PRIVACY POLICY

This Privacy Policy discloses the privacy practices for Thrive Telehealth LLC (“Thrive,” “us,”  “our” or “we”), the https://thrivehrt.com/ website, any available application and various related  services (together referred to as the “Site”). Thrive Telehealth LLC, the provider of the services,  is committed to protecting your privacy online. Please read the information below to learn the  following regarding your use of our Site and services. You acknowledge that this Privacy Policy  is part of our Terms of Use, and by accessing or using our Site and services, you agree to be  bound by all of its terms and conditions. If you do not agree to these terms, please do not access  or use our Site or services. You shall be referred to as “you” or “user.”

Scope of this Web and Mobile Privacy Policy

This Privacy Policy describes the types of Personal Information we collect from visitors of our  public Site and our practices for using, maintaining, sharing, and protecting it. It also describes  the rights and choices you may have with respect to your Personal Information and how you may  contact us.
This Privacy Policy does not apply to information collected from visitors who register and log-in  (“Members”) to any password-protected and secure portions of our Site, including login pages  and registration pages (“Secure Platforms”). Additionally, we may use a third party site for the  creation of your account and logging in to the Secure Platforms. All such use shall be subject to  those third party site’s terms of service and privacy policies. The Secure Platforms allow eligible  members to use the Site. All information collected and stored by Thrive or added by our  members into such Secure Platforms is considered Protected Health Information (“PHI”) and/or  medical information and is governed by laws that apply to that information, for example the  Health Insurance Portability and Accountability Act (HIPAA). How Thrive uses and discloses  such PHI is in accordance with the Thrive Health Notice of Privacy Practices. To understand  how we use and disclose PHI, you should review our Notice of Privacy Practices. The Notice of  Privacy Practices (and not this Privacy Policy) also applies to Personal Information collected on  our Websites if specific symptoms or health conditions is also collected, as such information  may be considered PHI under HIPAA.
Residents of states with heightened privacy laws should read the information available in the  Regional Privacy Statement below about the categories of Personal Information to be collected  from them and the purposes for which the Personal Information will be used.

This Privacy Policy is not a contract and does not create any contractual rights or obligations.

IMPORTANT NOTICE REGARDING TEXT MESSAGING DATA
Thrive Telehealth LLC (“we,” “us,” or “our”) DOES NOT share customer opt-in  information, including phone numbers and consent records, with any affiliates or third  parties for marketing, promotional, or any other purposes unrelated to providing our  direct services. All text messaging originator opt-in data is kept strictly confidential.

I. Types of Collected Information
We, or our advertising partners, may receive, collect and store information about you  automatically through the use of cookies and other tracking technologies. Information we collect  may be from information you enter on our Site or provide us in any other way. In addition, we  may collect the internet protocol (IP) address used to connect your computer or other electronic  device to the internet; login; e-mail address; password; computer and connection information,  purchase history. If you retain us for our services, we will also be collecting PHI for the  provision of those services. Use of PHI is governed by the Thrive Health Notice of Privacy  Practices.
You acknowledge our minimum age requirements and certify you are at least eighteen (18) years  of age. We may use software tools to measure and collect session information, including page  response times, length of visits to certain pages, page interaction information, and methods used  to browse away from the page or the Site. We may also collect personally identifiable  information (including name, email, password, communications); payment details (including  credit card information), protected health information (including medical files containing  diagnoses), comments, feedback, recommendations, and personal profile.
We also collect the following information related to communications:
• Opt-in records and timestamps for all communication channels (SMS, email, etc.) • Records of inquiries and service requests
• Appointment details and preferences
• Service history and feedback

II. Methods of Collection
We may collect Personal Information using the following methods:
• Directly from you when you provide it to us (such as information you enter into web  forms, inquiries, responses, activity on the Site, and during registration to use a Secure  Platform).
• From third parties, such as analytics and email marketing service providers. • Automatically through tracking technologies such as cookies, web beacons (also known  as pixels) and log files, including over time and across our own and third-party websites  or other online services.
“Cookies” are small files that a website stores on a user’s computer or device. The Site may use  cookies for various purposes, including to keep the information you enter on multiple pages  together. Some of the cookies we may use are “session” cookies, meaning that they are  automatically deleted from your hard drive after you close your browser at the end of your  session. We also may use “persistent” cookies, which remain on your computer or device unless  deleted by you (or by your browser settings). We and third parties may use session and persistent  cookies for analytics and advertising purposes, as described herein. Most web browsers  automatically accept cookies, but you may set your browser to block certain cookies.
Our Site may use Google Analytics and/or Adobe’s analytics and on-site personalization  services, which use cookies, web beacons, web pixels and/or similar technology to collect and  store information about you. You can learn more about their privacy policies and opt-out options  by visiting their respective websites.

III. Reason for Collection of Information
We collect such non-personal and Personal Information for the following purposes: • To provide and operate the Site and services;
• To provide you with ongoing customer assistance and technical support; • To be able to contact you with general or personalized service-related notices and  promotional messages;
• To create aggregated statistical data and other aggregated and/or inferred non-personal  information, which we or our business partners may use to provide and improve our  respective Site and services;
• To comply with any applicable laws and regulations.

IV. How We Use Your Information
We may use your Personal Information for the following purposes:
• Operate, maintain, supervise, administer, and enhance the Site, including monitoring and  analyzing the effectiveness of content on the Site.
• Provide you with a tailored and user-friendly experience as you navigate our Site. • Promote and market our Site to you.
• To complete the activity you specifically asked for, e.g., register on a Secure Platform,  obtain more information or request an appointment.
• Conduct research on users’ demographics, interests, and behavior.
• Aggregate information for analytics and reporting.
• Respond to law enforcement requests and court orders and legal process. • Authenticate use, detect potential fraudulent use, and otherwise maintain the security of  the Site.
• Send you SMS text messages that you have consented to receive.
• Maintaining records of your communication preferences and consent.
• Any other purpose with your consent.

V. How We Share Your Information
We may share Personal Information with third parties including service providers in certain  circumstances or for certain purposes, including:
• For business purposes. We may share your Personal Information with vendors and  service providers, including our data hosting and data storage partners, analytics and  advertising providers, technology services and support, and data security. We also may  share Personal Information with professional advisors, such as auditors, law firms, and  accounting firms. We may disclose your name, email address, date of birth, phone  number, and address if you provided it to us via a form on the website or during an  incomplete or failed registration to Service Providers.
• With your direction or consent. We may share your Personal Information with third  parties if you request or direct us to do so. This includes your use of social media widgets  on our Site.
• With affiliates within our corporate group. We may share your Personal Information with  any subsidiaries or affiliates within our corporate group.
• Compliance with law. We may share your Personal Information to comply with  applicable law or any obligations thereunder, including cooperation with law  enforcement, judicial orders, and regulatory inquiries.
• In the context of a transaction. We may share your Personal Information in connection  with an asset sale, merger, bankruptcy, or other business transaction.
• For other business reasons. We may share your Personal Information to enforce any  applicable legal disclaimer or indemnification, and to ensure the safety and security of the  Site and/or our users.
• For advertising. Using cookies and web beacons, we may disclose Personal Information  regarding your activity on our Site to third-party advertising partners to optimize  marketing.
• Influencer marketing. If you signed up with us through a link provided by one of our  influencer marketers (“Influencer”), we may share your deidentified patient identification  number, along with the amount of money you spend, with the Influencer for tracking or  billing purposes only. We will not disclose any health or other information to the  Influencer. By signing up with us via an Influencer link, you agree to allow such  disclosure to the Influencer. In the event you withdrawal your consent, we may have to  terminate our services with you, at our sole discretion, because of our agreement with the  Influencer.
• SMS aggregators and providers solely for the purpose of delivering messages you have  consented to receive. All service providers are contractually obligated to maintain  confidentiality and security.
All the above categories exclude text messaging originator opt-in data and consent; this  information will not be shared with any third parties, excluding aggregators and providers  of the Text Message services.
We also may disclose deidentified information. Note that if you make any Personal Information  publicly available on the Site, anyone may see and use such information.

VI. SMS/Text Messaging & Compliance
Text Message Program Terms & Conditions
By opting into our SMS messaging services, you agree to receive text messages related to our  services, including appointment reminders, lab result notifications, service updates, and  promotional offers from Thrive Telehealth LLC.
Opt-In & Consent
• You will only receive messages if you have explicitly opted in
• We maintain timestamped records of all opt-in actions
• We comply with the Telephone Consumer Protection Act (TCPA) and all applicable laws
Opt-Out Instructions
• You can cancel SMS notifications at any time by replying “STOP”
• You will receive a final confirmation message, and no further messages will be sent  unless you re-opt in
• All opt-out requests are processed immediately
Message Frequency & Content
• Message frequency varies based on your interactions with our business • Messages will be directly related to the services you have requested or consented to  receive
• We do not send promotional content without specific consent
Help & Support
• Reply “HELP” for assistance or contact us at clinic@thrivehrt.com
• Customer support is available during regular business hours
Carrier Information
• Standard message and data rates may apply
• Carriers are not liable for delayed or undelivered messages
• Supported carriers include AT&T, Verizon, T-Mobile, and most regional carriers
SMS Data Protection Statement
No mobile information will be shared with third parties/affiliates for  marketing/promotional purposes. Information sharing to subcontractors in support
services, such as customer service is permitted. All other use case categories exclude text  messaging originator opt-in data and consent; this information will not be shared with any  third parties.
Text messaging originator opt-in data and consent will not be shared with any third  parties, except for aggregators and providers of the Text Message services.
We implement strict data protection measures to safeguard your SMS opt-in information and  consent records.

VII. How Long Do We Keep Your Information
We keep your information as long as we need it to provide our Site and services, comply with  legal obligations or protect our or other’s interests. We decide how long we need information on  a case-by-case basis. SMS opt-out requests are honored and retained for a minimum of 10 years  in compliance with applicable state laws.
VIII. How Do We Safeguard Your Information
We rely on many mechanisms for data transfers, including but not limited to, contractual clauses  and use of software with industry standard security. Your PHI will be stored using a HIPAA  compliant software. Despite these measures, no method of transmission over the Internet or  electronic storage is 100% secure. We strive to use commercially acceptable means to protect  your personal information but cannot guarantee absolute security.

IX. Third Party Websites and Links
Our Site may contain links to other online platforms operated by third parties. We do not control  such other online platforms and are not responsible for their content, their privacy policies, or  their use of your information. Information you provide on public or semi-public venues,  including information you share on third-party social networking platforms (such as Facebook,  Instagram, LinkedIn or Twitter) may also be viewable by other users of the Site and/or users of  those third-party online platforms without limitation as to its use by us or by a third party. Our  inclusion of such a link does not, by itself, imply any endorsement of the content on such  platforms or of their owners or operators except as disclosed on the Site. WE EXPRESSLY  DISCLAIM ANY AND ALL LIABILITY FOR THE ACTIONS OF THIRD PARTIES,  INCLUDING BUT WITHOUT LIMITATION, TO ACTIONS RELATING TO THE USE  AND/OR DISCLOSURE OF PERSONAL INFORMATION BY THIRD PARTIES. ANY  INFORMATION SUBMITTED BY YOU DIRECTLY TO THESE THIRD PARTIES IS  SUBJECT TO THAT THIRD PARTY’S PRIVACY POLICY.

X. Communication with Site Users
We may contact you for notifications regarding your account, to troubleshoot problems with  your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through  surveys or questionnaires, to send updates about us, or as otherwise necessary to contact you to  enforce our Terms of Use or other policies, applicable laws, and any agreement we may have  with you. For these purposes, we may contact you via email, telephone, text messages, and postal  mail.

XI. Cookies and Information Used for Advertising
On our Site we may collect and disclose Personal Information about your online activities for use  in providing you with advertising about products and services tailored to your individual  interests. We participate in advertising networks. Ad networks allow us to target our messaging  to users through demographic, interest-based and contextual means. These networks track your  online activities over time by collecting information through automated means, including  through the use of cookies, web server logs, and web beacons (also known as pixels). The  networks use this information to show you advertisements that may be tailored to your individual  interests.
You may disable or delete browser cookies through your browser settings. Cookies generally are  easy to disable or delete, but the method varies between browsers. If you disable or delete  cookies, or if you are running third-party software that intercepts or deletes cookies, please note  that some parts or functionality of our Site may not work properly.
If you have additional questions about the specific information about you that we process or  retain, as well as your choices regarding our collection and use practices, please contact us using  the information listed below.

XII. Your Rights & Choices
You have the right to:
• Access, update, or delete your personal information
• Opt-out of marketing emails by clicking “unsubscribe” in our emails
• Opt-out of SMS messages by replying “STOP”
• Request information on how we process your data
• Withdraw consent at any time for future communications
• Lodge a complaint with a supervisory authority if you believe your rights have been  violated
To exercise these rights, please contact us using the information in Section XIV.

XIII. Privacy Policy Updates
We reserve the right to modify this Privacy Policy at any time for any reason. It is your sole  responsibility to check our policies so please review them frequently. Changes and clarifications
will take effect immediately upon their posting on the Site. Should we make material changes to  this policy, we will notify you here that it has been updated so that you are aware of what  information we collect and how it is used.

XIV. Contact Us
If you have questions about this Privacy Policy or how your information is handled, contact us  at:
Thrive Telehealth LLC
Phone: 941-326-3665
Email: clinic@thrivehrt.com
Website: https://thrivehrt.com
By using our website and services, you consent to this Privacy Policy.

UNITED STATES REGIONAL PRIVACY STATEMENT
This Privacy Statement is for residents that reside in the States of California, Utah, Virginia,  Texas, Connecticut, and Colorado (“consumers” or “you”). We adopt this Statement to comply  with the various laws applicable to those states.
We collect information that identifies, relates to, describes, references, is capable of being  associated with, or could reasonably be linked, directly or indirectly, with a particular consumer  or device (“Personal Information”). In particular, we have collected the following categories of  Personal Information from consumers within the last twelve (12) months:
Category A. Identifiers: A real name, alias, postal address, unique personal identifier, online  identifier, internet protocol address, email address, account name or other similar identifiers.  COLLECTED: YES
Category B. Personal Information categories: A name, signature, physical characteristics or  description, address, telephone number, driver’s license or state identification card number,  employment, employment history, bank account number, credit card number, debit card number,  or any other financial information. COLLECTED: YES
Category C. Protected classification characteristics under State or federal law: Age (40 years or  older), race, color, ancestry, national origin, religion or creed, marital status, sex, sexual  orientation, veteran or military status, genetic information. COLLECTED: YES
Category D. Commercial information: Records of personal property, products or services  purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.  COLLECTED: NO
Category E. Biometric information. COLLECTED: NO
Category F. Internet or other similar network activity: Browsing history, search history,  information on a consumer’s interaction with a website, application, or advertisement.  COLLECTED: YES
Category G. Geolocation data. COLLECTED: NO
Category H. Sensory data. COLLECTED: NO
Category I. Professional or employment-related information. COLLECTED: NO Category J. Non-public education information. COLLECTED: NO
Category K. Inferences drawn from other Personal Information. COLLECTED: NO
Personal Information does not include publicly available information from government records,  de-identified or aggregated consumer information, or information excluded from the applicable  law’s scope such as health or medical information covered by HIPAA.
We obtain the categories of Personal Information listed above from the following categories of  sources: directly from you or our service providers; third party partners such as analytics and  marketing partners; directly and indirectly from activity within our Site, such as tracking  technologies.
Use of Personal Information
We may use or disclose the Personal Information we collect for one or more of the following  business purposes: to fulfill or meet the reason for which the information is provided; to provide  you with information, products or services that you request from us; to carry out our obligations  and enforce our rights; to improve our Site and present its contents to you; to promote safety,  security and integrity; for analytics, testing, research, analysis and product development; as  necessary to protect rights, property or safety; to respond to law enforcement requests; as  described to you when collecting your Personal Information.
Sharing Personal Information
We may disclose your Personal Information to a third party for a business purpose. When we  disclose Personal Information for a business purpose, we enter a contract that describes the  purpose and requires the recipient to both keep that Personal Information confidential and not  use it for any purpose except performing the contract. In the preceding twelve (12) months, we  have disclosed the following categories of Personal Information for a business purpose: Category  A (Identifiers), Category B (Customer Records personal information categories), and Category D  (Commercial information).
We disclose your Personal Information for a business purpose to the following categories of third  parties: contractual service providers; affiliated advertising networks, internet service providers  and data analytics providers; third parties to whom you or your agents authorize us to disclose  your Personal Information in connection with products or services we provide to you.
Your Rights
You may have the following rights regarding your Personal Information maintained by Thrive:  request to know and access the Personal Information we collect, use, and disclose; request  deletion of Personal Information; request to opt-out of the sale or sharing of Personal  Information; right to limit use and disclosure of sensitive Personal Information; and not receive  discriminatory treatment by Thrive for exercising these rights.
Requests to Know and Access
You may have the right to request that we disclose to you the categories of Personal Information  collected, the categories of sources, the categories of third parties with whom we share, the  business purpose for collecting, and specific pieces of Personal Information collected. You may  only make a request for access twice within a 12-month period.
Requests to Delete
You may have the right to request that we delete Personal Information associated with you,  subject to applicable law and certain exceptions.
Request to Correct Inaccurate Personal Information
You may have the right to request that Thrive corrects Personal Information that is inaccurate.
Requests to Opt-Out of the Sale or Sharing of Your Personal Information
You may have the right to submit a request to opt out of any sale or sharing of your Personal  Information or the processing of your Personal Information for purposes of targeted advertising.  However, Thrive does not sell your Personal Information and does not use or share Personal  Information collected from users of our public websites to engage in targeted advertising unless  you have opted-in to such use. And, in the last 12 months, Thrive has not sold or shared Personal  Information (as those terms are defined under the applicable law).
How to Exercise Your Rights
To submit a request to exercise any of your rights, please email us at clinic@thrivehrt.com. As  required under applicable law, we must take steps to verify your request before we can provide  Personal Information to you, delete Personal Information, or otherwise process your request. We  will further verify and respond to your request consistent with applicable law, taking into  account the type and sensitivity of the Personal Information subject to the request. We will  deliver Personal Information that we are required by law to disclose to you within forty-five (45)  days after receipt of a verifiable request.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer  request related to your Personal Information. You may designate an authorized agent to request  any of the above rights on your behalf.
Right to Nondiscrimination
You have the right to be free from discriminatory treatment for exercising the privacy rights  conferred by applicable law.
Updating This Privacy Statement
This Privacy Statement may be updated periodically to reflect changes in our privacy practices.  It is your responsibility to review the Privacy Policy from time to time to view any such changes.
How to Contact Us
If you have any questions about our privacy practices or this Privacy Policy or Privacy  Statement, please email us at clinic@thrivehrt.com.
THRIVE TELEHEALTH NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE  USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS  INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. Effective Date
This Notice of Privacy Practices (“Notice”) took effect on August 1, 2024. It will remain in  effect until Thrive Telehealth LLC (“Thrive,” “we,” “us,” “our”) replaces it. Thrive shall abide  by the terms of this Notice while it is in effect.
II. Thrive’s Commitment To Your Privacy
Thrive is a clinically integrated care setting in which our members receive health care services  (“Services”) from more than one health care provider. Thrive respects and is committed to  protecting the privacy of your medical information. In performing its Services, Thrive will  receive, create, and disclose your protected health information (“PHI”). Thrive is required by law  to maintain the privacy and security of your PHI and to provide you with notice of our legal  duties and privacy practices with respect to your PHI. For information about our collection, use,  and disclosure of personal information other than PHI, please see our Privacy Policy and related  privacy notices posted on our Site.
III. Your Information and Rights; Our Responsibilities
A. Information We Collect About You
To provide you with the Services, we collect PHI about you from a few sources including  directly from you. PHI is information about you that may be used to identify you (such as your  name), and that relates to your past, present or future physical or mental health or condition, the  provision of healthcare to you, or your past, present, or future payment for the provision of  healthcare.
PHI Collected From You: As you use our Services, you will need to provide us with information  about yourself and your medical history, past treatment, and potential future treatment options.  As you communicate with us your telephone calls, emails, and other communications between  you and us may be recorded and logged.
PHI Collected from Third Parties: Connected with our Services, we may collect information  about you from third parties such as past or current health care providers, your pharmacy, your  medical file that you provide, or other organizations that may contract with us to give you access  to the Services.
PHI Collected Automatically: When you register or log in to our Site from the third party  software we use for account creation and management, we may automatically collect information  about you including IP address, device information, general geographic information, and date  and times you accessed and used our Site.
B. When We Use and Share Your Information
Treatment Activities: We will use your PHI within Thrive to treat you and provide you with  services. We may also disclose your PHI to other physicians or health care providers so that they  can treat you, and we may be required to disclose your PHI to third party labs and pharmacies so  they can ship you any prescription you may be prescribed.
Payment Activities: We can use and share your PHI to get paid and for other payment activities.
Healthcare Operations Purposes: Thrive may use and disclose your PHI to run our business,  including contacting you about the Services available to you, monitoring the qualifications of  providers, improving medical services, providing customer service, and conducting quality  reviews.
C. When We Must Share Your Information
There are limited times when we may be permitted or required by law to use or disclose your  PHI without your authorization. These may include: for public health activities; to protect  victims of abuse or neglect; for workers compensation claims; for judicial and administrative  proceedings; when required by law for law enforcement purposes; for specialized government  functions; to prevent or lessen a serious and imminent threat of harm; for research approved by  an Institutional Review Board; to coroners, medical examiners, and funeral directors; and for  organ donation and transplantation.
D. When We Need Your Authorization
We will not share your PHI for other purposes not described in this Notice. If we want to use or  disclose your PHI for any other purpose, we will seek your authorization using a HIPAA  authorization form. You have the right to revoke any authorization that you previously provided.
E. Your Rights Regarding Your PHI
You have the following rights regarding your PHI maintained by us. Additionally, your medical  power of attorney or legal guardian can exercise these rights on your behalf.
• Right to Access PHI: Most of your PHI that we maintain will be available to you through  your portal. To request access to information that is not available to you online, please  submit a request to us in writing.
• Right to Request Amendment of PHI: You have the right to request that we amend your  PHI if you believe that it is incorrect.
• Right to Request Restrictions On Uses and Disclosures of PHI: You have the right to  request that we do not use or disclose your PHI for treatment, payment, or health care  operation purposes.
• Right to Request Confidential Communication: You may request that we communicate  with you through alternate means or an alternate location.
• Right to Request an Accounting of Disclosures: You have the right to receive an  accounting of disclosures we have made of your PHI.
You also have the right to obtain a digital copy of this notice from us upon request, file a  complaint with your Secretary of State if you believe that your privacy rights have been violated,  and obtain more information about our privacy practices by contacting us at  clinic@thrivehrt.com.
F. How We Keep Your PHI Safe
The security of your PHI is very important to us. We use administrative, technical, and physical  safeguards to keep your PHI from unauthorized access, and other threats and hazards to its  security and integrity. We base our security program on complying with state and federal law,  including the HIPAA security regulation guidelines as well as industry best practices. If your  PHI is disclosed to an unauthorized person, despite our security safeguards, we will notify you  promptly if such disclosure may have compromised the privacy or security of the PHI.
G. Changes To This Notice
We reserve the right to change the terms of this Notice at any time, as long as the changes are in  compliance with applicable law. If we change the terms of this Notice, the new terms will apply  to all PHI we maintain. If we change this Notice, we will post the new Notice on our Site and it  will be available at the bottom of the Site.