This Privacy Policy outlines how Infinitus Systems, Inc. (“Infinitus,” “we,” “us,” or “our”) collects, uses, processes, and shares personally identifiable information when you engage with our websites (the “Sites”) or use our products and services (the “Services”). We are working to build a more efficient and patient-centric healthcare ecosystem. This Privacy Policy explains how we process your data as we work towards that future. 1. Information and Personal Data We Collect and Receive To achieve our goal of enhancing the healthcare experience, we collect various types of information. This includes data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Data”). We gather Personal Data when you actively share it with us – for instance, when you inquire about our solutions, register for our services, or interact with our technology (including by engaging with one of our AI agents). This may include: Identifiers: Your name, email address, postal address, phone number, a unique personal identifier, online identifier, IP address, and account name. These help us know who you are and serve you better. Commercial Information: Records of the Infinitus products or services you’ve explored, obtained, or considered. This helps us understand your needs and tailor our offerings. Internet or Other Similar Network Activity: Insights into your browsing history, search history, and how you engage with our website and applications, including cookie data. This allows us to continuously optimize our digital experience. We may collect this Personal Data automatically via technology when you interact with our Sites and Services. Professional or Employment Information: If applicable and relevant to your interaction with our enterprise solutions, information concerning your profession or employment. Inferences: Data derived from other Personal Data, enabling us to understand preferences and behaviors to refine our services and make them more intuitive. We may also receive and process Personal Data, including the categories of information listed above, from or on behalf of our customers, for whom we provide the Services. Beyond the information we receive from you or our customers, we also leverage non-identifiable data through advanced technologies like cookies and web beacons. These tools help us track overall site usage, continually refine our service delivery, and ultimately contribute to a better, wait-less experience for everyone. We may allow third party service providers to use cookies or similar technologies to collect information about your browsing activities over time and across different websites following your use of the Services. For example, we may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Sites and enhance your experience when you use the Service. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/. 2. Our Use of Personal Data We use Personal Data for the following core business and commercial purposes: Empowering Service Delivery: We may use your Personal Data to provide you with access to our cutting-edge Services, or to provide Services to our customers, on whose behalf we may provide Services that involve your Personal Data. Continuous Innovation and Personalization: We may use your Personal Data to improve the functionality and user experience of our Sites and Services, adapting them to your needs and ensuring they remain at the forefront of healthcare automation. Building Meaningful Connections: We may use your Personal Data to communicate with you about our Services, invite you to events or provide you with promotions, promptly respond to your inquiries, and provide exceptional customer support, because your questions deserve clear, timely answers. Fortifying Our Digital Foundation: We may use your Personal Data to detect and protect against fraudulent or illicit activities and safeguard our systems. Upholding Our Commitments: We may use your Personal Data to comply with our legal obligations, enforce our terms and conditions, and protect our rights and the rights of our customers. Strategic Insights and Growth: To analyze industry trends, effectively administer our Sites, understand user interactions, and gather demographic information – all to help us make informed decisions that shape the future of healthcare. 3. How We Share Your Personal Data We believe in responsible data stewardship. We may share your Personal Data with trusted third parties under specific, defined circumstances, always in support of our mission to create a wait-less healthcare experience: Dedicated Service Providers: We engage third-party service providers who assist us in critical functions such as hosting, data analysis, payment processing, information technology, customer support, email communications, and auditing. We may share Personal Data with these service providers if applicable to the services provided to Infinitus. Strategic Business Evolution: In the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, where Personal Data is among the assets, we may transfer such Personal Data. This ensures continuity and growth in our pursuit of a better healthcare future. Affiliates and Partners: We may share your Personal Data with affiliate entities if applicable to provide the Services. Additionally, we may share aggregated, non-identifiable data with our affiliates and partners. This collaborative approach helps us collectively advance the healthcare ecosystem without compromising individual privacy. Advertising and Analytics Partners: We may share your Personal Data with third-party companies, including if you have allowed such disclosure by following our instructions. Upholding Legal Principles and Security: We may disclose your Personal Data if mandated by law or if we genuinely believe such action is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Infinitus; (c) act swiftly to protect the personal safety of users of the Sites or the broader public; or (d) shield against legal liability. 4. Your Power to Choose: U.S. State Privacy Rights We empower you with control over your Personal Data. Depending on your state of residency, and subject to certain legal limitations, you may possess the following rights: The Right to Know: You may have the right to request a clear disclosure of the categories and specific pieces of Personal Data we have collected about you, the sources from which it was gathered, the business or commercial purpose for its collection, and the categories of third parties with whom it has been disclosed. Please note that we have provided much of this information in this Privacy Policy. The Right to Request Deletion: You may request the deletion of your Personal Data that we have collected, with certain exceptions to ensure our ongoing operational and legal responsibilities. The Right to Correct/Rectify: Should you identify inaccuracies in the Personal Data we maintain about you, you may have the right to request its correction. The Right to Access: You may have the right to request a copy of the personal information that we collected in a portable format, under certain circumstances. The Right to Opt-Out of Sale/Sharing: You may have the right to opt-out of the “sale” or “sharing” of your Personal Data. Note that although we do not sell personal information in the commonly-understood sense, the CCPA (as amended) defines “sell” and “personal information” very broadly, and some of our data sharing described in this privacy statement may be considered a “sale” under those definitions. In particular, we let advertising and analytics providers collect IP addresses, cookie IDs, and mobile IDs through our website, and in some cases making that information available to our advertising and analytics partners could be a “sale” under the CCPA (as amended). The Right to Limit Use and Disclosure of Sensitive Personal Information (SPI): If we collect Sensitive Personal Information (e.g., precise geolocation, racial or ethnic origin, health information), you may have the right to limit its use and disclosure. We only collect SPI when it is absolutely necessary for the provision of our services or if you voluntarily provide it, and we restrict its use and disclosure to legally permitted purposes. The Right to Non-Discrimination: We are committed to fostering trust. Exercising your privacy rights will never result in discriminatory treatment from Infinitus. How to Exercise Your Rights: A Simple Process To exercise any of these fundamental rights, we invite you to submit a verifiable consumer request through one of the following channels: Email us at: privacy@infinitus.ai Call us at: (866) 618-3449 To protect your privacy and ensure accuracy, we will verify your request using information linked to your account or by asking for additional details to confirm your identity. You also have the option to authorize an agent to act on your behalf. We are committed to responding to your request promptly, within the timeframes mandated by applicable law, reflecting our dedication to transparency and responsiveness. We currently do not respond to Do Not Track (DNT) signals from browser or mobile application settings due to lack of standardization regarding how such signals should be interpreted. We will continue to monitor industry activity in this area and reassess our DNT practices as necessary. 5. Responsible Data Stewardship: Data Retention We retain Personal Data for as long as it is necessary to fulfill the purposes for which it was collected, including meeting any legal, accounting, or reporting requirements. Our retention periods are determined by considering the volume, nature, and sensitivity of the data, the potential risks of harm from unauthorized use or disclosure, the specific purposes of processing, and whether those purposes can be achieved through alternative means, all while adhering to legal obligations. 6. Safeguarding Our Youngest Explorers: Children’s Privacy Our Sites and services are designed for a professional audience and are not intended for children under the age of 13. We do not knowingly collect Personal Data from children under 13. Should you be under this age, we kindly ask that you refrain from providing any Personal Data through our Sites or Services. If we discover that we have inadvertently collected Personal Data from a child under 13 without verifiable parental consent, we will take immediate steps to remove that information from our systems. 7. Building on Trust: Data Security The security of your Personal Data is paramount to our mission. We implement technical, administrative, and physical safeguards, designed to protect the Personal Data we collect from unauthorized access, use, alteration, and disclosure. While no online transmission or electronic storage can ever be guaranteed as absolutely secure or error-free, we are continuously working to enhance our protective measures, reinforcing the trust you place in us. 8. Evolving with Purpose: Changes to This Privacy Policy As Infinitus continues to innovate and as privacy landscapes evolve, we may update this Privacy Policy periodically to reflect changes in our practices or for operational, legal, or regulatory reasons. Any revisions will be clearly posted on this page, and the “Last Updated” date at the top of this Privacy Policy will be revised accordingly. Your continued engagement with our Sites or services following any updates signifies your understanding and agreement with the revised policy, as we collectively stride towards a wait-less future. 9. Connecting with Us: Your Questions, Our Answers We are always here to listen. If you have any questions, concerns, or require further clarification regarding this Privacy Policy or our privacy practices, please do not hesitate to reach out to us through one of the methods listed under “How to Exercise Your Rights.”