MERU HEALTH PRIVACY POLICY

Last Modified: December 15, 2021

1. INTRODUCTION

This Privacy Policy describes how Meru Health, Inc. collects and uses Personal Data about you through the use of our Websites, mobile applications, and through email, text, and other electronic communications between you and Meru Health, Inc.

Meru Health, Inc. (“Meru Health,” or “we,” “our,” or “us”) respects your privacy, and we are committed to protecting it through our compliance with this policy.

This Privacy Policy (our “Privacy Policy”) describes the types of information we may collect from you or that you may provide when you visit the website meruhealth.com and meruhealth.fi (our “Websites”) and the Meru Health applications (each, an “Application”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Note, Meru Health is not a medical group or health care provider. Any telemedicine consults obtained through our Websites or Applications are provided by independent medical practitioners, including Meru Health Medical, P.A. (“Meru Medical”), an independent medical group with a network of United States based health care providers (each, a “Provider”). Meru Health Medical (or your own medical provider if you do not use a Meru Health Medical Provider) is responsible for providing you with a Notice of Privacy Practices describing its collection and use of your health information, not Meru Health. If you do not agree to be bound by those terms, you are not authorized to access or use our Websites and Applications, and you must promptly exit our Websites and Applications.

This policy applies to information we collect:

  • on our Websites and Applications, for example when you visit our Websites and Applications;

  • in email, text, and other electronic messages between you and our Websites and Applications;

  • from referrals from other healthcare providers, health plans, and intake calls; and

  • when you interact with our advertising and applications on third party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

  • by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Websites or Applications; or

  • from users who log-in to the password-protected and secure portions of our Website or Applications (“Secure Platform”). The Secure Platform allows users who obtain the services (“Customers”) to perform certain functions or obtain the services (such as telehealth visits from medical groups or health care providers). All information collected and stored by us or added by Customers into such Secure Platform is considered Protected Health Information ("PHI") and is governed by applicable state and federal laws that apply to that information, including the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”). We use and disclose such PHI in accordance with the applicable Notice of Privacy Practices provided to you by the medical groups.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Websites and Applications. By accessing or using our Websites or Applications, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Websites or Applications after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

2. CHILDREN UNDER THE AGE OF 13

Our Websites and Applications are not intended for children under the age of 13 and children under the age of 13 are not permitted to use our Websites or our Applications. We will remove any information about a child under the age of 13 if we become aware of it.

Our Websites and Applications are not intended for children under 13 years of age. No one under age 13 may provide any information to or through the Websites or Applications. We do not knowingly collect Personal Data from children under 13. If you are under 13, do not use or provide any information on our Websites or in our Applications or on or through any of their features, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from a child under 13, please contact us at support@meruhealth.com or call us at (650)-505-4947.

3. INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

We collect different types of information about you, including information that may directly identify you, information that is about you but individually does not personally identify you, and information that we combine with our other users. This includes information that we collect directly from you or through automated collection technologies.

Generally

We collect several types of information from and about users of our Websites and Applications, specifically information:

  • by which you may be personally identified, such as name, postal address, billing address, shipping address, e-mail address, telephone numbers, driver’s license number (or other government identification number), date of birth, credit or debit card number (for payment purposes only), your medical history, and health information (“Personal Data”);

  • that is about you but individually does not identify you, such as education level, number of dependents, age, race, skin color, national origin, religion, marital status, medical conditions, disabilities, sexual orientation, religious beliefs, sex/sex life data, emergency contacts, and your physician. We may also collect traffic data, logs, referring/exit pages, date and time of your visit to our Websites or use of our Applications, error information, clickstream data, information about your mobile device (e.g., unique device identifier), IP address, mobile telephone number and other data and the resources that you access and use on the Websites or through our Applications;

  • any other information that you may voluntarily disclose; or

  • about your Internet connection, the equipment you use to access our Websites or use our Applications and usage details.

We collect this information:

  • directly from you when you provide it to us;

  • automatically as you navigate through the Websites or use our Applications. Information collected automatically may include usage details, IP addresses, and information collected through cookies and other tracking technologies; and

  • From third parties, for example, our business partners.

Information You Provide to Us

The information we collect on or through our Websites or through our Applications is:

  • information that you provide by filling in forms on our Websites or the Applications. This includes information provided at the time of registering to use our Websites or Applications, using our Provider consultation services, or requesting further services. We may also ask you for information when you report a problem with our Websites or Applications;

  • records and copies of your correspondence (including email addresses), if you contact us; and

  • details of transactions you carry out through our Websites or through the Applications and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Websites or Applications.

You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Websites or Applications or transmitted to other users of the Websites or Applications or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We may also use your User Contributions in an anonymized form in our marketing materials. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Websites and Applications with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Websites and Applications, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

  • details of your visits to our Websites or Applications, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Websites or use of our Applications, error information, clickstream data, and other communication data and the resources that you access and use on the Websites or in the Applications; and

  • information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and Application version information.

  • The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Websites and Applications and to deliver a better and more personalized service by enabling us to:

  • estimate our audience size and usage patterns;

  • store information about your preferences, allowing us to customize our Websites and our Applications according to your individual interests;

  • recognize you when you return to our Websites and our Applications.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Websites and Applications through your computer or mobile device. A cookie is a small file placed on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Websites or use certain parts of our Applications. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites or use our Applications.

THIRD-PARTY USE OF COOKIES

Some of the cookies used on our Websites and Applications may be served by third parties alone or conjunction with web beacons or other tracking technologies to collect information about you when you use our Websites and Applications. The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. You can learn more about interest-based advertisements and your opt-out rights and options from members of the Network Advertising Initiative (“NAI”) on its website (www.networkadvertising.org) and from members of the Digital Advertising Alliance on its website (www.aboutads.info). We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

4. HOW WE USE YOUR INFORMATION

We use your Personal Data for various purposes described below, including to:

  • provide our Websites or Applications to you;

  • provide products and services to you;

  • provide you with information you request from us;

  • enforce our rights arising from contracts;

  • notify you about changes; and

  • provide you with notices about your account.

We use information that we collect about you or that you provide to us, including any Personal Data:

  • to present our Websites and its contents to you;

  • to present our Applications;

  • to provide our products and services to you;

  • to provide you with information that you request from us or that may be of interest to you;

  • to process, fulfill, support, and administer transactions and orders for products and services ordered by you;

  • to administer and analyze surveys;

  • to provide you with notices about your Meru Health account;

  • to contact you in response to a request;

  • to fulfill any other purpose for which you provide it;

  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;

  • to notify you about changes to our Websites, our Applications, or any products or services we offer or provide though them;

  • in any other way we may describe when you provide the information; and

  • for any other purpose with your consent.

We may also use your information to contact you about goods and services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications or by visiting your Account Preferences page. For more information, see Choices About How We Use and Disclose Your Information.

5. DISCLOSURE OF YOUR INFORMATION

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. We disclose your Personal Data to a few third parties, including:

  • our affiliates and third party service providers that we use to support our business;

  • Meru Medical and its Providers to provide you with telehealth services;

  • to a company we merge, acquire, or that buys us, or in the event of change in structure of our company of any form;

  • to comply with our legal obligations;

  • to enforce our rights; and

  • with your consent.

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this privacy policy:

  • to affiliates, contractors, service providers, and other third parties we use to support our business. The services provided by these organizations include IT and infrastructure support services, and ordering, marketing, and payment processing services;

  • Meru Medical and its Providers to provide you with telehealth services;

  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Meru Health about our Websites and Applications users are among the assets transferred;

  • to fulfill the purpose for which you provide it. For example, we may disclose your personal information to a Provider;

  • for any other purpose disclosed by us when you provide the information;

  • with your consent.

We may also disclose your Personal Data:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;

  • to enforce or apply our Terms of Use meruhealth.com/tcs and other agreements, including for billing and collection purposes; and

  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Meru Health, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

6. CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for our advertising to you, and other targeted advertising.

We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. These third parties may aggregate the information they collect with information from their other customers for their own purposes.

In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

  • Promotional Offers from Meru Health. If you do not wish to have your email address used by Meru Health to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from. This opt out does not apply to information provided to Meru Health as a result of a product purchase, or your use of our services.

7. YOUR RIGHTS REGARDING YOUR INFORMATION AND ACCESSING AND CORRECTING YOUR INFORMATION

You may review and change your personal information by contacting us at privacy@meruhealth.com

You can review a subset of your Personal Data by logging into our Application and visiting either the Settings or Account Preferences sections of our Application. To review all personal information that you have given to Meru Health, contact privacy@meruhealth.com. You may also notify us through the Contact Information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

8. JURISDICTION-SPECIFIC PRIVACY RIGHTS

The law in certain jurisdictions may provide their residents or individuals located in those jurisdictions with additional rights regarding our use of your Personal Data.

The law in some jurisdictions may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these jurisdictions, please see the privacy addendum for your jurisdiction that is attached to this Privacy Policy.

For Individuals Located within the European Economic Area or the United Kingdom

If you are located in the European Economic Area or the United Kingdom, you have the additional rights described in our GDPR Privacy Addendum.

For Residents of California

California law permits minors under the age of 18 to request the removal of your User Contributions, subject to certain exceptions. If you are under the age of 18 in California, you may contact us using the Contact Information below (if you contact us via email, please use the subject “California Eraser Law Request”). We may not remove your User Contributions that we are required to retain under any federal or state law, or that have been provided to a third party. While we will do our best to remove a minor’s information upon a valid request, we cannot ensure the complete or comprehensive removal of your User Contributions from our Websites or Applications or any information that has been republished, copied, downloaded, or reposted by any third party, and we cannot guarantee that any such information may not be accessible to users of the Internet in the future. We do not advertise or market any of the products or services identified in California Business and Professionals Code Section 22580(i) to users who we have actual knowledge are under 18 years of age.

9. DO NOT TRACK SIGNALS

We may use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.

We also may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.

10. DATA SECURITY

Information transmitted over the Internet is not completely secure, but we do our best to protect your Personal Data. You can help protect your Personal Data and other information by keeping your password to our Websites confidential.

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where you have chosen a password for the use of our Websites or Applications, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Websites or on or through our Applications. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Websites, in your operating system, or in the Applications.

11. CHANGES TO OUR PRIVACY POLICY

We will post any changes to our Privacy Policy on our Website. If we make material changes to our Privacy Policy, we may notify you of such changes through your contact information and invite you to review (and accept, if necessary) the changes.

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Website’s home page or the Application’s home screen. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Website’s home page or the Application’s home screen. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically accessing the Applications or visiting our Websites and reviewing this Privacy Policy to check for any changes.

12. CONTACT INFORMATION

You may contact us through the contact information below.

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on our Websites or in the Applications.

Meru Health, Inc. | 720 South B Street | San Mateo, CA 94401 | Telephone: (650)-505-4947 | Email: support@meruhealth.com