Consumer health data privacy policy

Last updated: May 2026

This Consumer Health Data Privacy Policy ("Consumer Health Data Privacy Policy" or "Policy") describes how BetterBrain Health, Inc. and its affiliates (collectively, "BetterBrain," "we," "us," or "our") process consumer health data, as that term is defined by applicable U.S. state laws ("Consumer Health Data"), collected through our platform, website, mobile applications, and related services (collectively, the "Services").

This Policy applies to the extent required by applicable U.S. state law, including Washington's My Health My Data Act ("MHMDA") and Nevada's Health Data Privacy Act ("NHDPA"). This Policy supplements our Privacy Policy. In the event of a conflict between our Privacy Policy and this Policy, this Policy controls with respect to Consumer Health Data to the extent consistent with applicable state law.

This Policy does not apply to: (a) Protected Health Information regulated by HIPAA, which is governed by the Notice of Privacy Practices of the relevant Affiliated Provider; or (b) Consumer Health Data that BetterBrain processes on behalf of enterprise customers under a business associate agreement or similar arrangement. For questions about that data, please contact the relevant enterprise customer.

1. WHAT IS CONSUMER HEALTH DATA?

Consumer Health Data is personal information that is linked or can reasonably be linked to you and that identifies your past, present, or future physical or mental health status. Under applicable state law, this may include:

  • Individual health conditions, symptoms, treatment, diseases, or diagnoses.
  • Social, psychological, behavioral, and medical interventions.
  • Health-related surgeries or procedures.
  • Use or purchase of prescribed medication.
  • Bodily functions, vital signs, symptoms, or measurements of health-related information.
  • Diagnoses or diagnostic testing, treatment, or medication.
  • Gender-affirming care information.
  • Reproductive or sexual health information.
  • Purchase or use of health and wellness products, including dietary supplements, where such purchase may identify you as seeking health care or reveal information about your health status.
  • Information that identifies you as seeking health care services.
  • Any inferences of the above categories of health data derived or extrapolated from non-health information.

Consumer Health Data is defined broadly under applicable law and some categories of data we collect may also constitute Consumer Health Data depending on context. This Policy does not cover information that has been de-identified or aggregated such that it cannot reasonably be used to identify you.

2. CONSUMER HEALTH DATA WE COLLECT

The Consumer Health Data we collect depends on how you interact with our Services. We collect Consumer Health Data from the following sources:

Information you provide directly

  • Contact and account data: name, email address, billing and mailing addresses, phone number, account username and password, date of birth, and biographical details.
  • Health-related data: mental or physical health history, conditions, diagnoses, treatments, medications, biomarkers, lab results, clinical notes, and other health information you self-report or upload through the Services, including through electronic intake forms or by linking a wearable device.
  • Transactional data: information about your purchases, orders, and subscriptions through the Services, including products purchased and transaction history.
  • Communications data: content of your interactions with us through the Services, including through our AI-powered tools and customer support channels.
  • Marketing data: your preferences for receiving our communications and your engagement with them.

Information we collect automatically

  • Device and usage data: IP address, device identifiers, browser type, operating system, and information about how you navigate and interact with the Services, including pages viewed and links clicked.
  • Location data: general location information (city, state) derived from your IP address, and precise geolocation if you authorize our mobile application to access your device's location.

Information from third-party sources

  • Affiliated Providers: healthcare providers, medical groups, laboratories, and other clinical partners with which BetterBrain works to make services available on the platform.
  • Linked third-party services and devices: wearable devices or health applications you choose to connect to your BetterBrain account.
  • Service providers: third parties that collect or provide data in connection with services they perform on our behalf.

Inferred data

We may create, infer, or generate Consumer Health Data from other data we collect. We may also create aggregated, de-identified, or anonymized data from Consumer Health Data by removing information that makes the data identifiable. Except as required or permitted by applicable law, we will not attempt to re-identify such data.

3. HOW WE USE CONSUMER HEALTH DATA

We use Consumer Health Data for the following purposes:

  • Service delivery and operations: to provide, operate, and improve the Services; process your orders and requests; establish and maintain your account; communicate with you about the Services; and provide customer support.
  • Service personalization: to understand your needs and interests, personalize your experience with the Services and our communications, and remember your selections and preferences.
  • Health and wellness recommendations: to provide personalized health insights, product recommendations, and AI-assisted guidance based on your health profile, subject to your consent where required by applicable law.
  • Insights and development: to analyze how the Services are used, improve our products and services, and develop new offerings. We do not use health-related data or genetic data for interest-based advertising.
  • Direct marketing: to communicate with you about new services, products, and offerings that may be of interest to you, subject to your preferences and applicable law.
  • Compliance and protection: to comply with applicable law, respond to legal process, protect the rights and safety of BetterBrain and others, and prevent fraud or illegal activity.
  • De-identification and research: to create aggregated, de-identified, or anonymized data for research, analytics, and service improvement purposes.

We do not sell Consumer Health Data. We do not share Consumer Health Data with third-party advertising platforms to target advertisements to you, and we do not permit third parties to use Consumer Health Data for their own advertising purposes or independent profiling. We may use Consumer Health Data to personalize product recommendations and health insights within the BetterBrain Services and Picks by BetterBrain where the use is necessary to provide a product or service you request, or where we have obtained your consent as required by applicable law.

4. HOW WE SHARE CONSUMER HEALTH DATA

We may share Consumer Health Data as described below, with your consent, or as otherwise required or permitted by applicable law.

  • Affiliated Providers: we share Consumer Health Data with healthcare providers, medical groups, labs, and other clinical partners as necessary to facilitate your access to clinical services through the platform.
  • Service providers: we share Consumer Health Data with third-party vendors and service providers that perform services on our behalf, including hosting, technology, analytics, customer support, and payment processing. These vendors are authorized to use Consumer Health Data only as necessary to provide services to us.
  • Corporate affiliates: we may share Consumer Health Data across our subsidiaries and corporate affiliates where we share common data systems or where access helps us provide the Services. Our clinical operating partners with whom Consumer Health Data may be shared in connection with your use of the Services may include Cognitive Nutrition & Wellness, LLC and Pesto Health, Inc., where applicable.
  • Legal and law enforcement: we will access, share, and preserve Consumer Health Data when we believe doing so is necessary to comply with applicable law, respond to valid legal process, or protect the rights, safety, or property of BetterBrain or others.
  • Business transactions: we may share Consumer Health Data in connection with an actual or prospective merger, acquisition, sale of assets, financing, or similar transaction, or in the event of insolvency or bankruptcy.
  • With your consent: we may share Consumer Health Data with other third parties when you direct us to do so or provide your consent.

We do not sell Consumer Health Data to third parties. We do not share Consumer Health Data with third-party advertising platforms to target advertisements to you, and we do not permit third parties to use Consumer Health Data for their own advertising purposes or independent profiling.

5. YOUR CONSUMER HEALTH DATA RIGHTS

Depending on where you reside or where your Consumer Health Data is collected, you may have the following rights under applicable consumer health data laws, including Washington's My Health My Data Act and Nevada's Health Data Privacy Act, subject to certain exceptions:

  • Right to access and confirm: you have the right to confirm whether we have collected, shared, or sold your Consumer Health Data and to access a copy of the Consumer Health Data we have collected about you.
  • Right to correction: you have the right to request that we correct inaccuracies in your Consumer Health Data.
  • Right to deletion: you have the right to request that we delete Consumer Health Data we have collected about you, subject to certain exceptions.
  • Right to withdraw consent: to the extent we rely on your consent to collect or share Consumer Health Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing that occurred before withdrawal.
  • Right to appeal: if we decline to act on your request, you have the right to appeal our decision. We will provide information about how to appeal in our response to your request.

To exercise any of these rights, please contact our Privacy Officer at legal@betterbrain.com. We may need to verify your identity before processing your request. We will respond to verifiable requests within the timeframe required by applicable law. We will not discriminate against you for exercising any rights described in this Policy.

Note: If you request deletion or withdrawal of consent for Consumer Health Data that is necessary for us to provide certain Services, we may not be able to continue providing those features of the Services to you. A deletion or withdrawal request submitted to BetterBrain may not apply to medical records maintained by Affiliated Providers, which may be retained as required by HIPAA, state medical record laws, professional obligations, or the provider's Notice of Privacy Practices.

6. DATA RETENTION

We retain Consumer Health Data for as long as necessary to fulfill the purposes described in this Policy, including to satisfy legal, accounting, or reporting requirements, to establish or defend legal claims, or to prevent fraud. When we no longer require Consumer Health Data, we will delete it, de-identify it, or isolate it from further processing.

7. SECURITY

We employ technical, organizational, and physical safeguards designed to protect Consumer Health Data against unauthorized access, disclosure, alteration, or destruction. No method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security. By using the Services, you acknowledge and accept these inherent risks.

8. CHANGES TO THIS POLICY

We reserve the right to modify this Policy at any time. If we make material changes, we will notify you by updating the date at the top of this Policy and posting it on the Services, or through other appropriate means. Your continued use of the Services after the effective date of any changes indicates your acknowledgment of the updated Policy.

9. CONTACT US

If you have questions about this Consumer Health Data Privacy Policy or wish to exercise your rights, please contact our Privacy Officer:

BetterBrain Health, Inc.

Attn: Privacy Officer

600 Superior Ave. E., Suite 1800

Cleveland, OH 44114

Email: legal@betterbrain.com