Privacy Policy

Introduction and Scope

Pi Health is committed to respecting and protecting the privacy of your personal information.

The data controller of your personal information (i.e. the entity that determines how your personal information is used) under this Privacy Policy is Pi Health Inc., with its business address at 55 Cambridge Parkway, Suite 700w, Cambridge, MA 02142, unless:

• a different entity was identified in other privacy policies or information notices;
• your healthcare provider is using Pi Health technology in their practice, in which case your provider is the data controller; or
• you are interacting with or providing services to another Pi Health entity.

In those instances, the other entity that was identified or you are interacting with or providing services to will be the controller.

This Privacy Policy is directed at visitors and users of Pi Health's websites, products and services (excluding participants in a clinical trial or other research*), individuals within our former, current and prospective clients, partners, vendors, consultants, contractors, service providers and any members of the general public who communicate with us, who provide Pi Health Inc. and/or its subsidiary companies ("Pi Health", "we", "us", "our") with personal information and/or whose personal data we receive.

*If you are a participant in a Pi Health sponsored clinical trial or other research and have questions about how your personal data is handled or your rights in relation to that research, please see the copy of the Patient Information Sheet And Informed Consent Form that you received.

This Privacy Policy describes how Pi Health uses the personal information we collect about you and how to exercise your rights.

As you read this Privacy Policy, please keep in mind the following important information about how this Privacy Policy applies:

• This Privacy Policy contains specific sections that may not be applicable to you because of where you are located or the type of personal information we maintain about you.
• This Privacy Policy may be complemented or supplanted by other privacy policies or information notices that tell you how your personal information is used and disclosed in certain other contexts. To the extent that those policies or notices are provided, posted and/or referenced, that different privacy policy or notice, and not this one, will apply to the processing of your personal information.
• Our websites, web portals, or other digital services (together, our "websites") may contain links to third-party websites that we do not operate, control or endorse. Once you leave our websites, we are not responsible for the protection and privacy of any information you provide. We suggest reading the privacy policies of these third-party websites and, if needed, contacting those websites directly for information about their privacy practices.

Categories of Personal Information Processed by Pi Health

We may collect and use your personal information in a variety of contexts, including but not limited to when you participate in Pi Health research, take our drugs or therapies, or visit our websites or offices. Depending on your relationship or interactions with Pi Health, in the past twelve (12) months, Pi Health may have collected and processed any of the following categories of personal information about you:

Categories and examples:

1. Identification information – First name, last name, initials, gender, age or date of birth, government-issued identification (e.g. identity card, driver's license, passport or tax ID number), photographs, videos, sound recordings, language, or Pi Health-issued access cards and IT credentials.
2. Contact details – Postal and/or email address, or phone number
3. Commercial information – Records of Pi Health's products or services prescribed, purchased, obtained or considered, payment information (amount invoiced and/or paid, bank details, W9 information, payment method, billing address), or history of our relationship
4. Professional information – Job title, employment status, educational information, professional qualifications and licenses, or work experience and professional networks, affiliates, programs and activities
5. Health biometric and genetic information – Information about your medical conditions, treatments and any adverse events you may experience while taking our drugs or therapies
6. Geolocation – Geolocation information obtained from your device's GPS, Bluetooth, IP address, or other location services/technology
7. Information related to your exchanges with Pi Health – Date and subject of your requests or exchanges with Pi Health's services
8. Others – Other information needed for our relationship or interactions with you or as required by laws, our service providers or collaborators, such as the information you provide in connection with contracts and queries you make to us.

The potential recipients for all categories include: Companies of the Pi Health group; Pi Health service providers; Pi Health technology and security providers; Pi Health business partners and collaborators; Administrative, regulatory or judiciary authorities; Advisors; and Other third parties.

Certain information (such as, if applicable, your payment-related information, government issued identification, geolocation information, health, biometric and genetic information) may be considered sensitive personal information under applicable laws. We will take appropriate measures to protect and process your sensitive personal information; and provide notices and/or obtain your explicit consent for processing your sensitive personal information where required by applicable laws.

Furthermore, our websites may automatically collect Internet or other electronic network activity information including IP address, device type, browser type, language, browsing history, information about your interaction with our websites and their services. This information is necessary for the proper functioning of our websites and their services, as well as internal business analytics purposes such as audience measurement.

The provision of certain types of personal information may be necessary or optional. Mandatory information will be marked as such at the moment of collection of your personal information. If you refuse to provide the mandatory information, Pi Health may not be able to process your request.

Sources of Information

In most cases, we collect your personal information directly from you, such as when you contact us via phone or in person, complete a form or survey, provide services, register for an account or request to receive marketing materials and information.

Sometimes, we may also obtain personal information about you from other sources who you direct or authorize to share information with us, such as authorized representatives or affiliated organizations, our research partners, collaborators and service providers. We also sometimes collect information from publicly accessible sources such as government records, websites, social media and other digital platforms.

In addition, if you use our websites, we may collect information from your computer or other device through our use of cookies and other data collection technologies.

Why We Process Your Personal Information

The ways we process your personal information depend on why we collected it. Depending on your relationship and/or interactions with Pi Health, as well as applicable laws and our own procedures & requirements, Pi Health may process your personal information for the following reasons:

• Managing your contact requests – to contact you; to answer your questions
• Managing the personal and contractual relationship with you – to develop or manage our relationship or interactions with you or your employer or affiliated organization; to comply with our contractual and payment obligations; to process your privacy and other requests or complaints
• Improving the products, services and programs of Pi Health – to determine eligibility for, facilitate supply, administration and management of; to track progress and outcomes regarding certain products, services and programs; to manage Pi Health's research and development, collaboration and market research efforts
• Sending communication that might interest you – to send you transactional, administrative and marketing communications regarding Pi Health business and medical activities
• Providing educational and awareness information – to provide you educational information, including providing information about certain health conditions and disease states, our products, programs and services
• Managing Pi Health events or programs – to register you; to manage the event or program; to send you communications about the event or program; to record Pi Health events or programs
• Improving the websites and their services, as well as your user experience on the websites
• Pre-litigation or litigation management
• Compliance with legal and regulatory obligations
• Aggregating and/or anonymizing personal information
• Other everyday business purposes such as payment processing and accounting, product development, safeguarding Pi Health property, contract management, archiving, website administration, fulfillment, analytics, fraud prevention and corporate governance

We do not undertake decisions based solely on automated processing of your information, including profiling, unless we inform you as required by applicable laws.

Sharing Your Personal Information

We may share your personal information within Pi Health and with third parties with whom we have contracted or as otherwise permitted by applicable law. We do not, however, sell the personal information that we collect unless the personal information has first been anonymized.

Recipients and purposes:

• Companies of the Pi Health group (Pi Health Inc. and/or its subsidiary companies) – For global administrative, operational, technical and/or marketing purposes. Subsidiaries include: Pi Health USA, LLC (USA); Pi Health Brasil Consultoria Ltda. (Brazil); B10 Health Technologies Private Limited (India); Pi Health Technologies Private Limited (India); Pi Health Aus Pty Ltd (Australia); Pi Health Hong Kong Limited (Hong Kong, China); Pi Health (Shanghai) Health Technology Co., Ltd. (China); Pi Health Clinical Research (Ireland) Ltd. (Ireland); Pi Health Korea LLC (South Korea); Pi Health Clinical Research Ltd. (United Kingdom)
• Pi Health service providers (payment vendors, contract research organizations, central labs, logistics providers, etc.) – For assisting Pi Health in the global administrative, operational and/or technical management of our business
• Pi Health business partners and collaborators (external scientists, healthcare providers, pharmacies and pharmaceutical partners, distribution agents, etc.) – For administrative, operational and/or technical purposes
• Pi Health technology and security providers (hosting provider, IT service providers, marketing service providers, etc.) – For assisting Pi Health in administrative, operational, technical and/or marketing purposes
• Administrative, regulatory or judiciary authorities or agencies and other third parties – Exclusively to comply with any legal or regulatory obligation
• Advisors (such as outside auditors, attorneys and similar parties) – For assisting Pi Health in administrative, operational, and/or technical purposes, as well as the management of possible disputes and other legal matters
• Other third parties – Following or during a restructuring, acquisition, debt financing, merger, transfer, sale of assets of Pi Health or a similar transaction

How Long We Retain Your Personal Information

We retain your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless required by our legal obligations to retain it for longer. To determine the appropriate retention period, we consider the amount, nature and sensitivity of information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, whether we can achieve those purposes through other means and all applicable global legal, regulatory, and compliance requirements.

Any information collected for your subscription to an email alert or newsletter will be kept until you unsubscribe. We will keep a record of your unsubscribe request for as long as is necessary to comply with that request.

Pi Health will also keep your personal information during the statute of limitation if needed for evidence purposes; applicable legal retention periods; and any other mandatory retention period.

Where We Process Your Information and How We Protect It

Pi Health operates in many countries around the world and your personal information may be accessible to or shared with our affiliates, service providers, partners, collaborators and regulators in various countries. The laws in certain countries may not provide the same level of protection as the laws in your country or region. When that is the case, we take steps to protect your transferred information, such as entering into contracts with recipients or implementing additional data safeguards.

While we have established reasonable physical, electronic and managerial procedures designed to protect your personal information from unauthorized access and disclosure, we cannot guarantee its absolute security.

Information About Children

We do not intend to direct our websites to individuals under the age of 16 ("children") and we do not knowingly collect personal information directly from children through our websites. We request that children do not use our websites or provide any information to us through our websites or otherwise, unless we have first obtained a parent or guardian's consent, where applicable.

Your Choices and Rights

You may choose not to provide your personal information to us; however, in doing so, you may not be able to continue your relationship or interactions with us or use certain services.

At any time, you can choose to opt out from our marketing communications by using the unsubscribe feature in any marketing email you have received.

Under certain data protection laws, you may have the following rights:

• Your right of access
• Your right to rectification
• Your right to deletion of your personal information
• Your right to restriction of processing
• Your right to object to processing
• Your right to data portability
• Right to withdraw your consent
• Right to close your account

You can submit your request by sending us an email at privacy@pihealth.ai.

You may designate an authorized agent to exercise your rights on your behalf. We will not discriminate against you for exercising any data subject right.

FOR EEA/UK/SWISS/BRAZILIAN RESIDENTS: You may lodge a complaint with a data protection authority for your country or region.

Additional Information for Individuals in the EU/EEA, UK, Switzerland, Brazil, and India

We are required to comply with the GDPR, UK GDPR, Switzerland's FADP, Brazil's LGPD, India's DPDP, and similar applicable local laws. We process special categories of information only where you give us explicit consent, or when processing is for scientific research purposes, necessary to meet a legal obligation, in connection with legal claims, or otherwise permitted by law.

Pi Health may transfer your personal information to affiliates, service providers or collaborators in countries that do not provide the same level of protection. We rely on safeguards such as approved model contracts (e.g. EU standard contractual clauses or UK international data transfer agreement).

Our Cookie Policy

Cookies are small files that allow for storing or retrieving information on your browser or device when visiting online services.

We may use the following types of cookies:

• Necessary Cookies – enable proper functioning of the websites
• Analytics Cookies – collect information about how visitors use our websites (including Google Analytics)
• Social Media Cookies – enable interaction with social plugins
• Advertising Cookies – enable placement of advertisements and measurement of effectiveness

Most web browsers allow some control of cookies through browser settings. We do not track website users over time or across third party websites. At this time, we do not respond to "Do Not Track" signals.

Contacting Us

Please send an email to privacy@pihealth.ai.

Our global Data Protection Officer and HIPAA Chief Privacy Officer is Brandon Goldberg, located in Atlanta, GA, USA. Contact: brandon.goldberg@pihealth.ai.

Changes to This Privacy Policy

We aim to regularly update this Privacy Policy. The "Last Updated" legend at the top indicates when it was last revised. Any changes become effective when we post the revised Privacy Policy.