AI Glow Track, LLC ("AIGlowTrack", "we", "our", or "us") respects your privacy and is committed to protecting it through our compliance with this Privacy Notice ("Notice"). We are committed to being transparent in our handling and processing of Personal Information in accordance with applicable privacy and data protection laws. This Privacy Notice and our WMHMD Notice are incorporated into our Terms of Service, which are available at https://www.aiglowtrack.com/privacy.

This Notice applies to you ("you" or "your") and anyone who accesses or uses our Services through https://www.aiglowtrack.com (our "Website(s)"), software, platforms, and mobile application ("App") (collectively, the "Services"), whether as a guest or registered user ("User(s)"). Users include: (i) individual consumers who self-register on the Services, and (ii) individuals who use the Services in connection with seeking or receiving medical care from a licensed medical professional ("Healthcare Provider(s)").

Please read this Notice carefully to understand how we collect, use, maintain, protect, and disclose your Personal Information (as defined below). If you do not agree with our terms, your choice is not to use our Services. By accessing or using this Website, you agree to this Privacy Notice.

This Notice may change from time to time (see Changes to Our Privacy Notice). Your continued access of our Services after we make changes is deemed to be acceptance of those changes, so please check the Last Modified Date at the top of this Notice, to ensure that you are viewing the most current version of this Notice.

Certain demographic, health and/or health-related information that AIGlowTrack collects about Users on behalf of the licensed medical professions that we partner with ("Healthcare Provider(s)") as part of providing the Services may be protected health information ("Protected Health Information" or "PHI") governed by the Health Insurance Portability and Accountability Act ("HIPAA"). Specifically, this may be true when (i) AIGlowTrack is providing administrative, operational, or other services to a Healthcare Provider that is a "Covered Entity" (as defined by HIPAA); and (ii) in order to provide those services, AIGlowTrack receives identifiable information about a User on behalf of the Healthcare Provider, where AIGlowTrack is acting as a "Business Associate" (as defined by HIPAA); and (iii) this identifiable information is regulated as PHI.

When you use AIGlowTrack directly (for example, by uploading your own photos or tracking your treatments), your health information is not subject to HIPAA because AIGlowTrack is not a Covered Entity or Business Associate. Even though HIPAA doesn't apply, we still take strong steps to protect your privacy and keep your information secure, as outlined in this Privacy Notice.

If you are using AIGlowTrack through your Healthcare Provider, your information may be protected by HIPAA as PHI. For Healthcare Provider-directed use, we act as a Business Associate under a signed Business Associate Agreement (BAA), ensuring HIPAA compliance with data encryption (AES-256, TLS 1.3). With respect to any PHI in our possession, you have certain rights under HIPAA as described in the Notice of Privacy Practices provided to you by your Healthcare Provider. Please refer to the applicable Notice of Privacy Practices of your Healthcare Provider for more information, including rights to access, amend, or request restrictions on PHI.

Personal information generally means information that identifies (whether directly or indirectly) a particular individual, such as the individual's name, postal address, email address, and telephone number ("Personal Information"). We collect several types of Personal Information, such as Contact Information when you sign up for an account ("Account") or Aesthetic Information when you log treatments.

Other types of information we collect is information related to how you use our platform, which helps us improve our Services. We generally use Personal Information that we collect about you or that you provide to us to provide you with our Services.

You expressly consent to receiving communications from AIGlowTrack through the information you provided to us. Please review our Terms of Service for more information about our user guidelines. For more information on how to access and control your communication preferences, please see YOUR RIGHTS and the YOUR CHOICES REGARDING YOUR INFORMATION sections below.

When you provide us with information in connection with a particular activity or otherwise sign up for or order our products and Services or provide your contact information to us, including your email address or telephone number in connection with that activity, product or service, you agree that such action constitutes a purchase or inquiry establishing a business relationship with us.

The following table describes the Personal Information we collect from you or on your behalf when you use our Services.

As you navigate through and interact with our Services, we and our third-party service providers may automatically collect certain information from you whenever you access or interact with the Services. We may combine this automatically collected log information with other information we collect about you. We do this to improve Services we offer you, analytics, and site functionality.

This information is automatically collected when you visit our Services.

We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies ("Tracking Technologies") to automatically collect information through our Services. Tracking Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us to record certain pieces of information whenever you visit or interact with our Site and Services. Depending on the specific Tracking Technology, we, our online data partners, or vendors may use Tracking Technologies to associate these activities with other Personal Information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles.

We may share information we receive about you as follows or as otherwise described in this Privacy Notice. When we disclose Personal Information, the recipient is required to keep that Personal Information confidential, secure and process the Personal Information only for the specific purpose for which they are engaged:

• With Healthcare Providers: We will share your Personal Information, including your Aesthetic Information and Face Data, with Healthcare Providers for the purposes of facilitating treatment and providing you with the Services you have requested. PHI disclosure with Healthcare Providers is governed by a BAA.
• With Patients: If you are a Healthcare Provider with a registered account on the Services, we will share your Personal Information with Users who are patients to facilitate the patient provider relationship.
• Service Providers: We employ the following third-party companies to provide Services on our behalf, to perform Services-related operations such as website maintenance, database management, web analytics, payment processing, or fraud detection:
  • Supabase Inc: Database and backend infrastructure provider. Privacy policy available at: https://supabase.com/privacy
  • Amazon Web Services, Inc.: Provider of on-demand cloud computing. Privacy policy available at: https://aws.amazon.com/privacy/
  • Kesty AI: AI provider used for facial analysis and processing Face Data.
  • Google LLC: Provider of location services for finding and connecting Providers with Patients. Privacy policy available at: https://policies.google.com/privacy?hl=en-US
  • Stripe, Inc.: Payment processor for collecting payments for our Services. Privacy policy available at: https://stripe.com/privacy
  • Twilio, Inc.: Communication platform for SMS messaging. Privacy policy available at: https://www.twilio.com/en-us/legal/privacy
  • Go High Level UK Ltd: E-mail marketing provider. Privacy policy available at: https://www.gohighlevel.com/privacy-policy
• Our Advertising Partners: As described above (see "Tracking Technologies") we partner with third party advertisers to display advertising on the Website. Our ad network partners use cookies and web beacons to collect user information about your activities on the Website and other websites to provide you targeted advertising based upon your interests.
• Corporate Transactions: We may sell, transfer, or otherwise share some or all of our assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets (including, in each case, as part of the due-diligence process with any potential acquiring entity) or in the event of bankruptcy.
• If Required by Law: We will share Personal Information with government agencies as required by law in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Terms of Service; (ii) to respond to claims, legal process (including subpoenas); (iii) to protect our property, rights, and safety and the property, rights, and safety of a third-party, our users, or the public in general; (iv) to stop any activity that we consider illegal, unethical or legally actionable activity; and (v) as required in accordance with applicable local, state, or federal laws.
• With your Consent: You may submit Personal Information to us through a form on the Services and consent to receive communication from us or our business affiliates and non-affiliates based on the information in the form. You may also choose to leave us a review via the Website, or through our business affiliates and non-affiliates based on your use of the Services.

You have several ways to exercise control over your information:

• Account Settings: Registered Users may access, update, and delete their Personal Information by accessing their Account settings. Registered Users may also update their choices regarding the types of communications they receive from us through the online Account settings.
• Device Settings: Registered users may also manage the privacy and visibility of their Personal Information through their device's system settings on Apple (iOS) or Android.
• E-Mail: You may opt-out of receiving marketing emails from us by following the opt-out instructions provided in those emails. Please note that we reserve the right to send you certain communications relating to your Account or use of the Services (for example, administrative and service announcements) via email and other means and these transactional account messages may be unaffected if you opt-out from receiving marketing communications.
• Providing Consent: You may choose whether to receive from us offers and promotions for our products and services, the products or services of third parties, or products and services that we think may be of interest to you, by providing your consent (for example, by clicking an unticked checkbox).
• Contact Us: You may contact us to access, update or delete your personal information by contacting us at: privacy@aiglowtrack.com.

Please be aware that if you do not allow us to collect Personal Information from you, we may not be able to deliver certain experiences, products, or services to you, and some of our Services may not be able to take account of your interests and preferences.

Message and data rates may apply. You can opt out at any time by texting STOP to our messages or updating your notification preferences in your account settings.

SMS consent and phone numbers will never be shared with third parties or affiliates for marketing purposes. SMS opt-in data and phone numbers are used only to deliver transactional messages in connection with our platform.

Depending on where you are located, you may have certain rights regarding your Personal Information (also known as "personal data" under applicable data protection laws). Residents of certain jurisdictions may access, correct, update or delete your Personal Information; object to our processing of this information, ask us to restrict our processing of your Personal Information, or request portability of your Personal Information. Please see YOUR RIGHTS REGARDING YOUR INFORMATION and the YOUR CHOICES REGARDING YOUR INFORMATION sections of this Notice to learn more about exercising your rights.

Upon request AIGlowTrack will provide you with information about whether we hold any of your Personal Information. You are responsible for maintaining the accuracy of the information you submit to us, such as your Contact Information. You may access, correct, or request deletion of your Personal Information by making updates to that information in your Account settings or by contacting AIGlowTrack. If you request to access all Personal Information you've submitted, we will respond to your request to access within the time period required by applicable law.

We will use commercially reasonable efforts to honor your requests for deletion; however, certain residual information may actively persist on the Services even if you close your account. In addition, the rights described above may be limited, for example, if fulfilling your request would reveal Personal Information about another person, or if you ask us to delete information, we are required by law to keep or have compelling legitimate interests in keeping (such as for fraud prevention purposes). Your Personal Information may remain in our archives and information you update or delete, or information within a closed account, may persist internally for our administrative purposes, to the extent permitted by law.

Please note that our Services require a minimum amount of Personal Information in order to function. Individuals who do not provide Personal Information (e.g., by not filling out a profile) may not be able to access the full functionality of features found on the Services.

If you are a California resident, the California Consumer Privacy Act ("CCPA") and California Consumer Privacy Rights Act, amending the CCPA ("CPRA") (collectively the CCPA and CPRA are the "California Privacy Laws") provide you with additional privacy rights with respect to our collection, use and disclosure of your Personal Information, including:

• The right to know what Personal information we have collected and how we have used and disclosed that Personal Information in the 12-month period preceding your request.
  • We collected the following categories of Personal Information in the last 12 months: identifiers/contact information, customer records information, characteristics of protected classifications under California or federal law, payment card information associated with you, commercial information, customer records information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above.
• The sources of Personal Information from whom we collected are directly from users, analytics tools, social networks, and third-party services that update or supplement information we hold about you.
  • Please see the above section within this Notice titled INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT to see the full list of categories of Personal Information we have collected about you.
  • Please see the above sections YOUR RIGHTS and the YOUR CHOICES REGARDING YOUR INFORMATION sections of this Notice to see applicable business or commercial uses and disclosures of your Personal Information.
• The right to request deletion of your Personal Information.
• The right to be free from discrimination related to the exercise of any of your privacy rights.
• The right to opt out of the sale of your Personal Information, and to request information about whether we have sold your Personal Information in the past 12 months.
  • Pursuant to the definitions of "sale", under California Privacy Laws, we do not "sell" and have not "sold" Personal Information in the previous 12 months.
• The right to correct inaccurate Personal Information.
• The right to limit the use and disclosure of Sensitive Personal Information.
• The right to access information related to and opt-out of the use of automated decision-making technology.

For more information on how to exercise any applicable rights you may have under California Privacy Laws, please contact us at privacy@aiglowtrack.com. Please note that we may require you to verify your credentials, by matching your e-mail address, or other account information to the information in our systems, before you can submit a request to exercise any of these rights. If you authorize another person to act as your agent to submit requests on your behalf, then unless you provide the agent with power of attorney under the California Probate Code, we will ask the agent to provide us the written and signed authorization that you provided to the agent, we will confirm with you that you did provide the authorization, and we will verify your identity.

Our mobile apps interact with your camera roll only if you add a profile image to a profile in our mobile apps. Our mobile apps access, collect, use, and share your information (images and uploaded health files,) as stated above in the section titled, "WHAT INFORMATION IS COLLECTED AND HOW THAT INFORMATION IS COLLECTED AND USED." We also prominently highlight these uses, describe the type of data being accessed, and obtain your permission for these purposes as you use our mobile apps.

Our mobile apps only provide a technical mechanism for you to share Personal Information, including PHI, with your Healthcare Providers as a function of the patient and healthcare provider relationship.

Although we take precautions intended to help protect information that we process, no system or electronic data transmission is completely secure. Any transmission of your personal data is at your own risk, and we expect that you will use appropriate security measures to protect your personal information.

You are responsible for maintaining the security of your account and the information in your account. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security.

Unless you request that we delete certain information (see YOUR RIGHTS REGARDING YOUR INFORMATION and the YOUR CHOICES REGARDING YOUR INFORMATION), we will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

1. The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using the Website);
2. Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
3. Whether retention is advisable; and considering our legal position (such as, for statutes of limitations, litigation or regulatory investigations). For example, under HIPAA we may be required to retain certain PHI for six years unless we receive a request to delete the data.