Privacy Policy

Your privacy is important.  Our goal is to make using our software a great experience while processing your personal data fairly and
transparently. This Privacy Policy (the “Privacy Policy”) describes the types of information Trova Health, Inc. (“Trova” or “we”)
collect from you, or from subscribers (“you” or “yours”) to the Trova’s software applications, including the enhancements, features,
related website, and contents (the Services). It also describes how we use and disclose such information, as well as your rights with
respect to Trova’s collection, use, and disclosure of such information. We understand the importance of your privacy and the privacy
of visitors to your business location who access the Services (“Visitors”) and we treat all information we receive in a responsible
manner. By downloading or accessing the Services, you agree to this Privacy Policy.

Information We Collect

When you use Trova Services, the company may collect the following types of information about You (“Personal Data”):

  • Information necessary to sign up for the Trova website (the “Website”) and to receive services.
  • Personal Data, including names, email addresses, telephone numbers, gender, birth dates, identification number(s),
    location data, and/or other online identifiers of one or more factors specific to the physical, physiological, cultural or social
    identity of that individual.
  • Usernames and User IDs, which are a way to identify you on the Website.
  • Information posted to a group chat or moderated session and information kept within a personal one-on-one session with
    a provider.
  • Banking information for billing purposes; such as account number and routing information for invoicing purposes
  • Cookies. See Cookie notice below for details.
  • Emergency contact information, in the event of an emergency or mental health crisis.

When We Collect Personal Data

Trova collects Personal Data when:

  1. you sign up for the Services
  2. you use certain features of the Services that require the collection of Personal Data in order for those features to function
  3. you or your Visitors voluntarily enter or upload their Personal Data to or use the Services
  4. you or a Visitor communicate(s) with Trova, whether through the Services or through another form of communication,
    such as e-mail, web chat or telephone.

Purpose for Collecting Personal Data

Trova may use the information it collects in the following ways:

  1. To provide you with requested Services;
  2. To manage your account and provide you with customer support;
  3. To communicate with you about products or services that may be of interest to you (whether from us or from third-parties);
  4. To develop and display content tailored to your interests (both on our website and other websites);
  5. To perform research and analysis about your use of, or interest in, our services;
  6. To perform research and analysis about your use of, or interest in, the content, products, services, or content offered by
    third-parties;
  7. To combine with de-identified information we collect from other sources to create “de-identified information” about you;
  8. To enforce or exercise any rights found in Trova’s Terms of Use;
  9. To properly and efficiently operate our business;
  10. To perform functions as otherwise described to you at the time of collection; and
  11. (With regard to financial information) To process payment for any purchases made on our website, enroll you in any
    discount, rebate, and other programs in which you elect to participate, to protect against or identify possible fraudulent
    transactions, and otherwise as needed to manage our business.

Sharing Personal Data with Third Parties:

Trova may share Personal Data with third party service providers as Trova deems necessary for such third party service providers
to perform their duties required for the Services to function. For example, the Services may utilize mail relays, payment processers
and hosting providers. A list of third party service providers used by Trova for the Services can be found at the following
website: trova.health/platform-security/. These third party service providers are not authorized to retain, share, store or
use Personal Data for any purposes other than to provide the services for which they have been retained to provide. Trova does not
sell or otherwise share Personal Data with unrelated third parties. Trova will not keep Personal Data for longer than is legally
necessary at which time it will either be deleted or anonymized. For Visitor Personal Data it is the business location that determines
the length of time data is to be kept, refer to their privacy policy for more details. Personal Data may be transferred
to Trova’s affiliates or as part of a sale of substantially all of the assets of Trova. In such a case, each such party will be required to

hold Personal Data and not disclose Personal Data except in accordance with terms at least as restrictive as those contained in this
Privacy Policy.
In rare cases, Trova may be required, or may, acting in good faith, believe it is required, to share certain information with legal
authorities. In such a case, Trova will only share what is legally necessary. When Trova do give this information to the authorities, it
is for them to protect that information. Such cases include:

  1. if required by law
  2. to protect or defend itself, you, your Visitors, or others against physical harm or legal liability
  3. to investigate a possible crime, such as fraud or identity theft.

Cookie Notice:

We utilize cookies.
WHAT IS A COOKIE?
Cookies are bits of code left behind on your computer, mobile phone, or tablet, which serve as electronic tags, scripts or beacons,
allowing your website preferences to be stored. Cookies are used to collect information, where available, about your device,
including tracking your IP address, noting your operating system, and browser type, and indicating how you have interacted with our
Website. A cookie allows us to recognize whether you have visited before and may store user preferences and other data. Also, by
remembering information about your visit to our website, cookies help personalize your experience and save you from having to
reenter information about yourself or the preferences you’ve set. While cookies are used to identify users and devices, they only
ever collect non-personal information such as IP addresses and device IDs.
WHY WE USE COOKIES?
Cookies help make your engagement with the Website better, and we also use cookies to monitor traffic patterns and to serve you
more efficiently when you return to our Website. You can set your browser to notify you when you receive a cookie and this will
provide you with the opportunity to either accept or reject it in each instance.
Our websites use cookies to:

  • Store preferences you made and display content to you in a more personalized way
  • Gain insight into the nature of your interactions so we can tailor our content accordingly
    We have a legitimate interest to use cookies so that we can show you materials and information we believe you might be interested
    in or that further your understanding of our products and programs. We also measure the effectiveness of Trova’s programs by this
    means. The following are types of cookies we use:
  • Per-session Cookies: We only use these while you are visiting our Website and they are deleted when you leave.
  • Persistent Cookies: These cookies stay on your computer until they expire or are deleted. We set automatic deletion
    dates so that we don’t keep your information for longer than we need to.
  • First and Third-Party Cookies: Whether a Cookie is ‘first’ or ‘third’ party refers to the website or domain placing the cookie.
    First party cookies are set by a website visited by you. Third-party cookies are set by a domain other than the one being
    visited by the user; for example, if a user visits a website and a separate company sets a cookie through that website this
    would be a third-party cookie.
    HOW DO YOU OPT OUT OF USING COOKIES?
    In your user settings on your device, which may be located under the ‘Options’, ‘Settings’ or ‘Preferences’ menu of your browser. If
    you are concerned about having cookies on your device, you can set your browser to refuse all cookies or to indicate when a cookie
    is being set, allowing you to decide whether to accept it. You can also delete cookies from your device. However, if you choose to
    block or delete cookies, certain features of Website may not operate optimally.
    If you request that we do not use your Personal Data in a particular manner or at all, we will adopt all reasonable measures to
    observe your request, but we can disclose that information if:
  • We subsequently notify you of the intended use or disclosure and you do not object to that use or disclosure.
  • We believe that the use or disclosure is reasonably necessary to assist a law enforcement agency or an agency
    responsible for government or public security in the performance of their functions.
  • We are required by law to disclose the information.
    All Personal Data that we collect (including your contact details and, if relevant, payment details) is kept confidential to the best of
    our ability. Unfortunately, no system or online transmission of data can be guaranteed to be 100% secure and you should always
    take appropriate security measures to protect your Personal Data including ensuring that you have up-to-date antivirus software.

Aggregate Information

Aggregate Information is information about your activities on or in connection with the Services that typically cannot be used to
identify, locate, or contact you or your Visitors. For example, Aggregate Information includes information regarding the frequency of
use of the Services, quantity and type of data entered when using the Services, components of the Services most frequently
accessed, and browser types used to access the Services. Trova collects information resulting from your and your Visitors’ use of
our Website and the Services and aggregates it in a manner that retains the anonymity of each individual that interacts with the
Website or registers or receives Services.

Purpose of Using and Sharing Aggregate Information

Trova uses Aggregate Information:

  1. to provide the Services
  2. to improve the Services
  3. to monitor usage of the Services
  4. to analyze usage of the Services
  5. to research, compile, and report on usage trends, user demographics, and user behaviors
  6. for other legitimate business purposes.
    Trova may share Aggregate Information with its affiliates and certain third parties, such as investors, potential investors, and third
    party service providers we use to provide the Services. Aggregate Information is anonymized and does not have the capacity to be
    used to identify an individual. In other words, Trova may share this information but no Personal Data will be disclosed to third
    parties.

Location Information

Trova may use the Services to collect and use location information to provide certain functionality, such as identifying a Visitor sign-
in at a specific business location. All such information will be governed by this Privacy Policy.

External Links

The Services may contain links to third party websites operated by other people or companies. Trova is not responsible for those
websites, and links to such websites are solely for your convenience.

Security and Data Protection

The Services may contain links to third party websites operated by other people or companies. Trova is not responsible for those
websites, and links to such websites are solely for your convenience. Trova takes appropriate security measures to protect Personal
Data against unauthorized access, alteration, disclosure or destruction. Such measures include internal reviews of Trova’s data
collection, storage and processing practices and security measures, as well as physical security measures to guard against
unauthorized access to systems where Personal Data is stored. Trova restricts access to Personal Data to its employees, service
providers and agents who need to know such information in order to operate, develop, provide, or improve the Services. These
individuals are bound by confidentiality obligations and are required to treat such Personal Data confidentially and in accordance
with this Privacy Policy.

Data Processing and GDPR

The European Union’s General Data Protection Regulations ((EU) 2016/679 (General Data Protection Regulation, commonly
referred to as “GDPR”)) is the European Union’s regulation for the protection of natural persons with regard to the processing of
their personal data. Enforcement of the GDPR began on May 25, 2018, and applies to companies — operating within any of the EU
member states (e.g., France, Germany, Italy, Spain, etc.) — that process the personal data of EU citizens. To the extent Trova has
access to, or processes Personal Data for individuals who are subject to GDPR, that is, Personal Data originating from a citizen
from an EU member state, Trova will adhere to the requirements of GDPR, including taking reasonable steps to ensure that
Personal Data we process is accurate, complete, and current.
You have certain rights relating to the way We collect, hold and process Your data under the GDPR. You have the right to request
that we:

  • Provide you with a copy of any personal information that we hold about you;
  • Update your personal information if it is out-of-date or incorrect;
  • Delete any personal information that we hold;
  • Restrict the way in which we process your information: and
  • Consider any valid objections to our processing of your personal information.
    Furthermore, under the GDPR, Trova is also a data processor for Visitors’ Personal Data. If you are a Visitor to a business location
    that uses the Services, by accessing the Services at such location (such as by signing in or using the functionality of the Services),
    you may be sharing your Personal Data with such business. The business’ use and disclosure of Visitors’ Personal Data is governed
    by such business’ privacy policy or other agreement which you may have entered into with such business. Notwithstanding that such
    agreement may have been presented to you through the Services, Trova is not an affiliate of such business and is not responsible
    for the business’ access, use, and disclosure of Visitors’ Personal Data. As a Visitor of a business and you do not have access to
    directly through the Services, you may contact the business you visited to update your Personal Data. In the alternative, you may e-
    mail Trova privacy@trova.health for further access and assistance. We will take reasonable steps to update, correct, and to the
    extent within the law, delete, Personal Data in Trova’s possession.

Financial Information

Trova may require certain financial information, such as credit card information. We will not share this financial information, other
than the financial institutions involved in processing your payment. At all times, Trova will comply in all respects with applicable
consumer protection laws.

Corrections and Removals

If any part of your Personal Data, such as your name, e-mail address, mailing address, telephone number or other personal
information changes, you may update, correct or remove the relevant information. If you are a Visitor to a business location that
uses the Services, by contacting such business; or in all other cases, by contacting Trova at privacy@trova.health.

Opt-in; Opt-out

Opt-in. When you access any interactive tool or service on the Website that collects Personal Data, you will be asked to affirmatively
choose (“opt-in”) to provide the requested Personal Data. You may always choose not to provide the requested Personal Data.
Manage email. You may elect to receive email updates about developments regarding Trova. If you decide, at any later time, that
you no longer wish to receive these emails, you may unsubscribe to any such contact list by using the “Unsubscribe” links within the
electronic communication channel, or by sending an email entitled “Unsubscribe” to hello@trova.health.

Our Children’s Notice

We recognize the importance of protecting the privacy of children. Our Website is neither intended for children nor are they
designed to attract child users. Our Website, its content and our Services are intended for users over the age of eighteen (18). We
do not knowingly collect any personally identifiable information from children under age eighteen (18). When a user discloses
Personal Information on the Websites, the user is representing to us that he or she is at least eighteen (18) years of age. If We
learn a user under the age of eighteen (18) has volunteered personally identifiable information on our Websites, we will delete such
information from our active databases.

Your California Privacy Rights

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information.
To learn more about your California privacy rights, click here.

Contact Trova

We have a designated privacy officer available to you if you have any questions or concerns about this Privacy Policy. If you would
like to contact us about this Privacy Policy, please do so as follows: Trova Health, Inc. Attention: Privacy Officer 849 W Harbor Dr.
Gilbert, AZ 85233 e-mail: privacy@trova.health Effective Date: September 1, 2023.