AliveCor Privacy Policy

Date of last revision: April 28, 2017

Your privacy matters to us. Whether you are new to AliveCor or a long-time user of Kardia, you can learn about our privacy practices below, and contact us at privacy@alivecor.com if you have any questions.

This Privacy Policy describes how AliveCor, Inc. and its subsidiaries and affiliates (collectively " AliveCor ," " we ," " us") collects, processes, uses, discloses, and secures information we collect from users of our website, located at www.alivecor.com, (the " Site"), our software applications (" Software ," " App"), and services provided through the Site or Software (together, the " Service"). The term "you" refers to the person visiting or using the Service.

Our Privacy Policy explains:

1. What information we collect and why we collect it

We may collect the following types of information from you when you visit or use our Service. The information may be stored on the device you use to access the Service and on our servers.

2. How We Use the Information We Collect

We may use the information we collect for the following purposes and as permitted in any other agreements we have with you:

3. How We Share the Information We Collect

We may disclose the information we collect about you as described in this Privacy Policyand as permitted in any other agreements we have with you.

If your physician or healthcare provider uses a Kardia Pro account, you may also choose to connect to your physician or healthcare provider through the Service. If you connect to your physician or healthcare provider through the Service, we may share any of the information listed above through the Service with them. We do not share historical ECG information collected by the Service prior to the date you permitted the healthcare provider to access your information, although you may independently send historical ECG information to your healthcare provider.

Your physician or healthcare provider will handle any data it receives through the Service in accordance with their/its own privacy policies. We encourage you to read your health care provider's privacy policy. We are not responsible for providers' activities with respect to the information they receive through the Service.

Network Advertising Initiative: http://www.networkadvertising.org/choices/
Digital Advertising Alliance: http://www.aboutads.info/choices/

4. Your Rights and Choices Regarding Your Information

We offer you certain choices in connection with the information we collect about you.

You may contact us as indicated in the 'How to Contact Us' section of this Privacy Policy to exercise your rights and choices to your information. If we provide you with access to information, we may require you to pay a fee to meet our costs.

Kardia users may also contact us to:

We will retain information (1) submitted by a Kardia Pro user or (2) provided to a physician or healthcare provider from a Kardia user, in accordance with any agreements we have with such healthcare provider or physician. When a Kardia user terminates his/her Kardia account, we will delete the user's information that was not otherwise provided to a physician or healthcare provider. When we delete any information, it will be deleted from the active database, but may remain in our archives. You may terminate your account at any time by following the procedures detailed on the Service or by contacting customer support at support@alivecor.com.

We will continue to use de-identified and/or aggregated information, as permitted under applicable law and to comply with our legal obligations, agreements with physicians and healthcare providers, resolve disputes, enforce our rights, or similar purposes. You may delete the App to remove information stored on your device.

5. Compliance to HIPAA

Notwithstanding anything in this Privacy Policy to the contrary, to the extent we create, receive, maintain, or transmit (collectively, "Process") "protected health information" (as such term is defined in 45 C.F.R 160.103) in providing the Service, we shall only use and disclose that information in accordance with the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, "HIPAA"). HIPAA also requires us to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the protected health information we Process. Under HIPAA, the covered entity on whose behalf we Process your protected health information is generally required to provide or make available to you a Notice of Privacy Practices ("NPP"). The NPP is intended to provide notice on how the covered entity may use and share your protected health information and inform you about your health privacy rights.

6. International Data Transfers

We may transfer information we collect about you to countries other than the country in which the information was originally collected. If you are in the European Economic Area (EEA) or other region with laws governing data collection and use that differ from those of the United States, please note that your information may be transferred to countries located outside the EEA, in particular to the United States, where we are headquartered and where some of our service providers are located. Those countries may not have the same level of protection as the country in which you initially provided that information. When we transfer your information, we will protect it as described in this Policy.

7. Security of Your Information

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while AliveCor uses reasonable efforts to protect your information, AliveCor cannot guarantee its absolute security.

8. Children's Privacy

Our Service is not directed to children, and we do not knowingly collect personal information from children under 13. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please contact us at privacy@alivecor.com.

9. Links to Other Websites and Applications

The Service may provide links to other websites and applications for your convenience and information. These websites and applications may operate independently from us. Linked sites and applications may have their own privacy policies, which we strongly suggest you review. To the extent any linked websites or applications are not owned or controlled by us, we are not responsible for the sites' or applications' content, any use of the sites or applications, or the privacy practices of the sites or applications.

10. Changes to Our Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes to our information practices. We will post a prominent notice on our Service to notify you of any significant changes to our Privacy Policy and indicate at the top of the notice when it was most recently updated. Where required by law, we will seek your explicit consent to specific changes. You agree that AliveCor will reserve the right to occasionally notify you via email of any important changes to this Privacy Policy and/or service agreements.

11. Disputes

AliveCor is committed to resolving complaints about your privacy and our collection or use of your information. If you have any inquiries or complaints regarding this Privacy Policy please contact AliveCor at: privacy@alivecor.com.

12. How to Contact Us

AliveCor welcomes your comments or questions regarding this Privacy Policy and any request you may have to access, correct or delete your information. Please contact us at the following email address: privacy@alivecor.com. You also may write to:

AliveCor, Inc. Privacy Officer 444 Castro Street, Suite 600 Mountain View, CA 94041 USA

If you are located in the EEA, the entity responsible for the collection, use and processing of your personal information is:

AliveCor, Ltd. Herschel House 58 Herschel Street Slough SL1 1PG United Kingdom

00PL01 Rev. 10 | April 28, 2017