Privacy Policy

Last Updated: September 3, 2025

Introduction

At Adley Health Inc. (“Adley Health” or the “Company”), the operator of Adley Health and related websites, applications, services and mobile applications, we are committed to protecting your privacy. It is our policy to respect the confidentiality of information and the privacy of individuals and organizations that engage in our services. This document describes the privacy policy for our website, application and services owned and operated by the Company (collectively, the “Services”).

Policy Overview

This policy explains how we collect personal information, the treatment of personal information that we collect when you are on our websites, and when you use our Services, and the use and disclosure of that information. This policy also applies to the Company’s treatment of any personal information. By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the ways described herein. If you use the Services on behalf of someone else, you represent that you are authorized by such individual to accept this Privacy Policy on the individual’s behalf.

This policy is provided to:

  • Protect the security and confidentiality of protected information;
  • Protect against anticipated threats or hazards to the security or integrity of such information; and
  • Protect against unauthorized access to or use of Protected Information that could result in substantial harm or inconvenience to any customer.

This policy also provides for mechanisms to:

  • Identify and assess the risks that may threaten protected information maintained by the Company;
  • Designate employees responsible for coordinating the program;
  • Design and implement a safeguards program;
  • Manage the selection of appropriate service providers;
  • Adjust the plan to reflect changes in technology, the sensitivity of protected information, and internal or external threats to information security; and
  • Reference related policies, standards, and guidelines.

Identification and Assessment of Risks

Company recognizes that it has both internal and external risks.   These risks include, but are not limited to:

  • Unauthorized access of protected information by someone other than the owner of the covered data and information;
  • Compromised system security as a result of system access by an unauthorized person;
  • Interception of data during transmission;
  • Loss of data integrity;
  • Physical loss of data in a disaster;
  • Errors introduced into the system;
  • Corruption of data or systems;
  • Unauthorized access of covered data and information by employees;
  • Unauthorized requests for covered data and information;
  • Unauthorized access through hardcopy files or reports; and
  • Unauthorized transfer of covered data and information through third parties.

The Company recognizes that this may not be a complete list of the risks associated with the protection of protected information.  Since technology growth is not static, new risks are created regularly. Accordingly, the Company will actively monitor for new risks.  The Company believes the current safeguards in place are reasonable and, in light of current risk assessments are sufficient to provide security and confidentiality to protected information maintained by the Company.

Personal Information Collection

Data input is voluntary and is associated with accounts that are accessible only after a user accepts our terms and conditions or signs up for the Services. It is the Company’s usual practice to collect this personal information directly from you through the use of the Services. In addition, the Company may receive personal information about you through the use of third party vendors utilized by you for Services.

Express Consent

You acknowledge that if you use our Services, such use constitutes your express consent to our use of your personal information in accordance with this policy as amended from time to time, including the receipt of communications in connection with such services in accordance with all applicable laws.

Information Types

Personal information that we collect, and hold is information that is reasonably necessary for the proper performance of our Services and technology platforms. We collect the following types of information based on the entity, individual or service:

  • Contact details, including personal identifiers;
  • Online identifiers such as IP address;
  • Certain demographic data, such as your gender and date of birth;
  • Health information, including medical history;
  • Communications with the Company;
  • Billing and invoicing details; and
  • Historical notes, and notes typical of customer service.
The Company does not use sensitive information, such as health information, for any purpose. This Privacy Policy does not apply to personal health information, which is instead regulated by the Health Insurance Portability and Accountability Act (“HIPPA”). HIPPA provides specific protections for the privacy and security of such information and restrictions how the same is used and disclosed.

Protected Information

Protected information shall include, but is not limited to, any of the following categories of information and data:

  • A user name or e-mail address in combination with a password or security question and answer that would permit access to an online account; or
  • “Personal information” in combination with any one or more of the following unencrypted data elements:
    • social security number;
    • driver’s license number or non-driver identification card number;
    • account number, credit or debit card number, in combination with a security code, access code, password or other information that would permit access to an individual’s financial account;
    • account number, credit or debit card number, if circumstances exist wherein such number could be used to access an individual’s financial account without additional identifying information, security code, access code, or password; or
    • biometric information, meaning data generated by electronic measurements of an individual’s unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical representation or digital representation of biometric data which are used to authenticate or ascertain the individual’s identity.

“Personal Information” shall mean “any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.”

Collection

The Personal Information that you submit to the Company will be used internally, and for the benefit of other third parties associated with the Company who might require access to your personal information, as applicable:

  • when you complete any application forms or provide any other information in connection with the Services;
  • via any third parties;
  • as a result of any complaint or other information from or about you; or
  • or when you provide us with any additional information about you. Photos and Images:  We may also receive Personal Information from trusted third parties. We may ask to see scanned photographic ID, including a passport or other relevant documentation where we need to verify your identity.

Photos and Images

We may also receive Personal Information from trusted third parties. We may ask to see scanned photographic ID, including a passport or other relevant documentation where we need to verify your identity.

Use of Information & Information We Share

The Company may use Personal Information collected differently depending on whether you are an entity or individual and based on the type of service to be provided as follow:

  • creating and managing your account;
  • perform client and business relationship management;
  • support the Services that we deliver to you;
  • facilitate marketing services to you;
  • provide support of the function of our technology platforms;
  • statutory compliance requirements;
  • to administer, protect and improve our website, application and our systems;
  • to better understand the preferences of our website visitors;
  • to compile aggregated statistics about our website usage; or
  • respond to a request that you sent us.

In addition, each of the above referenced categories of Personal Information may be collected, used, and disclosed with the government, including law enforcement, or other parties to meet certain legal requirements and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, the Company or another party; enforcing any agreements with you; responding to claims that any posting or other content violates third-party rights; and resolving disputes.

Direct Marketing

We may use information you provide us to contact you about our Services that we believe may be of benefit to you. You explicitly agree to receive communications from the Company in connection with such Services in accordance with all applicable laws. We will never sell your information to any third parties for marketing purposes. We comply with the requirements of anti-spam legislation and will give you the option of unsubscribing to email that is not essential to perform our intended business purpose.

How Personal Information is Stored & Security Measures

Personal information is held in our technology platforms until the time it is no longer needed for any purpose for which it may be used or disclosed. At this point it will be anonymized or destroyed, provided that it is lawful for us to do so. We take a range of measures to protect your Personal Information from:

  • misuse, interference and loss;
  • and unauthorized access, modification or disclosure.

Information Security

We adopt a number of procedures to protect the information that we hold from unauthorized access, including but not limited to:

  • Staff training;
  • Password protection policy for all Company information technology services;
  • Restricting access to information on a “need to know” basis;
  • Policies and procedures to secure information on Company infrastructure including mobile devices such as laptops and smart phones; and
  • Culling procedures including data deletion/data anonymizing, physical shredding and secure document disposal.

Information Transfer, Data Storage, and Hosting

All privacy data related to the services Company is hosted and managed by: [ENTITY].  All data will be hosted by [ENTITY].

Disclosure of Information

Your Personal Information may be disclosed to employees, clients and licensees of the Company and trusted third parties include those in countries that we provide services to, regarding possible work placements or to assist us in providing our services to you, professional associations or registration body that have a legitimate interest in the disclosure of your personal and sensitive information and any person with a lawful entitlement to obtain the information.

We will also send information about you to other companies or people when we:

  • have your consent to share the information;
  • need to share your information to provide the product or service you have requested;
  • need to send the information to companies who work on behalf of the Company to provide a product or service to you (unless we tell you differently, these companies do not have any right to use the Personal Information we provide to them beyond what is necessary to assist us);
  • third party payment processors to collect payment information necessary to process your payment;
  • hosting, technology and communications providers to perform operational services;
  • healthcare providers with whom you choose to share information with;
  • health information exchanges to make your information more securely and easily accessible to your healthcare providers;
  • respond to subpoenas, court orders or legal process; or
  • find that your actions on our web sites violate the above terms of service, or any of our usage guidelines for specific products or services.

Failure to Provide Personal Information

If you do not give us the information we seek we may be limited in our ability to assist you.

Correction

The Company may take such steps to make appropriate corrections, deletions and additions, in the circumstances that are reasonable to ensure that Personal Information is accurate, up to date and not misleading. If you have created a profile with the Company via our Services, you are able to review and edit your Personal Information at any time by logging into your account and reviewing your profile. You can delete your Personal Information or close your account via the prompts on our website. If you do choose to close your account with the Company, we may retain Personal Information from your account as and where required by law.

Access Policy

If you wish to obtain access to your Personal Information you should contact us via this form[ADD HYPERLINK].

You will need to be in a position to verify your identity.

Control and Persistence of Your Private and Non Private Data

For your convenience, we will retain your information for as long as eight years after the last time that you were an active member of the Company’s Services. The Company will securely dispose of any information that is beyond our retention policy, or that is no longer required. Where required by applicable law, we will notify you when such information has been disposed of. Pursuant to data privacy laws, you may have the right to have your information removed from our systems, entirely. You may do so by using our data privacy form [ADD HYPERLINK] .

Your Rights

You have the right to withdraw your consent at any time or to access and request that we rectify or remove your Personal Information from our system(s). Local laws may give you additional rights, such as the right to request the information in your file, in a commonly readable format, at any time.

If you need assistance accessing, updating, correcting or removing your Personal Information from our System, or if you no longer desire our services, please complete this form[ADD HYPERLINK]. Please note that we will request proof of identity prior to acting on any request. In certain circumstances (for example where required or permitted by law) we might not be able to provide you with access to some of your Personal Information, but where appropriate, we will notify you of the reasons for this.

Links

Please be aware that our Services may contain links to third-party websites. This Policy applies solely to information collected through our Services. If you land on our website from other websites (or move to other sites from our website) you should read their separate privacy policies.

Cookies and Analytics

Cookies are text files containing small amounts of information which may be downloaded to your computer or mobile device when you visit a website. We use cookies and analytics tools to help deliver our online services, identify any service issues, improve our online services, provide content tailored to users’ likely interests and personal preferences, send information to you by post, email or other means that we think may be of interest to you, and monitor site traffic and usage. We use some nonessential cookies and analytics on our website, such as Google Analytics to monitor and improve our efficacy and performance.

More information about the ways in which Google Analytics collects and processes personal data can be found here: https://policies.google.com/technologies/partner-sites.

More information about cookies, including how to block them on all sites or delete them, can be found at https://www.aboutcookies.org.

California Rights and Disclosures

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA”), provides California residents with specific rights regarding their Personal Data. Please contact us to exercise these rights. This section describes your CCPA rights and explains how to exercise those rights. If you have any questions about this section or whether any of the following applies to you, please contact us at [EMAIL] and indicate “California Rights” in the subject line of your communication. Because of the minimal Personal Data we collect and retain about you, certain rights may not be afforded to you (as further described below). Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request. Lastly, we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a “service provider” under the CCPA, you may need to contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.

  1. Access: If you have an account, you have the right to request certain information about our collection and use of your Personal Data, including the following:
    • The categories of Personal Data that we have collected about you.
    • The categories of sources from which that Personal Data was collected.
    • The business or commercial purpose for collecting or selling your Personal Data.
    • The categories of third parties with whom we have shared your Personal Data.
    • The specific pieces of Personal Data that we have collected about you. If we have disclosed your Personal Data for a business purpose, we will identify the categories of Personal Data shared with each third-party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data purchased by third-party recipients.
  2. Deletion If you have an account, you have the right to request that we delete the Personal Data that we have collected from you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
  3. Correction: If you have an account, you have the right to request that we correct any inaccurate Personal Data we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Data, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request.
  4. Processing of Sensitive Personal Data Opt-Out: If you have an account, we may collect Personal Data that is considered “sensitive” under the CCPA. Because we may use or disclose Sensitive Personal Information for purposes other than those set forth in section 7027(m) of the CCPA regulations, California residents have the right to request that we limit the use or sharing of their Sensitive Personal Information (“Right to Limit”). The Right to Limit allows California residents to direct a business that collects Sensitive Personal Information to limit its use of this information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, to perform the services set forth in paragraphs (2), (4), (5), and (8) of subdivision (e) of Section 1798.140, and as authorized in the CCPA regulations.
  5. Personal Data Sharing or Selling: Under the CCPA, California residents have certain rights when a business “shares” or “sells” Personal Data with third parties for purposes of cross-contextual behavioral advertising. While the Company does not sell Users’ information to unaffiliated parties for money, we may share Cookies and other web data to advertising and marketing partners in a manner which might be considered “selling” or “sharing” your Personal Data as those terms are defined under the CCPA. Accordingly, we may share or sell the foregoing categories of Personal Data for the purposes of cross-contextual behavioral advertising:
    • User Demographic data (not Sensitive Demographic Data) such as gender or zipcode;
    • Online Identifiers
    • Web analytics

    As described in the “Tracking Tools, Advertising, and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the laws of the CCPA, “sharing” of a User’s web analytics is also considered “selling.” You can opt out of such data selling and/or sharing by following the instructions in this form [ADD HYPERLINK]

    We share Personal Data with the following categories of third parties:

    • Advertising partners. Over the past 12 months, we may have shared Personal Data with the categories of third parties listed above for (i) marketing and advertising the Services; and (ii) showing you advertisements, including interest-based or online behavioral advertising.

    Once you have submitted an opt-out request, we will not ask you to reauthorize the sharing of your Personal Data for at least 12 months. To our knowledge, we do not share the Personal Data of minors under 16 years of age.

  6. We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA : We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you with a lower quality of goods and services if you exercise your rights under the CCPA.
  7. Other California Resident Rights: Under California Civil Code Sections 1798.83- 1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes. To submit such a request, please contact us at [EMAIL].

Other U.S. State Rights

If you are a resident of Virginia, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, Washington State (solely with respect to consumer health information) or another state with a similar comprehensive consumer privacy law, you may have certain rights regarding your information. Please contact us to exercise these rights. Please note that in some cases, we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a “processor” (or similar term) under the applicable privacy law, you may need to contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Also, because of the minimal Personal Data we collect and retain about you, certain rights may not be afforded to you (as further described below). Lastly, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.

If you have any questions about this section or whether any of the following rights apply to you, please contact us at [EMAIL] and indicate “State Rights” in the subject line of your communication.

Design and Implementation of this Policy

Our compliance department is responsible for coordinating, maintaining and updating this Policy.

  1. Employee Management and Training

    During employee orientation, each new employee in departments that handle protected information will receive proper training on the importance of confidentiality of protected information.  Each new employee will also be trained in the proper use of computer information and passwords.  Further, each department responsible for maintaining protected information will provide ongoing updates to its staff. These training efforts should help minimize risk and safeguard covered data and information security.

  2. Physical Security

    The Company has addressed the physical security of protected information by limiting access to only those employees who have a business reason to know such information.  Existing policies establish a procedure for the prompt reporting of the loss or theft of protected information. Offices and storage facilities that maintain Protected Information limit access and are appropriately secured.

    Protected information in electronic form that is no longer needed is securely erased so that the protected information cannot be read or reconstructed. Paper documents that contain protected information are shredded at time of disposal.

  3. Information Systems

    Information systems include network and software design, as well as information processing, storage, transmission, retrieval, and disposal. The Company has policies, standards, and guidelines governing the use of electronic resources and firewall and wireless policies. The Company will take reasonable and appropriate steps consistent with current technological developments to make sure that all protected information is secure and to safeguard the integrity of records in storage and transmission.  The Company will develop a plan to protect all electronic protected information by encrypting it for transit.

  4. Management of System Failures

    The Company will maintain effective systems to prevent, detect, and respond to attacks, intrusions and other system failures.  Such systems may include maintaining and implementing current anti-virus software; checking with software vendors and others to regularly obtain and install patches to correct software vulnerabilities; maintaining appropriate filtering or firewall technologies; alerting those with access to covered data of threats to security; imaging documents and shredding paper copies; backing up data regularly and storing back-up information off site, as well as other reasonable measures to protect the integrity and safety of information systems.

  5. Selection of Appropriate Service Providers

    Due to the specialized expertise needed to design, implement, and service new technologies, vendors may be needed to provide resources that the Company determines not to provide on its own.  In the process of choosing a service provider that will maintain or regularly access protected information, the evaluation process shall include the ability of the service provider to safeguard protected information. Contracts with service providers may include the following provisions:

    • A stipulation that the protected information will be held in strict confidence and accessed only for the explicit business purpose of the contract;
    • An assurance from the contract partner that the partner will protect the protected information it receives.
  6. Continuing Evaluation and Adjustment

    The Company will regularly test and monitor the effectiveness of key controls, systems and procedures of this policy.  This policy will be subject to periodic review and adjustment, especially when due to the constantly changing technology and evolving risks.  The Company will review the standards set forth in this policy and recommend updates and revisions as necessary.  Accordingly, it may be necessary to adjust this policy to reflect changes in technology, the sensitivity of employee/customer data and internal or external threats to information security.

Questions and Complaints

You have a right to complain about our handling of your Personal Information if you believe that we have interfered with your privacy. Complaints can be initiated by this form.

Complaints Procedure

If you are making a complaint about our handling of your Personal Information, it should first be made to us in writing using our contact form, or writing to:

Adley Health Inc.
101 South Mill Street
Suite 200
Aspen, CO 81611

Any information we hold will be governed by the most current version of the privacy policy.