This Consumer Health Data Privacy Notice (“CHD Notice”) supplements the Website Privacy Notice of Everlywell, Everly Health Solutions, Natalist and their respective affiliates (“we”, “us” or “our”). Our Website Privacy Notice describes the personal information that we collect and the sources from which we collect it. This additional notice is required by the My Health My Data Act (“MHMDA”) in Washington and Nevada’s Consumer Health Data Privacy law (“NV CHDP,” together with the MHMDA, “Applicable Laws”), and applies only to personal information that may be considered “Consumer Health Data” under those laws.

This CHD Notice applies solely to Nevada and Washington consumers who interact with us in an individual or household capacity and applies only to “Consumer Health Data,” as such term is applied under the Applicable Law. For the residents of the state of Nevada, “Consumer Health Data” as used in this CHD Privacy Notice means personally identifiable information that is linked or reasonably capable of being linked to a consumer and that is used to identify the past, present or future health status of the consumer. For residents of the state of Washington, “Consumer Health Data” as used in this CHD Privacy Notice means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present or future physical or mental health status, including information about medical conditions as well as non-medical information that identifies a consumer’s physical or mental health status.

This CHD Notice does not apply where an exception or exemption applies under the Applicable Laws. For example, this CHD Notice does not apply to “protected health information” (“PHI”) that is received, maintained or created in performing services that are subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). For more information on our HIPAA data collection practices, please see our HIPAA Notice of Privacy Practices. Consumer Health Data also does not include publicly available information or personal information that has been deidentified.

As described in our Website Privacy Notice and our HIPAA Notice of Privacy Practices, the personal data we collect depends on the context of your interactions with our Platforms, the choices you make, the tools and features you use and your location. Consumer Health Data is broadly defined and some of the categories of data we collect would be Consumer Health Data if they were not excluded under Applicable Laws.

We may include the following categories of personal information, which qualify as Consumer Health Data if it were not excluded under Applicable Laws:

• Information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments (including medications, or other interventions);
• Diagnoses or diagnostic testing, treatments, or medications;
• Reproductive or sexual health information, such as sexually transmitted infection tests and medications, and ovulation and pregnancy tests;
• Bodily functions, vital signs, symptoms, or measurements of health information;
• Use or purchase of diagnostic tests or medications;
• Information that identifies an individual’s intention to seek health care services or products;
• Genetic data;
• Internet or Network Activity Information essential to running our website such as Internet Protocol (IP) address, Media Access Control (MAC) address, operating system and version, and Internet browser type and version which identifies your purchase or receipt of, or attempt to seek, health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health; and
• Information that we derive or extrapolate from data that is not Consumer Health Data, and then use to associate an individual to the information listed above.

These categories of personal information are specifically excluded under Applicable Laws:

• Personal data that is Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”);
• Health care information collected, used, or disclosed in medical records;
• Personal data used or shared in research as per 45 C.F.R. Part 46 and/or 21 C.F.R. Parts 50 and 56;
• Information that is de-identified and information derived from such de-identified data; and
• Information used only for clinical quality improvement activities, public health activities and purposes and “limited data sets,” as described in HIPAA.

We collect personal information, including Consumer Health Data, from the following categories of sources:

• Directly from you or your authorized representative when you use our services, engage with customer service, and any other way that you may be able to interact with us or our Platform. With your permission, we may also collect Consumer Health Data from another source provided by you like your connected device or profile.
• From third-party sources including telehealth providers and diagnostic laboratories, your health insurance company, your authorized representative, contracted service providers, and business associates as defined under HIPAA. We may engage third-party service providers to provide certain interactive features. By using these features, you understand that our vendors may process the information obtained through the feature to provide the Services on our behalf.
• From websites and mobile applications and automatically from devices you use to connect to our Services. For more information about this, please see our Website Privacy Notice, our HIPAA Notice of Privacy Practices, and our Everly Health Terms and Conditions and Natalist Terms of Service.
• We could collect information that includes Consumer Health Data if you voluntarily provided it in an open text field not related to medical care or research, such as the “leave a comment” box.

In many instances, we frequently do not use Consumer Health Data because the personal data we use are related to health care delivery, payment and/or operations that are specifically excluded from Applicable Laws. Those other uses of personal data collected are described where those data are collected, including in our Website Privacy Notice, our HIPAA Notice of Privacy Practices, consent forms, and other privacy notices and terms that provide disclosures about personal information.

To the extent we collect personal information, including Consumer Health Data, as described above, we may use it for the following purposes:

• To provide you with the services and products you have requested or authorized;
• Delivering the services and their features, including personalization of certain features;
• Ensuring the secure and reliable operation of the services and the systems that support them including troubleshooting and improving the services;
• Essential business operations that support the provision of the services such as analyzing our performance, meeting our legal obligations, developing our workforce;
• Conducting research and development;
• To fulfill our legal functions or obligations, such as maintaining and auditing compliance;
• Helping to ensure security and integrity of our systems, including detection and prevention of security incidents;
• To detect or prevent harmful behavior such as identity theft, fraud, harassment, or deceptive activities, or activities that are illegal under applicable law; and
• Other purposes for which we give you choices or obtain your consent as required by law – for example, for advertising or marketing purposes.

Where we require your consent to collect personal information for a specified purpose, a description of those purposes is provided to you at the time of collection.

As necessary for the purposes described above, we may share personal information, including Consumer Health Data, with following categories of third parties: 

• Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our services and operate our business, including, among these affiliates:

  • Everly Health, Inc., doing business as Everly Health

  • Everly Well, Inc., doing business as Everlywell

  • Baby Someday, Inc., doing business as Natalist

  • PWN Health, LLC, doing business as Everly Health Solutions

  • PWN Remote Care Services P.A., and its affiliated practices

  • Everly Diagnostics, Inc., doing business as EverlyDx

  • PWN Laboratory, LLC

• Service providers. We may disclose Consumer Health Data with service providers who do work on our behalf. They are required to protect information they receive from us or collect on our behalf and use it only for the purposes we allow.

• Business partners. We may share Consumer Health Data with other companies, for example, where you use a service that is co-branded and jointly operated with another company, or where you use our services to interact with another company. 

• Financial institutions & payment processors. When you make a purchase or enter into a financial transaction, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services. 

• Government agencies; Compliance with Law; Safety and Public Health.  We may disclose Consumer Health Data to the extent necessary to respond to subpoenas, court orders, or other legal processes; in response to a request for cooperation from law enforcement or a government agency; for safety or public health obligations; or to otherwise comply with our other legal and regulatory obligations; or if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of or to protect against suspected or actual illegal activity, including, but not limited to, security incidents.

• Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers. 

• Other users and individuals. If you use our services to interact with other users of the service or other recipients of communications, we will share data, including Consumer Health Data, as directed by you and your interactions. 

• The public. You may select options available through our services to publicly display and disclose certain information, such as an endorsement, demographic data, content and files, or other data, which may include Consumer Health Data.

You have certain rights regarding your Consumer Health Data, subject to certain legal limitations:

• Right to Access. You have the right to confirm whether we process your Consumer Health Data and to obtain information about how we process that data. 

• Right to Delete. You have the right to request that we delete your Consumer Health Data.

• Right to Withdraw Consent. If you provided consent for our processing of your Consumer Health Data, you may have the right to withdraw that consent.

• Right to Change. You have the right to ask that we change the Consumer Health Data that we collect.

You can contact us or exercise your rights by sending an email to:

• Mail: Attn: Privacy Officer, Everly Health, Inc., 823 Congress Avenue, 12th Floor, Austin, TX 78701

• Email: [email protected]

• Phone Number: 888-813-0230

We will verify and respond to your request consistent with Applicable Law. For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.  We may need to request additional personal information from you, such as your home address, email address and government issued ID, in order to protect against fraudulent requests.  If you want to make a request as an authorized agent on behalf of another individual under Applicable Law, as part of our verification process, we may request that you provide us with proof that you have been authorized by the individual on whose behalf you are making the request, which may include signed permission.

We will not discriminate against you for exercising your rights and choices, although

some of the functionality and features available on our websites and online services

may change or no longer be available to you.

If your request to exercise a right under is denied, you may appeal that decision. If your appeal is unsuccessful, you can file a complaint with the relevant government body in your state, including:

• Nevada State Attorney General at https://ag.nv.gov/Complaints/File_Complaint/

• Washington State Attorney General at www.atg.wa.gov/file-complaint

Changes to this CHD Notice.

From time to time, we may update this CHD Notice. If we make changes, we will revise the “Last Updated” date at the bottom of this CHD Notice. We encourage you to review this CHD Notice periodically to be sure you are aware of those changes.  Changes will become effective as of the “Last Updated” date.

Last Updated: May 16, 2024