g) lodge a complaint with a supervisory authority if you believe your privacy rights have been prejudiced by us.

Data subjects residing in other jurisdictions may also be afforded with certain rights with respect to their personal data, as determined by such jurisdictions’ applicable laws. Such rights maybe similar or may differ from those set out above with respect to EU residents.

We comply with applicable laws and respect the privacy rights of our users. If you wish to exercise any of your rights, or ask us a question, please contact us by using the contact details provided below.

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

If you have any questions, comments, requests, or concerns related to this Privacy Policy or the privacy practices of our Service, please contact us at: support@synchronyx.com.