Privacy Policy

Modality Privacy Statement

Last Updated: December 5, 2023

This Privacy Statement applies to all websites and apps owned and operated by Modality Inc. and its’ affiliates (“Modality”), including www.findmodality.com and any other websites, pages, features, or content we own or operate, and to your use of the Modality mobile app, if available, and any related Services.

The information Modality collects.

You may choose to provide us with information to receive certain services. You agree to let us use and share the information you submit for the purposes described in this Privacy Statement, or otherwise agreed to by you, including providing and customizing services, conducting our business (including for internal business operations, analytics, and to provide, develop, change, market or optimize our services and products), and to communicate and market to you directly or via third parties.

Please note that where we provide products and services as a business-to-business provider, Our client or affiliates are responsible for the collection and use of personal information while using our products or services, unless otherwise described. If We obtain personal data as a service provider, Our clients are also responsible for providing appropriate notice to individuals and, when applicable, obtaining any required consents.

The information you provide us and how we use it depends on the services you choose to access, or — if you are an authorized user of a product or service purchased by our client — our contract with the client, and may include:

• Name, date of birth, and demographic information (e.g., age, gender, etc.)
• Business contact information: information that you would find on a business card, such as name and email address
• Home, work and/or mobile phone number
• Home, work, billing, and/or shipping addresses
• Messages from you
• [Health, prescription, pharmacy, and related information]
• Insurance information
• Professional information (e.g., National Provider Number (“NPI”))

Specific situations in which you may provide us with information include but are not limited to:

• You may need to provide your name, email address, and country or region of residence to create an account to access certain services, use a product, or make a request. Your email address may be used to contact you in relation to any services to which you subscribe.
• Your business contact information may be used to contact or communicate with you about business matters.

How we collect information

• You: We collect information you provide to us when you register with us in order to subscribe to Our services (including when you link your account on a third-party site or platform with your Modality account, such as via Google or Apple), participate in forums or other activities on our sites, features, and applications, or otherwise interact with us using one or more devices.
• Service Providers: We may collect information through service providers who use a variety of technologies and tools, such as cookies, analytics tools, software development kits, application program interfaces, web beacons, pixels, and tags when you visit, use or interact with our Services. For more detail on how we collect and use Web-Behavior Information, please see our Cookie Policy. [link to relevant page below]
• Other Third Parties: We may receive information about you from other users, individuals, our corporate affiliates, or other third parties.
• Modality: We may infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics.

How we use your information

We use your information to:

• Provide our Services, including to develop, operate, improve, maintain, and safeguard our Services, including developing new product tools and features
• Analyze and measure trends and usage of the Services
• Communicate with you, including customer support, or to share information about our Services or other offers or information we think may be relevant to you
• Personalize, contextualize and market our Services to you
• Provide cross-context behavioral or targeted advertising
• Enhance the safety, integrity, and security of our Services, including prevention of fraud and other unauthorized or illegal activities on our Services
• Verify your identity and administer your User Account
• Enforce, investigate, and report conduct violating our Terms of Service or other policies
• Conduct surveys or polls, and obtain testimonials or stories about you
• Comply with our legal, licensing, and regulatory obligations
• Conduct research, if you choose to participate

Data sharing

Modality is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:

• Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
• Related Companies: We may also share your Personal Data with our related companies and affiliates for purposes outlined within this Privacy Statement.
• Vendors, Consultants and Other Service Providers: Modality, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
• Third Party Applications: Modality may provide you with opportunities to connect with third-party applications or services. If you choose to use any such third-party applications or services, we may share information about you including your username and any information you choose to use in connection with those applications and services, and such third parties may contact you directly as necessary. This Privacy Statement does not apply to your use of such third-party applications and services, and we are not responsible for how those third parties collect, use and disclose your information. We encourage you to review the privacy policies of those third parties before connecting to or using their applications or services to learn more about their information and privacy practices.
• Legal Compliance: In certain situations, Modality may disclose your information to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and Terms of Service, (c) to protect the security or integrity of our Services, (d) to protect Modality, our clients or the public from harm or illegal activities, (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person or (f) to any other third party with your prior consent.
• Aggregated Data: We may also share aggregated information that no longer identifies individual users and other de-identified information with third parties.

Security Measures

We implement physical, technical, and administrative measures aimed at preventing unauthorized access to or disclosure of your Personal Information. Our team regularly reviews and improves our security practices to help ensure the integrity of our systems and your Personal Information.

Please recognize that protecting your Personal Information is also your responsibility. Be mindful of keeping your password and other authentication information safe from third parties, and immediately notify Modality of any unauthorized use of your login credentials. Your password is not visible to Modality staff, and we encourage you not to share your password with Modality or any third parties. Modality cannot secure Personal Information that you release on your own or that you request us to release.

Third Party Content and Integrations

Our Services may contain third party content, integrations or links to third party websites operated by organizations not affiliated with Modality. Through these integrations, you may be providing information to the third party as well as to Modality. Since we can only control our own Services, we are not responsible for how those third parties collect or use your information so please review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our Services.

Federal, State, and Region-Specific Information

California, Virginia and Colorado residents have the rights listed here[link to relevant page below]. However, these rights are not absolute and exceptions apply, so in certain cases we may decline your request as permitted by law.

Resident of the European Economic Area (EEA), the UK, Switzerland and others have their rights listed here[link to relevant page below].

Retention of Personal Information

We retain Personal Information for as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.

Changes to this Privacy Statement

We may make changes to this Privacy Statement from time to time. We’ll let you know about those changes here or by reaching out to you via email or some other contact method, such as through in-app notification, or on another website page or feature.

Contact Information

If you have questions about this Privacy Statement, or have a complaint or inquiry, please email Modality’s Privacy Administrator at [email protected], call us at [], or send a letter to:

Privacy Administrator; Modality Inc.; [address]

Cookie Policy

Last Updated: December 5, 2023

This Cookie Policy explains how Modality uses cookies and similar tracking technologies when you visit or use our Services. We encourage you to read the full Cookie Policy to understand how we use cookies, and your related choices. We will generally refer to cookies, web beacons, flash cookies, pixels, and other tracking technologies collectively as “cookies” in this policy.

1. What are Cookies?

Cookies are text files, containing small amounts of information, which are downloaded to your device as you browse the web or use a web-enabled app. We use cookies to deliver, secure, and understand use of our Services and ads.

There are two types of cookies: session cookies and persistent cookies. A session cookie lasts while your browser is open and is automatically deleted when you close your browser. A persistent cookie lasts until you or your browser deletes the cookies, or they expire.

Cookies set by us are called “first party cookies,” while cookies set by parties other than Modality are called “third party cookies.” The parties that set third party cookies can recognize your device, both when you use our Services and when you use other websites or mobile apps. To understand how other companies use cookies, please review their policies. Both first party and third party cookies can serve a number of different functions, such as analytics, marketing and advertising.

2. How does Modality use cookies and other tracking technology?

Like most online services, Modality uses cookies in order to do things like keep your Modality data secure, help us improve our Services, understand how you engage with web content and emails we send, and provide you with relevant advertising. You can find out more about the cookies we use in the table below.

3. What are my privacy options?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features. You may be able to add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by sending an email to [email protected] Some information may remain in our records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.

4. How does Modality use third party social plugins?

Modality uses social plugins provided and operated by third parties, such as a Facebook “share” button. If you choose to use social plugins, you may be sharing information with the company that manages the social plugins (“Social Media Third Party”) during your interactions. This means that the Social Media Third Party may be able to link information or actions about your interactions with the Modality Services to your account with them. Please refer to the Social Media Third Party’s privacy policies to learn more about its data practices.

5. Will this Cookie Policy be updated?

We will update this Cookie Policy from time to time. You can also revisit this page to stay informed.

If you have any questions regarding Modality’s Cookie Policy please contact us at [email protected]

Privacy Notice for U.S. State Residents

Last Updated: December 5, 2023

Summary

This policy, together with the Modality Privacy Statement, includes the information and disclosures we are required to provide to you under U.S. State Data Protection Laws. You should read them both carefully.

This Privacy Notice for U.S. State Residents applies to residents of California, Colorado, Virginia, Utah, and Connecticut and contains information required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act, the Colorado Privacy Act (“CPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Connecticut Data Privacy Act (“CTDPA”) (collectively, “U.S. State Data Protection Laws”), as amended or replaced from time to time, along with any implementing regulations, and supplements our privacy statement.

This policy, together with the Modality Privacy Statement, includes the information and disclosures we are required to provide to you under U.S. State Data Protection Laws. You should read them both carefully.

Modality applies certain privacy controls to all U.S. customers. For example, all customers can request a copy of their data, request deletion, and control their privacy settings in their Account Settings. This notice makes sure we cover state-specific requirements. In the event of any conflict between the terms of this notice and the Privacy Statement, the terms of this notice prevail.

Here is a summary before we dive into the details:

• You have the right to know whether we sell or share your Personal Information and opt-out of a sale or sharing of your Personal Information with a third party.
• You have the right to receive an overview of the Personal Information we collect, how we use it, and who we share it with.
• You have a right to limit use and sharing of your sensitive Personal Information.
• You have the right to access your Personal Information and get a copy of it.
• You have the right to correct inaccurate Personal Information.
• You have the right to delete your Personal Information.
• You or your authorized agent can always contact us if you have a question at [email protected].

1. Your Rights

When we talk about “Personal Information” in this notice, we mean any information that identifies, relates to, describes, is capable of being associated with you, or could reasonably be linked, directly or indirectly, with you, and as otherwise defined in the U.S. State Data Protection Laws. The U.S. State Data Protection Laws do not consider publicly available information, deidentified, or aggregate consumer information as “Personal Information.”

We will not attempt to reidentify deidentified information (except as necessary to test our deidentification processes to ensure no individuals can be identified) and will use it only in deidentified form.

Let’s start with your privacy rights first. You have the right to:

• Know what Personal Information we collect, use, disclose, share, or sell.
• Receive a copy of your Personal Information.
• Correct inaccurate Personal Information.
• Delete your Personal Information.
• Receive your Personal Information in a portable and, if technically feasible, in a readily usable format.
• Opt out of: targeted advertising; the sale or sharing of your Personal Information with third parties; and/or, profiling in the furtherance of decisions that produce legal or similarly significant effects.
• Limit the use and sharing of your sensitive Personal Information. Sensitive Personal Information includes, but is not limited to, Personal Information that reveals your racial or ethnic origin, religious beliefs, mental or health conditions or diagnosis, sex life or sexual orientation, citizenship or immigration status, genetic data, precise geolocation, or as otherwise defined in applicable U.S. State Data Protection Laws. Your Modality Registration Information, Genetic Information, and Self-Reported information likely include sensitive Personal Information.
• Not receive discriminatory treatment if you exercise your privacy rights.

If you do not have a Modality account and would like to make a privacy rights request, or to appeal an action we made related to your privacy request, you can email us at [email protected] with the subject line “Privacy Rights Request”. We will require some additional information to verify your identity in order to process your request. Alternatively, you may exercise your privacy rights through an authorized agent. If you use an authorized agent, we will require you to verify your identity and confirm that you have provided the authorized agent permission to submit the request on your behalf.

We will respond to your request within 45 days, and in more difficult cases we may extend our response time by another 45 days. The easiest way to exercise your rights is through your Account Settings so we can quickly verify your identity. Your rights under the U.S. State Data Protection Laws are not absolute and Modality may exercise limitations or exemptions as permitted by the U.S. State Data Protection Laws.

Notice of Right to Opt-Out of Sale/Sharing

Like many websites, Modality uses cookies (including other tracking technologies) for targeted or cross-context behavioral advertising. Cookies require your Web-Behavior Information to work.

Under the CCPA, this use of your data for cross-context behavioral advertising may constitute a “sale” or “sharing” of personal information. We let advertising providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our sites and apps when you use our online service. In the past 12 months, these categories of personal information may have been “sold” or “shared” as defined under CCPA. We do not have actual knowledge of selling or sharing personal information of users under the age of 16.

File a complaint under the California Genetic Information Privacy Act or the Virginia Genetic Information Privacy Act

We encourage you to reach out to us with any complaints or concerns at [email protected] Residents of the state of California or the state of Virginia may also file complaints if they believe certain rights were infringed under the California Genetic Information Privacy Act or the Virginia Genetic Information Privacy Act.

If you are a California resident, you may file a complaint with the California Attorney General, or your California county district attorney. Residents of cities with more than 750,000 residents may file a complaint with their city attorney, and residents of cities with full-time city prosecutors may file a complaint with their city prosecutor. If you wish to file a complaint with your district attorney, city attorney, or city prosecutor, contact their local office for more information.

If you are a Virginia resident, you may file a complaint with the Virginia Attorney General, or contact the Virginia Consumers Protection Hotline at 1-800-552-9963.

2. What We Collect

As detailed in our Privacy Statement, we collect Personal Information for various purposes with privacy principles in mind.

Below, we describe the categories of Personal Information as defined under the CCPA for California residents, and may include reference to certain key definitions from our Privacy Statement. Some of the categories below require separate opt-in consent and these categories do not necessarily reflect all of the types of information that we may collect about you. We will provide you a separate notice if we collect any additional Personal Information about you. Some Personal Information included in the categories may overlap with other categories.

In the last twelve (12) months, we have collected the following categories of Personal Information:

• Identifiers: Registration Information and information contained in Web-Behavior Information and/or User Content such as your name, display name, address, online identifier, IP address, email address, username, or other similar identifiers.
• Personal information categories listed in the California Customer Records provisions: Certain information from Registration Information (including payment information), certain User Content (such as your name, address, or phone number), and/or certain Self-Reported Information (such as details about your employment or education).
• Characteristics of protected classifications under California or federal law: Certain information from Registration Information, Self-Reported Information, and/or User Content, such as your age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, and genetic information (including familial genetic information).
• Commercial information: Certain information from Self-Reported Information and/or User Content such as products or Services purchased, obtained, or considered, survey responses regarding past purchasing history, information about products you purchased or considered, or other purchasing or consuming histories or tendencies.
• Audio, electronic, visual, thermal, olfactory, or similar information: Certain information from Self-Reported Information and/or User Content you provide to us through surveys or other engagement on our platform, such as when you upload a profile picture.
• Professional or employment-related information: Certain information from Self-Reported Information and/or User Content such as education, household income, occupation, and other professional information. This information can be collected when you apply for a job with Modality, fill out a survey, or otherwise engage with us.
• Biometric information: Certain information from Self-Reported Information and/or User Content such as physiological, behavioral, and biological characteristics that can be used to establish an individual’s identity. To the extent we collect this information, we collect it directly from you when you choose to share it with us.
• Internet or other electronic network activity information: Web-Behavior Information such as data generated from your use of our Services and collected through log files, cookies, web beacons, and similar technologies. Such information may include your browser type, domains, page views, how long you spent on a page or feature of the website, or other data about your engagement with our Services.
• Geolocation data: Web-Behavior Information that includes the identification or estimation of physical location or movement.
• Sensitive personal information: some self reported information may be considered “sensitive.” This includes data that reveals your: social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to your account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; mail, email, and/or text messaging contents where Modality is not an intended recipient; and genetic data.

Modality may access publicly available information or public records from federal, state, or local government records (e.g., vital records, census data).

3. How We Use Your Personal Information

As defined under the CCPA for California residents, Modality may use Personal Information listed above for the purposes described below or at your direction. Such purposes include:

• Providing Services: To provide our Services to you, including maintaining or servicing your account, providing customer service, processing or fulfilling orders and transactions, and more.
• Audit: Auditing related to a current interaction and concurrent transactions, or compliance with applicable laws or standards.
• Security and Integrity: Detecting security incidents, maintaining integrity, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
• Debugging: Debugging to identify and repair errors that impair existing intended functionality.
• Transient Use: Short-term, transient use, including, but not limited to, non personalized advertising shown as part of your current interaction with our business, provided that your Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction.
• Advertising and Marketing: To provide advertising and marketing to you, including cross-context behavioral advertising.
• Research and Development: Internal research that Modality performs to improve and develop its products and services.
• Quality Assurance and Product Improvement: Activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Modality, and otherwise to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Modality.

If you have given your explicit consent, for example via a data transfer authorization or other consent document, we may use, disclose, or share your Personal Information for commercial or research purposes to third parties.

In the past 12 months, we have disclosed Personal Information to service providers and contractors for the business purposes described above, and to third-party advertising and marketing companies for cross-context behavioral or targeted advertising.

We do not use or disclose sensitive Personal Information for purposes other than the business purposes permitted by CCPA, which include, for example, to perform our services, to detect and prevent security incidents, to perform services on behalf of the business, and other purposes as allowed by CCPA.

4. Changes to this notice

Modality will periodically review and update this notice. We recommend visiting this page to stay aware of any changes. If we modify this notice, we will make the revised notice available through our website.

EEA, UK and Switzerland Privacy Notice

Last Updated: December 5, 2023

This EEA, UK and Switzerland Privacy Notice (“Notice”) explains how Modality complies with certain privacy rights specifically available to individuals located in the European Economic Area (inclusive of the European Union) (“EEA”), United Kingdom (“UK”), or Switzerland.

1. Our relationship with you

We are the “controller” of your Personal Information because we determine the means and purposes of processing your information when using our Services.

2. Legal bases for processing Personal Information

The laws of your country require us to rely on certain conditions to process your information. When we process your information, we rely on the following conditions or “legal bases”:

• Your consent
• Legal obligations
• Contracts we entered with you or to take steps at your request prior to entering into a contract with you
• Legitimate interests to protect our property, rights or safety of Modality, our customers or others.

3. Privacy Rights

Residents of the EEA, UK, and Switzerland have the right to access, delete, correct, withdraw their consent, and have portability of their information. We believe all our customers should have strong privacy controls, which is why our Privacy Statement outlines how you can access, download, and delete your personal information and you can contact [email protected] for further assistance. In addition, you have the right to object or restrict the processing of your Personal Information. To exercise such rights, please contact us at [email protected] We will handle your request under applicable law, and, in some cases, your ability to access or control your Personal Information will be limited as required or permitted by applicable law.

4. International Transfers

We are a global business, meaning your Personal Information will likely be transferred to, stored, and processed in the U.S. and other countries outside of where you live. When we conduct such transfers, we rely on various legal bases to lawfully transfer Personal Information around the world, including fulfillment of our agreements with you, your prior consent, adequacy decisions for relevant countries, or other transfer mechanisms as may be available under applicable law, such as the European Union Commission approved standard contractual clauses.

In cases where Personal Information may be transferred to or processed in locations outside of the European Economic Area (EEA), UK, and Switzerland, which have not been determined by the European Commission, UK ICO, or Swiss FDPIC to have an adequate level of data protection, Modality takes measures designed to provide the level of data protection required in the EU, UK, or Switzerland including ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission or another adequate transfer mechanism. Modality has entered into transfer agreements based on the Standard Contractual Clauses which allows for the processing and transfer of personal data.

In addition, Modality complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Modality has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Modality has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Modality is responsible for the processing of Personal Information it receives or subsequently transfers to a third party acting as an agent on its behalf. Modality complies with applicable data protection law, including Data Privacy Framework Principles for all onward transfers of Personal Information from the EEA and Switzerland, including the onward transfer liability provisions in the Data Privacy Framework Principles.

With respect to Personal Information received or transferred pursuant to the Data Privacy Framework Principles, Modality is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Modality may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-US Data Privacy Framework Principles, Modality commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact:

Privacy Officer

Modality Inc.; []

5. Complaints or Questions

If you have any questions about our privacy practices or believe that we have infringed your rights, we encourage you to contact us directly at:

Privacy Officer