Privacy Statement

HealthTap, Inc. Privacy Statement

Last Updated: October 11, 2019

HealthTap, Inc. and its affiliates ("HealthTap," "we," "our," and/or "us") value the privacy of individuals who use our website (the "Site"), mobile application, and related services, including the HealthTap Premium Services, (collectively, our "Services").

This privacy statement ("Privacy Statement") explains how we collect, use, and share information from or about individuals who use our Services ("Members"). It describes what information other members or doctors can see when they use our Services. This Privacy Statement also tells you about your rights and choices with respect to Personal Information, and how you can contact us if you have any questions or concerns. By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Statement describes. In addition to this Privacy Statement, your use of our Services is also subject to our Terms of Use.

For the purpose of this Privacy Statement, "Personal Information" means any information that, by itself or in combination with other information, identifies or can reasonably be used to identify an individual, such as their name, email address, telephone number, address, date of birth, or healthcare information. Personal Information does not include information that is anonymized.

A. Information We Collect

We may collect a variety of information from or about you or your devices from various sources, as described below.

You can browse many areas of the Site and/or our applications without providing any Personal Information. However, at certain areas of the Site, we may ask that you provide Personal Information. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide your Personal Information when requested, you may not be able to use our Services if that information is necessary to provide you with our Services or if we are legally required to collect it.

Information You Provide to Us

Registration and Profile Information. We collect the information you provide when you create a HealthTap account, including your name, email address, password, and date of birth. We will also receive any optional information you choose to add to your HealthTap Profile ("Profile"), such as your health goals, medications, medical conditions, location, and other information. Health conditions and treatment recommendations often depend on your age, gender, and where you live. Having robust Profile information lets HealthTap give you a personalized experience, and it helps HealthTap doctors give you an appropriate treatment plan.

Payment Information. When you add a credit card or payment method to your Profile or make a purchase through our Services, we will collect that payment card information / a third party service provider that handles payments for us will receive your payment card information.

Communications. If you contact us directly, we may receive additional information about you. For example, when you contact us for customer support, we will receive your name, email address, phone number, the contents of a message or attachments that you may send to us, and other information you choose to provide. If you subscribe to our newsletter, then we will collect certain information from you, such as your email address. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services.

Carrers. If you decide that you wish to apply for a job with us, you may submit your contact information, cover letter, and your resume online. We will collect the information you choose to provide on your resume, such as your education and employment experience. You may also apply through LinkedIn. If you do so, we will collect the information you make available to us on LinkedIn.

Information We Collect When You Use Our Services

Location Information. When you use our Services, including our mobile application, if you allow us, we may receive your precise location information. We use your location information to connect you with local doctors in order to comply with regulations and to personalize and improve your experience by suggesting service providers that are located near to you. Service providers including but not limited to pharmacies, doctors, and lab test centers. We also use your location information to help our doctors develop an appropriate treatment plan for you. This location information is also used to help troubleshoot network connectivity and user experience issues. We also infer the general physical location of your device and the geographic regions our Members come from. For example, your internet protocol ("IP") address may indicate your general geographic region.

Device Information. We receive information about the device and software you use to access our Services, including IP address, web browser type, operating system version, phone carrier and manufacturer, installed applications, device identifiers, mobile advertising identifiers, and push notification tokens.

Usage Information. To help us understand how you use our Services and to help us improve them, when you use our Services, we automatically receive information about your interactions with our Services, such as the pages or other content you view, any content you post, and the dates and times of your visits.

Information from Cookies and Similar Technologies.A cookie is a small piece of data that a website can send to your computer's internet browser, which is then stored on your computer's operating system. Cookies are how websites recognize users and keep track of their preferences. We and third-party partners collect information using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. For more information about our use of cookies, please see our Cookie Policy.

Please review your web browser's "Help" file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.

Information We Receive from Third Parties

Virtual Consult Summaries. At the end of every virtual visit (meaning a consultation between a doctor and a patient through our Services using text chat and/or video), the doctor will prepare a note about the virtual visit (the "Consult Summary"), which may include health information such as symptoms, diagnosis, and treatment. These Consult Summaries will become part of your Profile. When you initiate virtual visits using our Services, the doctor that you see or chat with will be able to view all past Consult Summaries to be able to give you appropriate care.

Social Media Accounts. We may obtain Personal Information about you from third party social media services, such as Facebook and Twitter, if you choose to link our Services with third party social media accounts ("Social Media Account") by either: (i) providing your Social Media Account login information to HealthTap through the Services; or (ii) allowing HealthTap to access your Social Media Account, as is permitted under the applicable terms and conditions that govern your use of the respective Social Media Account.

B. How We Use the Information We Collect

HealthTap uses the information we collect for the following purposes:

  • To operate, provide, maintain, improve and enhance our Services;
  • To personalize your experience on our Services, such as by providing tailored content and recommendations. For example, we use your email address to help you create, log into, and manage your account on our Services. This lets us personalize your experience and give you relevant information. It also powers the features that help you better understand, engage with, and track your health and to present you with personalized, relevant information;
  • To understand and analyze how you use our Services and to develop new products, services, features, and functionality;
  • To build a profile about you and make automated decisions based on your information to generate better answers to your health questions and effectively triage your symptoms. This information is not used for marketing;
  • To connect you with a doctor that suits your needs;
  • For marketing and advertising purposes, such as developing and providing promotional and advertising materials that may be relevant, valuable or otherwise of interest to you. We also may use the information that we learn about you to assist us in advertising our Services on third party websites. Where required under applicable law, we will only send you marketing communications with your consent;
  • To communicate with you via email, text messages, push notifications and phone calls, in order to provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support;
  • To facilitate transactions and payments;
  • To facilitate the connection of Social Media Accounts to our Services to provide information from Social Media Accounts to your Profile. Depending on the Social Media Accounts you choose and subject to the privacy settings that you have set in such Social Media Accounts, we will access, make available and store (if applicable and as permitted by the social media service and authorized by you) the information in your Social Media Accounts so that it is available on and through your Profile on the Services;
  • For our business purposes, such as audits, for quality assurance purposes, to find and prevent fraud, and respond to trust and safety issues that may arise;
  • For compliance purposes, including enforcing our Terms of Use or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency;
  • For other purposes for which we provide specific notice at the time the information is collected; and
  • To aggregate or otherwise de-identify information collected through the Services and use and disclose it for other business purposes after the data can no longer be reasonably linked to an identifiable person.

If you are located in the European Economic Area ("EEA"), we only process your Personal Information based on a valid legal ground, including when:

  • Consent. You have consented to the use of your Personal Information, for example for marketing purposes or to track your online activities via Cookies and similar technologies.
  • Contract. We need your Personal Information to provide you with our Services, for example for account registration and management or to respond to your inquiries.
  • Legal Obligation. We have a legal obligation to use your Personal Information, for example to comply with tax and accounting obligations, or abide by local, state and Federal laws.
  • Legitimate Interest. We or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of our Services. We only rely on our or a third party's legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.

C. How We Share the Personal Information We Collect

We may share or otherwise disclose Personal Information in the circumstances described below.

Affiliates. We may disclose Personal Information to our affiliates or partners to provide the Services or for other purposes for which the information was collected.

Vendors and Service Providers.We may share Personal Information we receive with vendors and service providers in connection with the provision of the Services

Our service providers, such as prescription services, may be responsible for providing notices to Members. In the event Personal Information is (a) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (b) transferred to a third party acting as a data controller, Members will be given, where practical and appropriate, an opportunity to opt out of having non-sensitive Personal Information used or transferred. For sensitive information, including health related information, members will opt in before such use or transfer.

In some instances, HealthTap may retain other service providers to perform functions on our behalf, including, but not limited to, website developers, IT services providers, shipping or direct mail organizations, storage facilities, or entities assisting us in a recruitment process.

Advertising and Analytics Partners. We may make certain Personal Information available to third parties for advertising and analytics purposes, including: (a) for business or marketing purposes, such as to track sales leads; or (b) to assist such parties in understanding our Members' interests, habits, and usage patterns, and/or functionality available through our Services.

As Required by Law and Similar Disclosures. We may access, preserve, and disclose Personal Information if we believe doing so is required or appropriate, in our sole discretion, to: (a) comply with any applicable law, regulation, legal process or governmental request, such as a court order or subpoena, or otherwise cooperate with law enforcement or governmental agencies; (b) take precautions against liability; (c) protect your, our, or others' rights, property, or safety; (d) investigate and defend ourselves against any third-party claims or allegations; and (e) protect the security or integrity of our Services and any facilities or equipment used to make our Services available. For the avoidance of doubt, the disclosure of Personal Information may occur if you post any objectionable content on or through the Services.

Member Content.Our Services are social services in which you can pose questions and find answers to other Members' questions. Your questions will be visible and searchable by other users by default and might be read, collected, and used by others. Please note that our Terms of Use do not allow you to include Personal Information (such as your name, email address, or phone number) in any publicly available questions posted to our Services. HealthTap cannot control how such content is seen or used. We are not responsible for the other Members' use of available Personal Information, so you should carefully consider whether and what to post. Please contact our support team at [email protected] to request removal of Personal Information.

Social Media Services.Our Services may allow you to, upon your direction, share Personal Information with certain social media services, such as Facebook, Twitter, Pinterest, and Google Plus. Please consider any impact on your privacy and anonymity when posting content to any and all social media services. You understand and agree that the use of Personal Information by any social media services will be governed by the respective privacy policies of those social media services and your settings on their platforms. We encourage you to review their privacy policies.

Marketing. We do not rent, sell, or share Personal Information about you with non affiliated companies for their direct marketing purposes, unless we have your permission.

Virtual Doctor Visits. We may share Personal Information with HealthTap doctors in order to facilitate your treatment and care. Like an in-person patient-doctor interaction, HealthTap virtual consults are confidential, but not anonymous. When using HealthTap Premium Services, your Profile information, such as your real name and health information, are visible to doctors with whom you see or chat with in a virtual visit. This Profile information is not visible to other Members or to doctors who are not providing care or services in a virtual visit.

By initiating a virtual consult, you consent to sharing your name and the health information in your Profile with doctors who treat you in virtual visits.

Mergers, Sales, or Other Asset Transfers.We may disclose and otherwise transfer Personal Information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.

D. International Transfers of Personal Information

HealthTap may transfer Personal Information for the purposes described in this Privacy Statement to a third party acting as a data controller or as an agent. If we intend to disclose Personal Information to a third party acting as a data controller or as an agent we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle (the "Principles"). When providing our Services, we disclose Personal Information as provided in our agreement with Members.

We remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

By providing any information, including Personal Information, on or to the Services, you acknowledge and consent that your information may be transferred across national borders, including to countries outside the EEA, such as the United States.

If you are located in the EEA or Switzerland, we comply with applicable legal requirements for the transfer of Personal Information to countries outside of the EEA or Switzerland. We may transfer Personal Information to countries for which adequacy decisions have been issued (e.g., Canada), use contractual protections for the transfer of Personal Information, or rely on third parties' Privacy Shield certifications, where applicable. You may contact us as specified below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA or Switzerland.

HealthTap complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union and/or Switzerland, to the United States. HealthTap has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, visit https://www.privacyshield.gov/, and to view our certification, click here. For more information on our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, please see our [Privacy Shield Notice] below.

E. Security

We make commercially reasonable efforts to protect Personal Information by using physical and electronic safeguards designed to protect the integrity and security of the Personal Information we maintain. We also use certain physical, organizational, and technical safeguards designed to comply with the Health Insurance Portability and Accountability Act ("HIPAA") security standards for interactions subject to HIPAA security regulations. HealthTap takes commercially reasonable precautions, considering the risks involved in the processing and the nature of the Personal Information, designed to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. However, as no electronic transmission or storage of Personal Information can be entirely secure, we can make no guarantees as to the security or privacy of Personal Information.

F. Information Retention

We take measures to retain your Personal Information for a period that is no longer than necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law. When determining the retention period, we take into account various criteria, such as the type of Services provided to you, the nature and length of our relationship with you, the impact on the Services we provide to you if we delete some Personal Information from or about you, and mandatory retention periods provided by law and the relevant statute of limitations.

G. Your Choices and Rights

Sharing Preferences. We provide you with settings to allow you to set your sharing preferences for content you post to our Services.

  • Optional Profile Information.You can add, edit, or delete optional Personal Information appearing in your Profile at any time in your account settings under edit profile link.
  • Required Account Information.Certain Personal Information is required for account functionality and can be edited but not deleted. For example, you can edit, but not remove, the email address and password required for login.
  • Health Records.You can amend your health information and can add information to your Consult Summaries to make your information more accurate or complete. Accordingly, if you would like to request access to, or to limit the use or disclosure of Personal Information, please contact the doctor to which you provided the Personal Information in connection with our Services. If you contact us with the name of the doctor to which you provided Personal Information, we will refer your request to that doctor and support them in responding to your request.
  • Public Content. You can request the removal of Public Content by contacting our support team at [email protected].

H. Marketing Communications.You can unsubscribe from our marketing communications, such as announcements of new features or special offers, via the link provided in the promotional emails. HealthTap will never share your email address or other contact information to third parties for their own marketing purposes without your explicit permission. Even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us.

I. Notifications.We will ask you if you want to receive notifications when you open an account with HealthTap. If you agree, HealthTap may send you email, SMS, or mobile push notices, providing you with account-related reminders or updates, or letting you know that you have a message on our Services. You may opt out at any time by adjusting your notification settings in the settings page.

J. Do Not Track.There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

K. Deactivating Your Account.To deactivate your account, sign in, go to the settings page, and choose the deactivate your account option. You will receive an email confirming that your account has been deactivated. Your public questions that have received answers will continue to appear anonymously on our Services even if you deactivate your account.

L. European Privacy Rights.If you are located in the EEA or Switzerland, you are entitled to reach out to us via the contact details in this Privacy Statement and ask us for an overview of your Personal Information or ask for a copy of such Personal Information. In addition, you may request us to update and correct inaccuracies, delete your Personal Information, restrict our processing of your Personal Information, or exercise your right to data portability, and to transfer your Personal Information to another company. In some cases, you may object to the processing of your Personal Information and, where we have asked you for your consent to process your Personal Information, you can withdraw it at any time. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent was withdrawn. We always enjoy hearing from you and appreciate your business. Should you nonetheless have unresolved concerns, you have the right to lodge a complaint with the supervisory authority of your residence, place of work or where the incident took place.

M. Children

Our Services are not intended for or directed to children under 16 years of age, and we do not knowingly collect Personal Information from children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, then you may alert us at [email protected]. If we learn that we have collected any Personal Information from children under 13, then we will promptly take steps to delete such information and terminate the child's account.

N. Google

Our Services use several services provided by Google, Inc. ("Google"), including the services described below.

Google Analytics.This Site uses Google Analytics, a web analytics service that uses cookies, which we use for the purpose of understanding how Members use our Services, compiling reports on website activity, and providing other information relating to website activity and internet usage. Google will not associate your IP address with any other information held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, if you delete cookies and/or prevent new ones, you will likely have to reenter preferences and settings every time you visit a website, and some services and functionalities may not work.

You can prevent Google's collection and use of data such as cookies and IP address by downloading and installing the browser plug-in available here.

More information about how Google uses advertising cookies can be found here.

Google Maps.We use visual mapping services on the Site and/or our applications, please be aware that the Google Maps/Earth Terms of Service, including the Google Privacy Policy, at https://www.google.com/intl/en-US_US/help/terms_maps.html also applies.

Google reCAPTCHA. We use Google reCAPTCHA on the Site and/or our applications and it is also subject to Google's Privacy Policy and Terms of Use, which are available for your review.

O. Third Party Sites

Our Services may contain links to third-party sites. When you click on one of these links, you are visiting a website operated by someone other than HealthTap, and the operator of that website may have different privacy policies. HealthTap is not responsible for the individual privacy practices of those sites. Please be aware that this Privacy Statement does not apply to your activities on these third-party sites or any information you disclose to these third parties. We encourage you to read the privacy policies of third-party sites before providing any information to them.

P. Contact HealthTap

HealthTap is responsible, or the "data controller", for the processing of your Personal Information processed in connection with the Services. If you have any questions, comments, or concerns about our processing activities, please email us at [email protected], or via traditional mail to 2465 Latham Street, Suite 300, Mountain View, CA 94040.

You can also use our Contact Us page to make requests regarding managing and processing your information.

Q. Changes To This Privacy Statement

We reserve the right to change this Privacy Statement at any time. We will post any adjustments to the Privacy Statement on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or share Personal Information previously collected from you through the Services, we will notify you through the Services, by email, or other communication.

Privacy Statement

HealthTap Privacy Statement (Canada)

Date last modified: August 29, 2019

HealthTap respects your privacy and will only collect, use or disclose your personally identifiable information (personal information) in accordance with our Privacy Statement and applicable privacy laws. This Privacy Statement describes what personal information we collect through our website(s), our mobile applications and related services (collectively, the "Apps"), how we use personal information, and the manner in which personal information may be disclosed or shared by HealthTap.

For the purpose of this Privacy Statement, personal information means any information that, by itself or in combination with other information, identifies or can reasonably be used to identify an individual. It may include, for example, your name, email address, telephone number, address, date of birth, financial information and health information. Personal information does not include information that is anonymized or publicly available information that has not been combined with non-public personal information.

Consent for the collection, use and disclosure of personal information

When you sign up for or use the Apps, we ask you to confirm that you have read and agree to our Privacy Statement. By submitting your personal information through the Apps, you consent to the collection, use, and disclosure of such information as set out in this Privacy Statement.

What personal information do we collect?

Generally, you may browse our websites or the Apps without providing any personal information. You are under no obligation to provide personal information, with the caveat that your refusal to do so may prevent you from using certain portions of the websites or the Apps.

HealthTap collects your personal information when you use the following applications and services:

Information you store on your Profile

We collect personal information you provide when you create a HealthTap account, including your name, email address, and date of birth. You can add optional health information to your HealthTap Profile ("Profile"), for example, health goals, medications, conditions, and other personal information which helps to personalize your HealthTap experience. You choose what personal information to add to your Profile when using the Apps and adding information into your Profile.

Information to purchase HealthTap packages and services

If you decide to sign up for HealthTap packages and services, including Virtual Consults, we ask you to provide additional information, including payment information. For more information, please consult our Terms of Use.

Information provided in Virtual Consunlts

If you request a virtual consult (meaning a consultation between a doctor or other health care practitioner ("Practitioner") and a patient through a HealthTap application using a video link) ("Virtual Consult"), we collect, use and disclose personal health information about you in order to provide you with health care services. Personal health information collected in connection with our health care services is subject to the HealthTap Terms of Use and Virtual Consult Consent.

HealthTap maintains a secure electronic health record and at the end of every successfully-completed Virtual Consult, the Practitioner with whom you have had your Virtual Consult will prepare a brief note about the Virtual Consult (the "Consult Summary"). These Consult Summaries become part of your Profile. When you initiate Virtual Consults on HealthTap, the Practitioner you see will be able to view all of the Consult Summaries on the Apps.

Why do we ask you for certain types of information?

When using the Apps, you have access to general health information, answers and tips, and expert content. Certain health conditions and appropriate actions vary depending on your age group, geography, and gender. Personal information that you add to your Profile allows HealthTap to provide you with a more personalized online experience. Personal information that you add to your Profile for these purposes is not visible to other users or to Providers through the Apps.

How do we use your information?

We use your personal information for the purpose for which it was collected, as well as other purposes for which you have given consent. In addition to those purposes set out above, this includes, but is not limited to, the following purposes:

  • Administration of your Profile: We use the personal information in your Profile and your health and wellness goals to help you better understand, stay engaged with, and track your health and to present you with relevant information. Your email address is used to create, log into, and manage your HealthTap account.
  • Marketing: In accordance with anti-spam laws, we obtain your consent in order to send you commercial electronic messages. You may subscribe or unsubscribe to receive marketing communications from us, such as announcements of new features. We do not share email addresses or other contact information with third parties without your permission.
  • Notifications: We will ask you if you want to receive notifications when you open an account with HealthTap. If you agree, HealthTap may send you email, SMS, or mobile push notices, providing you with account-related reminders or updates, or letting you know that you have a message on HealthTap.

We also may use your personal information to comply with our legal obligations, resolve disputes, and enforce our agreements and as required and/or permitted by applicable privacy laws.

Automated decision making and profiling

We use any relevant information in your health profile to generate better answers to your health questions. For example, we use the personal information you provide about any medical conditions to better triage your symptoms. Your experience on the Apps is tailored to you based on the profile information you provide. The personal information you provide is not used for advertising.

Disclosing personal information to third parties

With whom do we share your personal information?

In some instances we may retain other companies and individuals to perform functions on our behalf, including, but not limited to, website developers, service and technology providers. Third parties may be provided with access to your personal information to perform the functions for which they have been retained. Our agreements with third parties will not permit them to use your personal information for any other purposes and commit them to comply with applicable data privacy standards.

HealthTap has also partnered with third parties that license its software platform, including telemedicine platforms accessible through the apps of such third parties and content and services that support such apps. To use HealthTap Apps, Services and/or Virtual Consults as provided under license by such third parties, you must agree to all of the terms and policies such third parties impose upon such Apps, Services and/or Virtual Consults and such third parties bear all liabilities for your use of the Apps, Services and/or Virtual Consults, including as it relates to your personal information.

We may disclose your personal information as we deem necessary, in our sole discretion, to comply with any applicable law, regulation, legal process or governmental request.

Cross-Border Transfer

The collection, use and disclosure of your personal information through the HealthTap Apps, Services or Virtual Consults is governed by applicable Canadian laws and this Privacy Statement. It is also subject to US privacy laws. HealthTap may transfer your personal information outside Canada to its affiliates or third party service providers with operations in other countries, which are subject to laws of a foreign jurisdiction. Currently, HealthTap transfers and stores personal information on HealthTap servers in the US. By accepting this Privacy Statement, using the Apps or providing us with your personal information you acknowledge and consent to your personal information being processed by third parties on HealthTap's behalf and transferred, accessed and/or stored in countries outside Canada.

Who else can see your personal information?

Personal information is stored securely in your Profile, which is not visible to other users or Practitioners through the Apps. Revealing personal information in content publicly visible on the Apps (such as in public questions) is not permitted under our Terms of Use. Any questions that you ask on the Apps are anonymous. Only the questions, not your identity, are publicly visible.

Security

HealthTap uses physical, organizational and technical industry-standard security safeguards commensurate to the sensitivity of data collected, used or disclosed such as encryption in transit and at rest. We use a variety of technologies and procedures to help protect the security of your personal information from unauthorized access, use, or disclosure.

HealthTap has implemented and maintains reasonable and appropriate security measures, procedures and practices to protect against the loss and unauthorized access, use, modification, destruction or disclosure of your personal information while it is our custody or under our control.

We also limit access to your personal information to those employees, contractors and agents who have a business need to know.

Public Content

Some content on the Apps is publicly visible by logged in or logged out users ("Public Content"). Any information provided in Public Content might be read, collected, and used by others who access them. Please note that our Terms of Use do not allow you to include personal information (such as your name, email address, or phone number) in any Public Content posted to the Apps. HealthTap cannot control how Public Content is seen or used. Contact our support team to request removal of such information.

Sharing on social media

You can share certain information from the Apps using the sign-in services of certain social media services such as Facebook and Twitter. Please consider any impact on your privacy and anonymity when posting content to public services. Content posted to these services will be governed by the respective privacy policies of those services.

How can I access or correct my data?

You can add, edit, or delete optional information appearing in your Profile at any time in your account settings ("Settings"). You can edit, but not remove, certain information (like an email address) required for login and to use the Apps, as well as Consult Summaries. In connection with Virtual Consults, you have additional rights under applicable privacy laws. You may request access or correction to your health records, withdraw your consent or request limits on the collection, use or disclosure of your personal health information for health care purposes by contacting [email protected].

Deactivation

To deactivate your account, simply sign in, go to Settings, and deactivate your account. You will receive an email confirming that your account has been deactivated. Please note: your public questions that have received answers will continue to appear anonymously on the Apps after account deactivation.

Children

We are committed to protecting the privacy of children. The Apps are not intended or designed for children. We do not collect personal information from any person we actually know is a child. Where applicable, registered Users may use the Apps for the benefit of their children in accordance with the Terms of Use and Virtual Consult Consent.

Cookies and Analytics

For more information about how HealthTap uses cookies, please see its Cookie Policy. A "cookie" is a data element that a website can send to your browser, which may then be stored on your system. The Apps use different kinds of cookies and/or uses services which use "cookies", for example, Google Analytics, a web analytics service provided by Google, Inc. HealthTap uses this information for a variety of purposes, including evaluating usage of the Apps, to improve our Apps and services and to compile reports on website activity. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the Apps.

To learn more about how Google Analytics collects and processes data and the choices Google may offer to control these activities, visit https://www.google.com/intl/en/policies/privacy/partners/

Third- Party Sites

The Apps may contain links to other third-party sites. When you click on one of these links you are visiting a website operated by someone other than HealthTap, and the operator of that website may have different privacy policies. HealthTap is not responsible for the individual privacy practices of those sites. We encourage you to investigate the privacy policies of these third-party operators.

Retention of your personal information

Your personal information will be stored as long as the information is required to fulfill our legitimate business needs or the purposes for which the information was collected, or as long as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. When we no longer are required to retain the information, we will destroy, erase, or de-identify the information.

Contacting us

Should you have any questions or concerns about this Privacy Statement or HealthTap's practices, you may reach HealthTap via email at [email protected], or 650.376.6110 Our Contact Us page may also be used for requests to manage your information we process.

You may also contact the Office of the Privacy Commissioner of Canada or provincial Information and Privacy Commissioner (as applicable) with any questions or concerns.

Revisions to this Privacy Statement

We reserve the right to change this Privacy Statement at any time and such modifications shall be effective immediately, as of the date indicated below.

Privacy Shield Notice

INTRODUCTION

HealthTap, Inc. and its affiliates (collectively, "HealthTap", "we, "our" or "us") respect your privacy. This Privacy Shield notice ("Privacy Shield Notice") describes our standards and procedures for handling Personal Information transferred from the European Economic Area ("EEA") and Switzerland to the U.S. in accordance with HealthTap's obligations under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

HealthTap has subscribed to and will adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by adopting and implementing the Privacy Shield Principles (the "Principles"). More information about the Privacy Shield can be found at www.privacyshield.gov. Our Privacy Shield certification can be found at www.privacyshield.gov/list.

For the purpose of this Privacy Shield Notice, "Personal Information" means any data relating to an identified or identifiable individual (our "members", "you", or "your"), including, for example, name, address, telephone number, e-mail address, as well as healthcare information; and "processing" means any operation performed on Personal Information, such as, for example, collection, use, management, virtual consults or disclosure. This Privacy Shield Notice supplements our HealthTap Privacy Statement. Unless specifically defined in this Notice, the terms in this Privacy Shield Notice have the same meaning as in our Privacy Statement. In case of conflict between this Privacy Shield Notice and the Principles, the Principles will govern.

We obtain and process Personal Information from the EEA and Switzerland in different capacities:

As a data controller, we collect and process EEA and Swiss Personal Information directly from members, either via our publicly available websites, including www.HealthTap.com, our mobile device application or in connection with our customer, partner, and vendor relationships.

As an agent (as that term is used in the Principles), we obtain and process EEA and Swiss Personal Information on behalf of and under the instructions of our members in connection with healthcare services HealthTap provides, such as Personal Information stored by members using our Doctor A.I. application. In that context, members are the data controllers or agents and the roles and responsibilities of the parties for the processing of Personal Information are defined in our agreements with members.

HealthTap commits to comply with the Principles with respect to all Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield.

PRIVACY SHIELD PRINCIPLES

Notice

HealthTap's Privacy Statement, in combination with this Privacy Shield Notice, describes our privacy practices with respect to Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield.

Choice

When providing our Services, our members choose the types of Personal Information we process and the purposes of the processing. Accordingly, our affiliated service partners, e.g.- prescription services, are sometimes responsible for providing notice to members. In the event Personal Information is (i) to be used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, members will be given, where practical and appropriate, an opportunity to opt out of having their Personal Information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, members must opt in before such use or transfer.

Accountability for Onward Transfer of Personal Information

HealthTap may transfer Personal Information for the purposes described in the HealthTap Privacy Statement to a third party acting as a data controller or as an agent. If we intend to disclose Personal Data to a third party acting as a data controller or as an agent we will comply with, and protect, Personal Information as provided in the Accountability for Onward Transfer Principle. When providing our Services, we disclose Personal Information as provided in our agreement with members.

We remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Security

HealthTap takes reasonable and appropriate precautions, considering the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation

Any Personal Information we receive may be used by HealthTap for the purposes indicated in our HealthTap Privacy Statement or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.

We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Members are encouraged to keep their Personal Information with HealthTap up to date and may contact HealthTap as indicated below or in the HealthTap Privacy Statement to request that their Personal Information be updated or corrected.

We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the HealthTap Privacy Statement, unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the Privacy Shield.

When providing our Services, we process and retain Personal Information as necessary to provide our services as permitted in our agreement with members, or as required or permitted under applicable law.

Access

Members have reasonable access to their Personal Information via their application account and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. You may request access to your Personal Information by contacting us as described below and through the Help & Support communication features in the application.

When providing our Services, we only process and disclose the Personal Information as specified in our agreements with members. Our customer controls how Personal Information is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Information, please contact the company to which you submitted your Personal Information and that uses our Services. If you contact us with the name of our customer to which you provided your Personal Information, we will refer your request to that customer and support them in responding to your request.

Recourse, Enforcement and Liability

HealthTap has established procedures to periodically verify implementation of and compliance with the Principles. HealthTap conducts an annual self-assessment of its practices regarding Personal Information intended to verify that the assertions HealthTap makes about its practices are true and that such practices have been implemented as represented.

Please refer to HealthTap's Terms of Use for a complete description of Indemnification & Exclusions, Limitations and Liability.

HealthTap is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission ("FTC"). In certain situations, HealthTap may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Individuals may file a complaint with our U.S. Privacy Office at [email protected], if they have any complaints with HealthTap's processing of their personal data under the Privacy Shield Program. If the dispute is unable to be resolved through HealthTap's internal processes, HealthTap offers a variety of options for the individual to resolve their dispute. If the dispute involves data collected in the context of an EU resident's employment relationship, we will cooperate with competent EU or Swiss data protection or labor authorities and comply with the advice of such authorities. If those authorities determine that we did not comply with this Privacy Shield Notice, we will take appropriate steps to address any adverse effects and to promote future compliance. If the dispute involves other types of data, individuals may file a claim with Judicial Arbitration and Mediation Services (JAMS) here. Under certain circumstances, an individual may invoke binding arbitration. Please see the Privacy Shield website for more information on conditions giving rise to binding arbitration.

Amendment

This Privacy Shield Notice may be amended consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. When we update this Privacy Shield Notice, we will also revise the "Last Updated" date at the bottom of this document.

Contact Us for Questions or Complaints

If you have any questions, concerns or complaints regarding our privacy practices, or if you'd like to exercise your choices or rights, you can contact us:

By email to: [email protected]

By writing to us at: HealthTap, Inc., Attn: Compliance, 2465 Latham Street, Suite 300 Mountain View, CA 94040

General Data Protection Regulation (GDPR) - European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), HealthTap, Inc. has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:

Emailing [email protected]

Using EDPO's online request form at https://www.edpo.brussels/contact

Writing to: EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium