LEGAL

Notice of Privacy Practices

Last updated: April 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

REVÍ is a digital platform that may coordinate access to independent licensed healthcare providers, pharmacies, and related care partners. Healthcare services made available through the platform may involve the creation, use, and disclosure of protected health information (“PHI”) under applicable privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), where applicable.

This Notice applies to PHI created or maintained by participating providers, professional entities, affiliated service partners, and others who are legally required to follow this Notice in connection with healthcare services coordinated through REVÍ.

I. Our Commitment to Your Privacy

We understand that health information is personal. We are committed to protecting your privacy and maintaining the confidentiality of your protected health information. We are required by law to:

• Maintain the privacy and security of your PHI.
• Provide you with this Notice of our legal duties and privacy practices.
• Follow the terms of the Notice currently in effect.
• Notify you if a breach occurs that may have compromised your PHI, when required by law.

II. What Is Protected Health Information?

Protected health information includes information that identifies you and relates to your past, present, or future physical or mental health, the provision of healthcare to you, or payment for healthcare services.

Examples may include your name, date of birth, contact information, consultation responses, diagnosis, prescriptions, provider notes, uploaded photos, medication history, treatment recommendations, refill requests, payment records related to care, and communications regarding healthcare services.

III. How We May Use and Disclose Your PHI Without Additional Authorization

A. Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. For example:

• Sharing intake responses with a licensed provider for review.
• Sending prescriptions to a pharmacy.
• Communicating with providers regarding treatment progress.
• Reviewing uploaded scalp or hairline photos for care decisions.
• Coordinating follow-up care, refills, or recommendations.

B. Payment

We may use and disclose PHI to obtain payment for healthcare services or products related to treatment. For example:

• Processing consultation fees or treatment charges.
• Verifying transactions or investigating billing issues.
• Sending billing information to payment processors where necessary.

C. Healthcare Operations

We may use and disclose PHI for operational purposes needed to run healthcare services, including:

• Quality improvement and clinical review.
• Staff training and credentialing.
• Audits, compliance, and accreditation.
• Business planning and internal administration.
• Fraud prevention and security monitoring.

D. Appointment and Service Communications

We may contact you regarding treatment updates, refill reminders, account notices, appointment reminders, portal messages, follow-up recommendations, and similar healthcare communications.

E. Individuals Involved in Your Care

We may share relevant PHI with family members, caregivers, or others involved in your care or payment for care when you agree, request it, or when permitted by law.

F. Required by Law

We may disclose PHI when required by federal, state, or local law, including court orders, subpoenas, or government investigations.

G. Public Health and Safety

We may disclose PHI for public health activities or to prevent a serious threat to health or safety when permitted by law.

H. Health Oversight Activities

We may disclose PHI to agencies responsible for oversight of healthcare systems, licensing, audits, inspections, investigations, and compliance activities.

I. Law Enforcement

We may disclose PHI to law enforcement officials under limited circumstances allowed by law.

J. Research

Certain uses of PHI for research may be permitted under applicable law with appropriate safeguards or approval processes.

K. Business Associates

We may share PHI with service providers who perform functions on our behalf, such as secure technology hosting, communications, billing, analytics, legal support, and administration. These parties are required to protect PHI as required by law.

IV. Uses and Disclosures Requiring Your Authorization

For uses not described above, we will obtain your written authorization when required by law. You may revoke an authorization in writing at any time, except to the extent action has already been taken in reliance on it.

Authorization may be required for certain marketing uses, sale of PHI, or certain disclosures of psychotherapy notes where applicable.

V. Your Rights Regarding PHI

1. Right to Access and Receive Copies

You may request access to certain PHI maintained about you and request a copy in paper or electronic form where permitted by law.

2. Right to Request Amendment

If you believe PHI we maintain is incomplete or inaccurate, you may request a correction or amendment. We may deny certain requests as permitted by law.

3. Right to Request Restrictions

You may request limits on certain uses or disclosures of your PHI. We are not always required to agree, except where required by law.

4. Right to Confidential Communications

You may request that we communicate with you in a certain way or at a certain location, such as by email only, text only, or alternate mailing address.

5. Right to an Accounting of Disclosures

You may request a list of certain disclosures of your PHI made during a specified period, as required by law.

6. Right to a Paper Copy of This Notice

You may request a paper copy of this Notice at any time, even if you agreed to receive it electronically.

7. Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services. You will not be retaliated against for filing a complaint.

VI. How to Exercise Your Rights

To exercise any privacy right, submit a written request to the contact information listed at the end of this Notice. We may need to verify your identity before responding.

VII. Security Measures

We use reasonable administrative, technical, and physical safeguards designed to protect PHI, including secure systems, limited access controls, encryption where appropriate, vendor oversight, and monitoring practices.

However, no system is completely secure. You are responsible for protecting your own devices, passwords, and account access.

VIII. Telehealth and Electronic Communications

Healthcare services coordinated through REVÍ may involve telehealth technologies such as online forms, secure messaging, photos, video, phone, or remote communications. By using these services, you acknowledge there are inherent privacy and security risks associated with electronic communications despite safeguards.

IX. State Law Protections

Some states provide privacy protections that are stricter than federal law. Where applicable, we will comply with more protective state requirements.

X. Minors

REVÍ services are intended for adults age 18 and older unless otherwise specifically permitted by law and program design.

XI. Changes to This Notice

We reserve the right to revise this Notice and make the revised Notice effective for PHI we already maintain and any future PHI we receive. Updated versions may be posted on our website with a revised effective date.

XII. Questions or Complaints

If you have questions about this Notice or wish to file a complaint, contact:

REVÍ Health Privacy Office
Email: privacy@revihealth.com
Address: [Insert Business Address]
Phone: [Insert Phone Number]

You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.