This Privacy Notice describes how Smylen, Inc. (“we”, “us,” “our”) collects, uses and discloses information about individuals who use our website, applications, services, tools and features, or otherwise interact with us (collectively, the “Services”). For the purposes of this Privacy Notice, “you” and “your” means you as the user of the Services, whether you are a customer, website visitor, job applicant, representative of a company with whom we do business, or another individual whose information we have collected pursuant to this Privacy Notice. Please note that the Services are designed for users in the United States only and are not intended for users located outside the United States.

While this Privacy Notice may describe protected health information (as defined by the Health Insurance Portability and Accountability Act of 1996, as amended, and  regulations promulgated thereunder (collectively, “HIPAA”)) that we process on behalf of healthcare providers, we process such  information as a “business associate” of those healthcare providers. If you have questions or would like to learn more about how your healthcare provider processes your information, please refer to  your healthcare provider(s)’ HIPAA Notice of Privacy Practices or other privacy notices.

Please read this Privacy Notice carefully.  By using any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Notice.  If you do not agree to this Privacy Notice, please do not use or access the Services.

1. CHANGES TO THIS PRIVACY NOTICE

We may modify this Privacy Notice from time to time, in which case we will update the “Last Updated” date at the top of this Privacy Notice. If we make material changes to the way in which we use or disclose information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law.  If you do not agree to any updates to this Privacy Notice, please do not continue using or accessing the Services.

2. COLLECTION AND USE OF YOUR INFORMATION

When you use or access the Services, we collect certain categories of information about you from a variety of sources. 

Information You Provide to Us

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Information that you directly submit through our Services includes:

• Basic contact details, such as name, address, birthdate, phone number, and email. We use this information to create and maintain your account and provide the Services, and to communicate with you (including to tell you about products or services that may be of interest to you, for example, the CareCredit credit card).

• Account information, such as username, password, and other security-related information that you select and the answers you provide. We use this information to provide the Services and to maintain and secure your account with us. If you choose to register an account, you are responsible for keeping your account credentials safe. We recommend you do not share your access details with anyone else. If you believe your account has been compromised, please contact us immediately.

• Payment information, such as bank account, credit or debit card information, and billing address, which we collect using a third party payment processor. We use this information to process your payment and provide the Services.

• Information you provide when using the Services, such as payment or insurance information. We use this information to provide the Services. 

• Applicant details, such as information included in your resume or CV, references, and job history. We use applicant details to process your application for employment and to evaluate your candidacy.

• Any other information you choose to include in communications with us, for example, when sending a message through the Services.

Information We Collect Automatically

We may also automatically collect certain information about your interaction with the Services (“Usage Data”). To do this, we may use cookies and other tracking technologies such as web beacons (“Tracking Technologies”). Usage Data may include:

• Device information, such as device type, operating system, unique device identifier, and internet protocol (IP) address.

• Other information regarding your interaction with the Services, such as browser type, log data, date and time stamps, location, clickstream data, interactions with marketing emails, and ad impressions.

We use Usage Data to tailor features and content to you, market to you, run analytics and better understand user interaction with the Services. For more information on how we use Tracking Technologies and your choices, see the section below, Cookies and Other Tracking Technologies.

Information Collected From Other Sources 

We may obtain information about you from outside sources, including information that we collect directly from third parties and information from third parties that you choose to share with us. Such information includes:

• Information provided by your healthcare provider, which we use to provide the Services. 

• Information provided by identity verification services, which we may use to confirm your name and information. 

• Information provided by credit card / financing partners, which we may use to help facilitate offers from these providers or otherwise to provide the Services. 

• Analytics data we receive from analytics providers such as Google Analytics.

• Information we receive from career websites, such as LinkedIn, Monster, or Indeed, which we use to process your application for employment.

Any information we receive from outside sources will be treated in accordance with this Privacy Notice. We are not responsible for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. For more information, see the section below, Third Party Websites and Links.

In addition to the specific uses described above, we may use any of the above information to provide you with the Services and to maintain our business relationship, including by enhancing the safety and security of our Services (e.g., troubleshooting, data analysis, testing, system maintenance, and reporting), providing customer support, sending service and other non-marketing communications, monitoring and analyzing trends, conducting internal research and development, complying with applicable legal obligations, enforcing any applicable terms of service, and protecting the Services, our rights, and the rights of our employees, users or other individuals.

Finally, we may deidentify, aggregate, or anonymize your information such that it cannot reasonably be used to infer information about you or otherwise be linked to you (“deidentified information”) (or we may collect information that has already been deidentified/anonymized), and we may use such deidentified information for any purpose. To the extent we possess or process any deidentified information, we will maintain and use such information in deidentified/anonymized form and not attempt to re-identify the information.

3. COOKIES AND OTHER TRACKING TECHNOLOGIES

Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of Tracking Technologies. If you so choose, you may block or delete our cookies from your browser; however, blocking or deleting cookies may cause some of the Services, including certain features and general functionality, to work incorrectly. If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us using the information listed below.

Your browser settings may allow you to transmit a “do not track” signal, “opt-out preference” signal, or other mechanism for exercising your choice regarding the collection of your information when you visit various websites.  Like many websites, our website is not designed to respond to such signals, and we do not use or disclose your information in any way that would legally require us to recognize opt-out preference signals.

4. DISCLOSURE OF YOUR INFORMATION

We may disclose your information to third parties for legitimate purposes subject to this Privacy Notice, including the following categories of third parties: 

• Our affiliates or others within our corporate group.

• Vendors or other service providers who help us provide the Services, including for system administration, cloud storage, security, customer relationship management, marketing communications, web analytics, payment networks, and payment processing.

• Third parties for marketing purposes.

• Professional advisors, such as auditors, law firms, or accounting firms.

• Third parties in connection with or anticipation of an asset sale, merger, or other business transaction, including in the context of a bankruptcy.

We may also disclose your information as needed to comply with applicable law or any obligations thereunder or to cooperate with law enforcement, judicial orders, and regulatory inquiries, to enforce any applicable terms of service, and to ensure the safety and security of our business, employees, and users.

5. THIRD PARTY WEBSITES AND LINKS

We may provide links to third-party websites or platforms. If you follow links to sites or platforms that we do not control and are not affiliated with us, you should review the applicable privacy notice, policies and other terms.  We are not responsible for the privacy or security of, or information found on, these sites or platforms. Information you provide on public or semi-public venues, such as third-party social networking platforms, may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.

6. DATA SECURITY AND RETENTION

Despite our reasonable efforts to protect your information, no security measures are impenetrable, and we cannot guarantee “perfect security.” Any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to send us sensitive or confidential information. 

We retain your information for as long as is reasonably necessary for the purposes specified in this Privacy Notice. When determining the length of time to retain your information, we consider various criteria, including whether we need the information to continue to provide you the Services, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or products. 

7. HOW TO CONTACT US

Should you have any questions about our privacy practices or this Privacy Notice, please email us at support@smylen.com.

Effective: 11/11/25