Privacy Policy

Openwell Health

Privacy Notice

Last Updated: March 6, 2026

This Privacy Notice (“Notice”) applies to the processing of personal information by Openwell, Inc. (“Openwell,” “we,” “us,” or “our”), including on our mobile application, white-label practice-branded applications provided to independent healthcare practices and clinics (each, a “Practice”), our website available at www.openwellhealth.com, our associated site(s), our microsite(s), and our other online or offline offerings which link to, or are otherwise subject to, this Privacy Notice (collectively, the “Services”).

Special Note to Connecticut, Nevada, and Washington Openwell Health Patients and Potential Patients. For information on our processing of “consumer health data” subject to state Consumer Health Data Privacy Laws, please see Annex A – Supplemental U.S. Consumer Health Data Privacy Notice.

Special Note to Users Interacting with a Healthcare Practice Using the Openwell Platform: If you interact with a healthcare practice or clinic that uses the Openwell platform, please note this Privacy Notice is distinct from and in addition to that Practice’s own privacy statements, policies, and notices of privacy practices. Please be sure to carefully review this Privacy Notice and all privacy statements, policies, and notices of privacy practices applicable to you and your personal information.

Your Data Privacy Commitment: Your individually identifiable health data is never sold to or shared with advertisers. Openwell does not use your individually identifiable Protected Health Information (PHI) for training, fine-tuning, or improving AI models. Openwell may de-identify and aggregate data in accordance with HIPAA (45 C.F.R. § 164.514) for product improvement, feature development, industry benchmarks, anonymized analytics, and non-identifiable research. Openwell will never attempt to re-identify de-identified data, and will never sell individually identifiable patient data. See Section 4C below for details.

1. UPDATES TO THIS PRIVACY NOTICE

2. PERSONAL INFORMATION WE COLLECT

3. HOW WE USE PERSONAL INFORMATION

4. ARTIFICIAL INTELLIGENCE AND DATA PROCESSING

5. HOW WE DISCLOSE PERSONAL INFORMATION

6. YOUR PRIVACY CHOICES AND RIGHTS

7. DATA PORTABILITY

8. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

9. RETENTION OF PERSONAL DATA

10. CHILDREN’S PERSONAL INFORMATION

11. THIRD-PARTY WEBSITES/APPLICATIONS

12. CONTACT US

ANNEX A – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY NOTICE

ANNEX B – CONSUMER HEALTH DATA AUTHORIZATION

1. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on our website and/or by sending other communications where required by law.

2. PERSONAL INFORMATION WE COLLECT

We collect personal information you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.

A. Personal Information You Provide to Us Directly

We may collect personal information you provide to us.

• Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, date of birth, gender, email address, phone number, payment information, and other information you store when registering and maintaining your account. To fully utilize our Services, you may be required to fill out and submit forms containing personal information such as your name, address, telephone number, social security number, health-related symptoms, and other personal information relevant to your health status, diagnosis, treatment, and insurance coverage.

• Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not collect or store any payment card information entered through our Services, and we may receive information associated with your payment card information (e.g., your billing details).

• Commerce and Ordering. When you place orders for laboratory tests, medications, supplements, or other products through the Platform’s ordering interface, we collect information necessary to process and transmit those orders to applicable third-party vendors, including product selections, shipping information, and order history.

• Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email, in-app messaging, or our online chat tool.

• Connected Device Data. If you connect wearable devices or other health monitoring tools to the Platform, we collect the health data transmitted from those devices, including activity data, vital signs, sleep data, and other biometric measurements.

• Health Information Exchange (HIE) Data. With your authorization, we may collect health records from health information exchanges, including records from other healthcare providers, hospitals, and specialists.

• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

• Interactive Features. We and others who use our Services may collect personal information you submit or make available through our interactive features (e.g., messaging features, commenting functionalities, forums, blogs, and social media pages) (“User Content”). Any information you provide using the public sharing features of the Services will be considered “public.”

• Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests we offer.

• Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.

• Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

B. Personal Information Collected Automatically

We may collect personal information automatically when you use the Services.

• Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information).

• Usage Information. We may collect personal information about your use of the Services, such as the pages you visit, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Services.

• Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services.

  • Cookies. Cookies are small text files stored in device browsers.

  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services collecting personal information about use of or engagement with the Services.

• Biometric Information. If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted, we may collect biometric data from connected wearable devices and health monitoring tools. Where required by law, your biometric information will be stored for no more than 3 years from your last interaction with our Services.

C. Personal Information Collected from Third Parties

We may collect personal information about you from third parties. For example, if you access the Services using a Third-Party Service, we may collect personal information about you from such Third-Party Service you have made available via your privacy settings. In addition, we and other third parties may upload or otherwise provide personal information about you (i.e., diagnostic testing results, health information exchange records, wearable device data).

3. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below.

A. Provide the Services

We use personal information to fulfill our contract with you and provide the Services, such as:

• Managing your information;

• Providing access to certain areas, functionalities, and features of the Services;

• Delivering accurate and personalized recommendations through the use of artificial intelligence and machine learning capabilities;

• Generating AI Insights including patient record summaries, health trend analyses, and clinical decision-support outputs for review by your healthcare provider;

• Facilitating orders for laboratory tests, medications, supplements, and other products through our network of third-party vendors;

• Aggregating health data from connected devices, health information exchanges, and patient uploads;

• Answering requests for support;

• Communicating with you;

• Sharing personal information with third parties as needed to provide the Services;

• Processing your financial information and other payment methods for products and Services purchased;

• Processing applications if you apply for a job we post on our Services; and

• Allowing you to register for events.

Our Services are enabled by machine-learning tools fundamental to our ability to provide real-time engagement, inform treatment approaches, and track progress. These machine-learning tools process natural language communications to support user experience and outcomes.

B. Administrative Purposes

We use personal information for various administrative purposes, such as:

• Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;

• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;

• Carrying out analytics;

• Measuring interest and engagement in the Services;

• Improving, upgrading, or enhancing the Services;

• Analyzing, improving, upgrading, and/or enhancing the Services through the use of artificial intelligence and other methods, using de-identified and aggregated data in accordance with 45 C.F.R. § 164.514, including for industry benchmarks, outcome analytics, and non-identifiable research (see Section 4C for full details);

• Developing new products and services;

• Creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws;

• Ensuring internal quality control and safety;

• Authenticating and verifying individual identities;

• Debugging to identify and repair errors with the Services;

• Auditing relating to interactions, transactions, and other compliance activities;

• Enforcing our agreements and policies; and

• Carrying out activities required to comply with our legal obligations.

C. Marketing

We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.

California Shine the Light: If you are a California resident, you may annually submit a request to us to find out whether we have shared your personal information with third parties for the third parties’ direct marketing purposes. If you would like to submit such a request, please “Contact Us.”

D. With Your Consent or Direction

We may use personal information for other purposes clearly disclosed to you at the time you provide personal information with your consent, such as if you opt-in to participate in research studies and research and development activities, or as otherwise directed by you.

E. Automated Decision Making

We may engage in automated decision making, including profiling. Our processing of your personal information will not result in a decision based solely on automated processing that has a legal or other similarly significant effect on you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. AI Insights generated through the Platform are always subject to review by licensed healthcare professionals before clinical action is taken. If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.

4. ARTIFICIAL INTELLIGENCE AND DATA PROCESSING

The Platform utilizes artificial intelligence and machine learning tools (“AI Tools”) to process health data and generate informational insights. This section describes our AI-related data practices.

A. What AI Tools Do

AI Tools are used to generate health insights, trend analyses, potential risk flags, patient record summaries (“Catch Me Up”), conversational health queries grounded in clinical data, and outcome analytics (collectively, “AI Insights”). AI Insights are for informational purposes only and are not medical diagnoses, medical advice, or a substitute for professional medical judgment.

B. How We Process Data with AI

AI Tools may process health information you provide, data from connected wearable devices, laboratory results, health information exchange records, and communications with your care team. All AI processing complies with the minimum necessary standard under HIPAA.

C. No Training on Identifiable Health Data

Openwell does not use your individually identifiable Protected Health Information (PHI) for the purpose of training, fine-tuning, or improving AI or machine learning models. We will never sell individually identifiable patient data to any third party.

C-1. De-Identified and Aggregated Data

Openwell may de-identify health data in accordance with the HIPAA de-identification standard set forth in 45 C.F.R. § 164.514, using one or both of the following methods: (a) the Safe Harbor method, which requires the removal of eighteen (18) specified identifiers and the absence of actual knowledge that remaining information could identify an individual; or (b) the Expert Determination method, which requires a qualified statistical expert to determine that the risk of identifying an individual is very small. Once data has been de-identified in accordance with these standards, it is no longer considered Protected Health Information under HIPAA.

Permitted Uses of De-Identified Data. Openwell may use de-identified and aggregated data for the following purposes: (i) improving and enhancing Platform functionality and features; (ii) developing new products, services, and features; (iii) generating anonymized industry benchmarks, clinical outcome analytics, and practice performance insights; (iv) conducting and publishing non-identifiable research and findings in the interest of public health and healthcare quality improvement; (v) training, fine-tuning, and improving AI and machine learning models; and (vi) creating derivative analytical works and data products. De-identified data may also be used to provide participating practices with comparative performance analytics benchmarked against anonymized, aggregated data from similarly situated practices.

Our Commitments Regarding De-Identified Data. Openwell will never attempt to re-identify de-identified data or link it back to any individual patient. Openwell will never sell individually identifiable patient data to any third party. Openwell will not use individually identifiable PHI to train, fine-tune, or improve AI or machine learning models. All de-identification processes are subject to periodic review and validation to ensure continued compliance with 45 C.F.R. § 164.514. Openwell maintains administrative, technical, and physical safeguards to prevent the unauthorized re-identification of de-identified data.

C-2. Data Ownership

Your Practice retains full ownership of all patient medical records, Protected Health Information, and proprietary business data entered into the Platform. Openwell’s role is as a technology provider and HIPAA Business Associate—not an owner of clinical data. Openwell owns the Platform, including all software, AI models, interfaces, analytics tools, and derivative works created from de-identified and aggregated data. Notwithstanding the foregoing, nothing in this Privacy Notice transfers ownership of any patient’s individually identifiable health information to Openwell.

D. Human Review

AI Insights are reviewed by licensed healthcare professionals within your Practice before any clinical action is taken. Clinical decisions are made by human providers who use AI Insights as one tool among others.

E. Third-Party AI Providers

Openwell may utilize AI tools from different technology partners. All such partners are bound by Business Associate Agreements where PHI is involved, and are subject to the sub-processor notification and objection procedures described in our agreements with healthcare practices.

5. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide the Services

We may disclose any of the personal information we collect to the categories of third parties described below.

• Service Providers. We may disclose personal information to third-party service providers assisting us with the provision of the Services. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our chat features. Service providers that process PHI are required to execute Business Associate Agreements.

• Network Vendors. When you place orders for laboratory tests, medications, supplements, or other products through the Platform, the minimum necessary personal information is transmitted to the applicable third-party vendor for order fulfillment. Your relationship for order fulfillment is with the applicable Network Vendor, subject to their terms and conditions.

• Analytics Providers. We use analytics services to understand how users interact with the Services so we can improve your experience. Analytics providers process data in accordance with their respective privacy policies.

• Other Users You Share or Interact With. The Services may allow Openwell Health users to post User Content. User Content may be read, collected, used, and shared by other users. Please exercise caution when posting such User Content.

• Third-Party Services You Share or Interact With. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”). Any personal information shared with a Third-Party Service will be subject to the Third-Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.

• Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.

• Affiliates. We may share your personal information with our corporate affiliates.

• Your Healthcare Practice. If you access the Services through a white-label practice-branded application, your health data, AI Insights, and usage information are shared with your healthcare practice’s authorized providers and staff for the purpose of your treatment, payment, and healthcare operations.

Important: Openwell does not sell your individually identifiable health information to advertisers. Your health data is not used for targeted advertising purposes.

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

6. YOUR PRIVACY CHOICES AND RIGHTS

A. Your Privacy Choices

• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails.

• Text/SMS Messages. If you receive an unwanted promotional text/SMS message from us, you may opt out of receiving future text/SMS messages from us by following the instructions in the text/SMS message or by contacting us as set forth in “Contact Us” below.

• Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device.

• Do Not Track signals and Global Privacy Control. Our websites will recognize GPC Signals for website users differently, based on the location of the user when they access our websites. For users accessing our websites from U.S. states with laws requiring recognition of GPC Signals, we will recognize and apply the GPC Signal to inactivate all cookies for that website, except for cookies necessary for the website to operate.

• Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly.

B. Your Privacy Rights

In accordance with applicable law, you may have the right to:

• Confirm Whether We Are Processing Your Personal Information;

• Request Access to or Portability of Your Personal Information;

• Request Correction of Your Personal Information;

• Request Deletion of Your Personal Information;

• Request Restriction of or Object to our Processing of Your Personal Information;

• Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your personal information for “targeted advertising,” if we “sell” your personal information, or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects”; and

• Withdraw Your Consent to our Processing of Your Personal Information.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

Consumer Health Privacy Laws: If you are a consumer residing in a U.S. state with a comprehensive consumer health data privacy law, such as the state of Connecticut, Nevada, or Washington, please review our Annex A – Supplemental Consumer Health Data Privacy Statement.

7. DATA PORTABILITY

You have the right to request a copy of your personal data at any time. On written request, Openwell will export your data in standard formats (CSV, JSON, HL7 FHIR where applicable) within seventy-two (72) hours at no cost. Upon termination of your account, Openwell will provide a complete data export within seventy-two (72) hours and will delete or return all PHI in accordance with applicable Business Associate Agreements.

8. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws different from the laws where you live.

9. RETENTION OF PERSONAL DATA

We store the personal information we collect as described in this Privacy Notice for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws, unless you ask us to delete or transfer such information by contacting us as set forth in “Contact Us” below.

To determine the appropriate retention period for personal data, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal data, certain risk factors, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

10. CHILDREN’S PERSONAL INFORMATION

The Services are not directed to children under 16 (or other age as required by local law outside the United States) and we do not knowingly collect personal information from children. We may collect information from employers about members of all ages to determine eligibility for our services.

If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.

11. THIRD-PARTY WEBSITES/APPLICATIONS

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

12. CONTACT US

If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us at:

Openwell Health

145 S Glenoaks Blvd PMB 2012

Burbank, California 91502

Email: hello@openwellhealth.com

Phone: (323) 689-5348

ANNEX A

SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY STATEMENT

This Supplemental Consumer Health Data Privacy Statement (“Consumer Health Data Privacy Statement”) supplements our Privacy Notice.

This Supplemental Consumer Health Data Privacy Statement only applies to personal information we process that is “consumer health data” subject to the Connecticut Data Privacy Act, as amended (“CTDPA”), Washington My Health My Data Act (“MHMDA”), Nevada’s Consumer Health Data Privacy Law (“NVCHDPL”), or other states with consumer health data privacy laws (as applicable).

CONSUMER HEALTH DATA WE COLLECT

Because consumer health data is defined very broadly under applicable state laws, many of the categories of personal information that we collect under our Privacy Notice may also be considered consumer health data. Examples of consumer health data that you may provide to us, or that we may otherwise collect, may include:

• Information that could identify your attempt to seek health care services or information, including search queries concerning nutrition, wellness, fitness, medical conditions, or other health-related topics.

• Information about your health-related conditions, symptoms, status, diagnoses, disease, testing, or treatments.

• Information about social, psychological, behavioral, and medical interventions.

• Information about use or purchase of prescribed medication.

• Information about measurements of bodily functions, vital signs, symptoms, or characteristics, including data from connected wearable devices.

• Information about diagnoses or diagnostic testing, treatment, or medication.

• Information about surgeries or other health-related procedures.

• Reproductive or sexual health information.

• Information about gender-affirming care.

• Biometric information.

• Genetic data.

• Information about your access to healthcare, including precise location information that could reasonably indicate an attempt to acquire or receive health services or supplies.

• AI Insights generated from your health data through the Platform’s artificial intelligence features.

• Information processed to associate or identify an individual with the data listed above that is derived or extrapolated from non-health information.

SOURCES OF CONSUMER HEALTH DATA

We collect consumer health data that you provide to us, consumer health data we collect automatically when you use the Services (including from connected wearable devices and health information exchanges), and consumer health data from third-party sources, as described in our Privacy Notice.

WHY WE COLLECT AND USE CONSUMER HEALTH DATA

We collect and use consumer health data for the purposes and in the manner described in our Privacy Notice. Primarily, we collect and use consumer health data as reasonably necessary to provide you with the products or Services you have requested or authorized. This includes delivering and operating the products or Services and their features, generating AI Insights for review by your healthcare provider, facilitating commerce orders through Network Vendors, personalization of certain product or Services features, ensuring the secure and reliable operation of the products or Services and the systems that support them, troubleshooting and improving the products and Services, and other essential business operations.

SHARING OF CONSUMER HEALTH DATA

We only share or disclose your consumer health data as needed to provide you with the products or Services that you request, or with your explicit consent. We may share or disclose consumer health data to the following entities, who shall use the data only as permitted for the purposes set forth above:

• Service Providers (including those hosting or analyzing data on our behalf, AI processing providers bound by BAAs, those assisting with fraud prevention, and those assisting in program administration)

• Network Vendors (laboratories, pharmacies, and diagnostic vendors) for order fulfillment

• Your Healthcare Practice and its authorized providers and staff

• Emergency Personnel

• Authorized/legal representatives, family members, and caregivers

• Openwell Health lawyers, auditors, and consultants

• Legal and regulatory bodies

HOW TO EXERCISE YOUR RIGHTS

The CTDPA, MHMDA, and NVCHDPL provide consumers with certain rights with respect to consumer health data, including the right to confirm whether we are collecting, sharing, or selling consumer health data, the right to access such data, the right to withdraw consent, and the right to request deletion.

You may submit a request pursuant to any of these rights by contacting us as described in “Contact Us.” Openwell Health will not discriminate against you for exercising any of your rights. We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. Please allow 45 days for a response.

If you are a Washington resident and your appeal is unsuccessful, you may file a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

ANNEX B

CONSUMER HEALTH DATA AUTHORIZATION

This Consumer Health Data Privacy Authorization (“Authorization”) supplements Openwell Health’s Privacy Notice, Supplemental Consumer Health Data Privacy Statement, and the www.openwellhealth.com cookie banner and applies only to “consumer health data” subject to the CTDPA, MHMDA, NVCHDPL, or other applicable state consumer health data privacy laws.

If you opt-in to “personalized marketing” through the www.openwellhealth.com cookie banner, you allow us to “sell” your consumer health data as described below:

• Specific consumer health data intended for “sale”: Consumer health data collected via cookies and similar technologies including but not limited to browsing activity on our website.

• Purpose of the “sale” of consumer health data: To tailor and deliver personalized advertisements to you.

• How consumer health data purchasers gather and use the data: Consumer health data purchasers will gather the data via cookies and other tracking technologies when you visit www.openwellhealth.com. These purchasers may use the data to assist us to deliver personalized advertisements to you and in accordance with their privacy policies.

• Consumer health data purchasers: Google, Microsoft, Snapchat, X Advertising, Facebook/Meta, Reddit.

• Contact information for Openwell Health: hello@openwellhealth.com

Please note:

• The provision of goods or services may not be conditioned upon you accepting the terms of this Authorization.

• Purchasers may redisclose the consumer health data sold under this authorization and such data may no longer be protected by the CTDPA, MHMDA, NVCHDPL, and/or applicable state consumer health data privacy laws.

• You may revoke this authorization at any time through the www.openwellhealth.com cookie banner. To do so, please be sure the box next to “Personalize marketing” is unchecked and click “Save my choices.” You may also click “Decline all” to decline our use of all cookies not required to operate our website.

• A revocation will not impact previously sold consumer health data. In addition, if you use different browsers or devices, you must indicate your choices on each browser/device used to access www.openwellhealth.com.

• This authorization will expire one (1) year after accepting it.