Consumer Health Data Privacy Policy

Last updated: May 18, 2026

This notice supplements the Privacy Policy and applies to personal data defined as “consumer health data” subject to the Washington State My Health My Data Act (MHMDA), the Nevada Health Data Privacy Act (NHDPA), or other applicable state consumer health privacy law.

Consumer Health Data We Collect

As described in the Personal Data We Collect section of the Privacy Policy, the data we collect depends on the context of interactions with us and the choices made (including your privacy settings), the Services you use, your location, and applicable law. Because consumer health data is defined very broadly, many of the categories of data we collect could also be considered consumer health data.

Examples of consumer health data may include:

● Information about health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions).

● Measurements of bodily functions, vital signs, or characteristics, which may also be considered biometric information under the MHMDA, the NHDPA, or other applicable state consumer health privacy law.

● Information entered by users in connection with documenting or managing healthcare services through the Application.

● Information reasonably related to the provision of clinical documentation services through the Application.

Sources of Consumer Health Data

As described further in the How We Collect Personal Data section of the Privacy Policy, we collect personal data (which may include consumer health data) directly from users, from interactions with our Services, and from third parties.

Why We Collect and Use Consumer Health Data

We collect and use consumer health data for the purposes described in the How We Collect Personal Data and Personal Data Collected Through and Use of Automatic Data Collection Technologies and Cookies sections of the Privacy Policy. Primarily, we collect and use consumer health data as reasonably necessary to provide the Services being requested or authorized. This may include delivering and operating the Services and their features, personalization of certain Service features, ensuring the secure and reliable operation of the Services and the systems that support them, troubleshooting and improving the Services, and other essential business operations that support the provision of the Services (such as analyzing our performance, meeting our legal obligations, developing our workforce, and conducting internal product research and improvement using de-identified or aggregated data where appropriate.).

We may use consumer health data for other purposes for which we give choices and/or obtain consent as required by law. See the Choices About How We Use and Disclose Personal Data section of the Privacy Policy and the How to Exercise Your Rights section below for more details on the controls and choices available.

Where consumer health data also constitutes Protected Health Information under HIPAA, such information is processed in accordance with applicable Business Associate Agreements and federal healthcare privacy laws.

Our Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described in the How We Use or Disclose Personal Data section of the Privacy Policy. In particular, we may share personal data, including consumer health data, with consent or as reasonably necessary to complete any transaction or provide any Service requested or authorized, as described above.

For example, we share content with third parties when users tell us to do so. And we may disclose data when we believe that doing so is necessary to comply with applicable law or respond to valid legal processes.

Third Parties With Which We Share Consumer Health Data

As necessary for the purposes described above, we share consumer health data with the following categories of third parties:

● Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and Services may need access to data to provide those functions.

● Business partners, solely where necessary to provide the Services and subject to appropriate contractual safeguards.

● Parties to a corporate transaction. We may disclose consumer health data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.

● Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our Services and operate our business.

● Government agencies. As described in our Privacy Policy, we disclose data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.

● Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.

● We do not sell consumer health data and do not share consumer health data for targeted advertising purposes.

How to Exercise Your Rights

If you are covered by the MHMDA, the NHDPA, or other applicable consumer health privacy law then you may have certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You can request to exercise such rights using the various tools and mechanisms described in the Choices About How We Use and Disclose Personal Data section of the Privacy Policy. For example, depending on the Services used, you can access and make choices about your data through product controls. You can also access and clear some of your data through your web browser. And if you want to access or control consumer health data processed by us that is not available via those tools or directly through the Service you use, you can always contact us at info@inoteaid.com.

If your request to exercise a right is denied, you may appeal that decision by contacting our support team at info@inoteaid.com. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint, the Nevada State Attorney General at https://ag.nv.gov/complaints/file_complaint/, or other regulatory authority as applicable.