# Privacy Policy

_Last Updated: July 28, 2023_

This Privacy Policy describes the information collected through this web site and the services that we provide, including through our mobile application (together, the "Service") and how that information is used and shared. Scarlet Plus, LLC ("Scarlet Plus," "we," "us," or "our"), and its suppliers may collect or receive the types of information described below in connection with your access to and use of the Service, including your account registration on the Service (together, "Collected Information").

By accessing or using the Service, you ("you") agree that you have read and understand this Privacy Policy and that you consent to the collection, use, and sharing of information as discussed below. If you do not agree with this Privacy Policy, do not access or use the Service.

This Privacy Policy is incorporated into and made a part of our Terms of Service. We reserve the right to modify this Privacy Policy at any time. All changes will be effective immediately upon posting to the Service and, by accessing or using the Service after changes are posted, you agree to those changes. Material changes will be conspicuously posted on the Service or otherwise communicated to you.

Information Security

Scarlet Plus does not guarantee that loss, misuse, or alteration of Collected Information will not occur, but we have security measures in place to help protect against the loss, misuse, and alteration of information under our control, including Secure Socket Layers (SSL) technology, which is used to encrypt information passed between your browser and our systems. The storage and communication of information can never be completely secure, so we do not guarantee that communications or other information that you submit or that are otherwise provided to us will be completely secure. If you become aware of any breach of Service security or this Privacy Policy, please notify us. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.

We Collect Information that You or Your Health Care Provider Submit

Scarlet Plus may require some of the following information to best meet your needs through our Service:

- Personally Identifiable Information

- Protected Health Information (PHI)

- Health care provider appointment information

- Account and profile information

- Billing collection and payment information

- Mailing list information

**Personally Identifiable Information.** “Personally Identifiable Information” refers to information that, when used alone or with other relevant data, can identify you. You can visit the Service without sharing personally identifiable information, but you will be required to provide personally identifiable information in order to use certain Service features. We will collect any Personally Identifiable Information from or about you that you choose to provide to us or that may be provided to us through your health care provider, which may include, but is not limited to, your name, email address, mobile telephone number, birthdate, and physical address. Specifically, we collect your Personally Identifiable Information when you use the Service to book appointments with health care providers. If you provide your mobile telephone number to us, you consent to receiving text (SMS) messages from us at that telephone number. We will use your Personally Identifiable Information to process your appointment requests, and to provide you with information and communications that you request or that we believe are relevant or may be of interest to you, subject to applicable laws and the terms of this Privacy Policy. We may also share your Personally Identifiable Information with third parties, including your health care provider and suppliers that we engage to provide services to us in connection with the Service.

**Protected Health Information.** If you use the Service to book an appointment with a health care provider or to otherwise communicate with your health care provider, we will provide some of the information you have provided to Scarlet Plus to the health care provider. Unless specifically stated otherwise, references to "Collected Information" in this Privacy Policy do not include Protected Health Information as that term is defined under the Health Insurance Portability and Accountability Act of 1996 ("PHI") and any regulations promulgated thereunder (together, "HIPAA"). We may also collect information, including but not limited to PHI from your health care provider or other authorized third parties when they submit such information through our Service.

Notwithstanding anything to the contrary elsewhere in this Privacy Policy applying more generally to Collected Information, to the extent we provide information to a health care provider about you, or that a health care provider or other covered entity or their business associate provides to us about you, constitutes PHI, we have implemented safeguards designed to protect your PHI and will only use or disclose it as required or permitted by applicable federal and state laws, including HIPAA, and in accordance with any contractual obligations that we may have with your health care provider. It may be necessary for us to share your PHI with third parties, including suppliers that we engage to provide services in connection with the Service. If we share your PHI with any third party, our policy is to share only the minimum necessary information to enable the third party to provide the services for which we have engaged them in connection with the Service, and we will require that the third party agrees to use and disclose your PHI only as required or permitted by applicable federal and state laws, including HIPAA.

**Health Care Provider Appointment Information.** To search for available appointments with health care providers through the Service you will need to submit your geographic location (or allow us to access your location via your device's location services settings), the reason for your visit, whether you are an adult or a child, and the requested appointment time. To then book an appointment with an available health care provider, you will need to also submit your name, mobile telephone number, birthdate, gender, email address, and possibly other relevant information required to confirm the appointment.

**Billing, Collection and Payment Information.** Some of our partners will provide us billing information when billing patients through our Service. When you make a payment through our Service, your payment card and information is collected and stored by our payment processing partner, such as Stripe ([https://stripe.com](https://stripe.com/)). Our payment processing partner collects your voluntarily provided information necessary to process the payment. Such information is stored and governed by its applicable terms of service and privacy policy.

Other Information We Collect

- Location information

- Data collected by the servers used to operate the Service (e.g., IP addresses)

- Data collected by cookies

- Data collected by analytics services

- Data collected by social media platforms

**IP Addresses and Related Data.** The servers used to operate the Service may collect data pertaining to you and the equipment, software, and communication methods you use to access the Internet and the Service, including Internet protocol ("IP") addresses assigned to your computer, your Internet service provider (ISP), your approximate geographic location, your browser type, the pages you access on the Service, the web sites you access before and after visiting the Service, the length of time you spend on the Service, date and time stamps, and clickstream data. Scarlet Plus may use this information to administer the Service and its servers, to generate statistical information, to monitor and analyze Service traffic and usage patterns, to monitor and prevent fraud, to investigate complaints and violations of our policies, and to improve the Service's content and the products, services, materials, and other content that we describe or make available through the Service. The suppliers that we use to provide the Service may collect information about your visits to the Service and other web sites.

**Cookies.** The Service automatically uses cookies to track Service use and to facilitate and enhance the user experience on the Service. "Cookies" are small pieces of information that are stored on your computer's hard drive by your browser. The Service may use both cookies that we implement and cookies implemented by our suppliers and other third parties. We use cookies to track how you access and use the Service, to learn when and how users visit the Service, to learn how popular Service pages are and aren't, to learn which search terms are used to find the Service, and to learn which web sites direct you to the Service. We also use cookies to help display certain information on the Service and to improve your enjoyment of the Service, for example, by remembering your contact and other information when you access or use the Service. Most browsers automatically accept cookies. You can disable this function through your browser settings, but disabling cookies may impact your use and enjoyment of the Service. Our Service suppliers may use cookies and other tracking technologies to track Service visitors across the Internet to understand how you get to the Service. Please note that our Service is not presently configured to respond to "do not track" requests.

**Advertising Networks and Personalized Advertising.** The Service uses Google AdWords, an online advertising service provided by Google Inc., to collect information about your visits to and interactions with the Service and other web sites. Google Inc. will use this information to target advertisements for goods and services. These targeted advertisements may appear on the Service or on other web sites. The information is collected through the use of a "pixel tag," which is industry-standard technology. To opt out of remarketing advertising provided through Google or to customize your ad preferences, visit Google's Ad Settings page at http://www.google.com/settings/ads. Opting out will not affect your use of the Service. The Service also uses Facebook tracking technologies such as cookies, pixels, web beacons and other storage technologies to provide measurement services to us and target advertisements.

**Analytics.** The Service uses third-party analytics tools to collect information about your use of the Service, which information your web browser automatically sends to those analytics providers. This information includes the URLs of the web sites that you visit and your IP address. Our analytics providers may also set cookies or read preexisting cookies. This information is stored on those analytics providers' servers. Our analytics providers use this information to provide us with reports about Service traffic and your visits to the Service (for example, the domain from which you access the Internet, the web address of the web site from which you linked to the Service, and the date and time of your visit to the web sites that you view and click through). We will use this data to improve the Service's structure and content.

Though the tools that we use may change from time to time, here is an example of the analytics providers we engage:

- **Google**, via Google Analytics, may use this data in accordance with its Privacy Policy, which is located at [http://www.google.com/policies/privacy](http://www.google.com/policies/privacy). For more information on how Google uses your data, visit [http://www.google.com/policies/privacy/partners](http://www.google.com/policies/privacy/partners). You may opt out of our use of certain analytics tools. You may opt out of our use of Google Analytics by visiting the Google Analytics opt-out web site at [http://tools.google.com/dlpage/gaoptout](http://tools.google.com/dlpage/gaoptout) and installing the Google Analytics Opt-Out Browser Add-On.

- **Segment/Twilio** uses data and share data in accordance with its Privacy Policy [https://segment.com/docs/legal/privacy/](https://segment.com/docs/legal/privacy/).

Please remember that you will need to opt out for each browser you use. Opting out and otherwise refusing cookies will also limit the collection of analytics data from your use of the Service.

How We Use and Share Collected Information

In addition to the uses described above, Scarlet Plus and its suppliers may use and share Collected Information as described below. We will not sell, rent, use, or share Collected Information except as disclosed in this Privacy Policy or as permitted by applicable law and subject to any contractual obligations Scarlet Plus may have with healthcare providers and subcontractors.

- We share Collected Information with the health care providers with which you book appointments.

- We use Collected Information for the purpose for which it was collected.

- We use Collected Information to send you text messages.

- We use Collected Information to communicate with you.

- We use Collected Information to evaluate and improve the Service.

- We use and share Collected Information in connection with legal proceedings and to protect our rights.

- We share Collected Information with the suppliers that provide us with services in connection with the Service.

- We aggregate Collected Information to create anonymous data on Service users.

- We share Collected Information if Scarlet Plus undergoes a change in control.

**Sharing Collected Information with Health Care Providers.** We will share Collected Information with the health care providers with whom you book appointments through the Service only in accordance with any contractual obligations we have in place with the health care providers, our privacy and confidentiality policies, and any applicable federal and state laws designed to safeguard your privacy, including, but not limited to, HIPAA to the extent applicable. In addition, we collect and disclose only the minimum necessary information to accomplish the intended purpose for which you have provided your information to us.

**Public Information and Submissions.** If you consent to having your review and/or feedback of a provider to be publicly displayed on Scarlet Plus, then you agree that any information that you may reveal in a review and/or feedback posting is intended for the public and is not in any way private. You are encouraged not to disclose any Personally Identifiable Information or PHI in any public posting or forum. Your submissions may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.

**Purpose Collected.** We will use your Personally Identifiable Information for the purpose for which you have provided it to us, including to process requests for health care provider appointments, to communicate with you in connection with those appointment requests (e.g., to send you appointment updates via email and/or text message), and to provide you with information and communications that you request.

**Text and Email messages.** We may use Collected Information to send you messages through text and/or email in connection with providing our Service to you. We may also send text and emails messages to you through our Service on behalf of health care providers that use our Service.

**Communication with You.** We may use Collected Information to notify you of changes made to the Service (for example, changes to our Terms of Service and this Privacy Policy) and, if you sign up or otherwise opt in to receive promotions from us, to send you promotional materials and other communications as set forth above.

**Service Evaluation and Improvement.** We may use Collected Information: to analyze, develop, and improve the content, materials, products, and services that we make available through the Service and the Service's functionality; to inform marketing and communication plans and strategies; to evaluate user needs and customize Service content, promotional emails, and your browsing experience; and for other legitimate and lawful business purposes.

**Security and Protection of Rights.** Scarlet Plus will use Collected Information and share it with third parties if we believe doing so is necessary to operate the Service or to protect our rights or the rights of others, including disclosing information necessary to identify, contact, or bring legal action in the event of a violation of our contracts, terms, or policies, but we will do so only in accordance with applicable federal and state laws and any contracts we have with health care providers and subcontractors, if such contracts are applicable to such disclosure.

**Sharing Collected Information with Our Suppliers.** We may share Collected Information with our Service management and hosting suppliers, payment processors, marketing and public relations service providers, email service suppliers, text message service providers, and other suppliers as necessary for us to provide the Service and our products and services to you and as may otherwise be permitted by applicable law and in accordance with any contractual obligations we have in place with health care providers and subcontractors, to the extent such information is covered by the contractual obligations, which includes suppliers that we may engage to provide services in connection with the Service. We require our suppliers to comply with all applicable data privacy laws and regulations. Our suppliers are authorized to and may use Collected Information as necessary for them to provide the applicable services to us. If it is necessary for us to share your PHI with any supplier, our policy is to share only the minimum necessary information to enable the supplier to provide the services for which we have engaged them in connection with the Service, and we will require that the supplier agrees to use and disclose your PHI only as required or permitted by applicable federal and state laws, including HIPAA to the extent applicable.

**Aggregate Data.** We may use your Personally Identifiable Information and other Collected Information to create anonymous aggregate data on Service users, which describes users as a group but does not reveal the identity of individual users. We may use aggregate data to understand Service users' needs, to determine Service user demographics and usage patterns, to determine what kinds of products and services we can provide, and to improve and enrich our products, services, and the Service.

**Business Transactions.** All Collected Information is exclusively the property of Scarlet Plus but, if Scarlet Plus undergoes a change in control, acquisition, merger, reorganization, or asset sale, all information owned by or in the control of Scarlet Plus may be transferred or sold to the successor of the transaction. That successor will be bound by this Privacy Policy as it applies to that information, subject to changes and update per the terms hereof.

Data Storage:

At Scarlet Plus, we have a strict data retention policy. We do not retain any patient data on our servers after successful transmission to the practices. Once the data is delivered securely, we promptly delete all copies from our systems.

However, as part of the HIPAA compliant email service and SMS messaging system, copies of the communication containing patient data may be stored on Paubox servers and SMS provider servers, respectively. Rest assured, Paubox and our SMS provider also comply with strict privacy standards and safeguards to protect your information.

For more information about Paubox's security measures and privacy practices, you can review their Security Information and Privacy Policy by following the links below:

- Paubox Security Information: [Link to Paubox Security Information]

- Paubox Privacy Policy: [Link to Paubox Privacy Policy]

Use of Patient Data:

We respect the privacy of your personal information and strictly adhere to the principle of using your data solely for the intended purpose. The patient data collected through the forms, email, and SMS is used exclusively for the efficient scheduling and management of your appointments at the practices.

We do not use your data for any other purposes, such as marketing, promotions, or unrelated services. Your information remains confidential and is used only to facilitate the appointment process as per your request.

Access from Outside the United States

Scarlet Plus’s Service is not intended for and is not directed to residents outside of the United States, including residents of the European Union. Users residing outside of the United States and or accessing the site from outside of the United States, acknowledge and consent to, by doing so, that their information will be stored and processed outside of their country of residence or country from where they access the service and subject to privacy laws that may be different than their country of residence or the local country from which they access the service. The data protection and related laws and regulations of the United States might not be as comprehensive as those of other countries.

Notice to California Residents

California residents are entitled to specific disclosures and rights with respect to their Personal Information. Please review our California Privacy Notice for more information.

Notice to Residents of Nevada

We do not sell any Personally Identifiable Information we collect to any third parties, as “sell” is defined by Nevada privacy laws. If we were to do so in the future, we will update this Policy, and provide Nevada residents with the opportunity to opt-out of the sale of their Personal Information.

Notice to Residents of Other U.S. States

You may live in a state that grants you rights with respect to the Personally Identifiable Information we maintain about you. Those rights may include the following:

- To access your Personally Identifiable Information.

- To correct inaccuracies in your Personally Identifiable Information.

- To delete your Personally Identifiable Information that we have obtained. To receive a copy of your Personally Identifiable Information in a portable and readily usable format.

- To opt in to certain processing activities involving your sensitive Personally Identifiable Information

- To opt out of the processing of your Personally Identifiable Information for purposes of (i) targeted advertising or (ii) automated decision-making or profiling in furtherance of decisions that produce a legal or similarly significant effect on you.

If you reside in a state where we are required to comply with these privacy rights, we will take steps to honor them subject to any applicable exemptions. You may have the right to appeal our decision if we deny your rights request. To determine whether you have any of these rights, request to exercise your rights, or to submit an appeal, contact us at: info@scarletplus.com. If you choose to exercise any of these rights, Scarlet Plus will not discriminate against you in anyway.

Colorado residents are entitled to certain rights listed above.

Contact Us

If you have any questions or concerns regarding this Privacy Policy, contact us by email at info@scarletplus.com.

# California Privacy Notice

_Last Updated: July 19, 2023_

This supplemental privacy notice for California residents describes how Scarlet Plus handles your Personal Information as required under the California Consumer Privacy Act (“CCPA”). For purposes of this supplemental notice, “Personal Information” may be broader than Personally Identifiable Information and means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Personal Information Processing Disclosures

In the preceding 12 months, we may have collected the following categories of Personal Information about you:

- **Identifiers**, such as your name, email address, phone number, IP address, account login information, IP address, and other device identifiers.

- **Protected class and demographic information**, such as age, date of birth, sex, gender, national origin, citizenship, race, marital status, sexual orientation, medical condition, genetic information, and information about your health and/or disability status, including pregnancy information.

- **Professional or employer-related information**, such as your business name, job title, office location and other information related to your business.

- **Commercial information**, such as information about Services purchased or obtained, and considered and Service history and tendencies.

- **Geolocation data**, such as physical location or device location, including zip code and Global Position System (“GPS”) data.

- **Internet or other electronic network activity information**, such as interactions regarding your interaction with our Service, usage information, crash data, device performance characteristics and hardware information, battery status, and WiFi network information.

- **Biometric information**, such as physiological, biological, and behavioral characterizes, and genetic and health information.

- **Audio, electronic, visual, or other sensory information**, such as audio records, videos, images, and photographs.

- **Inferences** drawn from the information we collect about you to create a profile about you reflecting your preferences, behaviors, and characteristics.

Some of the data we collect may be considered **sensitive personal information**, including your log-in name and password that you use to access your user account on the Services, precise geolocation, racial or ethnic origin, and health and genetic data.

We collect your Personal Information from the following sources:

- Directly from you

- Automatically through data collection technologies deployed on our website

- Third parties, such as your healthcare provider, health insurance companies, suppliers, and ad partners

We use and disclose Personal Information for the business and commercial purposes detailed, respectively, in the sections above. We only use and disclose your sensitive personal information for the following purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; or (vii) verifying or maintaining the quality or safety of a service or device.

We disclose your Personal Information as follows:

- We may share your identifiers, contact information, and commercial information to healthcare providers to book appointments and facilitate our Service to you.

- We may share all categories of your Personal Information with:

    - Companies that provide services to us, such as for hosting, marketing and communication services, and payment processing.

    - Our parent and affiliate companies.

    - Third parties to comply with law or a legal process when we, in good faith, believe that disclosure is necessary or appropriate to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request

- We do not sell Personal Information, including the Personal Information of minors under age 16. When interacting with our Service as a general user (e.g., not when you are logged in), we do share Personal Information with third parties for targeted advertising purposes.