Phia Health Privacy Policy

Personal Information We Collect

We, and our vendors, collect and process the following categories of personal information about consumers:

• Contact details, such as name, account name, email address, postal address, and telephone number
• For registered users of our Services, any information you provide to us, such as via our member portal website or mobile app, which may include health information and insurance-related information
• Audio/electronic recordings, such as recordings of customer service calls
• Geolocation data, such as device location
• Internet or other network information, such as internet protocol address, browser type, browser version, and other unique identifiers, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, and the content you have accessed
• Professional or employment-related information, such as work history and current employment
• Inferences drawn from any of the information listed above to create a profile about you reflecting your preferences, characteristics, behavior, and attitudes

Sources of Personal Information

We collect personal information about you in three ways: (1) information you provide when you interact with us; (2) information collected from other sources, such as from our vendors and from third parties, in connection with our Services; and (3) information passively collected from you when using our Services.

• Directly From You. Phia Health collects personal information you provide to us when you use our Services or when you otherwise interact with us.
• From Vendors & Third Parties. Phia Health also collects personal information from our vendors and from third parties who disclose personal information to us.
• Via Cookies & Other Tracking Technologies. Phia Health collects personal information passively via cookies and other tracking technologies. This typically includes information about our website visitors, such as your browsing information, usage information, and device information.

Purposes for Processing & Disclosing Personal Information

We, and our vendors, collect, process, and disclose the personal information described above to:

• Operate our Services, including to provide website features and functionality.
• Provide you the information and services you request when you use the Services.
• Customize your experience when you use our Services. For example, we may provide you with content based on your interests, requests, and location.
• Improve our products or services, develop new products and services, perform quality control activities, and conduct data analytics.
• Provide account management and customer service.
• Tell you about our products or services that may be of interest to you.
• Send service-related and marketing-related notices about our Services to you, which may include sending emails or text messages at the mobile device number you give us.
• Detect and respond to fraud, violations of our Terms of Use, violations of law, or other misuse of the Services.
• Perform accounting, audit, and other internal functions, such as internal investigations.
• Comply with law, legal process, and internal policies.
• Maintain records.
• Exercise and defend legal claims.
• Otherwise accomplish our business purposes and objectives.

When permitted by applicable law, we may also combine the information you provide us with other information obtained or held by us, and use that combined information for any of the above purposes.

We may also aggregate and/or de-identify personal information and analyze those data for statistical or any other purposes permitted by law. When we do so, we take reasonable measures to ensure that the information cannot be associated with an individual, and we maintain and use the information in deidentified form. After it has been de-identified, the information is no longer personal information and is not subject to this Privacy Policy.

Disclosure of Personal Information

We disclose personal information in the following contexts:

• To our vendors. We may disclose personal information we collect to our vendors who help with our business activities. We require our vendors to keep your personal information secure and use it only as we permit.
• To third parties for medical and insurance-related purposes. If you are a member of our Services, we may disclose information about you to your physician. This is to help them provide health care services to you. We may also disclose information about you to your health plan to help pay for your care.
• To marketing and analytics providers. We may disclose personal information we collect via our Services to third parties for marketing and analytics purposes.
• To any other third party with your prior consent. We disclose personal information with your consent if we obtain it from you in a particular context.

We may also disclose personal information in the following contexts:

• As part of a business transfer. We may disclose personal information to a successor organization if, for example, we transfer the ownership or operation of all or a portion of our Services to another organization, we merge with or are acquired by another organization, or if we liquidate our assets. If such a transfer occurs, we will seek assurances that the successor organization will treat the personal information we disclose to it in accordance with this Privacy Policy.
• To comply with laws and protect our rights and the rights of others. We may disclose personal information when we, in good faith, believe disclosure is appropriate to comply with the law, a court order, or a subpoena. Relatedly, we may disclose personal information to auditors, lawyers, or other business consultants or advisors for legal compliance-related purposes. We may also disclose personal information to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of our Services; to enforce or apply our online Terms of Use or other agreements; or to protect our own rights or property or the rights, property, or safety of our users or others.
• We may also disclose aggregated and/or de-identified information to our vendors and to third parties for our business operational purposes and for any other purposes permitted by applicable law.

Information Security

We take reasonable steps to protect your personal information. For example, if you have an account via our Services, a password is required to access your account and help to protect your account information. Please keep this password confidential.

Unfortunately, there is always some risk that an unauthorized third party may find a way around our security measures. We cannot guarantee that the Internet or any other technical system will be 100% secure or error-free. We are not responsible for the security of information you send over networks that we do not control, including the Internet and wireless networks. It is your responsibility to protect the security of your login information.

Your Choices

If you register on our Services and create an account (a "Registered User"), you may change certain information you provide through the Services. You may do this by logging into your account and going to the account settings.

We may send information about benefits, programs, products, services, or tools and/or general health information to you by various means, including email or text messages. We will obtain your consent for such communications to the extent required by applicable law. You acknowledge and accept that email or text communications may be sent in an unencrypted manner, and there is some risk of disclosure or interception of the contents of these communications. If we use your personal information to send you marketing emails, you may opt out of receiving these emails by following the instructions in the email, or by emailing us at privacy-inquiries@phiahealth.com. There are certain messages you may not be able to opt out of receiving, such as email messages about programs or services you have registered for or certain administrative, technical, or safety notices about our products or Services. Depending on your state of residence, you may also have certain privacy rights relating to our processing of your personal information.

Links to Other Sites

Our Services may include links to external websites and online services that are not under our control. We are not responsible for the collection and use of your personal information on those websites and other online services. We encourage you to review the privacy policies and terms of use of each website and other online service you visit. If we provide any links to external websites and online services, that does not mean that we endorse or are associated with those websites and online services, or provide any kind of warranty about their products or services.

Cookies and Other Tracking Technologies

We use cookies and other tracking technologies (collectively, "Cookies") on our Services. These Cookies are provided by our vendors and by third party analytics and marketing providers, and we use them to facilitate the operation of our website, provide certain functionality, and conduct marketing and analytics.

Among other Cookies, we use Google Analytics to understand how users are using our Services and to support our analytics and marketing efforts. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/.

You can opt out of Google's collection and processing of data generated by your use of the Sites by going to http://tools.google.com/dlpage/gaoptout.

Please note that our Services do not currently respond to the "Do Not Track" signal.

Children Under the Age of 13

Our Services are not intentionally designed for or directed at children under the age of 13. We do not knowingly collect personal information from children under the age of 13 without the consent of the child's parent or guardian. If you are a parent or guardian and believe we have collected personal information from your child without your consent, please contact us promptly at privacy-inquiries@phiahealth.com.

Changes and Updates

We reserve the right to amend this Privacy Policy in our discretion and at any time. When we do so, we will post the revised version of this Policy behind the link marked "Privacy Policy" at the bottom of each page of our websites and provide any additional notice as required by applicable law. For your convenience, whenever this Privacy Policy is changed, we will update the "Last Updated" date at the top of this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email at privacy-inquiries@phiahealth.com. You may also write to us at 1000 N. Broad Street, Suite 100, Philadelphia, PA 19123.