CONSUMER HEALTH DATA PRIVACY

Effective Date: November 12, 2025

Entity: Personomics, LLC ("Personomics," "we," "us," or "our")

This Consumer Health Data Privacy Policy ("Policy") supplements our general Privacy Policy at personomics.io/privacypolicy. In the event of any conflict between this Policy and our general Privacy Policy, this Policy governs with respect to Consumer Health Data. This Policy should also be read alongside our HIPAA Notice of Privacy Practices at personomics.io/hipaa-notice.

1. Purpose & Scope

This Policy describes how Personomics, LLC collects, uses, shares, and protects "Consumer Health Data" as that term is defined under applicable U.S. state privacy laws, including but not limited to:

California — California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

Colorado — Colorado Privacy Act (CPA)

Connecticut — Connecticut Data Privacy Act (CTDPA)

Nevada — Nevada SB 370

This Policy applies to the extent required by the laws of the state in which you reside. If you are not a resident of one of the states listed above, this Policy may still describe practices relevant to you, but may not create legally enforceable rights in your jurisdiction.

Geographic Restrictions: Lab services offered through Personomics are not available to residents of New York State (permanently prohibited by state law) or Washington State (currently suspended). Internationally, lab services are available only to residents of Australia, Canada, New Zealand, and the United Kingdom. Coaching services may be available in additional jurisdictions — contact [email protected] for details.

2. What Is Consumer Health Data?

"Consumer Health Data" means personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. Depending on applicable state law, this may include:

-Health conditions, diagnoses, or symptoms you share with us

-Lab results, biomarker data, and specimen information collected through our integrative health lab services

-Health history, medications, and supplements you disclose during coaching intake or sessions

-Wellness and lifestyle data (e.g., sleep, stress, activity levels, diet) you voluntarily share

-Precise geolocation data that could be used to infer a health condition (e.g., location of a medical facility)

-Information about your use of health-related services through our platform

-Inferences drawn from any of the above that could be used to identify your health status

Consumer Health Data does not include information that has been de-identified or aggregated such that it cannot reasonably be used to identify you.

3. Consumer Health Data We Collect

Depending on how you use our Services, we may collect the following categories of Consumer Health Data:

Information you provide directly:

Health history, current symptoms, medications, and supplements disclosed during onboarding or coaching sessions

Health goals, concerns, and program preferences shared with your coach

Responses to health intake forms and assessments

Lab and biomarker data:

Results from integrative health lab tests facilitated through Personomics and our lab partner EquiLife, which may include hormone levels, metabolic markers, inflammatory markers, nutrient status, and other biomarkers

Specimen type, collection date, and registered kit information

Automatically collected data that may constitute Consumer Health Data:

Device and usage data collected through cookies and similar technologies that could be used to infer health-related interests or behaviors (e.g., pages viewed related to specific health conditions)

General location data (city/state level) derived from your IP address

From third parties (with your authorization):

Data from wearable devices or health apps you choose to connect to our Services (e.g., sleep data, activity data, heart rate)

Information from EquiLife and their accredited laboratory partners related to your lab orders and results

4. How We Use Consumer Health Data

We use Consumer Health Data only for the following purposes:

-To provide our Services — delivering health coaching, coordinating lab testing, and personalizing your program based on your health data

-To communicate with you — sending results, appointment reminders, program updates, and support responses related to your health and wellness services

-To improve our Services — using de-identified and aggregated data to analyze trends, improve coaching programs, and develop new features (your individually identifiable health data is never used for this purpose without your explicit consent)

-For legal and safety purposes — complying with applicable law, responding to lawful requests, and protecting the safety of our members and the public

-With your explicit consent — for any other purpose not listed above for which we have obtained your affirmative consent

We do not use your Consumer Health Data for:

-Targeted advertising or interest-based advertising

-Sale to third parties for any purpose

-Training third-party AI or machine learning models without your explicit consent

-Automated profiling that produces legal or similarly significant effects about you without your knowledge

5. How We Share Consumer Health Data

We do not sell your Consumer Health Data. We may share it in the following limited circumstances:

Lab partners and healthcare providers: We share relevant Consumer Health Data with our lab partner EquiLife, their accredited laboratory providers, and, where applicable, licensed clinicians involved in ordering or reviewing your lab results. This sharing is necessary to provide the lab services you have requested.

Service providers: We share Consumer Health Data with trusted third-party service providers who assist us in delivering our Services, including scheduling platforms, secure messaging tools, electronic health record systems, and IT/security vendors. All service providers are contractually required to protect your Consumer Health Data and may only use it as directed by us.

Legal and regulatory authorities: We may disclose Consumer Health Data to law enforcement, government authorities, or other parties when required by law, including mandatory public health reporting obligations applicable to lab results in certain states.

Business transfers: In the event of a merger, acquisition, or sale of assets, your Consumer Health Data may be transferred to the acquiring entity. We will take reasonable steps to ensure the recipient honors the commitments made in this Policy.

With your consent: We may share your Consumer Health Data with third parties for other purposes with your explicit, affirmative consent, which you may withdraw at any time.

6. Your Rights Regarding Consumer Health Data

Depending on the state in which you reside, you may have some or all of the following rights with respect to your Consumer Health Data. We will not discriminate against you for exercising any of these rights.

6.1 Right to Know / Confirm

You have the right to confirm whether we collect, share, or sell your Consumer Health Data, and to receive information about what we collect and how it is used.

6.2 Right to Access

You have the right to request a copy of the Consumer Health Data we have collected about you, including a list of third parties with whom we have shared it.

6.3 Right to Correct

You have the right to request correction of inaccurate Consumer Health Data we hold about you.

6.4 Right to Delete

You have the right to request deletion of your Consumer Health Data, subject to certain exceptions (for example, where we are required to retain data by law or to complete a transaction you requested).

6.5 Right to Withdraw Consent

To the extent we rely on your consent to collect or share your Consumer Health Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any processing that occurred prior to withdrawal.

6.6 Right to Opt Out of Sale or Sharing

We do not sell your Consumer Health Data. However, if you wish to confirm or exercise this right formally, you may contact us using the information in Section 8.

6.7 Right to Non-Discrimination

You have the right to exercise any of the rights described in this Policy free from discrimination. We will not deny you Services, charge you a different price, or provide you a lower quality of service because you exercised your privacy rights.

6.8 Right to Appeal

If we deny your request to exercise any of the rights above, you may appeal our decision by contacting us at [email protected] with the subject line "Consumer Health Data Appeal." We will respond to your appeal within the timeframe required by applicable law.

7. State-Specific Notices

California Residents (CCPA/CPRA)

In addition to the rights described above, California residents have the right to:

-Know the specific pieces of personal information collected about them

-Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising (we do not engage in these activities with Consumer Health Data)

-Limit the use and disclosure of sensitive personal information, which includes health data, to what is necessary to provide the Services

-To submit a California privacy request, contact us at [email protected] or visit personomics.io/privacypolicy

Colorado Residents (CPA)

Colorado residents have the right to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in these activities with Consumer Health Data. Colorado residents may also appeal denied requests as described in Section 6.8.

Connecticut Residents (CTDPA)

We cannot process your Consumer Health Data, or use it for certain purposes, without your affirmative consent where required by Connecticut law. Connecticut residents may also appeal denied requests as described in Section 6.8.

Nevada Residents (SB 370)

Nevada residents have the right to opt out of the sale of covered information. We do not sell Consumer Health Data. To exercise this right formally, contact us at [email protected].

8. How to Exercise Your Rights

To exercise any of the rights described in this Policy, please contact us using one of the following methods:

Email: [email protected](Please include "Consumer Health Data Request" in the subject line)

Mail: Personomics LLC Attn: Privacy Officer 6671 W. Indiantown Rd, STE 50-403 Jupiter, FL 33458 United States

We may ask you to verify your identity before processing your request. We will respond within the timeframe required by applicable law — generally within 45 days, with an option to extend by an additional 45 days where reasonably necessary.

You may also designate an authorized agent to submit requests on your behalf. We will require authorized agents to verify their identity and authority before processing any request.

9. Data Security

We implement reasonable technical, organizational, and administrative safeguards designed to protect Consumer Health Data from unauthorized access, disclosure, alteration, loss, or destruction. These measures include encryption of data in transit and at rest, role-based access controls, and regular security reviews.

No security system is perfect. If you have reason to believe your Consumer Health Data has been compromised, please contact us immediately at [email protected].

10. Data Retention

We retain Consumer Health Data for as long as necessary to provide the Services, comply with our legal obligations (including HIPAA record retention requirements), resolve disputes, and enforce our agreements. When Consumer Health Data is no longer needed, we will delete or anonymize it in accordance with our data retention schedule and applicable law.

11. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Effective Date" at the top of this page and notify you via email or a prominent notice on our website where required by law. Your continued use of our Services after any changes become effective constitutes your acceptance of the updated Policy.

12. Contact Us

If you have questions, concerns, or requests related to this Consumer Health Data Privacy Policy, please contact us at:

Personomics LLC

Email: [email protected]

Website: personomics.io/consumer-health-data

Personomics LLC • [email protected] • personomics.io