$50 Off 1st Month (CODE: 50OFF)

Privacy Policy

Last Updated: October 27, 2023

This privacy policy (“Privacy Policy”) describes how Clinic Secret and/or our owners and/or affiliates (collectively “Company,” “our,” “we,” or “us”) collect, use, disclose, and protect information about you provide through the Clinic Secret website located at clinicsecret.com. (together, the “Site”). This Privacy Policy applies only to information that is collected in connection with your use of the Site. It does not apply to any other offerings, products or services. If you do not want us to collect, use or disclose information about you and your use of the Site as described in this Privacy Policy, then you should not use the Site. By using the Site, you are accepting the practices set out in this Privacy Policy and our Terms of Use.

If you are a resident of California, please see our California Privacy Notice available here.

About the Site

The Site gathers several types of information from and about users of the Site, including medication information, geographic location and user preferences. Among other things, this allows the Site to:

  • Check the prices of your medication at multiple pharmacies near you;
  • Show you comparable prices for your medication using information received from third parties;
  • Send you a discount card if requested; and
  • Provide coupons for your use at the pharmacy of your choice.

Categories of Information We Collect

The information we collect from or about you allows us to provide our services and helps us personalize and improve your experience on the Site. You may print or download a discount card to use our service without registering with us or creating an account. Depending on how you use the Site, we may collect the following categories of information directly from you:

  • Information about medications you are seeking to fill (such as medication names and dosage) and your preferred pharmacy.
  • Information about your purchase transactions, including purchases using our discount card, including drug name and pharmacy location.
  • Geographic location information from you or your device, including your geolocation data, zip code, region, city, street address, time zone, latitude and longitude information. Please note that we will not access precise geo-location information from your device, unless you grant the Site permission to do so.
  • User preferences.
  • Technical data and related information, such as information about your device, system and application software, peripherals and other data related to your interactions with the Site.
  • Metadata and other information associated with or stored on your device.
    We may also collect information directly from you outside of the Site if you provide it to us, for example, if you send Customer Service a request or email.
    When you use the Site, we automatically collect some categories of information from you, such as information about your use of the Site (e.g., features used, content viewed, dates and times of interactions) and technical data about your device, such as operating system, model, device identifier, and IP address.
    We may also automatically collect certain technical information relating to you, which your web browser automatically sends whenever you visit a website on the Internet, or which is collected when you use a mobile application (see the section “Cookies and Similar Tools” below for more information). For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect information relating to your use of the Site. Google Analytics uses “cookies”, which are text files placed on your device, to help us analyze how you use our Site. You can find out more about how Google uses data by visiting “How Google uses information from sites or apps that use our services”, located at https://policies.google.com/technologies/partner-sites.

How We Use the Information We Collect

Information we collect about you may be used for the following purposes:

  • Operating the Site, including to provide you the Service features.
  • To provide you the information and services you request when you use the Site.
  • To customize your experience when you use the Site, for example to provide you with interactive or personalized elements or provide you with content based on your interests, requests, and location.
  • Improve the Site and other Company products or services, including by developing new products and services, perform quality control activities, and conduct data analytics.
  • Provide account management, patient care, customer service, and engaging in system maintenance.
  • Deliver marketing communications, such as promotional materials or advertisements, including materials and advertisements for services offered by us and/or third parties that might be of interest to you, either directly to you or through third party apps or websites.
  • Communicate service-related or required notices about the Site to you, which may include communications by email or by text messages (i.e., SMS) at the mobile device number you provide us.
  • Detect, prevent, and respond to suspected fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Site.
  • Perform data analytics, including to compile, synthesize, generate and analyze anonymous usage and other aggregated statistics and information.
  • Monitor your use of the BIN/PCN/RXGroup/Member ID or other information we provide to you.
    When permitted by applicable law, we may also:
  • Combine the information you provide us, or that we collect from third parties, with other information maintained by us, and use that combined information for any of the above purposes.
  • De-identify your information by removing information typically used to identify you and use that de-identified information for any purpose permitted by law.

How We Share Information We Collect

Your information may be disclosed to the following third parties:

  • Pharmacies and other partners who help us provide the services available through the Site to you.
  • Business partners, who may deliver marketing communications, promotional markets, advertisements, or other information, including about other services offered by us and/or third parties, that may be of interest to you. You will be given the option to opt out of marketing messages. If required to do so by law or if we have a good faith belief that disclosure is necessary to (1) comply with the law or with legal process served on us; (2) protect and defend our rights or property; or (3) to protect someone’s safety.
  • Advisors, potential transactional partners, or other third parties related to the consideration, negotiation, or completion of a corporate change of control resulting from, for example, a sale to, or merger with another entity. If all or substantially all our assets or stock is acquired by a third party, whether by merger, acquisition, reorganization or otherwise, we may transfer our user database, including personal information contained in it, to the third party.
  • Service providers who work on our behalf or partner with us to provide or improve the Site or related products or services or carry out activities on our behalf. Our service providers are required to agree to protect your personal information consistent with this Privacy Policy.

Note: All other use case categories exclude text messaging origination opt-in data and consent; this information will not be shared with any third parties.
We and our service providers may share reports on user demographics and traffic patterns that do not identify you, as well as other information that does not identify you with third parties.

Information Security

We take reasonable steps to protect your personal information, which is any information that identifies you or could reasonably be linked to you. We also use encryption technology, called Secure Sockets Layer (SSL), to help protect personal information in certain areas of our Site during transport across the Internet. The presence of SSL encryption may be indicated by https in the browser URL or the image of a closed lock or solid key in the browser window. These indications may not be present in mobile services that use SSL.

Unfortunately, there is always some risk that an unauthorized third party may find a way around our security measures. We cannot guarantee that the Internet or any other technical system will be 100% secure or error-free. We are not responsible for the security of information you transmit over networks that we do not control, including the Internet and wireless networks. Please note that e-mails and other communications you send to us are not encrypted, and by communicating with us by email you accept the risk that any personal information contained in the email may be intercepted or accessed by unauthorized parties.

Your Choices

You may opt out of receiving marketing emails by using the unsubscribe information available in any marketing email, or by emailing us at support@clinicsecret.com. To the extent that you use the Site, there are certain messages you may not opt out of receiving, such as non-promotional email messages about programs or services you have registered for or certain administrative, technical, or safety notices about the Site or our products or services.

The Site does not currently respond to “do not track” signals or other mechanisms that provide a method to opt out of the collection of information over time and across websites and online services you may use. If we do so in the future, we will describe how we do so in this Privacy Policy. Visit the following website, for more information on this developing area. www.allaboutdnt.org

Information About Minors

The Site is intended for adults only and are not directed to, nor do we knowingly collect information from, individuals under the age of 18. If you become aware that your child or any individual under your care who is under the age of 18 has provided us with information without your consent, please contact us at the contact information listed below.

California Residents

Pursuant to California Civil Code Section 1798.83, if you are a California resident, you have the right to request information about how and to whom we disclose certain categories of your personal information for their direct marketing purposes, once per calendar year. You can make this request to us via email at: support@clinicsecret.com or by calling toll-free at 844-768-3001.

If you are a resident of California, please see our California Privacy Notice for additional provisions that apply to you.

Links to Other Websites

Our Site may include links to external third-party websites and online services that are not under our control. We are not responsible for the collection, use, and disclosure of your information on those websites and other online services provided by those third parties. We encourage you to review the privacy policies and terms of use of each website and other online service you visit. The inclusion of links to external third-party websites and online services does not imply endorsement of, or association with, such websites and online services by us, or any warranty of any kind, either express or implied.

Cookies and Similar Tools

We use cookies to collect, store and sometimes track information from your computer or mobile device automatically for statistical purposes to improve the Site. If you use our Site, we will use a cookie, web beacons and other similar technologies on our website to save your settings and to provide customizable and personalized services. A cookie is a unique numeric code that we transfer to your computer that lets us know your location, the information visited while on our website and the third-party websites you visited before accessing our website. Web beacons are small pieces of code placed on our website that allow us to obtain information about website usage. We retain the information we receive from the cookies we place on your computer. These cookies do not enable third parties to access any of your personal information. If you prefer not to receive cookies from the Site, then set your browser to refuse all cookies from any websites that you may visit. This will provide you with more control over the acceptance of cookies on your computer. However, it is possibility that some portions of the Site will not function properly or may perform more slowly. By using our Site and not disabling cookies, you consent to their use. Please note that other tracking technologies may still function.

Retention

We will retain your personal information in accordance with our record retention policies and as permitted by applicable law unless you instruct us to remove it by contact us at support@clinicsecret.com. We will also retain your personal information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. You can update the personal information you have provided to us at any time by writing to the program administrator at Clinic Secret, LLC/Manifest Pharmacy. Attn: Privacy Team/Regulatory Compliance,

21750 Hardy Oak Blvd Ste 104, San Antonio, Texas, 78258

Access from Outside the United States

If you access the Site from outside the United States, please be aware that personal information may be transferred to, stored in, and processed in the United States. Certain governmental authorities may not consider the level of protection of personal information in the United States to be equivalent to that required by the in other jurisdictions.

Changes and Updates

We may make changes to our Privacy Policy from time to time. When we do so, we will post the revised Privacy Policy on our Site and change the “last updated” date. Please check the “last updated” date at the top of this page to determine if the policy has been modified since you last reviewed it. Your continued use of the Site after that date means you agree to this Privacy Policy and any updates.

Contact Us

If you have any questions about this Privacy Policy, please send them to support@clinicsecret.com or you may call us at 844-768-3001, anytime during Monday – Friday from 8am – 5pm CST. You may also write to us in care of our administrator at:Attn: Privacy Team/Regulatory Compliance
Clinic Secret, LLC

21750 Hardy Oak Blvd Ste 104, San Antonio, Texas, 78258

FULL PRIVACY POLICY
Version 2
Last Updated: Feb 7, 2025

WE AT BELUGA HEALTH, P.A. (“We”, “Us”, or “Beluga”) VALUE YOUR PRIVACY AND ARE COMMITTED TO
KEEPING YOUR (“You/Your”) PERSONAL DATA CONFIDENTIAL. WE USE YOUR DATA SOLELY IN THE
CONTEXT OF PROVIDING A WEB PORTAL (“WEB PORTAL”) AND VARIOUS RELATED SERVICES DEFINED
BELOW (“SERVICES”) TO SUPPORT THE DELIVERY OF REMOTE CLINICAL CARE AND PRESCRIPTION
SERVICES BY QUALIFIED PHYSICIANS (“PROVIDER USERS”) TO PATIENTS OF BELUGA HEALTH (“PATIENT
USERS”). YOU ARE EITHER A PATIENT USER OR A PROVIDER USER. THE SERVICES INCLUDE, IN ADDITION
TO THE WEB PORTAL, THE FACILITATION OF (1) SECURE INFORMATION COLLECTION, (2) SHORT MESSAGE SERVICE (“SMS”) AND MULTIMEDIA MESSAGING SERVICE (“MMS”) COMMUNICATIONS BETWEEN PATIENTS AND PROVIDERS, AND (3) ELECTRONIC PRESCRIBING OF MEDICATIONS.

THIS PRIVACY POLICY APPLIES TO PERSONAL DATA BELUGA COLLECTS FROM USERS OF THE SERVICES.
“PERSONAL DATA” INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER
INFORMATION IN COMBINATION TO IDENTIFY OR CONTACT ONE OF OUR PATIENT OR PROVIDER
USERS. WE BELIEVE THAT TRANSPARENCY ABOUT THE USE OF YOUR PERSONAL INFORMATION IS OF
UTMOST IMPORTANCE. IN THIS PRIVACY POLICY, WE PROVIDE YOU DETAILED INFORMATION ABOUT OUR COLLECTION, USE, MAINTENANCE, AND DISCLOSURE OF YOUR PERSONAL DATA. THE POLICY EXPLAINS WHAT KIND OF INFORMATION WE COLLECT, WHEN AND HOW WE MIGHT USE THAT INFORMATION, HOW WE PROTECT THE INFORMATION, AND YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION.


SOME OF THE PERSONAL DATA WE COLLECT AND TRANSMIT WILL, IN SOME CIRCUMSTANCES, BE
CONSIDERED “HEALTH DATA” (data related to a Patient User’s physical or mental health) or “Protected
Health Information” (information that relates to the past, present, or future physical or mental health or
condition of a Patient User; the provision of health care to a Patient User; or the past, present, or future
payment for the provision of health care to a Patient User). THEREFORE, OUR PRIVACY PRACTICES ARE
INTENDED TO COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA“) AND WITH STATE LAW RELATED TO HEALTH DATA, WHERE APPLICABLE. FOR ADDITIONAL INFORMATION RELATED TO YOUR HEALTHCARE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER AT security@belugahealth.com.

BY SUBMITTING YOUR PERSONAL DATA THROUGH THIS WEB PORTAL OR THROUGH THE SERVICES,
YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU
DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE WEB PORTAL AND DO NOT SUBMIT ANY
PERSONAL DATA TO US.

PLEASE NOTE THAT WE OCCASIONALLY UPDATE THIS PRIVACY POLICY AND THAT IT IS YOUR
RESPONSIBILITY TO STAY UP TO DATE WITH ANY AMENDED VERSIONS. IF WE MODIFY THE PRIVACY
POLICY, WE WILL POST A LINK TO THE MODIFIED TERMS ON THE WEB PORTAL AND WILL ALSO NOTIFY
YOU VIA EMAIL. YOU CAN STORE THIS POLICY AND/OR ANY AMENDED VERSION(S) DIGITALLY, PRINT IT,
OR SAVE IT IN ANY OTHER WAY. ANY CHANGES TO THIS PRIVACY POLICY WILL BE EFFECTIVE
IMMEDIATELY UPON PROVIDING NOTICE, AND SHALL APPLY TO ALL INFORMATION WE MAINTAIN, USE,
AND DISCLOSE. IF YOU CONTINUE TO USE THE SERVICES FOLLOWING SUCH NOTICE, YOU ARE AGREEING TO THOSE CHANGES.

In case You have any questions or concerns after reading this Privacy Policy, please do not hesitate to
contact Us at admin@belugahealth.com. We appreciate Your feedback. If You do not agree or no longer
agree to the processing of Personal Data as described in this Privacy Policy, You can delete Your account
or request Beluga terminate the processing of your Personal Data by notifying Us by email at
admin@belugahealth.com.

Responsible Entity

Beluga is the controller of Your Personal Data and may process Personal Data in accordance with the
Privacy Policy. If We are processing Personal Data on behalf of a third party that is not an agent or
affiliate of Beluga, the terms of this Privacy Policy do not apply—instead, the terms of that third party’s
privacy policy will apply. You can contact Us with any questions about Our Privacy Policy at
admin@belugahealth.com.

What Personal Data do We collect?

The types of Personal Data We collect are described below.

Demographic Data
We collect demographic information, such as Your name, birth year, gender, phone number, and email
address. Primarily, the collection of Your Personal Data assists us in creating Your account (“User
Account”) if You are a Provider User, which You can use to securely receive the Services. If You are a
Patient User, the collection of Your Personal Data assists us in securely providing you with the Services.

Payment Data
If you make payments via our Services, We may require that You provide to Us Your financial and billing
information, such as billing name and address, credit card number or bank account information.

For Patient Users: Health Data
In addition to demographic information, We will collect information regarding Your health conditions,
allergies, medical history, symptoms, and communications between You and the Provider User providing
healthcare services to You via the Services. We collect this information to provide You with the Services.

Support Data
If You contact Us for support or to lodge a complaint, We may collect technical or other information from
You through log files and other technologies, some of which may qualify as Personal Data. (e.g., Internet
Protocol (“IP”) address). Such information will be used for the purposes of troubleshooting, customer
support, software updates, and improvement of the Services in accordance with this Privacy Policy. Calls
with Beluga may be recorded or monitored for training, quality assurance, customer service, and
reference purposes.

For Provider Users: Device, Telephone, and ISP Data
We use common information-gathering tools, such as log files, cookies, web beacons, and similar
technologies to automatically collect information, which may contain Personal Data, from Your computer
as You navigate Our Services, or interact with emails We have sent You. The information We collect may
include Your IP address (or proxy server), device and application identification numbers, location,
browser type, Internet service provider and/or mobile carrier, the pages and files You viewed, Your
searches, Your operating system and system configuration information, and date/time stamps associated
with Your usage. This information is used to analyze overall trends, to help Us provide and improve Our
Services and to guarantee their security and continued proper functioning.

How will We use Your Personal Data?

We process Your Personal Data for purposes based on legitimate business interests, the fulfillment of
Our Services to You, compliance with Our legal obligations, and/or Your consent. We only use or disclose
Your Personal Data when it is legally mandated or where it is necessary to fulfill the purposes described
herein. Where required by law, We will ask for Your prior consent before using or disclosing Personal
Data.

Specifically, We process Your Personal Data for the following legitimate business purposes:
● To provide You with Our Services.
● To fulfill Our obligations to You under the Terms of Use (for Provider Users);
● To communicate with You about and manage Your User Account (for Provider Users);
● To properly store and track Your data within Our system;
● To respond to lawful requests from public and government authorities, and to comply with
applicable state/federal law, including cooperation with judicial proceedings or court orders;
● To protect Our rights, privacy, safety, or property, and/or that of You or others by providing
proper notices, pursuing available legal remedies, and acting to limit Our damages;
● To handle technical support and other requests from You;
● To enforce and ensure Your compliance with Our Terms of Use or the terms of any other
applicable services agreement We have with You;
● To manage and improve Our operations and the Services, including the development of
additional functionality;
● To manage payment processing;
● To evaluate the quality of service You receive, identify usage trends, and thereby improve Your
user experience;
● To keep Our Services safe and secure for You and for Us;
● To send You information about changes to Our terms, conditions, and policies;
● To allow Us to pursue available remedies or limit the damages that We may sustain; and
● If applicable, to provide access to the authorized Provider User/caregiver (with Your consent), to
enable that individual to monitor Your progress and overall condition and to follow up with You,
as they deem appropriate.

Where is Your Personal Data processed?

Personal Data Beluga collects through the Services will be stored on secure servers in the United States.
Personal Data may be transmitted to third parties, which parties may store or maintain the data on their
secure servers on Our behalf. These third parties are not permitted to transfer Your Personal Data
outside of the United States.

Will We share Your Personal Data with anyone else?

For Patient Users: Yes, with the Provider User with whom You connect via the Services.
We will share information you provide to Us via the Services with the Provider User with whom connect
via the Services. If, at any point, you want to deny access to one or more Provider Users, you can do so
by emailing admin@belugahealth.com.

Yes, with third parties that help us power Our Services
Beluga has a limited number of service providers and other third parties (“Business Partners”) that help
Us run various aspects of Our business. These Business Partners are contractually bound to protect Your
Personal Data and to use it only for the limited purpose(s) for which it is shared with Us. Business
Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data
hosting, IT services, customer service, and payment processing.

Yes, with third parties and the government when legal or enforcement issues arise
We may share Your Personal Data, if reasonable and necessary, to (i) comply with legal processes or
enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in
investigating acts in violation of this Agreement; or (iii) bring legal action against someone who may be
violating the Terms of Use or who may be causing intentional or unintentional injury or interference to
the rights or property of Beluga or any third party, including other users.

Yes, with third parties that provide advisory services
We may share Your Personal Data with Our lawyers, auditors, accountants, or banks when We have a
legitimate business interest in doing so.

Yes, with Payors
We may share Your Personal Data and medical information with payors, including insurance companies
and other reimbursement entities, to facilitate billing, claims processing, and payment for the services
provided. This sharing is conducted in compliance with applicable laws and regulations, such as the
Health Insurance Portability and Accountability Act (HIPAA), to ensure the privacy and security of Your
information. Information shared may include, but is not limited to, medical records, treatment details,
and other data necessary for reimbursement purposes.

Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer,
or other disposition of all or any portion of Beluga’s corporate entity, assets, or stock (including in
connection with any bankruptcy or similar proceedings)
If We share Your Personal Data with a third party other than as provided above, You will be notified at
the time of data collection or transfer, and You will have the option of not permitting the transfer.

How long do We retain Personal Data?

We will retain Your Personal Data for as long as You maintain a User Account or use Our Services and for
the amount of time necessary after the account is closed or Services are terminated, in order to fulfil Our
legal obligations. The exact period of retention will depend on the type of Personal Data, Our contractual
obligation to You, and applicable law. We keep Your Personal Data for as long as necessary to fulfill the
purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate
business purpose outlined herein. At the end of the applicable retention period, We will remove Your
Personal Data from Our databases and will request that Our Business Partners remove Your Personal
Data from their databases. If there is any data that We are unable, for technical reasons, to delete
entirely from Our systems, We will put in place appropriate measures to prevent any further processing
of such data. We retain anonymized data indefinitely.

NOTE: Once We disclose Your Personal Data to third parties, We may not be able to access that Personal
Data any longer and cannot force the deletion or modification of any such information by the parties to
whom We have made those disclosures. Written requests for deletion of Personal Data other than as
described should be directed to admin@belugahealth.com.

For Provider Users: What is Our Cookie Policy?

Cookies are small files that a Web server sends to Your computer or device when You visit a web site that
uses cookies to keep track of Your activity on that site. Cookies hold a small amount of data specific to
that web site, which can later be used to help remember information You enter into the web site (like
Your email or other contact info), preferences selected, and movement within the site. If You return to a
previously visited web site (and Your browser has cookies enabled), the web site sends the small file to
the Web server, which tells it what activity You engaged in the last time You used the web site, and the
server can use the cookie to do things like expedite logging in and retrieving user data and keeping Your
browser session secure.

We use essential cookies to provide user authentication. and other technologies to, among other things,
better serve You with more tailored information, and to facilitate efficient and secure access to the
Services. We only use essential cookies. Essential cookies are those necessary for Us to provide Services
to You.

We may also collect information using pixel tags, Web beacons, clear GIFs or other similar technologies.
These may be used in connection with some Web Portal pages and HTMLformatted email messages to,
among other things, track the actions of users and email recipients, and compile statistics about usage
and response rates.

For Provider Users: How can You “Opt Out” of Cookies?

If You prefer, You can usually choose to set Your browser to remove cookies and reject cookies. If You
enable a do not track (“DNT”) signal or otherwise configure Your browser to prevent Beluga from
collecting any cookies, You will no longer be able to access the Web Portal.

How can You Manage Your Cookies?

Most web browsers let You choose whether to accept cookies. Most also let You delete cookies already
set. The choices available, and the mechanism used, will vary from browser to browser. Such browser
settings are typically found in the “options”, “tools” or “preferences” menu. You may also consult the
browser’s “help” menu. For example:

Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari

There are online tools available for clearing all cookies left behind by the websites you have visited, such
as www.allaboutcookies.org. Usually, deletion of cookies will anonymize the information associated with
the pixel and a website will not receive any further associated information.

How do We protect Your Personal Data?

Beluga is committed to protecting the security and confidentiality of Your Personal Data. We use a
combination of reasonable physical, technical, and administrative security controls to maintain the
security and integrity of Your Personal Data, to protect against any anticipated threats or hazards to the
security or integrity of such information, and to protect against unauthorized access to or use of such
information in Our possession or control that could result in substantial harm or inconvenience to You.
However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100%
secure. As a result, We cannot ensure the security of information You transmit to Us. By using the
Services, You are assuming this risk.

Safeguards
The information collected by Beluga and stored on secure servers, is protected by a combination of
technical, administrative, and physical security safeguards, such as authentication, encryption, backups,
and access controls. If Beluga learns of a security concern, We may attempt to notify You and provide
information on protective steps, if available, through the email address that You have provided to Us or
the phone number you have provided Depending on where You live, You may have a legal right to receive
such notices in writing.

You are solely responsible for protecting information entered or generated via the Services that is stored
on Your device and/or removable device storage. Beluga has no access to or control over Your device’s
security settings, and it is up to You to implement any device-level security features and protections You
feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We
recommend that You take any and all appropriate steps to secure any device that You use to access Our
Services.

NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURIT OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR
PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED DESPITE THE
IMPLEMENTATION OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE
DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US AND YOU TRANSMIT SUCH PERSONAL DATA AT YOUR OWN RISK.

How can You Protect Your Personal Data?

In addition to securing Your device, as discussed above, We will NEVER send You an email requesting
confidential information such as account numbers, usernames, passwords, or social security numbers,
and You should NEVER respond to any email requesting such information. If You receive such an email
purportedly from Beluga, DO NOT RESPOND to the email and DO NOT click on any links and/or open any
attachments in the email, and notify Beluga support at admin@belugahealth.com.

For Provider Users: You are responsible for taking reasonable precautions to protect Your user ID,
password, and other User Account information from disclosure to third parties, and You are not
permitted to circumvent the use of required encryption technologies. You should immediately notify
Beluga at admin@belugahealth.com if You know of or suspect any unauthorized use or disclosure of Your
user ID, password, and/or other User Account information, or any other security concern.

Your rights

You have certain rights relating to Your Personal Data, subject to local data protection laws. These rights
may include:
● to access Your Personal Data held by Us;
● to erase/delete Your Personal Data, to the extent permitted or required by applicable data
protection laws;
● to receive communications related to the processing of Your personal data that are concise,
transparent, intelligible, and easily accessible;
● to restrict the processing of Your Personal Data to the extent permitted by law (while We verify
or investigate Your concerns with this information, for example);
● to object to the further processing of Your Personal Data, including the right to object to
marketing;
● to request that Your Personal Data be transferred to a third party, if possible;
● to receive Your Personal Data in a structured, commonly used, and machine-readable format;
● to lodge a complaint with a supervisory authority;
● to rectify inaccurate Personal Data and, taking into account the purpose of processing the
Personal Data, ensure it is complete; and
● to not be subject to a decision based solely on automated processing, including profiling, which
produces legal effects (“Automated Decision-Making”).

Where the processing of Your Personal Data by Beluga is based on consent, You have the right to
withdraw that consent without detriment at any time or to exercise any of the rights listed above by
emailing Beluga at admin@belugahealth.com.

How can You update, correct, or delete Personal Data?

You can change Your email address and other contact information by contacting
admin@belugahealth.com. If You are a Provider User, and You need to make changes or corrections to
other information, You may change your password within the account settings on the Web Portal
dashboard. Please note that in order to comply with certain requests to limit use of Your Personal Data,
We may need to terminate Your account and/or Your ability to access and use the Services, and You
agree that We will not be liable to You for such termination or for any refunds of prepaid fees paid by
You. You can deactivate Your account or request termination of Services by contacting
admin@belugahealth.com.

Although We will use reasonable efforts to do so, You understand that it may not be technologically
possible to remove from Our systems every record of Your Personal Data. The need to back up Our
systems to protect information from inadvertent loss means a copy of Your Personal Data may exist in a
nonerasable form that will be difficult or impossible for Us to locate or remove.

Can You “OPTOUT” of receiving communications from Us?

We pledge not to market third party services to You without Your consent. We may send emails to You
regarding Your Beluga account and/or services. You can choose to filter these account and services
emails using Your email client settings or, if you are a Patient User, by emailing
admin@belugahealth.com, but We do not provide an option for You to opt out of these emails.

Third Party Links

Our Sites may offer links to other websites which may have information policies and practices different
from ours. We do not control and are not responsible for the privacy policies, practices, or content of any
third-party websites. We encourage you to review the privacy policies of any third-party website prior to
providing them with your Personal Information.

Information submission by minors

We do not knowingly collect Personal Data from individuals under the age of 18 and the Services are not
directed to individuals under the age of 13. We request that these individuals not provide Personal Data
to Us. If We learn that Personal Data from users less than 18 years of age has been collected, We will
deactivate the account and take reasonable measures to promptly delete such data from Our records. If
You are aware of a user under the age of 13 using the Services, please contact Us at
admin@belugahealth.com.

If You are a resident of California, under the age of 18 and have registered for an account with Us, You
may ask Us to remove content or information that You have posted to Our Services

California Residents

California residents may request and obtain from Us, once a year, free of charge, a list of third parties, if
any, to which We disclosed their Personal Data for direct marketing purposes during the preceding
calendar year and the categories of Personal Data shared with those third parties. If You are a California
resident and wish to obtain that information, please submit Your request by sending Us an email at
admin@belugahealth.com with “California Privacy Rights” in the subject line.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request
certain information regarding our disclosure of personal information to third parties for their direct
marketing purposes. To make such a request, please send an email to admin@belugahealth.com with
“California Privacy Rights” in the subject line.

Nevada residents

Nevada residents may contact us to inquire about your right to opt out of the sale of your Personal
Information

Contact Us

If You have any questions about this Privacy Policy, please contact Us by email at
admin@belugahealth.com or please write to: Beluga Health, P.A., 1321 Upland Dr., Suite 18399,
Houston, TX, 77043. Please note that email communications are not always secure; so please do not
include sensitive information in Your emails to Us.