Notice of Privacy Practices

1. Who We Are

AvataCore LLC (“AvataCore”) is a telehealth company that helps you access GLP-1 weight-management programs and related health services. We work with a network of licensed clinicians through our clinical partner, our clinical fulfillment partner, to provide your care.

We are required by law to protect the privacy of your health information, follow the terms of this notice, and notify you if there is a breach of your unsecured health information.

2. What Is Protected Health Information (PHI)?

“Protected Health Information” or “PHI” is information about you — including your name, contact details, health conditions, medications, lab results, and payment details — that can identify you and relates to your health or the healthcare services you receive. This notice applies to all health information we hold about you.

3. How We Use and Share Your Health Information

For Your Treatment

We use your health information to provide, coordinate, and manage your care. This includes sharing information with the licensed providers in our clinical partner network who evaluate and treat you, sending your prescription to a pharmacy to fill your GLP-1 medication, and coordinating follow-up care or referrals when needed.

For Payment

We use and share your health information to process payments and billing, including processing telehealth service payments and verifying insurance eligibility if applicable.

For Our Healthcare Operations

We use and share your health information to run our business and improve your care, including quality improvement, care coordination, staff training, audits, compliance reviews, and business operations.

4. Other Ways We May Use or Share Your Information

We may use or share your health information without your permission in these additional circumstances:

• As required by law — to comply with federal, state, or local laws
• Public health — to report diseases, injuries, or medication reactions to public-health authorities
• Safety — to prevent a serious and imminent threat to your health or safety, or the health or safety of others
• Government oversight — for audits, investigations, and inspections by government agencies that oversee healthcare
• Legal proceedings — in response to a court order or other lawful process
• Law enforcement — under specific legal circumstances
• Organ donation — to facilitate organ or tissue donation if relevant
• Workers’ compensation — as authorized by workers’ compensation laws
• Research — for certain research studies with required privacy protections

5. Uses That Require Your Written Permission

For anything not listed above, we will ask for your written authorization before using or sharing your health information. This includes:

• Marketing — we will not use your health information for marketing communications without your written permission
• Sale of your information — we do not sell your health information. Ever.
• Most research uses not covered by a privacy waiver
• Psychotherapy Notes — We will not use or disclose psychotherapy notes (if any are ever created) without your written authorization, except as permitted by law.

You may revoke your authorization at any time by writing to us at support@avatacore.com. We will honor your revocation going forward, but cannot undo any uses or disclosures already made based on your prior permission.

6. Your Rights

You have the following rights regarding your health information. To exercise any of these rights, contact us at support@avatacore.com.

7. Our Responsibilities

We are required by law to:

• Maintain the privacy of your health information
• Provide you with this notice of our legal duties and privacy practices
• Follow the terms of this notice
• Notify you if a breach of your unsecured health information occurs

We reserve the right to change this notice. If we make a material change, we will post the new notice on our website. The new notice will apply to all health information we hold, including information created before the change.

8. How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with the federal government. We will not retaliate against you for filing a complaint.

9. About Our Clinical Partner

AvataCore operates as a Business Associate to OpenLoop Health (our clinical fulfillment partner) and its affiliated covered-entity professional corporations under a signed Business Associate Agreement (BAA). Our clinical fulfillment partner and its affiliated professional corporations are the covered entities that provide clinical services. Under this arrangement, AvataCore is required to protect your health information in accordance with HIPAA and the terms of the BAA.

10. Contact Us

If you have questions about this notice or your privacy rights, contact our Privacy Officer:

State Law Protections

Where applicable state law provides greater privacy protections than HIPAA, we will follow the more protective state law.