1. Age Restriction

The Metabolic Health Hub is intended for users 18 years of age or older. By using this app, you confirm that you are at least 18 years old. We do not knowingly collect personal information from individuals under 18. If we become aware that a user is under 18, we will deactivate their account and delete their non-health information promptly.

2. Information We Collect

We may collect the following categories of information:

Personal Information

• Name

• Date of birth

• Contact information

• Billing information

Health Information (PHI)

• Medical history

• Laboratory results

• Medications

• Biometric data

• Wearable device data

Technical Information

• IP address

• Device information

• Browser type

• Platform usage activity

3. How We Use Information

Information may be used for:

• Providing healthcare services

• Clinical documentation

• Care coordination

• Patient communication

• Platform improvement

• Security monitoring

• Legal compliance

Protected Health Information (PHI) is used in accordance with HIPAA.

4. Data Storage and Security

PrevMed Health stores all data in secure, HIPAA-compliant infrastructure located in the United States. We implement administrative, technical, and physical safeguards including:

• Encrypted data transmission

• Secure authentication

• Access controls

• Audit logs

• HIPAA-compliant cloud infrastructure

No system can guarantee absolute security. In the event of a security incident affecting non-PHI data (such as account credentials), we will notify affected users in accordance with applicable law. For breaches involving PHI, we will comply with HIPAA breach notification requirements.

5. Sharing of Information

Information may be shared with:

• Healthcare providers involved in your care

• HIPAA-compliant service providers supporting platform operations

• Laboratories and diagnostic providers

• Legal authorities when required by law

We do not sell patient health data.

6. Data Retention and Deletion

When you delete your account, it is deactivated immediately and you lose access to the app. Health-related information is retained for a minimum of 6 years as required by HIPAA, after which it is permanently and securely destroyed. Retained data is not used for any purpose during this period.

To delete your account, go to Settings → Account → Delete Account, or contact us at support@prevmedhealth.com.

7. Your Rights

Patients have the right to:

• Access their health records

• Request corrections to inaccurate information

• Request restrictions on disclosure

• Receive an accounting of disclosures

• Request confidential communications

• Request account deletion (subject to HIPAA retention requirements)

To exercise any of these rights, contact our Privacy Officer at: support@prevmedhealth.com

8. California Privacy Rights (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.

• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions including HIPAA retention requirements.

• Right to Opt-Out of Sale: We do not sell personal information. You do not need to opt out.

• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a California privacy rights request, contact us at support@prevmedhealth.com.

9. Breach Notification

In the event of a breach involving Protected Health Information, PrevMed Health will comply with HIPAA breach notification requirements, including notifying affected individuals, the U.S. Department of Health and Human Services, and, where required, the media.

For security incidents involving non-PHI data, we will notify affected users as required by applicable state breach notification laws.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes — such as changes to how we collect, use, or share your data — we will notify you via in-app notification or email before the changes take effect. Continued use of the app after notification constitutes your acceptance of the updated policy.

All versions of this policy are dated and versioned. The current version is always available in the app and at themetabolichealthhub.com/privacy-policy.

11. Contact Us

For questions, concerns, or requests related to this Privacy Policy:

• Email: support@prevmedhealth.com

• Subject line: "Privacy Request — Metabolic Health Hub"

We aim to respond to all privacy-related requests within 30 days.