PRIVACY AND SECURITY POLICY

Last updated: Dec 04, 2024

MyfirmX (“MyfirmX“, “we“, “us“, or “our“) values your privacy and the security of your information. MyfirmX is a technology platform that enables registered users to connect with physicians and other healthcare providers for the diagnosis and treatment of erectile dysfunction. This Privacy and Security Policy (the “Policy“) describes how MyfirmX collects, uses, discloses, and otherwise processes individually identifiable information (“Personal Information“) via our website at myfirmx.com (the “Site“) and our services accessible through the Site (the “Services“), which enable registered users to communicate with third‑party healthcare providers to receive services via telemedicine.

PLEASE REVIEW THIS PRIVACY AND SECURITY POLICY CAREFULLY. It explains how we collect, use, and disclose information about visitors of our Site and users of our Services. This Policy is incorporated into our Terms and Conditions. Capitalized terms not defined here have the meanings provided in the Terms and Conditions.

MyfirmX does not provide medical advice and does not dispense prescriptions. For information on the healthcare providers and pharmacies to whom we disclose your information via the Services, see How We May Disclose Your Personal Information With Others below. By visiting the Site or using our Services, you acknowledge and agree that your Personal Information will be handled as described in this Policy.

In states with laws applicable to consumer health data (e.g., Washington and Nevada), our Consumer Health Data Privacy Policy also applies.

Privacy laws evolve. We may change this Policy at any time. Material changes will be conspicuously posted on the Site or otherwise communicated to you. Changes are effective immediately upon posting to the Site.

Supplemental State Privacy Notices

California Residents: See California Privacy Rights Notice below.

Residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Nevada, Oregon, Texas, Virginia, and Utah: See State Supplemental Privacy Notice below for additional rights and terms.

INFORMATION WE COLLECT ABOUT YOU

We may collect Personal Information directly from you, from third parties, and automatically through your use of the Site or Services.

Information We Collect Directly From You

We collect Personal Information via the Site and Services, including through dynamic intake forms where you enter information electronically.

Account Information. You may browse informational areas of the Site without creating an account. Registration is required to use the Services. To register, you may be asked to provide Personal Information such as name, date of birth, address, email, phone number, user ID and password, and a government or other picture ID.

The email address you provide will be used for account correspondence, medical information, and prescription‑related communications. By providing an email address, you understand and agree we will use that address for communications about your account, medical information, and prescriptions. We are not responsible for disclosures resulting from third‑party access to your email account, whether or not authorized by you.

Medical Information and Providers. You may complete a medical profile and communicate health‑related information to MyfirmX, which we pass through to a healthcare provider licensed in your jurisdiction, along with applicable Personal Information (e.g., registration information and picture ID). The healthcare services are provided by independent, provider‑owned professional entities (each, a “Provider“). MyfirmX is not responsible for any Provider’s use of your Personal Information. Please review the Provider’s privacy notice (available from the Provider or via links on our Site where available).

We also provide technology through which you may provide additional Personal Information directly to your Provider via real‑time chat/telephone, live two‑way video and audio, and secure messaging (including email and text). We forward Personal Information you provide to us to your Provider using “store‑and‑forward” (asynchronous) technology.

Prescription Information and Pharmacies. If your Provider authorizes a prescription, the Services may facilitate placement and delivery of that prescription to you via third‑party pharmacies (each, a “Pharmacy“). MyfirmX is not responsible for any Pharmacy’s use of your Personal Information. Please review the applicable Pharmacy’s privacy notice.

HIPAA Does Not Apply. Information provided through the Services, whether or not disclosed to a Provider or a Pharmacy, is not considered “protected health information” under the Health Insurance Portability and Accountability Act of 1996 and its regulations (collectively, “HIPAA“). HIPAA does not necessarily apply simply because health information is involved, and HIPAA does not apply to your transactions or communications with MyfirmX. However, any medical or health information subject to specific protections under applicable state or federal laws will be used and disclosed in accordance with such laws.

Payment Information. You must provide payment information for orders. Payments made via the Site are processed by our third‑party payment processor(s). Please review the processor’s privacy policy for details.

Sensitive Information. We do not intend to collect data revealing racial/ethnic origin, political opinions, religious or philosophical beliefs, trade‑union membership, genetic or biometric data, or sexual orientation. Due to the nature of our Services, certain information we collect may be deemed Sensitive Personal Information in some states (e.g., health information or inferences about sex life). Depending on your state, you may have additional rights regarding our use of your Sensitive Personal Information. See State Supplemental Privacy Notices.

Information We Receive From Others

We may receive Personal Information about you from third parties, including social media sites (lead information), interest‑based advertising providers, data analytics providers, Providers, and Pharmacies.

Information We Collect Automatically

Account Activity. We may collect data about how you use your account and the Site when logged in.

Tracking Technologies. We may automatically collect information about your use of the Site and Services through scripts, cookies, pixels, web beacons, SDKs, and similar technologies (“Tracking Technologies“), including: browser/OS, pages viewed, links clicked, IP address, ISP, device ID, approximate geolocation, referring URL, timestamps, session duration, and engagement metrics. Some of this information may be deemed Personal Information. We may combine this with other information we collect (including your account information) and disclose some of this to analytics providers for advertising purposes.

Tracking Technologies help us: (a) collect information about Site usage; (b) understand aggregate statistics; (c) improve Services, experience, content, and offerings; (d) enable advertising and analytics; and (e) customize your experience. Most browsers accept cookies by default. You can change settings to disable certain Tracking Technologies, but doing so may impact Site functionality. Some cookies are essential and cannot be disabled.

Ad Networks. We use third‑party ad networks (e.g., Google, Meta, Snapchat, and other platforms) to deliver ads across the internet, email, and streaming media. These networks may place Tracking Technologies on the Site or your browser to collect information when you visit (e.g., browser type, timestamps, browsing or transaction activity, ad interactions, and platform identifiers) to serve ads for our products/services or third‑party offerings. Review those networks’ privacy policies for details. To opt out of targeted advertising, look for the AdChoices icon in ads and use the provided links, or visit:

• http://www.networkadvertising.org
• http://www.aboutads.info
• http://www.allaboutcookies.org
• http://www.youronlinechoices.com

Under certain state privacy laws, you may have the right to opt out of processing for targeted advertising (see State Supplemental Privacy Notice). You may also use the Privacy Choices link on our Site (where available).

Analytics. We use analytics tools to collect information about your use of the Site. Your browser may automatically send data (e.g., page URLs and IP address) to our analytics providers, which may set/read cookies. Providers use this information to furnish reports about traffic and interactions so we can improve Site structure and content. You can opt out of Google Analytics via https://tools.google.com/dlpage/gaoptout.

Social Media. We are active on social media (e.g., Facebook, X, Snapchat, Instagram, TikTok). Anything you post publicly is not confidential. We may repost on our Site or pages. Your use of social media is governed by those platforms’ policies, not this Policy.

Do Not Track. We currently do not respond to “Do Not Track” signals.

HOW WE MAY USE YOUR INFORMATION

We may use Personal Information to:

• provide our Services, including referring you to Providers and processing prescriptions at Pharmacies;
• as stated or agreed at the point of collection;
• facilitate healthcare services by third‑party medical providers;
• communicate with you about the Site/Services; respond to inquiries; provide technical support; send administrative notices; and deliver customer service;
• verify identity when registering and maintaining an account;
• administer your account, process payments, and coordinate fulfillment of orders/prescriptions from Providers;
• provide, operate, analyze usage of, and improve the Site and Services;
• tailor features, performance, and support to you and your preferences;
• display advertising for our Services on our Site and on third‑party sites/apps;
• market our services and third‑party offerings we believe may interest you (including targeted offers/ads on our Site, third‑party sites, email, or text—where legally permitted);
• investigate, prevent, or defend against potential violations of MyfirmX’s Terms and any illegal activities;
• fulfill legal obligations;
• protect our rights/interests or those of others, including to bring legal action against persons causing harm to us, the Site, or users; and
• any other purpose for which you provide consent.

We use Tracking Technologies to: (i) make our Site function; (ii) personalize experiences; (iii) tailor interactions; (iv) support marketing; (v) provide data and statistics to improve the Site; and (vi) improve Services.

Examples of Analytics/Ad Network tools include (non‑exhaustive): Google Analytics (see Google’s terms and privacy policy), Meta Pixel (see Meta Data Policy), and TikTok Pixel (see TikTok Privacy Policy). Use platform settings/opt‑outs as available.

OPTING OUT OF MARKETING COMMUNICATIONS

You can stop receiving marketing emails from MyfirmX by clicking unsubscribe in our marketing emails. You cannot opt out of transactional emails necessary for operations (e.g., order updates or messages from a Provider/Pharmacy). To opt out of all emails, email support@myfirmx.com and cancel your MyfirmX account.

INFORMATION WE DO NOT COLLECT

Minors Under 18. The Site and Services are not intended for minors under 18, and we do not knowingly collect Personal Information from minors under 18. If we learn we collected Personal Information from a child under 16 without parental consent verification, we will delete it. If you believe we may have information about a minor, contact us at support@myfirmx.com.

HOW WE MAY DISCLOSE YOUR PERSONAL INFORMATION WITH OTHERS

Personal Information. We may disclose your Personal Information:

• to one or more Providers for provision of healthcare services to you;
• to employees and affiliates;
• to Pharmacies to fulfill prescriptions and coordinate medication orders;
• to service providers and vendors supporting the Site/Services, communications, billing, collections, and payments (including payment processors);
• to third parties as we deem appropriate or necessary to comply with laws or legal process (e.g., subpoenas) or to enforce our Terms;
• to a buyer/successor in connection with a corporate transaction;
• to law enforcement or government agencies if we believe in good faith we are legally required to disclose;
• when necessary to identify, contact, or bring legal action against someone causing harm to us, the Site, or others; and
• to third parties for marketing, advertising, research, analytics, troubleshooting, or security; and
• when you explicitly request/consent, or for the purposes indicated at the time of disclosure.

Non‑Personally Identifiable Information. We may disclose aggregated or de‑identified information (not identifying you) without restriction, subject to applicable law. MyfirmX is the sole and exclusive owner of such de‑identified/aggregated information.

SAFEGUARDING PERSONAL INFORMATION

We employ reasonable technical, physical, administrative, and organizational safeguards to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. While we take commercially reasonable measures, we cannot guarantee the security of information you transmit to MyfirmX or through the Site/Services. MYFIRMX DOES NOT REPRESENT OR WARRANT THAT THE TRANSMISSION OF YOUR PERSONAL INFORMATION, INCLUDING HEALTH INFORMATION, WILL BE SECURE.

ACCESS FROM OUTSIDE THE UNITED STATES

If you access the Site from outside the United States, Personal Information may be transferred to, stored in, and processed in the U.S. The level of protection in the U.S. may not be equivalent to that required by other jurisdictions.

THIRD‑PARTY SITES

THIS PRIVACY AND SECURITY POLICY APPLIES ONLY TO MYFIRMX.

THE SITE MAY LINK TO WEBSITES NOT CONTROLLED BY US. MYFIRMX DOES NOT CONTROL AND IS NOT RESPONSIBLE FOR HOW THIRD PARTIES HANDLE YOUR PERSONAL INFORMATION, INCLUDING HEALTH INFORMATION, SUCH AS THIRD‑PARTY MEDICAL PROVIDERS OR PHARMACIES. PLEASE REVIEW THE PRIVACY POLICIES ON EACH THIRD‑PARTY SITE.

Although we work with Providers and Pharmacies to whom you are connected via the Services, this Policy does not address how those Providers/Pharmacies use and disclose information obtained via the Services.

WHAT YOU SHOULD DO TO PROTECT YOUR INFORMATION

Choose a strong password and keep it confidential. Anyone with your password may view/modify your information, communicate with MyfirmX and your Provider, and take other action. Prevent disclosure of your password to others. Protect your devices. Sign off after using shared computers. If you suspect unauthorized access or compromise, contact us immediately at support@myfirmx.com.

You may receive emails from MyfirmX that include treatment or account details. Safeguard your designated email address and restrict access to it.

ACCESSING, CORRECTING, UPDATING, AND DELETING YOUR PERSONAL INFORMATION

You may access/update certain information or deactivate your account from your profile page when logged in. You may also request access, correction, or updates by contacting support@myfirmx.com. We will make reasonable efforts to respond promptly. We may deny requests if doing so would violate law or make information inaccurate; we will inform you of the reason.

You may request deletion of your Personal Information. We will attempt to comply unless retention is required by law. When we delete your Personal Information, it is removed from active systems but may remain in archives. We may retain and use information that does not personally identify you. To the extent your Personal Information has been disclosed to third parties, we may be unable to access or cause deletion/modification by those parties.

REPORT VIOLATIONS

Report suspected violations of this Policy to support@myfirmx.com.

Shine the Light Disclosure (California). California Civil Code §1798.83 allows California residents to request information regarding categories of Personal Information disclosed to third parties or affiliates for their direct marketing. To request such disclosure, contact support@myfirmx.com and identify your request as “Shine the Light.”

Questions. If you have questions or concerns about this Policy, contact support@myfirmx.com.

STATE SUPPLEMENTAL PRIVACY NOTICES

CALIFORNIA PRIVACY RIGHTS NOTICE

This section applies only to California residents and controls over any conflicting terms above. The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and implementing regulations (collectively, the “CCPA”) require additional disclosures.

Personal Information collected in the last 12 months

See Information We Collect About You above for data points, which correspond to the following categories collected in the last 12 months:

• identifiers (e.g., name, address, email);
• personal information described in Cal. Civ. Code §1798.80;
• characteristics of protected classifications under federal/California law;
• commercial information (e.g., transaction data);
• internet or other electronic network activity (e.g., IP address);
• general geolocation;
• visual information (e.g., picture on driver’s license);
• Sensitive Personal Information (e.g., driver’s license, financial/payment information, medical information including information regarding sex life).

Purposes of Collection. See How We May Use Your Information.

Sources. See Information We Collect About You.

Retention. We may retain Personal Information, including Sensitive Personal Information, as long as needed/permitted for the purposes obtained and consistent with law, considering: (i) length of our relationship; (ii) legal obligations (e.g., recordkeeping); and (iii) legal position (e.g., statutes of limitation, litigation, regulatory inquiries).

Categories of Third Parties. In the last 12 months, all categories above were disclosed to the categories of third parties set forth in How We May Disclose Your Personal Information With Others for the business purposes described in How We May Use Your Information.

Sale or Sharing of Personal Information. We do not sell Personal Information for money. California law may treat certain disclosures for online behavioral advertising as a “sale” or “sharing.” In the past 12 months, we have sold or shared the following categories for such purposes to third‑party ad networks: identifiers; internet/electronic network activity; inferences. We have no actual knowledge of selling/sharing Personal Information of consumers under 16.

You may opt out of our “sale” or “sharing” of Personal Information via the Privacy Choices link on our Site.

Sensitive Personal Information. We may use/disclose certain Sensitive Personal Information relating to health data or inferences relating to sex life with third‑party ad networks. You may opt out as detailed above.

Your California Privacy Rights (subject to limits)

• Request to Delete: delete certain Personal Information we collected.
• Request to Access: access and receive a copy of specific pieces of Personal Information (mail or electronic, portable/usable format).
• Right to Know: request information about Personal Information collected in the last 12 months, including categories of PI, sources, purposes, third parties, and categories disclosed/sold/shared.
• Right to Correction: correct inaccurate Personal Information.
• Right to Opt Out of Sale/Sharing: opt out of sale/sharing for cross‑context behavioral advertising via the Privacy Choices link at the bottom of our Site.
• Right to Limit Use/Disclosure of Sensitive PI: limit to uses necessary to perform Services; exercise via Privacy Choices.
• Right to Non‑Discrimination/No Retaliation for exercising rights.

Submitting a Request (Delete, Access, Know, Correct). Email support@myfirmx.com. Include your full name, email address, and address associated with your account, and identify the rights you seek to exercise.

Who May Exercise. You, your parent/guardian (for a minor), or your authorized agent with written permission or lawful Power of Attorney.

Verification. We will acknowledge receipt and require sufficient information to verify identity/authenticity. Some requests require higher authentication. Authorized agent requests require verification of agent identity and your authorization. We may deny requests as permitted by law or if excessive, repetitive, or manifestly unfounded. You may appeal within 30 days of a denial by replying to the denial communication or emailing support@myfirmx.com.

Contact. Questions about this California notice: support@myfirmx.com.

ADDITIONAL STATE SUPPLEMENTAL PRIVACY NOTICE

For residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Nevada, Oregon, Texas, Virginia, or Utah

Consumer Privacy Rights

Subject to exceptions, you may have rights to:

• Access Personal Information we process about you;
• Data Portability in a portable, readily usable format (where technically feasible);
• Know what Personal Information we collect/use/disclose and our data practices;
• Correct inaccurate Personal Information we maintain about you;
• Request Categories of Third Parties to whom we disclosed your Personal Information (specific to you where maintained);
• Delete Personal Information we collected from/about you;
• Opt Out of sale of Personal Information, targeted advertising, and certain profiling. We do not sell PI for money or engage in profiling producing legal/similarly significant effects, but we do engage in targeted advertising. You may opt out via the Privacy Choices link on our Site.
• Non‑Discrimination for exercising your rights.

How to Exercise Your Rights

Submit requests to support@myfirmx.com with your full name, email, address associated with your account, and the rights you wish to exercise.

Opting Out of Targeted Advertising

Exercise your right via the Privacy Choices link at the bottom of our Site.

Consent for Sensitive Personal Information

We generally collect Sensitive Personal Information (e.g., health conditions/diagnosis) only to provide Services directly to you and with your consent. Some states may consider information shared with advertising partners to be Sensitive Personal Information. We will not engage in targeted advertising that uses such information in those states without your consent. Regardless, you may opt out of targeted advertising at any time via Privacy Choices.

Verification and Appeals

We will verify your identity as required by law using information you provide and factors such as data sensitivity and fraud risk. If we cannot verify your identity, we will decline and tell you why. You may appeal denials within 30 daysby emailing support@myfirmx.com. If we deny your appeal, you may be able to complain to your state’s Attorney General.

De‑identified Data Commitment

MyfirmX will not attempt to re‑identify de‑identified data that we maintain and use.