Background and overview

The Service collects information and provides information concerning weight loss treatment, and
provides telehealth services where permitted.

General privacy statement

Subject to our more explanatory statement below, we do not sell your personal information and, except
for relationship messaging from us, we do not share your contact information with third parties except
with your consent (opt in).

Acceptance

By registering for or otherwise using the Service, you agree to the terms of this Privacy Statement.
Specifically, you authorize the collection, processing, retention, and disclosure of Information about You
by Company and its affiliates, business partners, and service providers for the purposes described in this
Privacy Statement or as described to you during your interactions with the Service. For example, We
might clarify our practices when you register or when you use the Service, or one of its functions, for the
first time.

Effective Date and Changes to this Privacy Statement

This Privacy Statement is updated as of 11/15/2023. We reserve the right to update this Privacy
Statement. If We update this Privacy Statement, We will use reasonable electronic efforts to advise you of
the change, which may include posting a notice of the change in the Service (for example when you
login), or we may send you an electronic notification of the change. If We notify you by an electronic
communication, We will provide these electronic messages to your last known or provided electronic
communication address (which may be for example, a text message address, X/Twitter user name, or
other site address). You are responsible to review communications we send to those addresses, to
authorize communications from us, and to keep those addresses up to date. Use of the Service after our
notice of a change in the Privacy Statement is acceptance of the terms and changes in the updated Privacy
Statement, which shall, unless expressly prohibited by applicable law (or unless expressly stated in such
changed Privacy Statement), be effective from the inception of your use of the Service.

NOTICE REGARDING NON-SALE OF PERSONAL INFORMATION. Company collects and
processes your personal information as described below solely for use in providing services to you. Some
government jurisdictions take a broad view of “sale of personal information” to include use of
anonymized and de-identified data shared with companies such as Google. As noted below, except for
certain anonymous, de-identified data that may be used by such service providers to us in their service,
we do not sell your Personal Information.

Uses of Information about You

We use the information about you to provide the Service, to fulfill your information requests, and contact
you as you have requested. We may also use information about you to improve our programs or the
content of our Service, and for our analysis.

Exchanging information with Other Parties

Except as disclosed above in the section “NOTICE AT COLLECTION” We do not share information
about you with third parties.

Managing Information about You

To keep the information that you provide via this Service accurate, current, and complete, please contact
Us as specified below and We will take appropriate steps to update or correct such information in our
possession, or to make changes to the Information about You so that we no longer contact you for certain
purposes. We may make some or all of these options available in the Service interface, in which case you
will manage your own preferences.

Communicating with You

We may communicate with you through electronic communications and through the Service, such as
through the use of notifications and alerts. You may manage certain other ways in which We
communicate with you. For example, you may subscribe or unsubscribe to certain electronic
communications from Us, such as for notifications and information about updates to the Services. You
may not unsubscribe from administrative Service and electronic messages that We may send, such as to
alert you of changes in our Privacy Statement or Terms of Service.

Special provisions regarding PHI

Our collection, use and disclosure of your protected health information is subject to applicable federal and
state laws, and our policies in connection with that information are set forth separately in our Notice of
Privacy Practices (NPP), which you can find [INSERT LINK]. The privacy practices in that NPP
supersede any conflicting provisions in this policy.

Links to Other Services

The Service may provide hyperlinks and references to other websites or allow you to connect your
information on this Service to such sites. Our Privacy Statement does not apply to those websites, and we
are not responsible for the content or function of those websites. We encourage you to become familiar
with the privacy practices of the other websites that you use.

Contacting Us

We are happy to hear from you. If you have any questions about this Privacy Statement or the practices of
the Service, you may contact our Privacy Officer as noted below.

Other Special Considerations

Technology Logging, Cookies, and Related Techniques

When you interact with the Service, your browser or other device may communicate other technical
information that we use as part of our Services. For example, as you use the Service, your browser or
other device communicates with our technology, which in turn keeps records of your interactivity and
requests for services and content to assist Us in managing and improving the utility of the Service, and to
conduct research and analysis on its use. The types of such interactive information may include your
Internet Protocol (IP) address, browser / device type, URL, requests made, device identification
information, and related technical usage information. We use cookies and other remote side storage
technology (such as clear gifs or web beacons) to authenticate you to the Service, maintain your session,
to analyze how the Service is used, to keep track of your progress in viewing a video or other content, to
link information about how you use the Service with your account, and to help tailor our Services. The
Service may not function properly if your browser or device is configured so it does not accept these
associated cookies and other technical means. The specific cookies and other information collected and
stored regarding your use of the Services is as follows:

Google.com
– we use Google for site analytics and we use Google fonts. Google stores
numerous cookies on your computer when you browse to our website. These cookies are tokens that do
not display any personal information, but do link you to the session, and provide Google some ability to
track you when you visit other websites. Google’s privacy practices are located at
https://policies.google.com/privacy?hl=en-US. You may control what information Google collects about
you from there, and may be able to reduce the amount of third party tracking they can do. We are not
responsible for Google’s actions or policies, nor the manner in which they use the cookie information
they store on your computer.

Podium.com
– we use Podium.com to provide chat and other interaction services on our website.
Podium.com places some cookies on your computer to assist it with providing its chat and interaction
services. You can view their privacy policy here: https://legal.podium.com/#privacypolicy-us

MyTime.com
– we use MyTime.com to provide scheduling services, and in that connection they
place some cookies on your computer to assist with providing calendaring, reminder, scheduling, and
related services. You can view their privacy policy here: https://mytime.com/m-privacy

Stripe.com
– we use Stripe to take payments. Stripe places cookies on your computer to identify
you and your session to ensure that the payment information is recorded correctly. You can view their
privacy policy here: https://stripe.com/privacy

Jotform.com
– we use jotform.com to take some personal and medical information from you.
Jotform places cookies on your computer to identify your computer session and ensure that your actual
personal data is linked to you. You can view their Privacy Policy here: https://www.jotform.com/privacy/

Unbounce.com
– we use this service as a landing page when you click on links in emails we send
you. Unbounce.com stores cookies on your computer to associate you, the email we sent you and the data
created by then coming to our main website. You can view their privacy policy here:
https://unbounce.com/privacy/

Information about ChildrenThe Service is not intended for use by persons under the age of 16.

Rights under Laws

You may have additional rights under state law to access certain information; for example California
residents may have rights under California Code Section 1798.83. We honor those rights.

Location of Processing

Company is a United States of America business with its core operations in the United States. Information
about You may be processed by Us, our affiliates, business partners, or service providers in the United
States.

Your rights under certain laws

This section describes certain rights you may have under the California Consumer Privacy Act of 2018
(CCPA) as amended by the California Consumer Privacy Act (CPRA), other similar state laws applicable
in the United States, and under Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 (“GDPR”). Collectively the above referenced laws and regulations are referred to herein
as the “Data Privacy Laws.”

Process for Exercising your rights in Personal Data

For those users of our Services and Sites who are residents of countries in the European Union (or that
have equivalent rights, such as residents of the Great Britain), the State of California, or certain other
states that have adopted laws similar to CCPA/CPRA, we have created the following mechanisms and
practices to provide you with the following control over your personal information that comprises
personal data as defined under GDPR, or personal information as defined under the CCPA/CPRA
(references below to “Personal Data” are meant to also encompass the term “personal information” under
the CCPA/CPRA and similar laws):

A. What are your rights?

• If any of your Personal Data provided to Company is subject to the Data Privacy Laws, you have a
  number of rights. Further information and advice about your rights can be obtained from the data
  protection regulator in your country (under the GDPR) or typically from your state Attorney General,
  under CCPA/CPRA and other state laws..IMPORTANT: When you contact Company to exercise your
  rights it is very important for security
  verification and other purposes that you use any email address that you know is associated with the
  Personal Data about which you are contacting Company. Be aware that Company may use
  reasonable efforts to verify your identity to ensure that it does not disclose Personal Data to an
  impostor.

  Please also be aware that we cannot search, and therefore cannot locate, any stored documents or
  information that are encrypted in a manner that precludes us from accessing the unencrypted
  information.

  1. The right to object to processing of your Personal Data (the right to opt out)

  • You have the right to object to certain types of processing, including processing for direct
    marketing (i.e. if you no longer want to be contacted with potential opportunities from
    third parties).
  • HOW TO EXERCISE YOUR RIGHT: If you want to object to certain types of
    processing, please direct your communication to our Privacy Officer as noted below,
    providing specific and detailed information regarding your objection and requested
    action.
  • Be aware that you cannot object to certain types of processing of your Personal Data,
    which limitations are set forth in the Data Privacy Laws. If Company determines that it
    is required to continue to process your Personal Data it will provide you the basis on
    which it has made this determination.

  2. The right to an accounting of the processing (the right to know)

  • You have the right to be provided with clear, transparent, and easily understandable
    information about how we use and process your Personal Data. This is why we are
    providing you with the information in this privacy policy.
  • HOW TO EXERCISE YOUR RIGHT: If you have questions about the privacy policy or
    how Company may be processing your Personal Data, please direct your communication
    to our Privacy Officer as noted below and please be specific and detailed about your
    questions and Company will promptly address those questions.

  3. The right of access

  • you have the right to obtain access to your Personal Data (if we are processing it), and
    certain other information about Our privacy practices with respect to your Personal Data
    (similar to that provided in this Privacy Statement).
  • This is so you are aware and can check that we are using your information in accordance
    with GDPR/CCPA/CPRA or any other applicable data protection laws.
  • HOW TO EXERCISE YOUR RIGHT: If you have questions specific to your Personal
    Data and how Company is using it in accordance with GDPR, CCPA/CPRA or other
    applicable laws, please direct your communication to our Privacy Officer as noted below,
    and please be specific and detailed about your questions and Company will promptly
    address those questions.

  4. The right to rectification

  • You are entitled to have your Personal Data corrected if it is inaccurate or incomplete.
  • HOW TO EXERCISE YOUR RIGHT: If you believe your Personal Data processed by
    Company is incorrect and needs to be updated or otherwise corrected, please check your
    settings with respect to your account, and if you still believe your Personal Data is
    inaccurate, direct your communication to our Privacy Officer as noted below.

  5. The right to erasure (the right to delete)

  • This is also known as “the right to be forgotten” and, in simple terms, enables you to
    request the deletion or removal of your Personal Data where there’s no basis for us to
    continue to process it or to retain it. This is not a general right to erasure; there are
    exceptions as stated in the Data Privacy Laws.
  • HOW TO EXERCISE YOUR RIGHT: If you no longer want Company to have and/or
    process your Personal Data, to the extent we do not provide a self-service means of
    deleting your Personal Data, please direct your communication to our Privacy Officer as
    noted below.
  • (NOTE: Consistent with Data Privacy Laws Company may retain a trivial amount of
    information, for example, to keep a record of its compliance with your request.)

  6. The right to restrict processing

  • you may have rights to “block” or suppress further use of your Personal Data that
    Company processes. When processing is restricted, we can still store your Personal Data
    but may not use it further. We may keep lists of people who have asked for further use of
    their information to be “blocked” to make sure the restriction is respected in future, but
    also be aware that upon making this request, we may terminate your account and delete
    your Personal Data instead of restricting the processing of it.
  • HOW TO EXERCISE YOUR RIGHT: If you want to restrict, or terminate restrictions,
    on Company’s processing your Personal Data, please direct your communication to our
    Privacy Officer as noted below.

  7. The right to data portability

  • You may have rights to obtain and reuse your Personal Data for your own purposes
    across different services. For example, if you decide to switch to a new provider of
    services like the Services from Company that you subscribed to, this enables you to
    move, copy, or transfer your Personal Data.
  • HOW TO EXERCISE YOUR RIGHT: Company may have or may in the future provide
    you with the ability to download your Personal Data. If Company has done so, please use
    these functions to obtain a copy of your Personal Data . If Company has not enabled this
    functionality, and if you want Company to export your Personal Data for portability,
    please direct your communication to our Privacy Officer as noted below.
  • (NOTE: Company will retain and continue to process your Personal Data unless you also
    request to be forgotten or request restricted or blocked processing.)

  8. The right to lodge a complaint

  • You have the right to lodge a complaint about the way we handle or process your
    Personal Data with your national data protection regulator (GDPR/UK) or applicable
    state regulator (under CCPA/CPRA or other state law). However, we hope you will
    contact Company first (by calling or emailing our Privacy Officer as noted below) so
    Company can try to address your complaint directly.
  • HOW TO EXERCISE YOUR RIGHT: If you want to lodge a complaint with Company,
    please direct your communication to our Privacy Officer as noted below.

  9. The right to withdraw consent

  • If you have given your consent to anything we do with your Personal Data, you have the
    right to withdraw your consent at any time. This includes your right to withdraw consent
    to us using your Personal Data for marketing purposes.
  • HOW TO EXERCISE YOUR RIGHT: If you want Company to withdraw your consent
    to process your Personal Data, please either use out functionality in the Sites to make
    such a request, or if we have not enabled such functionality, direct your communication
    to our Privacy Officer as noted below.

  10. The right to be free from discrimination for exercising your rights.

  • We cannot deny goods or services, charge you a different price, or provide a different
    level or quality of goods or services just because you exercised your rights under Data
    Privacy Laws. However, if you refuse to provide your Personal Data to us or exercise
    one of your rights, for example, to delete your Personal Data or restrict its processing,
    and that Personal Data or processing is necessary for us to provide you with services, we
    may not be able to complete that transaction and we may terminate your access to the
    Services.
  • You may report any claim that we have engaged in discrimination against you to an
    applicable regulator, though we would prefer that you first contact our Privacy Officer as
    noted below so that we may address your concern.

B. Notice regarding costs to exercise rights.

• First, to the extent Data Privacy Laws requires us to take an action without charging you,
  we will comply with those legal requirements. In some cases we may be permitted to
  charge for some of these services. We usually act on requests and provide Personal Data
  free of charge, but in such cases we may charge a reasonable fee to cover our
  administrative costs of providing the Personal Data, which such costs can arise in one or
  more of the following cases, which are not meant to express all the instances in which we
  may charge a fee:
• Baseless or excessive/repeated requests, or
• Further copies of the same Personal Data.
• Alternatively, we also may be entitled to refuse to act on the request. Please consider
  your request responsibly before submitting it. We will respond as soon as we can.
  Generally, this will be within one month from when we receive your request but, if the
  request is going to take longer to deal with, we will come back to you and let you know.

C. Company’s Retention of Personal Data Under Data Privacy Laws.

• • We only retain your Personal Data for as long as is necessary for us to use your
    information as described above or to comply with our legal obligations and legitimate
    interests. Please be advised that this means that we may retain some of your Personal
    Data after you cease to use our Services. For instance, we may retain your data as
    necessary to meet our legal obligations, such as for tax and accounting purposes.
    Our service is not a backup service. We dot assume an obligation to retain your
    information.
    • When determining the relevant period in which we retain or establish/revise periods for
      retaining Personal Data, we will take the following factors into account:
    • Our contractual obligations and rights in relation to the information involved,
      including contractual obligations we may owe to our customer;
    • Legal obligation(s) under applicable law to retain data for a certain period of time
      or with respect to pending or anticipated legal actions;
    • Our legitimate interest where we weigh your interest in controlling your Personal
      Data and against our lawful purpose in processing your Personal Data;
    • Statutes of limitations under applicable law(s);
    • If you have made a request to have your information deleted; and
    • Guidelines issued by relevant data protection authorities.

Otherwise, pursuant to Data Privacy Laws, we will securely erase your Personal Data
once there is no lawful basis or legal obligation to store or process it.

D. Data Security.

• We have implemented measures designed to secure your Personal Data from accidental loss and
  from unauthorized access, use, alteration, and disclosure. All information you provide to us is
  stored on our secure servers.
• The safety and security of your information also depends on you. Where we have given you (or
  where you have chosen) a password for access to certain parts of our Sites, you are responsible
  for keeping this password confidential. We ask you not to share your password with anyone.
• The safety and security of your information also depends on you. Where we have given you (or
  where you have chosen) a password for access to certain parts of our Sites, you are responsible
  for keeping this password confidential. We ask you not to share your password with anyone.