OSTEOCORE, INC. – CONSUMER HEALTH DATA PRIVACY POLICY

Effective Date: March 11, 2026

Note: This privacy policy applies to our collection, use, and disclosure of “Consumer Health Data” received or created due to your access to and use of certain items provided by us, “OsteoCore, Inc.” (referred to here as “OsteoCore,” “we,” “us,” or “our”). These items consist of our website at www.osteocore.com and www.theosteocore.com (the “Site”), the OsteoCore mobile application (the “Application”).  The Site and Application are referred to collectively as the “Services.” This policy applies to any personal information that we collect that may meet the definition of “Consumer Health Data” that is subject to state consumer health privacy laws, including the Washington State My Health My Data Act (“MHMDA”), and the Nevada Health Data Privacy Act (“NHDPA”).

Consumer Health Data We Collect

Because consumer health data is defined very broadly, many of the categories of data we collect through your use of our Application could be considered consumer health data.

Examples of consumer health data may include:

  • Information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions). For example, we may collect such information through surveys or other communication with you for research studies and improving product accessibility.
  • Measurements of bodily functions, vital signs, or characteristics, including photographs, which may be considered biometric information applicable state consumer health privacy law.
  • Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health, such as queries concerning nutrition, wellness, fitness, medical conditions, or other health-related topics.
  • Other information that may be used to infer or derive data related to the above or other health information.

Sources of Consumer Health Data

We collect personal data (which may include consumer health data) directly from you, from your interactions with our Application and Site.

Why We Collect and Use Consumer Health Data

We collect and use consumer health data as reasonably necessary to provide you with the Services available through our Site and Application. This may include delivering and operating the Services and their features, personalization of those features, ensuring the secure and reliable operation of the Services  and the systems that support them, troubleshooting and improving the Services, and other essential business operations that support the provision of the products (such as analyzing our performance, meeting our legal obligations, developing our workforce, and conducting research and development).

We may use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law – for example, for advertising or marketing purposes. See the How to Exercise Your Rights section below for more details on the controls and choices you may have.

Our Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described in our Privacy Policy. In particular, we may share personal data, including consumer health data, with your consent or as reasonably necessary to complete any transaction or provide the Services you have requested or authorized or interacted with, as described above.

Third Parties with whom we Share Consumer Health Data

As necessary for the purposes described above, we share consumer health data with the following categories of third parties:

  • Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to data to provide those functions.
  • Business partners. We may share consumer health data with other companies, for example, where you access Third-Party Materials through the Application.
  • Financial institutions & payment processors. When you make a purchase, we may disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
  • Parties to a corporate transaction. We may disclose consumer health data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
  • Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our services and operate our business.
  • Government agencies. In certain cases, we may be obligated to disclose data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.
  • Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.

How to Exercise Your Rights

If you are covered by certain state laws, such as the MHMDA, the NHDPA, then you may have certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You may exercise these rights as described in the “Your Personal Information Rights” section of our Privacy Policy. You can always contact us with questions by mail at OsteoCore Inc., 7 W. Figueroa St., Suite 300, Santa Barbara, CA 93101 or by email at contact@osteocore.com, or by phone at 805-724-4122.

If your request to exercise a right is denied, you may appeal that decision by contacting us as described above. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the applicable regulatory authority. In Washington and Nevada, those officials are the Washington State Attorney General at www.atg.wa.gov/file-complaint, or the Nevada State Attorney General at https://ag.nv.gov/complaints/file_complaint/.