Privacy Policy

General

Enara Health, Inc., a Delaware corporation respects user privacy regarding its website at www.enarahealth.com and related platforms. This Privacy Policy outlines what information is collected, how it’s used, and user rights regarding that information.

The website is hosted in the United States and subject to U.S. law. Users accessing from other jurisdictions consent to data transfer to the U.S. in accordance with this policy.

BY USING OR ACCESSING THE WEBSITE, YOU ARE ACCEPTING THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

Gathering, Use and Disclosure of Non-Personally-Identifying Information

Users of the Website Generally

Non-Personally-Identifying Information includes data that cannot directly identify individuals, such as IP addresses, operating system, browser type, and website navigation patterns. The company analyzes this data to improve website design and user experience. Non-Personally-Identifying Information may be released in aggregate form.

Web Cookies

Web Cookies are used to track services, store login credentials, record preferences, and maintain login sessions. They also help track pages visited to improve user experience.

Users who do not want Web Cookies should set their browsers to refuse them, understanding that certain features may not function properly without them. Users refusing cookies assume responsibility for any loss of functionality.

Third-Party Advertisers

Third-party advertising companies may use non-personally-identifying information from Web Cookies to serve targeted advertisements. Users can opt out through the Network Advertising Initiative at networkadvertising.org/choices, preferences-mgr.truste.com, or aboutads.info/choices.

The company may use non-personally-identifying information to select appropriate advertising audiences without identifying users to advertisers.

Analytics

Web Beacons are invisible objects embedded in web pages or emails that track page views and email opens. They are not used to access personally-identifying information and cannot be declined. However, users can render them ineffective by declining Web Cookies.

Aggregated and Non-Personally-Identifying Information

Aggregated and non-personally-identifying information may be shared with third parties, affiliate companies, advertisers, and investors for business analysis and targeted advertising development.

Mobile Device Additional Terms

Mobile Device: Device information collected may include mobile device ID, model, manufacturer, operating system, version information, and IP address.

Geo-Location Information: Unless prior consent is received, location-based information is not accessed or tracked. General location data may be determined from IP address.

Push Notifications: Users may opt-out of push notifications through device settings.

Mobile Analytics: Mobile analytics software records usage frequency, events, aggregated usage, and performance data without linking it to personally-identifying information.

Social Media

Users may connect Website accounts to social networking sites for logging in or uploading information. The company collects publicly available information from social networks, such as name, profile picture, username, gender, friends network, and age range.

When users click social network plugins (Facebook “Like,” Twitter “tweet,” Google+), those networks receive IP address, browser version, screen resolution, and operating system data. Users should review privacy controls on respective social networks.

Collection, Use and Disclosure of Personally-Identifying Information

Website Registration

Personally-Identifying Information includes data directly associable with specific individuals, such as name, address, email address, phone number, and financial information. The company collects this information when users register, log in with social credentials, participate in features, communicate with the company, create profiles, or sign up for newsletters.

Users are not obligated to provide personally-identifying information, though refusal may prevent access to certain features.

BY REGISTERING WITH OR USING THE WEBSITE, YOU CONSENT TO THE USE AND DISCLOSURE OF YOUR PERSONALLY-IDENTIFYING INFORMATION AS DESCRIBED IN THIS SECTION.

AI Use & Data Privacy

Enara Health uses AI-powered tools to assist providers with clinical documentation and improve workflow efficiency. These tools analyze medical records within Enara’s secure, HIPAA-compliant system. Identifiable data is never shared externally, used for marketing, or sold.

Online Postings

Information voluntarily posted on publicly-viewable pages becomes publicly available. The company cannot control who reads postings or how others use disclosed information.

USERS ASSUME ALL RESPONSIBILITY FOR ANY LOSS OF PRIVACY OR OTHER HARM RESULTING FROM VOLUNTARY DISCLOSURE OF PERSONALLY IDENTIFYING INFORMATION.

Company Communications

The company may send notification emails about new services and service-related announcements. Users may generally opt out during registration or through account settings, though the company reserves the right to send notices about accounts.

SMS Communications

By providing a mobile number and opting in, users consent to receive recurring automated SMS text messages, including:

• Operational Messages: Appointment reminders and health notifications
• Promotional Messages: Personalized marketing communications and special offers

Users may separately opt-in or opt-out of promotional communications. Message and data rates may apply. SMS messages do not include Protected Health Information (PHI). Users may reply HELP or STOP to manage communications. Consent is not a condition of receiving healthcare services.

Disclosure of Personally-Identifying Information

The company discloses personally-identifying information under these circumstances:

By Law or to Protect Rights: When disclosure is appropriate to investigate illegal activity, suspected fraud, or wrongdoing; to protect rights, property, or safety; to comply with law or cooperate with law enforcement; to enforce Terms of Use or other agreements; in response to subpoenas, court orders, or government requests; or as required by law.

Marketing Communications: Unless users opt-out, the company may email about products and services. Users may opt-out through unsubscribe links, account settings, or by contacting the company.

Third-Party Marketing Communications: Unless users opt-out, the company may provide email information to third parties for direct contact. Users may opt-out through account settings or by contacting the company. Users are responsible for contacting third parties directly to stop their marketing.

Third-Party Service Providers: The company may share personally-identifying information with authorized service providers performing services including order fulfillment, customer service, business analysis, website functionality support, and credit card processing. Service providers may not share or use information for other purposes.

Business Transfers; Bankruptcy: The company reserves the right to transfer all personally-identifying information to a successor organization in merger, acquisition, bankruptcy, or asset sale events. Transferred information remains subject to this Privacy Policy unless a new policy is provided with opt-out opportunity.

Employees, Contractors, and Consultants: Company employees, operations contractors, and consultants may have limited access to personally-identifying information for providing services, troubleshooting problems, and resolving complaints. Access is limited to information reasonably necessary for service provision or improvement.

Changing Personally-Identifying Information; Account Termination

Users may review or change personally-identifying information through account settings or by contacting the company. Upon request, the company will deactivate or delete account information from active databases. The company retains some information to prevent fraud, assist investigations, enforce Terms of Use, and comply with legal requirements.

General Use

The company uses personally-identifying information to: deliver requested products and services; manage accounts and provide customer support; communicate about products and services; develop personalized content and advertising; resolve disputes; measure consumer interest; inform users of updates; customize experience; detect and protect against fraud and criminal activity; enforce Terms of Use; and process payments. The company may examine information to identify users with multiple accounts, detect errors, and manage business operations.

Children’s Personally Identifiable Information

Features requiring personally-identifiable information submission are not intended for anyone under 13 years old. The company does not knowingly collect information from children under 13, except for minor children whose parents or legal guardians register them. Children under 13 may not use the website or services. Parents or guardians of children under 13 may request deletion of the child’s information by contacting privacy@enarahealth.com.

Medical Data and Research

BY USING OUR TECHNOLOGY AND WEBSITE, YOU ACKNOWLEDGE RECEIPT OF THE NOTICE OF PRIVACY PRACTICES OF THE HEALTHCARE PROVIDER THAT YOU ENGAGE THROUGH OUR WEBSITE.

Providers accessible through the service are employed by or contract independently with professional entities affiliated with Enara Health Inc.

Users may provide health information including medical history, health status, laboratory results, diagnostic images, and other health-related information.

The company uses information to:

• Send communications on behalf of providers and facilitate healthcare services
• Invite participation in IRB-approved research studies, potentially sponsored by academic institutions, nonprofits, and pharmaceutical companies. Participation requires agreeing to an IRB-approved consent form with detailed study information. Enara will not use information for IRB-approved studies without express consent, though information will be used for other research purposes described in this policy.

Enara Health Inc. reserves the right to use de-identified data for IRB-exempt research and to develop intellectual property including patents, copyrights, and trademarks, and may commercialize products or services.

Protected Health Information, HIPAA and Communications:

Some submitted or created information may constitute “protected health information” (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). Though Enara is not a HIPAA “covered entity,” providers and provider groups may be. Provider groups have adopted a HIPAA Notice of Privacy Practices describing how they use and disclose PHI.

Enara may be a “business associate” of a provider group under HIPAA, limiting its use and disclosure of PHI as required by HIPAA, including communications via email, text, or app messages containing PHI such as appointment reminders. Users preferring not to exchange PHI via email or text should notify the company at privacy@enarahealth.com. Users may request updates, corrections, or deletion of PHI by contacting privacy@enarahealth.com, though the company may retain PHI required by HIPAA.

One of Enara Health’s missions is using customer data to derive treatment insights for scientific discovery. The company may use data to predict treatment outcomes benefiting current and future patients. Findings may be published in scientific journals.

For IRB non-exempt research, users will sign authorization forms agreeing to let Enara researchers use health data for understanding disease causes, developing treatments, or predicting disease risk.

Enara may develop intellectual property or commercialize products based on research results, with no user compensation. Data will never be sold to third parties, though some studies may be sponsored by or conducted on behalf of nonprofits, academic institutions, or pharmaceutical companies.

Enara uses physical, technical, and administrative procedures to protect personal information including genetic data and survey responses. Researchers conducting statistical analyses do not access registration information. To minimize identifying individual customers in studies, Enara publishes only pooled data or limited non-identifying information.

Collection and Use of Information by Third Parties Generally

The company contractually prohibits contractors, affiliates, vendors, and suppliers from disclosing personally-identifying information except as permitted by this Privacy Policy. However, third parties are not obligated to follow this policy regarding information users provide directly or that third parties collect independently.

Before using third-party websites or applications and providing personally-identifying information, users should review those third parties’ privacy policies and practices.

Security

The company uses reasonable electronic, personnel, and physical measures to protect personally-identifying information from loss, theft, alteration, or misuse. However, no security measures can fully eliminate all risks.

Users are responsible for maintaining password confidentiality and should notify the company immediately if unauthorized access is suspected or password control is lost.

Despite security efforts, there is always some risk that unauthorized third parties may circumvent security systems or intercept transmissions. The company makes no representations or warranties regarding security measure sufficiency. No data transmission over the Internet or through mobile devices can be guaranteed 100% secure. The company is not responsible for actual or consequential damages resulting from security breaches or technical malfunctions.

Privacy Policy Changes

The company may change this Privacy Policy at any time. Changes will be reflected on this page with updated posting dates. Users should regularly check for changes. The company may notify users of changes via email or otherwise. It is important for users to maintain and update contact information.

California Privacy Rights

California Civil Code Section 1798.83 permits California residents to request information once yearly and free of charge about personally-identifying information disclosed to third parties for direct marketing purposes in the preceding calendar year, including categories of shared information and third-party names and addresses.

California residents making such requests should submit written requests to the privacy officer listed below.

Do-Not-Track Policy

Most web browsers and some mobile operating systems include Do-Not-Track (DNT) features to signal privacy preferences. The website does not currently respond to DNT browser signals or mechanisms.

Contact

For Privacy Policy questions, contact:

Enara Health, Inc. Attn: Privacy Officer 3050 South Delaware St. Suite #130 San Mateo, CA 94403 (650) 319-8654 Email: privacy@enarahealth.com