CONSUMER HEALTH DATA PRIVACY NOTICE

What Does This CHD Notice Cover?

This CHD Notice applies solely to residents of Washington and Nevada who interact with us in an individual or household capacity, and whose data may be classified as Consumer Health Data under the Applicable Laws.

For Nevada residents, "Consumer Health Data" includes personally identifiable information that is linked or reasonably capable of being linked to a consumer and that is used to identify their past, present, or future health status.

For Washington residents, "Consumer Health Data" means personal information that is linked or reasonably linkable to a consumer and that identifies their past, present, or future physical or mental health status. This includes both medical and non-medical data that may indicate health conditions or status.

What Is Not Covered by This CHD Notice?

This CHD Notice does not apply where exemptions apply under the Applicable Laws. Examples include, but are not limited to:

• Protected Health Information (PHI) collected, received, or maintained in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). See our HIPAA Notice of Privacy Practices for more details.

• Information that is publicly available.

• Information that has been deidentified.

• Data used exclusively for:

○ Medical records under applicable health privacy laws,

○ Clinical quality improvement,

○ Public health activities, or

○ Federally regulated research (e.g., per 45 C.F.R. Part 46 and/or 21 C.F.R. Parts 50 and 56).

What Consumer Health Data Do We Collect?

As explained in our Privacy Notice and HIPAA Notice of Privacy Practices, the personal data we collect depends on your interactions with our Platform, your choices, and your location. Some of the data we collect may qualify as Consumer Health Data, unless excluded under Applicable Laws.

We may collect or derive the following types of data considered Consumer Health Data:

• Information about your health conditions, symptoms, or diagnoses, including medications and treatments.

• Reproductive or sexual health information, such as STI testing, medications, ovulation, and pregnancy test results.

• Biometric or physiological data, such as vital signs, bodily functions, or symptom tracking.

• Records of your use or purchase of diagnostic tests, medications, or other health-related products or services.

• Information that identifies your intent to seek healthcare, such as scheduling an appointment or purchasing health products.

• Genetic data, where collected.

• Internet or network activity information, such as your IP address, MAC address, operating system, browser type, and device information, where such data reflects your interaction with health-related services, products, or content.

• Information derived from other sources that is subsequently used to associate you with one or more of the categories listed above.

Categories of Data Not Considered Consumer Health Data

The following categories are excluded from the definition of Consumer Health Data under the Applicable Laws and are not subject to this CHD Notice:

• Personal data protected under HIPAA as Protected Health Information (PHI).

• Data contained in medical records and used in the course of healthcare delivery.

• Data collected or used solely for research purposes (as defined by federal law).

• Deidentified information and any information derived solely from deidentified sources.

• Information used exclusively for public health, quality assurance, or as part of a HIPAA "limited data set."

Sources of Consumer Health Data We Collect

We may collect Consumer Health Data from the following sources:

• Directly from you or your authorized representative when you use our services, engage with customer service, or otherwise interact with our Platform. With your permission, we may also collect Consumer Health Data from a device, app, or service that you connect to your profile.

• From third parties, including telehealth providers, diagnostic laboratories, health insurers, authorized representatives, service providers, and HIPAA-defined business associates. We may engage third-party service providers to operate interactive features on our Platform. By using these features, you acknowledge that third-party vendors may process information on our behalf to provide the service.

• Automatically from your device, when you use our websites or mobile applications. For more information, see our Privacy Notice, HIPAA Notice of Privacy Practices, and Terms and Conditions.

• From voluntary submissions in open text fields not related to medical care or research (e.g., "Leave a comment" boxes), which may contain Consumer Health Data.

Use of Consumer Health Data We Collect

In many cases, the personal data we process relates to health care delivery, billing, or operations and is excluded from the Applicable Laws. Where data is subject to these laws, we may use Consumer Health Data for the following purposes:

• To provide you with requested or authorized products and services;

• To deliver and personalize features of those services;

• To ensure the security, reliability, and improvement of our systems and services;

• For internal operations such as performance analysis, workforce development, and legal compliance;

• For research and development purposes;

• To meet regulatory or legal obligations, including audits and compliance reviews;

• To detect or prevent unauthorized activity, fraud, identity theft, harassment, or illegal conduct;

• For other lawful purposes, including with your consent, such as for advertising or marketing (when required).

Where consent is required, we will provide a clear description of the purpose at the time of collection.

Sharing of Consumer Health Data With Third Parties

We may share your Consumer Health Data with the following categories of third parties, as necessary for the purposes described above:

• Affiliates: Including our subsidiaries and related companies (e.g., OPEN Healthcare US, Inc., d/b/a OHUS), where access is necessary for business or service delivery.

• Service Providers: Third-party vendors who perform functions on our behalf under contractual obligations to protect and limit use of your data.

• Business Partners: In limited circumstances, such as where a service is co-branded or jointly offered with another entity.

• Financial Institutions & Payment Processors: For payment processing, fraud detection, credit risk reduction, and related financial services.

• Government Entities and Legal Compliance: We may disclose data:

○ In response to subpoenas or legal requests;

○ To cooperate with law enforcement or regulatory agencies;

○ As necessary to meet public health, safety, or compliance requirements; or

○ To prevent harm, fraud, or unlawful activities.

• Other Users: Where you choose to use services to interact with others (e.g., a communication feature), we will share your data as directed by you.

• The Public: If you opt to share your information publicly—such as submitting a testimonial, review, or comment—this may include Consumer Health Data, depending on what you choose to disclose.

Your Rights and Choices

Subject to legal limitations, you may have the following rights regarding your Consumer Health Data:

• Right to Access: To confirm whether we process your Consumer Health Data and obtain details about that processing.

• Right to Deletion: To request that we delete your Consumer Health Data.

• Right to Withdraw Consent: To withdraw any consent you previously gave us to process your Consumer Health Data.

• Right to Correct: To request that we correct inaccurate Consumer Health Data we maintain about you.

How to Exercise Your Rights

To exercise any of your rights, you may contact us at:

📧 Email: support@allrangekit.com

📞 Phone: +1 (608) 879-8173

🕒 Hours: Monday-Friday, 9 AM - 5 PM PST

📍 Mail: OPEN Healthcare, 1487 W 178th St., Gardena, CA 90248

ATTN: AllrangeKit™​ Privacy Practice

We will verify your identity before processing your request, in accordance with Applicable Laws. We may require additional information (e.g., government-issued ID, email address, or physical address) to ensure your request is valid and to prevent fraud.

If you are submitting a request on behalf of another individual as an authorized agent, you may be asked to provide proof of your authority to act on their behalf (e.g., written authorization or legal documentation).

We will not discriminate against you for exercising your rights. However, exercising certain rights may affect your ability to use some features of our services.

If we deny your request, you have the right to appeal. If your appeal is unsuccessful, you may file a complaint with your state attorney general:

• Nevada: ag.nv.gov/Complaints/File_Complaint

• Washington: www.atg.wa.gov/file-complaint

Changes to This CHD Notice

We may update this CHD Notice from time to time. If we make changes, we will update the "Last Updated" date below. We encourage you to review this Notice periodically to stay informed.

Last Updated: July 23, 2025