Privacy Notice

Last Updated: February 13, 2026

1. UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time in our sole discretion. If we do, we'll let you know by posting the updated Privacy Notice on our website, and we may also send other communications.

2. PERSONAL INFORMATION WE COLLECT

We collect personal information that you provide to us, personal information we collect automatically when you visit the Website, and personal information from third-party sources, as described below.

2.1 Personal Information You Provide to Us Directly

• Waitlist Sign Up. When you sign up for our waitlist to receive updates about Guardian Hub and our upcoming products and services, we collect personal information including your email address.
• Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or our web chat tool.

2.2 Personal Information Collected Automatically

• Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, an approximate location derived from the IP address).
• Usage Information. We may collect personal information about your interaction with the Website, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you interact with the Website.

2.3 Protected Health Information (PHI) from Guardian Hub

3. HOW WE USE PERSONAL INFORMATION

We use personal information for a variety of business purposes, including to administer the Website, process your requests, operate our business, and provide you with marketing materials, as described below.

3.1 Administer the Website and Process Your Requests

• Processing your request to join our waitlist;
• Providing confirmation and updates regarding Guardian Hub product launch or related developments; and
• Communicating with you in response to inquiries.

3.2 Operate Our Business

• Maintaining the security and functionality of our website;
• Prototyping and improving Guardian Hub (e.g., testing AI models with de-identified data only; PHI used solely for primary care functions);
• Complying with applicable legal obligations.

3.3 Marketing

We may use non-PHI personal information in connection with our marketing activities including to tailor and provide you with marketing communications, promotions, and offers that may interest you. PHI will never be used for marketing without your explicit HIPAA authorization.

3.4 With Your Consent or Direction

We may use personal information: (i) for other purposes that are clearly disclosed to you at the time you provide the personal information, (ii) with your consent, or (iii) as otherwise directed by you.

4. DATA SECURITY COMMITMENTS

We prioritize the security of all personal information, especially PHI. Our commitments include:

• Encryption: All PHI is encrypted in transit (TLS 1.3+) and at rest (AES-256).
• Access Controls: Role-based access limited to minimum necessary personnel; multi-factor authentication required.
• Breach Response: If we suspect a breach affecting 500+ individuals or PHI, we will notify affected users, HHS (per HIPAA §164.400), and regulators within 60 days. For smaller incidents, we notify within 30 days.
• Retention: Non-PHI retained for active waitlist (2 years max); PHI deleted post-prototype unless needed for care continuity (max 6 years per HIPAA).
• Audits: Annual third-party security audits during prototyping.

5. HOW WE SHARE PERSONAL INFORMATION

We share personal information with third parties for a variety of business purposes, including to administer the Website, to protect us or others, or in connection with a major business transaction such as a merger, sale, or asset transfer, as described below. We do not sell PHI or share it for advertising.

5.1 Disclosures to Administer the Website and Process Your Requests

• Service Providers. We may share personal information with service providers that assist us with the provision of the Website and communication with you under executed Business Associate Agreements (BAAs) if handling PHI (per HIPAA §164.504). This may include, but is not limited to, service providers that provide us with hosting services, customer service, analytics, PHI-compliant IT support, and related services. No PHI shared without BAA.
• Advertising Partners. We may share non-PHI personal information with third-party advertising partners. These third-party advertising partners may set technologies on the Website to collect personal information regarding your activities and your device. These advertising partners may use this personal information to tailor and deliver personalized ads to you when you visit digital properties within their networks.

5.2 Disclosures to Protect Us or Others

We may share your personal information and related information with external parties if we, in good faith, believe doing so is required or appropriate to comply with law enforcement requests, national security requests, or other government requests; comply with legal process, such as a court order or subpoena; protect your, our, or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual unauthorized or illegal activity.

5.3 Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be shared, sold, or transferred as part of such a transaction.

5.4 HIPAA Business Associates

Any third party handling PHI (e.g., cloud hosts like AWS) must sign a BAA ensuring HIPAA compliance, including safeguards, breach reporting, and subcontractor controls.

6. YOUR PRIVACY CHOICES

Your privacy choices about your personal information are described below.

• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will not be able to opt out of certain communications (e.g., updates to this Privacy Notice).
• "Do Not Track." Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
• PHI Rights. Request access, amendment, or accounting of disclosures for your PHI (HIPAA §164.524-528) via contact@omoomi.io.

7. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.

8. CHILDREN'S PERSONAL INFORMATION

The Website is not directed to children under 18 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided personal information to omoomi in violation of applicable law, you may contact us as described below.

9. CALIFORNIA RESIDENTS

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). For more information about your rights under California law, please contact us as described below.

10. CONTACT US

If you have any questions about our privacy practices or this Privacy Notice, please contact us at:

contact@omoomi.io