Effective as of April 15, 2024.

Livara Health, Inc. (“Livara”) and Livara’s partner affiliates, including, but not limited to, Livara Health Medical Group, P.C., FKA SpineZone Medical Fitness, Inc., (each, a “Medical Group”, together, the “Medical Groups”, and collectively with Livara, “we”, “us”, “our”) provide an orthopedic care platform designed to help individuals address musculoskeletal issues through a multidisciplinary team of coaches and medical providers. This Privacy Policy/Notice of Privacy Practices (“Privacy Policy”) describes how we process information about you that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our websites located at www.livarahealth.com and www.spinezone.com, and social media pages), in-person clinics, medical treatment, including telehealth sessions, Coaching Services, as defined below, as well as our marketing activities and other activities described in this Privacy Policy (collectively, the “Service”)). For purposes of this Privacy Policy, Coaching Services shall include, among others, certain non-medical treatments, such as exercise plans, education, nutrition, mindfulness, addiction and sleep counseling programs.

This Privacy Policy covers protected health information (“PHI”) that is subject to the Health Insurance Portability and Accountability Act, as amended and its implementing regulations (collectively, “HIPAA”). PHI is information about you, including basic demographic information, that may identify you and that relates to your past, present or future physical or mental health condition, treatment, or payment for health services.

This Privacy Policy does not apply to personal information that Livara processes on behalf of Livara’s business customers (such as employers or health plans) while providing the Services to them. Livara’s use of personal information that Livara processes on behalf of its business customers may be governed by our agreements with such customers. If you have concerns regarding your personal information that Livara processes on behalf of a business customer, please direct your concerns to that business customer.

THIS PRIVACY POLICY CONSTITUTES THE MEDICAL GROUPS’ HIPAA NOTICE OF PRIVACY PRACTICES AND DESCRIBES HOW THE MEDICAL GROUPS COLLECT, USE, SAFEGUARD AND DISCLOSE PHI THAT IS SUBJECT TO HIPAA. THIS PRIVACY POLICY ALSO DESCRIBES YOUR ACCESS AND OTHER RIGHTS WITH RESPECT TO YOUR PHI. THE MEDICAL GROUPS ARE REQUIRED TO ABIDE BY THE TERMS OF THE PRIVACY NOTICE CURRENTLY IN EFFECT. PLEASE READ THIS PRIVACY NOTICE CAREFULLY.

IN USING THE SERVICE FOR COACHING SERVICES, MEDICAL TREATMENTS AND TELEHEALTH SERVICES, THE MEDICAL/PROFESSIONAL/PATIENT RELATIONSHIP IS BETWEEN THE MEDICAL GROUP, YOUR SPECIFIC MEDICAL PROVIDER (IF ANY), AND YOU. IN NO EVENT WILL A MEDICAL/PROFESSIONAL/PATIENT RELATIONSHIP BE CREATED BETWEEN YOU AND LIVARA.

We can provide you with a written copy at your request.

Index

PHI we collect
Tracking technologies
How we use your PHI
How we share your PHI
Your PHI rights
Your choices
Other sites and services
Security
International data transfers
Children
Changes to this Privacy Policy
How to contact us

Information we collect

Information you provide to us. PHI that you may provide to us through the Service or otherwise includes:

Contact data, such as your first and last name, email address, mailing address, phone number, and company name.
Profile data, such as the username and password that you may set to establish an online account on the Service, gender, ethnicity, date of birth, health assessment responses, and information related to your customized orthopedic program.
Appointment data, such as appointment type (in-person or telehealth), preferred clinic location, and information related to your primary care doctor.
Medical treatment data, such as medical history, telehealth session data, treatment and health care provider information, and other health-related data (such as pain levels, areas of discomfort/injury, and patient-reported outcome measures (PROMs)).
Wellness data, or non-medical treatments, such as exercise plans, education, nutrition, mindfulness, addiction, and sleep counseling programs, whether in-person or virtually through a video communications platform.
Marketing data, such as your preferences for receiving Livara-related marketing communications and details about your engagement with them.
Insurance data, including health insurance coverage and eligibility information.
Payment information, needed to complete transactions is collected and processed directly by our payment processor, such as Square, as further described below in the “How We Share Your Personal Information” section.
Communications data based on our exchanges with you, including when you contact us through the Service, social media, or otherwise.
Transactional data, such as information relating to or needed to complete your orders on or through the Service, including transaction history.
Website user-generated content data, such as testimonials, comments, or other content, or information that you transmit or otherwise make available on our websites.
Other data not specifically listed here, including data inferred or derived from the categories listed in this section, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine PHI we receive from you with information falling within one of the categories identified above that we obtain from other sources, such as:

Public sources, such as government agencies, public records, and other publicly available sources.
Your Healthcare Provider, if/when the Medical Groups receive information from your healthcare provider.
Service providers that provide services on our behalf or help us operate the Service or our business.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications, and other online services, such as:

Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

For more information concerning our automatic collection of data, please see the Tracking Technologies section below.

Tracking Technologies

Cookies and similar technologies. Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Notice.

How we use your information

We may use your PHI for the following purposes or as otherwise described at the time of collection:

Service delivery and operations. We may use your PHI to:

provide the Service, including:
- Treatment. We may use your PHI for purposes of providing your medical treatment.
- Payment. We may use your PHI for purposes of billing and collecting payment for the Service. For example, we may use your PHI to confirm your eligibility for benefits and coordinate payment with your health plan.
- Health Care Operations. We may use your PHI to facilitate our business’ health care operations. For example, we may review your PHI internally as part of an audit to confirm the quality of the Service.
- You can learn more about how we disclose PHI for the abovementioned treatment, payment, and health care operations purposes in the section titled “How we share your information”.
enable security features of the Service;
establish and maintain your user profile on the Service;
communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
communicate with our service providers (known as business associates) that will have access to your PHI in assisting us in providing the Service and that have agreed to maintain the privacy and security of your PHI; and
provide support for the Service, and respond to your requests, questions, and feedback.

Service personalization, which may include using your PHI to:

understand your needs and interests;
personalize your experience with the Service and our Service-related communications; and
remember your selections and preferences as you navigate webpages.

Service improvement and analytics. We may use your PHI to analyze your usage of the Service, improve the Service, improve the rest of our business, help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and to develop new products and services. For more information on analytics, see our Cookie Notice.

Marketing. We, and with your consent, our service providers, may collect and use your PHI for marketing purposes to send you direct marketing communications and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of communications section below. WHILE THE MEDICAL GROUPS USE PHI FOR THEIR OWN MARKETING PURPOSES, THE MEDICAL GROUPS DO NOT USE OR DISCLOSE PHI TO THIRD PARTIES FOR THE THIRD PARTIES OWN DIRECT MARKETING PURPOSES.

Compliance and protection. We may use your PHI to:

comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims or for public safety purposes);
audit our internal processes for compliance with legal and contractual requirements or our internal policies;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.

To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your PHI and other individuals whose PHI we collect. We make PHI into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and use it internally or share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Further uses. We will ask for consent to use your PHI for other purposes when required by law. For example, we will not use or disclose your PHI that would constitute the sale of PHI without written authorization signed by you or your personal representative. Once you sign an authorization, you may revoke it by contacting us as described below. However, any use or disclosure of your PHI already taken in reliance on your authorization prior to your revocation cannot be reversed.

How we share your information

The Medical Groups may share your PHI with the following parties and as otherwise described in this Privacy Policy:

Service providers, such as third parties that provide services on our behalf or help us operate the Service or our business (such as hosting services, information technology, customer support, email delivery, marketing, consumer research and website analytics). For example, PHI shared between Livara and the Medical Groups, including Livara Health Medical Group, P.C., will be subject to a Business Associate Agreement between the parties.

Healthcare providers, to coordinate your medical care or treatment.

Family and friends, who are involved in your medical care, including those who are responsible for paying for your care.

Personal representatives, as established under applicable law, or to the administrator or authorized individual associated with your estate.

Health plans, for example to confirm your eligibility for coverage.

Payment processors. Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as Square. Square may use your payment data in accordance with its privacy policy, https://squareup.com/us/en/legal/general/privacy-no-account.

Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others, such as law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.

Business transferees, in the context of actual or prospective business transactions (e.g., investments in Livara, financing of Livara, public stock offerings, or the sale, transfer or merger of all or part of our business, assets, or shares). For example, we may need to share certain PHI with prospective counterparties and their advisers. We may also disclose your PHI to an acquirer, successor, or assignee of Livara as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which PHI is transferred to one or more third parties as one of our business assets.

Other users and the public. Your user-generated content data on our websites, such as testimonials may be visible to the public. For example, the public may have access to your first name and age if you chose to share testimonials on our websites. This information can be seen, collected, and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.

Your PHI rights

You have the following rights with respect to your PHI:

You have the right to request restrictions on certain uses and disclosures of your PHI. We will consider every request to restrict uses or disclosures of your PHI and will strive to honor those that are reasonable. However, we are not legally required to honor each request unless the requested restriction involves a disclosure not required by law to a health plan for purposes of payment or health care operations, and you have paid for the applicable services in full, out of pocket. With respect to any requested restriction, if we agree to honor the request, we will document such restriction and continue to abide by it.
You have the right to receive confidential communications of your PHI. Specifically, you may request that we communicate with you about your PHI using a specific means, phone number, or address. We will accommodate reasonable requests regarding confidential communications of your PHI.
Subject to applicable state law, you have the right to inspect and copy your PHI. You also have the right to access and receive your PHI electronically if readily producible in such format.
You have the right to correct or update your PHI. If you believe that there is an error in your PHI, you may request that we update it as appropriate.
You have the right to receive an accounting of certain disclosures of your PHI that we make. Upon receipt of such request, we will provide you with a list of disclosures we have made in the prior six (6) years, not including certain types of disclosures such as, by way of example only, those made directly to you or pursuant to your written authorization.
You have the right to obtain a paper copy of this Privacy Policy upon request.

To exercise any of these rights, please contact us at support@livarahealth.com or send a letter to Livara Health Medical Group, 7525 Metropolitan Drive, Suite 306, San Diego, CA 92108, attn. Health Information Specialist.

Your choices

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

If you receive text messages from us, you may opt out of receiving further text messages from us by replying STOP to our message. You may also text STOP to 925-293-0771.

Cookies. For information about cookies employed by the Service and how to control them, see our Cookie Notice.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect PHI to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Other sites and services

The Service may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and online services you use.

Security

We employ technical, organizational, and physical safeguards designed to protect the PHI we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your PHI. We are required under HIPAA to notify you if your PHI is subject to a security breach unless we reasonably determine that, after investigating the situation and assessing the risk presented, there is a low probability that the privacy or security of your PHI has been compromised. You will be notified without unreasonable delay and in no event later than sixty (60) days following discovery of such type of security breach. Such notification will include information about the security breach, including steps that we have taken or will take to mitigate potential harm, and a contact person to whom you may address additional questions.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your PHI may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

To sign up for the Service, users must be at least 13 years of age or older. A parent, guardian, or personal representative of a child who is under 13 years of age must sign up on behalf of the child for the child to use our Services and provide the information about the child necessary for use of our Services. If you are a parent, guardian, or personal representative of a child from whom you believe we have collected PHI in a manner prohibited by law, please contact us. If we learn that we have collected PHI through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting), and we reserve the right to make the new Privacy Policy provisions effective for all your PHI that we maintain. We will also provide you with a copy of the updated Privacy Policy at your request.

How to contact us

If you have any questions or comments about this Privacy Policy, or if you have any complaints about our privacy practices, please contact as described below. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint.

Email: support@livarahealth.com

Cookie Notice

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences, and generally improving your browsing experience.

Our Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).

We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third-party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites. Third-party cookies can be used for a variety of purposes, including site analytics, and social media features.

What types of cookies and similar tracking technologies do we use on the Sites?

On the Sites, we use cookies and other tracking technologies in the following categories described in the table below.

Type	Description	Who serves the cookies (link to privacy policy/site)	How to control them
Advertising	These cookies are used by advertising companies to collect information about how you use our Sites and other websites over time. These companies use this information to show you ads they believe will be relevant to you within our services and elsewhere, and to measure how the ads perform.	None	N/A
Analytics	These cookies help us understand how our services is performing and being used. These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients.	Google AnalyticsMixPanel	You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available here. You can learn more about how MixPanel processes your personal information here.
Essential	These cookies are necessary to allow the technical operation of our services (e.g., they enable you to move around on a website and to use its features).	CloudFlare	See ‘your choices’ below.
Functionality / performance	Enhance the performance and functionality of our services.	LinkedIn	See ‘your choices’ below.
Social	These cookies may allow you to log into the Sites through your social media account or share content in our sites that you find interesting through third-party social media providers. These cookies may also be used for advertising purposes.	None	See ‘your choices’ below.

Other technologies

In addition to cookies, our Sites may use other technologies, such as pixel tags to collect information automatically.

Browser Web Storage

We may use browser web storage (including via HTML5), also known as locally stored objects (“LSOs”), for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. Your web browser may provide functionality to clear your browser web storage.

Web Beacons

We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.

Your choices

Your options for controlling what information cookies and similar technologies collect about you include:

Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.
Blocking images/clear gifs. Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

For more information about how we collect, use, and share your information, see our Privacy Policy.

Changes

Information about the cookies we use may be updated from time to time, so please check back on a regular basis for any changes.

Questions

If you have any questions about this Cookie Notice, please contact us by email at support@livarahealth.com

Last modified April 15, 2024.