Respin Health Privacy Notice

Last Updated Date: April 25, 2025

This Privacy Notice applies to the processing of personal information by Respin Health, Inc. (“Respin Health,” “Company,” “we,” “us,” or “our”) including on our website available at respin.health and our other online or offline offerings which link to, or are otherwise subject to, this Privacy Notice (collectively, the “Services”).

We may change this Privacy Notice from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website or sending you a notification). We encourage you to review this Privacy Notice regularly to stay informed about our information practices and the choices available to you.

1. PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.

• Pendo Analytics. For more information about how Pendo uses your personal information, please visit Pendo's Privacy Policy. To learn more about how to opt-out of Pendo's use of your personal information, please visit Your Choices or via email to gdpr@pendo.io.
• Posthog Analytics. For more information about how Posthog uses your personal information, please visit Posthog's Privacy Policy. To learn more about how to opt-out of Posthog's use of your personal information, please visit Your Choices or via email to privacy@posthog.com.

A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

• Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, email address, phone number, and other information you store with your account.
• Purchases. We may collect personal information and details associated with your purchases, including payment information.
• Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or our web chat tool.
• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
• Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features.
• Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer.
• Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
• Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
• Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application.

B. Personal Information Collected Automatically

We may collect personal information automatically when you use the Services.

• Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information).
• Usage Information. We may collect personal information about your use of the Services, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Services.
• Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services.
  • Cookies. Cookies are small text files stored in device browsers.
  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects personal information about use of or engagement with the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

  See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

• Biometric Information. If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted, we may collect biometric information such as gait patterns and sleep, health, and/or exercise data to provide you with more comprehensive or additional Services. Your biometric information may be shared with our service providers, business partners, and others involved in providing you with our Services. Where required by law, your biometric information will be stored for no more than three (3) years from your last interaction with our Services.

C. Personal Information Collected from Third Parties

We may collect personal information about you from third parties. For example, if you access the Services using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings.

2. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below.

A. Provide the Services

We use personal information to fulfill our contract with you and provide the Services, such as:

• Managing your information;
• Providing access to certain areas, functionalities, and features of the Services;
• Answering requests for support;
• Communicating with you;
• Sharing personal information with third parties as needed to provide the Services;
• Processing your financial information and other payment methods for products and Services purchased;
• Processing applications if you apply for a job we post on our Services; and
• Allowing you to register for events.

B. Administrative Purposes

We use personal information for various administrative purposes, such as:

• Pursuing our legitimate interests such as direct marketing, research, and development (including marketing research), network and information security, and fraud prevention;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
• Carrying out analytics;
• Measuring interest and engagement in the Services;
• Improving, upgrading, or enhancing the Services;
• Developing new products and services;
• Creating de-identified and/or aggregated information;
• Ensuring internal quality control and safety;
• Authenticating and verifying individual identities;
• Debugging to identify and repair errors;
• Enforcing our agreements and policies;
• Carrying out activities that are required to comply with our legal obligations.

C. Marketing

We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.

Some of our marketing activities may be considered a “sale” or “targeted advertising” under applicable privacy laws.

If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.

3. HOW WE DISCLOSE PERSONAL INFORMATION

We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide the Services

We may disclose any of the personal information we collect to the categories of third parties described below.

• Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Services. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our chat features.
• Other Users You Share or Interact With. The Services may allow for Respin Health users to share personal information or interact with other users of the Services.
• Third-Party Services You Share or Interact With. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a Third-Party Service).
• Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
• Affiliates. We may share your personal information with our corporate affiliates.
• Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day).

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

4. YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices

The privacy choices you may have about your personal information are described below.

• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails.
• Text Messages. You can opt out by following the instructions in the text message you have received from us or by contacting us.
• Mobile Devices. You can opt out of push notifications and location services via your device settings.
• Cookies. You can adjust your browser settings to reject cookies, though this may affect Services functionality.
• Do Not Track signals and Global Privacy Control. Our websites will recognize GPC Signals for website users differently, based on the location of the user when they access our websites.

5. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.

6. SUPPLEMENTAL NOTICE FOR EU/UK GDPR COMPLIANCE

This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK General Data Protection Regulation.

In some cases, providing personal information may be a requirement under applicable law, a contractual requirement, or a requirement necessary to enter into a contract. If you choose not to provide personal information in cases where it is required, we will inform you of the consequences at the time of your refusal to provide the personal information.

If we process personal information that is considered a “special category of personal data”, then our processing of this personal information may be supported by one or more of the following conditions:

• Explicit Consent: You may have provided your explicit consent for our processing of your personal information.
• Necessary for Employment, Social Security, or Social Protection Law Purposes: Our processing of your personal information may be necessary for the purposes of carrying out obligations and exercising specific rights in the field of employment, social security, and/or social protection law.
• Necessary to Protect Vital Interests: Our processing of your personal information may be necessary to protect the vital interests of you if you are physically or legally incapable of giving consent.
• Necessary for Medical Purposes: Our processing of your personal information may be necessary for the purposes of preventive or occupational medicine, medical diagnosis, or pursuant to contract with a health professional.

7. CHILDREN'S PERSONAL INFORMATION

The Services are not directed to children under 16 years of age (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.

8. THIRD-PARTY WEBSITES/APPLICATIONS

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

9. SECURITY

We implement appropriate technical and organizational measures to protect your personal information.

10. CONTACT US

Respin Health, Inc. is the controller of the personal information we process under this Privacy Notice.

If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us by:

Email: support@respin.health

Our online submission form: Click here

Postal mail:

Respin Health
3402 Pico Boulevard
Santa Monica, 90405

ANNEX A – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY NOTICE

Effective Date: April 25, 2025

Respin Health, Inc. (“Respin Health,” “Company,” “we,” “us,” or “our”) are committed to respecting your privacy. Our Privacy Notice describes how we handle your personal information generally. This Consumer Health Data Privacy Notice (“Notice”) supplements our Privacy Notice and applies to Connecticut, Nevada, and Washington residents about whom we collect “consumer health data” (defined below) and is intended to provide notices in compliance with the Connecticut Data Privacy Act (“CTDPA”), Nevada SB 370, and Washington's My Health, My Data Act (“MHMD”).

Categories and Uses of Consumer Health Data We Collect

For purposes of this Notice, personal data means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with an individual in Connecticut, Nevada, and Washington. Personal data does not include de-identified data or publicly available information. “Consumer health data” means personal data that is linked or reasonably linkable to an individual and that identifies the individual's past, present, or future health status or mental health status, as may be applicable.

We may collect the following categories of consumer health data:

• Individual health condition, treatment, disease, or diagnosis information;
• Social, psychological, behavioral, and medical intervention information;
• Health-related surgery or procedure information;
• Use or purchase of prescribed medication information;
• Reproductive or sexual health information;
• Data that identifies you seeking health care services;
• Bodily function, vital sign, symptoms, or measurement of health information;
• Diagnosis or diagnostic testing, treatment, or medication information;
• Biometric data;
• Information about your access to healthcare, including precise location information that could reasonably indicate an attempt to acquire or receive health services or supplies;
• Information processed to associate or identify you with the data listed above that is derived or extrapolated from non-health information.

Sources of Consumer Health Data

We collect consumer health data from the following sources:

• From you through your interactions with us, such as when you:
  • request health-related products and services;
  • enroll in our biometric access programs;
  • register to use our health or wellness-related apps;
  • join our email lists or loyalty programs;
  • volunteer the information in connection with surveys or promotions.
  • interact with us by using our apps, accessing our systems, or entering our facilities;
  • enable data syncing between our website and your enrolled health-related app;
  • make your health data publicly available on social media or other websites;
  • like, follow, or comment about health-related products on our social media sites.
• From our vendors, suppliers, consultants, professional advisers, and other third parties, when:
  • Business contact information, financial information, and other data is necessary for the purpose of managing and operating our business, in accordance with applicable law and the context in which you provided the data.
• Health Insurance Companies or other payors, when:
  • Information is necessary for the purpose of providing our products and services;
  • Information is necessary to determine program eligibility;
  • Information is necessary to comply with legal and regulatory obligations.

How We May Use Consumer Health Data

We use the consumer health data we collect about you to provide customer service; provide and maintain our Services; internal business purposes, including general business administration; market our products and Services; and for any other purpose consistent with your preferences.

How We May Disclose Consumer Health Data

We only disclose your consumer health data as needed to provide you with the products or services that you request, or with your explicit consent. We may share or disclose any or all the above categories of consumer health data to the following entities:

• Service Providers (including those hosting or analyzing data on our behalf)
• Emergency Personnel
• Health insurance companies, health plans, and/or other payors
• Authorized/legal representatives, family members, and caregivers
• Company lawyers, auditors, and consultants
• Legal and regulatory bodies

Your Consumer Health Data Privacy Rights

Connecticut residents have the following rights in relation to your consumer health data, subject to certain exceptions:

• Right to know and access. You have the right to know what consumer health data we process, as the term is defined under the CTDPA. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
• Right to delete. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the consumer health data that we collect about you.
• Right to correct inaccurate consumer health data. You have the right to request the correction of inaccurate consumer health data.
• Right to opt out. You have the right to opt-out of targeted advertising, our sale of your personal data, and profiling decisions that could produce legal or similarly significant effects.
• Rights concerning sensitive personal data. We cannot process your consumer health data, or use your consumer health data for certain purposes without your affirmative consent.
• Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.

Nevada and Washington residents have the following rights in relation to your consumer health data, subject to certain exceptions:

• Right to know. You have the right to know what consumer health data we collect, share, or sell, as those terms are defined under applicable law. You also have the right to obtain a list of all third parties and affiliates with whom we have shared or sold your consumer health data, and an active email address or other mechanism that you may use to contact these third parties. If you are a Washington resident or otherwise protected by Washington law, you also have the right to access your consumer health data that we collect, share, or sell.
• Right to withdraw consent. You have the right to withdraw consent from the collection and sharing of your consumer health data.
• Right to delete. You have the right to request that we, as well as our service providers and contractors, delete the consumer health data that we collect about you.
• Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.

You may submit a request pursuant to any of these rights:

• by completing and submitting our online form, or
• by contacting us at support@respin.health

We do not charge a fee to process or respond to your verifiable consumer request unless its excessive, repetitive, manifestly unfounded, or in accordance with applicable law. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We will respond to your request within forty-five (45) days after receipt and we reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days.

You are not required to create an account with us to submit a verifiable or authenticated consumer request. If you have an account with us, we will deliver our written response to that account or via email. If you do not have an account with us, we will deliver our written response by email.

We cannot respond to your request or provide you with consumer health data if we cannot verify or authenticate your identity or authority to make the request and confirm that the consumer health data relates to you. We will only use consumer health data provided in a verifiable or authenticated consumer request to verify your (or your authorized agent’s as applicable) identity or authority to make the request.

If we have inadvertently collected information on your minor child, you may exercise the above rights on behalf of your minor child. Additionally, you may designate an authorized agent to submit a request on your behalf, and if so, we may require proof of the agent’s authorization by you and/or verification of the agent's own identity.

If you are a visually impaired customer, a customer who has another disability or a customer who seeks support in other language, you may access your privacy rights by emailing us at support@respin.health.

How to Appeal Decisions about Your Rights

Residents of Connecticut, Nevada, and Washington can appeal decisions about your privacy rights in the following ways:

• Connecticut. If you are a Connecticut resident and want to appeal our decision regarding a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Connecticut's Office of the Attorney General by phone at (860) 808-5420 or by submitting a form here.
• Nevada. If you are a Nevada resident and want to appeal our decision regarding a request that you have made, please Contact Us. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If your appeal is not successful, you may submit a complaint with the Nevada Attorney General here.
• If you are a Washington resident or located in Washington and want to appeal our decision regarding a request that you have made, please Contact Us. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Washington’s Office of the Attorney General by phone at (800) 551-4636 or by submitting a complaint here.

Changes to This Notice

We may update this Notice from time to time. We will notify you of any changes by posting the new Notice on this page. We will also let you know via email and/or a prominent notice on our Sites, prior to the change becoming effective and update “effective date” at the top of this Notice. We recommend reviewing this Notice periodically for any changes. Changes to this Notice are effective when they are posted on this page.

Contact Us

If you have any questions or concerns about this Notice or our privacy practices, please contact us by:

Email: support@respin.health

Postal mail:

Respin Health
3402 Pico Boulevard
Santa Monica, 90405