TopMD Health Privacy Policy

What Personal Information Does TopMD Health Collect?

TopMD Health collects personally identifiable data during account creation and when you submit information while using the Platform or Services. This data includes:

• Data you provide when creating a TopMD Health account, such as your name and email address.
• Data you provide or generate when using your TopMD Health account, such as chat message history, usage history, and crash analysis data.
• For patients using TopMD Health second opinion services: scheduling information, medical history, photos, and notes entered into the Platform.
• For healthcare providers using TopMD Health: scheduling information and the data you and your patients enter into the Platform.

How Does TopMD Health Use the Personal Information It Collects?

TopMD Health collects this data for the following purposes:

• To verify the user’s legal right to use the Platform.
• To identify accounts when support is requested.
• To inform users of product changes and updates.
• To allow healthcare providers to assist patients through the Platform.
• To ensure HIPAA compliance regarding auditing and data security.
• For support, communication, and marketing purposes.
• To notify users of account or subscription status.
• To enforce licensing and terms of use.
• For aggregate data analysis to study and improve the Platform.
• To provide products, features, and services to users.
• To enable secure use of TopMD Health features.

TopMD Health does not use personally identifiable information for any purposes other than those listed above. We protect all personal data using reasonable security safeguards against unauthorized access, loss, disclosure, copying, or modification.

TopMD Health does not share personal data with non-agent third parties. If this practice changes, we will amend this policy and provide individuals with an opportunity to opt out. Retention periods for each type of data depend on the reason for its collection and compliance requirements. Personally identifiable data may be retained for an extended period to meet legal and contractual obligations.

How Does TopMD Health Share Personal Information with Third Parties?

TopMD Health does not sell, rent, trade, or share personal information with non-authorized third parties, except where required by law. Any transmission of health data to authorized providers is done with prior consent.

How Does TopMD Health’s Website Use Cookies?

TopMD Health uses cookies and similar technologies to improve your browsing experience. Cookies may be first-party (set by our site) or third-party (set by partners providing analytics or functionality).

You may delete or block cookies through your browser settings. Blocking cookies may limit some functionality of our website but will not prevent general use.

How Does TopMD Health Protect Your Personal Information?

TopMD Health secures your personal information using encryption and FIPS-validated cryptographic mechanisms. All data transmissions are encrypted, and access to personal data is strictly limited to authorized personnel.

Your Rights to Your Personal Information

TopMD Health complies with applicable data protection laws and enables users to exercise their privacy rights. You have the right to:

• Know what personal data is collected, how it’s used, and who it’s shared with.
• Request correction or deletion of inaccurate personal information.
• Request that your data be blocked or removed when it’s no longer necessary.
• Opt out of disclosures of personal information to third parties.

To exercise these rights, contact us at info@topmdhealth.com. We may verify your identity before processing your request.

GDPR Data Rights for Residents of the EEA, UK, or Switzerland

If you reside in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data is governed by the GDPR and relevant national laws. You have the right to:

• Access, correct, receive, or delete your personal data.
• Lodge a complaint with your local data protection authority if you believe your rights have been violated.

For contact details of EEA data protection authorities, visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en. Requests can be sent to info@topmdhealth.com. TopMD Health will respond to all verified requests in accordance with applicable law.

Notice: Transfers of Your Personal Information Outside the EEA, UK, and Switzerland

TopMD Health is based in the United States and processes all data in the U.S. Your personal information may be stored and accessed in jurisdictions that may not offer the same data protection standards as your home country.

EU-U.S. Data Privacy Framework

TopMD Health complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the DPF, as administered by the U.S. Department of Commerce. We have certified adherence to the DPF Principles regarding personal data received from the EU and the UK. For details, visit https://www.dataprivacyframework.gov/.

Enforcement Authority: The Federal Trade Commission (FTC) has jurisdiction over TopMD Health’s compliance with the DPF.

Liability for Onward Transfers: TopMD Health remains responsible for the handling of personal data transferred to third parties under the DPF, unless we prove that we are not responsible for the event giving rise to the issue.

Complaints: If you have concerns about how your data is handled under the DPF, contact us at info@topmdhealth.com. Unresolved issues may be referred to the Data Privacy Framework Services, operated by BBB National Programs: https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers. Under certain conditions, you may invoke binding arbitration as a final remedy.

California Consumer Data Collection and Sharing Practices (CCPA)

If you reside in California, your personal information is governed by the California Consumer Privacy Act (CCPA). TopMD Health collects, uses, and may share information that identifies or can be associated with you when you interact with our website or Services.

We collect personal information for the same purposes outlined above and share data only as described in "How Does TopMD Health Share Personal Information with Third Parties?". We do not sell personal information. We only share limited data with trusted partners to support service delivery, and such sharing is governed by strict contractual safeguards.

You have the right to:

• Know what personal data we collect and how it’s used.
• Request disclosure or deletion of your personal information.
• Opt out of the sale or disclosure of personal data.
• Request correction of inaccurate information.

To exercise these rights, email info@topmdhealth.com with "Request for California Privacy Information" in the subject line.

Nevada Considerations

If you reside in Nevada, your data rights are governed by Nevada law. You may access, correct, or request that your personal information not be sold to third parties by contacting info@topmdhealth.com. We generally do not sell personal information. Verified requests will be processed within sixty (60) days, and if delayed, you will be notified with an expected completion date.

Changes to This Policy

TopMD Health reserves the right to modify this Privacy Policy at any time to reflect updates in law, technology, or business practices. Changes will take effect immediately upon posting.

Contact Us

If you have any questions or concerns regarding this Privacy Policy or your personal information, please contact:

• Email: info@topmdhealth.com
• Address: 320 High Street, Palo Alto, California 94301, USA
• Website: https://www.topmdhealth.com