Privacy Policy

Effective as of July 1, 2024. Last updated: October 8, 2025

This Privacy Policy covers all 360H, Inc.'s services and brands, including the SlothMD mobile apps (iOS/Android, our website (including any in‑app webviews), the use of SMS/RCS, and any other services that we provide. It explains what we collect, how we use and share information, and your choices. App‑specific practices (e.g., device health data, EHR/insurance connections, in‑app camera/microphone, AI features) are called out below.

Our Privacy Commitments

• No Selling of Personal Data: We do not sell your personal information to third parties. Your data is used only to provide and improve SlothMD’s services, or as otherwise disclosed in this policy.
  
  
  

• Limited Sharing with Trusted Providers: We only share your data with trusted third-party service providers necessary to operate SlothMD (e.g. for analytics, communication, database hosting, etc.), and never for advertising or unrelated purposes.
  
  
  

• Anonymized Data for Research & Improvement: Any use of your information for research, product development, or analytics is done only on anonymized or aggregated data. We remove or de-identify personal details before using data to improve our features or derive insights.
  
  
  

• Strong Security Measures: We employ industry-standard security practices (such as encryption in transit and at rest, access controls, and regular security audits) to protect your data. Our databases and systems follow standard security protocols to safeguard personal information.
  
  
  

• User Control and Transparency: You have control over your data. You can access, correct, or request deletion of your personal information, and opt out of marketing communications at any time. We will always be transparent about how we use your data and will notify you of significant changes to our privacy practices.
  
  
  

• Not HIPAA-Covered, But Privacy-Focused: SlothMD is a digital health service not subject to HIPAA (Health Insurance Portability and Accountability Act) regulations, as we are not a covered healthcare entity. However, we treat all health-related data with strict confidentiality and the same degree of care and security as if it were protected by HIPAA or other privacy laws.
  
  

Introduction

Your privacy is important to us. It is 360H, Inc.’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website (slothmd.io) and other sites or applications we own and operate. This Privacy Policy applies to all users of SlothMD’s website and services within the United States.

“Personal information” means any information about you which can be used to identify you. This includes information about you as a person (such as name, address, date of birth), your devices, your payment details, health or wellness information you choose to provide, and information about how you use a website or online service.

In the event our site contains links to third-party sites and services, please be aware that those third parties have their own privacy policies. Once you leave our site or are redirected to a third-party service, you are no longer governed by this Privacy Policy. We have no control over, and are not responsible for, the content or policies of external sites. This Privacy Policy does not apply to any of your activities after you leave our site.

By accessing slothmd.io or using SlothMD’s services, you agree to abide by our Terms of Service and this Privacy Policy, and to comply with all applicable laws and regulations. If you do not agree with these terms, you are prohibited from using or accessing SlothMD.

Information We Collect

Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.

• Voluntarily provided information is any information you knowingly and actively provide to us when using our services, such as when you create an account, fill out forms, or communicate with us.

• Automatically collected information is any information automatically sent by your devices in the course of accessing our products and services. This can include technical information sent by your browser or device for operational and analytics purposes.

Log Data

When you visit our website, our servers may automatically log certain standard data provided by your web browser. This log data may include details such as your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit on our site, the time and date of your visit, and the time spent on each page. We may also log information about errors you encounter while using the site, including technical details about your device and what you were doing when the error occurred.

Please note that while this information does not identify you by itself, it may be possible to combine it with other data to personally identify individual users. We treat log data as confidential and use it primarily for troubleshooting and improving our service.

Device Data

We may collect data about the device you use to access SlothMD, such as your device’s model, operating system, unique device identifiers, and geolocation data (if you have enabled location services for our app or website). The information we gather can depend on your device’s settings and software. We recommend checking your device and software privacy settings to control what information is shared. Geo-location data, if collected, is used to personalize your experience (for example, to find nearby healthcare providers) and will only be collected in accordance with applicable permissions and law.

Personal Information

We may ask you to provide certain personal information in order to register for or use SlothMD’s features. For example, when you join our waitlist, create an account, subscribe to a newsletter, or contact us, you may be asked to provide details such as:

1. Name

   
   

2. Email address

   
   

3. Phone number

   
   

4. Zip code

   
   

5. Height and weight
   
   

You may choose not to provide some of this personal information, but doing so might affect your ability to use certain features of SlothMD. We will only ask for information that is relevant to your interaction with SlothMD (for instance, we won’t ask for personal data that isn’t needed for the particular service or feature). The information above serves as an example and the actual information you might be asked to provide may change.

Messaging Communications (SMS & RCS)

If you choose to communicate with us via text messaging, including SMS or Rich Communication Services (RCS), we will collect and store certain information about these communications. This Messaging Data includes the phone number you use to contact us, the content of the messages you send or receive, the dates and times of the messages, and metadata such as delivery status or read receipts (when available). We use this messaging data only for legitimate purposes such as responding to your inquiries, providing customer support, and improving our service quality.

Important Notice on SMS/RCS

Please be aware that standard SMS and RCS messages are not encrypted. These channels are not secure for transmitting sensitive personal health information. We strongly advise you not to send any sensitive medical or health information via SMS or standard text messaging. If you need to share personal health details with SlothMD, please use the secure messaging features within our app or website, which are designed to protect your privacy. By using SMS/RCS to communicate with us, you acknowledge that these channels have inherent security limitations.

Sensitive Health Information

You agree not to use SMS, text messaging, or RCS to communicate sensitive health or medical information to SlothMD. 360H, Inc. explicitly disclaims any liability for unauthorized access to or disclosure of Protected Health Information (PHI) or other sensitive data that occurs as a result of you sending such information through insecure channels like SMS or standard texting. In other words, if you choose to ignore our recommendation and send health information via SMS/RCS, you do so at your own risk. We encourage all users to utilize our secure in-app communication methods for any medical or sensitive matters.

Consent and Opt-Out

By initiating communication with us via SMS or RCS (for example, by texting our number or signing up for text updates), you are providing consent to receive communications from us through those channels. This might include responses to your inquiries, important service announcements, or support messages. You can opt out of receiving SMS/RCS messages from us at any time. To opt out, you may reply with the word “STOP” to any message we send, or contact us at our email address provided below requesting to opt out. Upon receiving an opt-out request, we will cease SMS/RCS communications to your number (except for messages confirming your opt-out). Please note that standard messaging and data rates charged by your mobile carrier will apply to any SMS/RCS messages exchanged.

Third-Party Messaging Providers

We use third-party service providers to facilitate our SMS and RCS messaging functionality to send and receive text messages on our behalf. These providers may process and store your phone number, message content, and related metadata as necessary to deliver your messages. We select reputable providers that employ strong privacy and security practices, and any use of your data by these providers is solely to enable the messaging service. Nonetheless, these providers have their own privacy policies, and we encourage you to review any relevant provider’s privacy policy if you have concerns. By using SlothMD’s SMS/RCS features, you acknowledge that third-party providers will handle your messaging data for delivery and operational purposes.

Your Health Data & State Privacy Rights

• Why this section is here: New state privacy laws, like Washington’s My Health My Data Act, give you stronger rights over your health data and require us to provide this specific information. This section explains what data these laws cover and how we use it to provide the SlothMD service to you.

• What is "Consumer Health Data"? To provide our services, we collect health information that you provide or sync from other sources. Some state laws define "Consumer Health Data" very broadly to include not only specific conditions or medications, but also data from which a health status can be inferred, such as biometric data, location information near a health facility, and general wellness information from wearables.

• How We Use Your Health Data: We use your health data only for purposes you consent to, which are necessary to operate and improve the service for you. These purposes include:

  • Providing the core features of the Service, like organizing your records and generating your health summaries.

  • Responding to your questions and providing customer support.

  • Improving the accuracy and helpfulness of the AI-powered features we provide to you by using data to train and refine our models.

    
    

• How We Share Your Health Data: We will not share your health data with third parties without first obtaining your separate, explicit consent. When you do provide consent, we only share data with trusted partners who help us operate our service. These partners are contractually bound to protect your data and are prohibited from using it for their own independent purposes. They include:

  • Service Providers: Companies that provide essential infrastructure, such as secure data hosting. They act on our behalf and under our instruction.

  • AI Processing Providers: To power features like document analysis, we may send data to a specialized third-party AI service for processing. The service processes the data to perform a specific task (like extracting text from a PDF) and returns the result to us. These providers are contractually forbidden from using your data to train their own models or for any purpose other than providing the service to us.

  • Integration Partners: Third-party services, such as your EHR provider or wearable device company, that you explicitly choose to connect to your SlothMD account. This sharing only occurs at your direction.

    
    

• Your Rights: You have the right to access, delete, or withdraw consent for the collection and sharing of your health data at any time. Please see the "Your Rights and Choices" section below for instructions.

Legitimate Reasons for Processing Your Personal Information

We will only collect and use your personal information when we have a legitimate reason to do so. In practice, this means we collect personal data only as needed to provide you with our services, to meet our contractual and legal obligations, or to pursue our legitimate interests in operating and improving SlothMD. We will not collect an excessive amount of information, and we avoid collecting data that is not relevant to the purposes of our interaction with you. Whenever we process your personal information, we ensure that we have a lawful basis to do so (for example, your consent, compliance with a legal obligation, or our legitimate interest in running our business) and that we respect your privacy rights.

Collection and Use of Information

We may collect personal information from you when you engage in any of the following activities on our website or app:

1. Registering or Signing Up: When you create an account, join our waitlist, or sign up to receive updates (e.g., providing your email to get our newsletter or product announcements).
   
   
   

2. Using Our Services: When you use SlothMD via a mobile device or web browser to access content or features (for example, syncing your health records, asking questions, or tracking your health data).
   
   
   

3. Contacting Us: When you contact us through any channel – such as email, in-app chat, customer support, or social media – with questions, feedback, or support requests.
   
   
   

4. Interacting on Social Media: When you mention, tag, or communicate with us on third-party social media platforms. (Please note that your interactions with us on external platforms are also subject to those platforms’ privacy policies.)
   
   
   

We may collect, hold, and use the information we gather for the following purposes, and we will not process your personal information in ways that are unrelated to these purposes:

1. To Provide and Maintain Our Services: We use your information to operate SlothMD’s core features and functionality. This includes using your data to personalize your experience, integrate your health information into the app, respond to your requests (for example, answering a health query or sending a reminder), and otherwise deliver the services and features you expect from SlothMD.
   
   
   

2. Analytics and Product Improvement: We use data (mostly in aggregate or de-identified form) for internal analytics, research, and business development purposes. This helps us understand how users interact with SlothMD, identify areas to improve, develop new features, and make informed business decisions. For example, we might analyze which features are most used or gather feedback to enhance the user experience.

   
   

3. To Train and Improve Our Artificial Intelligence Models: To provide and enhance the AI-powered features of our Service, we may use anonymized or aggregated information to train, validate, and refine our proprietary AI models. This processing is essential for improving the accuracy, safety, and utility of the AI-generated content you receive. For certain features that require specialized processing, such as document analysis, we may use third-party AI service providers as described in our "Third-Party Service Providers" section. These providers are contractually prohibited from using your data for any purpose other than providing the specific service to us.
   
   
   

We may combine information you provide to us voluntarily with information that is automatically collected (such as device and log data) and with general information or research data from other trusted sources. For instance, we might incorporate general health insights or publicly available data to improve our health recommendations, or combine market research data with usage patterns to better tailor our service. Any research or analysis that involves your personal information will utilize anonymized or aggregated data. In other words, if we derive insights from user data to improve the product or contribute to health research, we strip away personal identifiers so that the results do not identify any individual user. This combined data helps us to continuously improve SlothMD and your experience, without compromising your privacy.

Not HIPAA-Covered, But Privacy-Focused

SlothMD is a direct-to-consumer digital health service and is not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act (HIPAA). Therefore, the data you provide to us is not considered "Protected Health Information" (PHI) under HIPAA's specific legal definition. However, we are subject to other federal and state laws that govern the privacy of health information, including the Federal Trade Commission (FTC) Act and its Health Breach Notification Rule. We treat all health-related data with the highest degree of care and security.

Security of Your Personal Information

We take the security of your personal information seriously. When we collect, process, and store personal information, we protect it within commercially acceptable means to prevent loss, theft, misuse, and unauthorized access, disclosure, alteration, or destruction. We follow standard database security practices to safeguard your data. This includes employing industry-standard encryption for data in transit (e.g., information flowing between your device and our servers) and at rest (data stored in our databases). We also implement access controls, so that only authorized personnel with a legitimate need can access personal data, and we regularly review our security measures to guard against vulnerabilities.

Despite our efforts to use commercially acceptable means to protect your personal information, we must note that no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. Internet and digital systems come with inherent risks, and while we strive to protect your information, we cannot promise or ensure complete security.

You are responsible for maintaining the security of any account credentials (such as your password) and for exercising caution in how you handle and disclose your personal information. We encourage you to choose a strong, unique password for SlothMD and to keep it confidential. If you suspect any unauthorized access to your account or information, please contact us immediately. Additionally, please avoid making your personal information publicly accessible via our platform (for example, in any user-generated content or public forums, if those exist). By taking these steps and by us maintaining robust security measures, we work together to protect your data.

Personal Information

We retain personal information only for as long as it is needed to fulfill the purposes for which we collected it, and for any period that may be required by law or regulation. The length of time we keep data depends on the type of information and the reason we collected it. For example:

• If you provide us with an email address and other details in the course of making an inquiry or contacting support, we will retain that correspondence and your contact details for as long as your inquiry remains open. Even after we resolve your issue or question, we might keep a record of the inquiry (including your personal information) for a reasonable period in case you have follow-up questions, to improve our customer support process, or to have historical context for any future communications. Once that information is no longer needed for those purposes, we will delete it or anonymize it by removing personal identifiers.
  
  

• If you are a registered user of SlothMD, we will keep your account information for as long as your account is active. If you choose to delete your account, request that we delete your personal information, or if we need to terminate it due to inactivity or violation of terms, we will delete or irreversibly anonymize all personally identifiable data we have about you. This means we remove identifiers so that the data can no longer be associated with you. Please note: We may retain aggregated or anonymized data that was derived from your information even after your account is deleted, as this data no longer identifies you and is used to improve our services, derive insights, and for other lawful business purposes. Because this information is de-personalized, it cannot be linked back to you, and we may use it indefinitely as permitted by law without further notice to you.
  
  

• For SMS/RCS communications, we retain the history of those messages only as long as necessary to address your needs (for instance, until your support issue is resolved) or as required for legal compliance. We do not keep your text message content indefinitely by default. Once we have no continuing need for the SMS/RCS data, we will delete it, unless we are required by law to retain it for a certain period.
  
  

In some cases, even after you delete your account or we’ve finished providing services to you, we may be required by law to keep certain information for a set time (for example, for financial record-keeping, compliance with tax regulations, or resolving disputes). We may also retain some data if it’s necessary for legal proceedings or to fulfill our legitimate business needs (such as fraud prevention or safety). However, if we do need to retain data for such purposes, we will ensure that any personal information is minimized and secured, and we will only use it for the required purpose.

Beyond any mandatory retention periods, we may keep backup copies of data for a limited time as part of our routine backup procedures (these backups are kept secure). When personal information is no longer necessary for any permitted purpose, we will securely delete it or anonymize it so that it can no longer be associated with you.

Children’s Privacy

SlothMD is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old. If you are under 13, please do not use our website or services or provide any personal information to us. We encourage parents and guardians to be aware of and monitor their children’s Internet usage and to help enforce this policy by instructing their children never to provide personal information through our services without parental consent.

If we learn that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as soon as possible. If you believe that a child under 13 may have provided us personal information, please contact us immediately so that we can investigate and remove the data if necessary.

Importantly, users must be at least 18 years of age to use our services. We do not allow minors to create accounts or use the platform.

Disclosure of Personal Information to Third Parties

We may disclose personal information to third parties in the following circumstances:

1. Within Our Corporate Group: We may share personal data with a parent company, subsidiaries, affiliates, or other companies under common ownership or control of 360H, Inc., as needed to operate and streamline our services. All recipients will uphold the privacy protections as described in this policy.
   
   
   

2. Service Providers and Vendors: We use trusted third-party companies and individuals to help us provide our services or to perform functions on our behalf. This includes, without limitation, IT and hosting service providers, data storage providers, analytics services, error logging services, marketing partners, customer support tools, and payment processors. We only share the information that these service providers need to perform their specific tasks, and they are contractually obligated to protect your data and use it only for the purposes we specify.
   
   
   

3. Our Employees and Contractors: Personal information may be accessed by our authorized employees and individual contractors, but only on a need-to-know basis. All employees and contractors who handle personal data are bound by confidentiality and data protection obligations.
   
   
   

4. Business Partners and Agents: We may provide personal information to our agents or business partners who collaborate with us in providing some aspect of our services or in joint marketing efforts. For example, if SlothMD partners with another organization for a special program or research project that you opt into, we might share relevant data with that partner with your consent or as part of the program’s operation. Any such partner would be required to use the data in accordance with this Privacy Policy or under comparable privacy protections.
   
   
   

5. Credit and Payment Matters: If you purchase a product or subscription and fail to make payment, we reserve the right to disclose necessary personal information to entities such as credit reporting agencies, collection agencies, courts, or other relevant regulators to recover the debt or enforce our rights. (We hope this scenario never occurs, and we will attempt to notify you before taking such steps.)
   
   
   

6. Legal and Law Enforcement: We may disclose your personal information to courts, law enforcement agencies, regulators, government authorities, or other third parties when we believe it is required by applicable law or regulation. This could be in connection with any actual or prospective legal proceedings (e.g., in response to a court order or subpoena), or to establish, exercise, or defend our legal rights. If we receive a legal request for your data, we will attempt to notify you unless we are legally prohibited from doing so.
   
   
   

7. Third-Party Helpers: We may share information with third-party partners or sub-contractors who assist us in operating our services or conducting direct marketing to you (if you have agreed to receive marketing). For example, this could include an email delivery service sending our newsletter, or an analytics consultant helping us interpret usage data. These third parties will only use your information for the purposes we’ve contracted them for and not for their own unrelated purposes.
   
   
   

8. Data Aggregators: We may use third parties to help collect, process, and anonymize data on our behalf. For instance, we might engage a service to aggregate app usage statistics or health trends in a way that does not identify any individual. Such third parties act under our direction and are bound to protect your information.
   
   
   

9. Business Transfers (Acquisition or Merger): If we (360H, Inc.) or substantially all of our assets are acquired by another company, or if we engage in a merger, financing, bankruptcy, or any other situation involving the transfer of some or all of our business assets, your personal information may be transferred to the new owner or successor entity. In such a case, we will make reasonable efforts to ensure the acquiring party is bound by terms that are at least as protective of your personal information as those in this policy. You acknowledge that such transfers may occur, and that any party who acquires us may continue to use your personal information in accordance with the terms of this Privacy Policy (unless you’re notified of changes).
   
   

Third-Party Service Providers

To give you full transparency, here are the types of third-party tools and services SlothMD currently uses to operate its platform. We may share or store your data with these providers solely for the purposes described in this Privacy Policy:

Artificial Intelligence (AI) Processing: Our application includes features powered by AI, which help provide intelligent responses, insights, or recommendations. To enable these features, we may send certain data to third-party AI service providers for processing. For instance, if you ask a question or input some text for our AI assistant, the content of your query (and relevant context) might be securely transmitted to an AI processing service in order to generate a helpful answer. Similarly, if you upload data (like a document or image) for analysis or transcription, that data may be processed by an AI service specialized in that task.

We only share the information necessary for the AI services to perform their function, and we protect it under strict agreements. These third-party AI providers are not allowed to use your information for any purposes other than to provide us the service of analysis or generation. We do not use AI providers that mine your data for their own use beyond our service. However, please be aware that any information you submit for AI processing will be handled by these external services under their privacy and security controls. We have reviewed their data handling practices to ensure they meet our standards.

AI Memory: In order to make our AI-powered features more personalized and context-aware, our app maintains an “AI memory” of prior interactions or user-provided information. This means that, with your consent, we store relevant pieces of information (for example, previous chat conversation snippets or facts you’ve told the AI about yourself) in a secure manner so that the AI can refer back to it and provide continuity. This memory data is stored either on your device or on our secure servers (protected by encryption) and is only used to improve the in-app AI experience. It is not used for advertising or shared with any unrelated third parties. You can request deletion of your AI interaction data at any time, which will erase the associated memory on our systems.

AI Providers: The AI service providers we work with include industry-leading cloud AI platforms. These may include natural language processors and generative AI models. For transparency, examples of such providers are large language model APIs or cloud AI services from well-known companies (we do not list them here, but we ensure each complies with privacy commitments). If any provider has specific privacy requirements or terms (for example, Google’s AI APIs), we adhere to those. For instance, our use and transfer of information to Google API services will follow Google’s User Data Policy and its “Limited Use” requirements for sensitive data.

Data Hosting: We host our application and store user data on secure cloud infrastructure provided by third-party companies. In practice, this means your personal data (profile information, settings, and any content you upload) is stored in data centers managed by these providers, rather than on our own premises. We use reputable cloud service providers that implement strict security measures (encryption, access control, regular audits) to safeguard your information. These providers act only under our instructions and do not access your data except to maintain and support the storage and retrieval of the information. All of our servers are located in the United States.

Health/Medical Information: With your explicit consent, our app can connect to your health-related accounts or records in order to provide you with integrated health services. For example, you may choose to link the app to your electronic health records or insurance provider to import your medical history or coverage details. In doing so, we utilize secure third-party integration services that facilitate this connection. This process requires you to authenticate with your healthcare or insurance provider and authorize the data sharing. Once authorized, the third-party integration will retrieve specific health information (such as your lab results, medication history, claims or insurance benefits) and transfer it to our app for your use. We only access and store the health data that you have consented to share, and we use it solely to deliver features you expect (for instance, to show you a unified health record, provide insights or personalized recommendations).

We treat all health and medical data with a high level of confidentiality and security. We do not use health information for advertising or marketing purposes, nor do we sell or disclose it to unauthorized parties. You can revoke access at any time by unlinking or disconnecting your health accounts from our app, and we will then cease any further collection from those sources.

Please note that while our systems follow industry standards to protect your health information, the actual data transfer is done via your chosen third-party integration service. That service may store your data temporarily to facilitate the transfer, under strict privacy safeguards. We ensure that any such service we use commits to protecting your data to standards equivalent to our own. If you have any questions about linking your health accounts, we will provide you with information about the consent process and data that will be accessed at the time of connection.

Wearables & Fitness Data: With your explicit permission, SlothMD can integrate with your wearable devices or fitness accounts (such as smartwatches, fitness trackers, or health apps like Apple Health and Google Fit) to import health-related data. If you choose to link a wearable or fitness service to SlothMD, you will be prompted to authorize the connection. A trusted third-party integration service (acting on our behalf) will then securely retrieve select data from your device or account and transfer it to SlothMD.

Depending on what you authorize, this may include activity and exercise data (e.g. steps count, workouts, heart rate), wellness metrics (like sleep patterns or calories burned), or other health information your device tracks. We only access the specific categories of data that you consent to share, and you can review and manage these permissions at any time.

SlothMD uses your wearable data solely to provide and improve our health services to you, for instance, to display your fitness trends, offer personalized insights or reminders, or integrate your device metrics into health reports. We do not use any wearable-derived data for advertising, marketing, or profiling outside of your use of SlothMD, and we do not disclose it to unauthorized parties. Any analysis we perform on this data for product improvement is done on an anonymized or aggregated basis.

The third-party integration service we utilize to connect with your wearables is contractually bound to strict privacy and security standards. They act only as a conduit to fetch and transmit your data; they cannot use your information for any other purpose. We ensure that these partners implement robust safeguards (equivalent to our own) to protect your data during transfer. (For example, data is encrypted in transit, and any temporary storage on their side is handled securely and deleted as soon as it’s no longer needed for the integration.)

Using wearable integrations is entirely optional. If you enable it, you can disconnect your wearable or fitness account at any time via the app settings. Once disconnected, SlothMD will stop collecting new data from that source. (Any previously imported data remains in your SlothMD account, governed by this Privacy Policy, until you delete it or request account deletion.) We will also respect any deletion requests per our retention policy if you no longer want us to hold past wearable data.

We adhere to all applicable platform rules when handling wearable data. For instance, if you connect Apple HealthKit data to SlothMD, we will not use or disclose HealthKit-derived information for advertising or data-mining purposes, in accordance with Apple’s guidelines. Similarly, any data accessed through Google Fit or other Google APIs will be handled per Google’s User Data Policy (including its “Limited Use” requirements for sensitive health data). Our only goal in accessing wearable data is to serve you within the SlothMD app, not any third-party marketing.

Analytics: We use third-party analytics services to collect information about your app usage. This includes technical data (like device type, OS version, and unique identifiers) and engagement data (such as screens viewed and features used). We use this information to understand user behavior and improve our services. These analytics providers process usage data on our behalf and are not permitted to use your data for any other purpose. No personally identifying information (like your name or email) is included in what we share for analytics.

Communications: We may use external service providers to send you communications, such as email newsletters, account alerts, or text messages (SMS/RCS). If you provide an email address or phone number, it will be used only to send you relevant service-related communications or messages you have opted into. These messages might include verification codes, transaction receipts, appointment reminders, or updates about our services. Our third-party messaging providers will have access to your contact information solely for the purpose of delivering these communications and are contractually obligated to protect your data.

Customer Support: When you reach out for support or send us inquiries, we may use a third-party customer support platform to manage and respond to your requests. This means information you provide in a support ticket or chat (such as your email address, name, and the details of your issue) will be collected and stored in our support system. We only use this information to assist you and resolve your issues. The support service provider is bound by confidentiality and may not use your information for any purpose other than helping us support you. If we ever ask you for feedback or to fill out a support form, the data you submit will similarly be handled in a secure, third-party ticketing system. We ensure that any third-party used for customer support adheres to appropriate data protection standards.

Payments: If you make a purchase or payment through the app, we use a trusted third-party payment processor to handle your payment. Your sensitive payment details (such as credit card number or banking information) are transmitted directly to the payment processor over encrypted. We do not store or see your full financial information (for example, we see only limited details like the last four digits of your card for receipt purposes). The payment processor will process your transaction and may store your payment data for future transactions or compliance reasons, in accordance with its own privacy policy. These processors are PCI-DSS compliant, ensuring your payment data is handled securely. We only share the necessary transactional information (such as the purchase amount or order ID) with them to complete the transaction.

Social Media Features: We do not automatically share your data on social media; it only happens when you intentionally tap a share button. Our service may include optional features that allow you to interact with third-party platforms, for example, sharing content to social media. If you choose to share information from the app via the provided tools, then information (such as a referral link, a snapshot or text you select to share) will be transferred to the external platform you choose. We do not automatically share your data on social media; it only happens when you actively tap a share button and confirm a share through your social network. Any information shared to a third-party platform is then subject to that platform’s privacy policy and terms. We recommend reviewing your social media accounts’ privacy settings if you share content from our app.

In addition, we may use third-party services to manage our own social media presence and posts. Those services might collect aggregate data (like clicks or engagement on our posts) but they do not collect personal information from you through our app. If we ever collect feedback or referrals via social media integrations, we will explicitly inform you what data is being collected. Rest assured, simply using our app will not send your personal data to social networks unless you explicitly initiate such an action.

We reserve the right to modify, replace, or discontinue using any of these third-party providers at our sole discretion, without prior notice. Your continued use of our services following any such change constitutes your acceptance of those modifications. We select third parties that have strong reputations for security and privacy. Whenever your data is shared with any third-party provider, we remain responsible for it and ensure that each provider is obligated to handle the data in compliance with applicable privacy laws and only for our intended purposes.

We reserve the right to modify, replace, or discontinue use of any third-party providers at our sole discretion and without prior notice to you. Your continued use of SlothMD after any such changes signifies your acceptance of the updated list of providers and associated disclosures.

Please note, we do not guarantee the accuracy or completeness of data.

Device Access (Camera/Microphone)

Our app may request access to your device’s camera and/or microphone to enable certain features, for example, allowing you to scan documents, upload photos, or use voice input. We will always ask for your permission before accessing your camera or microphone, in accordance with platform requirements. If you grant permission, the camera may be used to take photos or videos, or the microphone used to capture audio, which you can then upload to the app.

Use of Media: Any images, audio, or videos you capture in-app are treated as user content and are handled securely. The content you choose to upload will be used only for the purposes clearly communicated at the time of capture. For instance, if you take a photo of an insurance card or medical document to upload, we will use that image to extract information (using automated text recognition if needed) and attach it to your records. If you record a voice note or provide audio (for a symptom description or a message), we may use speech-to-text processing to convert it into text. Such processing might be done via our secure servers or a trusted third-party speech recognition service, under the same privacy safeguards described in our AI section.

We do not actively monitor or record from your camera or microphone when you are not actively using a feature that requires it. You have control: you can decline to grant camera/mic access, or if you’ve granted it, you can revoke it at any time in your device settings. Declining or revoking permission will simply disable the features that require the camera or microphone (for example, you won’t be able to upload a photo or use voice dictation), but otherwise the app will remain functional.

Any media or recordings you do provide are stored securely as part of your user content. We treat this content with confidentiality (especially if it contains personal or sensitive information). Unless explicitly stated, we do not share your photos, audio, or recordings with any third parties except those needed to fulfill the service (e.g., an OCR service to read text in an image, which would fall under our AI/third-party service commitments). All such third parties are bound to protect your data and cannot use it for other purposes.”

Google Calendar Integration and Limited Use Policy

To enhance your experience, SlothMD offers an optional feature to integrate with your Google Calendar. This section describes how we access, use, store, and share Google user data in compliance with Google's policies.

Information We Access: When you grant SlothMD permission to connect to your Google Calendar, we will access the following information on a read-only basis:

• Calendar Events: We access event information, including titles, descriptions, start/end times, and attendees.

• Calendar Metadata: We access your list of calendars to allow you to select which ones to sync.

We only request read-only access to your calendar. SlothMD cannot and will not create, edit, or delete any events in your Google Calendar.

Purpose of Access: Our sole purpose for accessing your Google Calendar data is to display your existing calendar events within the SlothMD interface. This allows you to see your health appointments and personal schedule in one place to better manage your time.

Limited Use Disclosure: SlothMD's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

1. We will only use access to read your Google Calendar data to provide the user-facing scheduling features described above.

2. We will not transfer your calendar data to any other party, except as necessary to provide or improve these features, for security purposes, to comply with applicable laws, or as part of a merger/acquisition with your explicit prior consent.

3. We will not use your calendar data for serving any advertisements.

4. We will not allow humans to read your calendar data unless:

   • We have your affirmative, explicit consent for specific messages (e.g., for a support issue).

   • It is necessary for security purposes (e.g., investigating abuse).

   • To comply with applicable laws.

   • The data is aggregated and anonymized for internal operations.

Notifications

With your consent, we may send push notifications or in-app notifications to your device to deliver reminders, alerts, or other relevant messages. You can control these notifications in your device or app settings. We do not send marketing content via push notification without your consent.

Your Choice

Providing personal information to us is voluntary. You are free to refuse any request for personal information, with the understanding that we may be unable to provide you with some of your desired services without it. For example, if you choose not to provide an email address, you will not be able to create an account or receive email notifications like password resets. We will not collect personal data without your consent unless it’s necessary for the operation of our services (under a legitimate interest or legal requirement as described above). By providing personal information, you acknowledge that we will use it as described in this policy. If at any time you want to withdraw your consent for us to hold or use your information, you can do so by contacting us (see the Contact Us section below). Keep in mind that withdrawing consent for certain uses of your data may affect our ability to continue offering you some services (for example, if you withdraw consent for us to use your health data, core features of SlothMD may no longer function).

Information from Third Parties

If we receive personal information about you from a third-party source, we will treat that information in accordance with this Privacy Policy. For instance, if someone refers you to SlothMD or provides us with your data as part of a partnership, we will protect it just as we do information you give us directly. If you are a third party providing personal information about someone else (for example, if you are a healthcare provider or a family member submitting someone’s information with their permission), you represent and warrant that you have that person’s consent to provide their personal information to us. We will rely on you to have obtained the necessary permission and to inform them of this policy. If we find that personal data has been provided to us by a third party without the proper consent, we will delete it or seek the individual’s consent as appropriate.

Marketing Permission

If you have agreed to receive marketing communications from us (for example, if you opted in to a newsletter or promotional updates), you can change your mind at any time. We will always provide a way for you to opt out or unsubscribe from marketing emails. This is typically done by clicking the “unsubscribe” link at the bottom of our emails or by adjusting your account preferences. You can also contact us directly (see Contact Us below) to request that we stop sending you marketing messages. Please note that transactional or service-related communications (such as account notifications, password resets, or customer support responses) are not considered marketing – you will continue to receive those as long as you have an active account, since they are necessary for providing our service to you.

Rights and Choices

We believe in providing you with meaningful control over your personal information. Depending on your state of residence, you may have the following legal rights regarding your data:

• Right to Access: You have the right to request a copy of the personal information we hold about you. Subject to applicable law, we will provide you with access to this information, typically within a reasonable time after receiving your request. If you have an account with SlothMD, you may be able to access and update certain information directly by logging into your account profile. For any information you cannot review or update yourself, you may send us a request (see Contact Us below). We will ask you to verify your identity before releasing personal data to you, to ensure that we don’t inadvertently share your information with someone pretending to be you.

• Right to Correct: If you believe any personal information we hold about you is inaccurate, out-of-date, incomplete, or misleading, please let us know. You have the right to request that we correct or update your information. For example, if you change your email address or realize that we have an incorrect spelling of your name, you can contact us and we will correct it. We take accuracy seriously and will promptly make corrections to any information that is incorrect. In some cases, we may need to verify the new information you provide (for instance, we might require proof of a legal name change). If for some reason we cannot fulfill your request (e.g., if the information is required to be maintained in its original form for legal reasons), we will explain the reason.

• Right to Delete: You have the right to request the deletion of your personal information, subject to certain legal exceptions (for example, where we are required by law to retain the information).

• Right to Withdraw Consent: You have the right to withdraw your consent for the collection and sharing of your data at any time. Please note that withdrawing consent will not affect the lawfulness of any processing that occurred before your withdrawal and may impact your ability to use certain features of the Service.

How to Exercise Your Rights: To exercise any of these rights, please submit a verifiable request to us at founders@sloth.md. We will respond to your request within the timeframes required by applicable law. To protect your privacy, we will need to verify your identity before processing your request.

Communications via SMS or RCS: As discussed in earlier sections, if you reach out to us via SMS or RCS, we collect your phone number and message content solely to address your inquiry or deliver the service you requested. We do not use SMS/RCS information for marketing unless you explicitly opt in via those channels. Standard text messaging charges from your carrier may apply to messages you send or receive. If at any point you no longer wish to receive text communications from us, you can opt out by replying “STOP” to any message we send. You may also contact us at our email address to request removal of your number from our text messaging list. Once opted out, you will no longer receive SMS/RCS messages except where required for authentication or legal purposes. (Please note: Even after you opt out of general SMS, if you initiate a new text conversation with us (for example, a new support request), that will be treated as a new consent to communicate via SMS for that interaction. You would need to opt out again if you want to stop those responses.)

Non-Discrimination: We will not discriminate against you for exercising any of your rights over your personal information. This means that if you choose to exercise rights such as accessing your data or opting out of certain processing, we will not deny you our services or provide you a lesser experience solely because of that choice. For example, we will not refuse service, charge you a different price, or provide a different quality of service just because you exercised your privacy rights. The only exception would be if your personal information is essential to providing a certain service or feature – in that case, if you withhold that information, we may be unable to offer that feature (but we will not otherwise punish or penalize you). We treat all users equally, regardless of their privacy choices, to the extent possible under the functionality of our services.

Notification of Data Breaches

We comply with all laws applicable to us regarding any data breach. A data breach is any unauthorized access to or disclosure of personal information. If such an unfortunate incident occurs and it affects your personal data, we will notify you and the appropriate authorities as required by law. In plain terms, if we discover a security breach that compromises your personal information, we will act promptly to contain the breach, assess the scope, and inform affected users in accordance with legal requirements. We may notify you via email, through the SlothMD app/website, or other direct communication methods. We will also take any steps required by law to remedy the situation and prevent future occurrences.

Complaints

If you believe that we have breached this Privacy Policy or violated any applicable data protection law, we want to address your concerns. Please contact us using the details in the Contact Us section below and provide a thorough description of your complaint. Specifically, let us know what you think went wrong – for example, which part of our policy you believe we haven’t followed, or what law you think we might have breached, along with relevant details about the situation. We take all complaints seriously. Once we receive your complaint, we will investigate it promptly and impartially. You will receive a response in writing, outlining the results of our investigation and any steps we will take to address your concerns or rectify any errors. Our goal is to ensure your satisfaction and confidence in how we handle your personal information.

If you are not satisfied with our response to your complaint, or you believe we are not complying with our legal obligations, you also have the right to lodge a complaint with a regulatory authority. For example, if you are a resident of California and have a complaint under the California Consumer Privacy Act (CCPA) or other privacy laws, you may contact the California Attorney General’s Office. For other jurisdictions, there may be a data protection authority or similar regulator you can reach out to. We would, however, appreciate the chance to address your concerns first, so we kindly ask that you contact us to attempt to resolve the issue before involving regulators, if possible.

Unsubscribe (Opting out of Emails)

If you have subscribed to any optional communications from us, such as newsletters, promotional emails, or other updates, you can unsubscribe at any time. To stop receiving such emails, you can click the “unsubscribe” link that is typically included at the bottom of each marketing or promotional email. Alternatively, you may contact us directly (see Contact Us below) and request to be removed from our mailing list. When contacting us, please provide the email address you want unsubscribed and identify the communications you no longer wish to receive. We may need to ask for additional information to verify your identity (to ensure the request is legitimate). Please note that after you unsubscribe, it may take a short time to process your request, during which you might still receive communications already in production. Also, even if you opt out of marketing messages, we will still send you transactional or service-related communications as needed (for example, we might still send account alerts, billing notices, or support responses, as these are not promotional).

California Residents

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA) (and as amended by the California Privacy Rights Act, or CPRA). These include:

• Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell (note: we do not sell personal information). This includes the categories of personal information, the categories of sources, our purposes for collecting it, the categories of third parties with whom we share it, and the specific pieces of personal information we hold about you.
  
  
  

• Right to Delete: You have the right to request that we delete personal information we have collected from you (with certain exceptions – for example, we may retain information needed to complete a transaction you initiated, to detect security incidents, for legal compliance, etc.). Once we receive and confirm a verifiable deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
  
  
  

• Right to Opt-Out of Sale/Sharing: You have the right to direct us not to sell your personal information to third parties. SlothMD does not sell your personal information for monetary consideration. We also do not “share” your personal information for cross-context behavioral advertising. If that ever changes, we will update this policy and provide a mechanism for you to opt out.
  
  
  

• Right to Non-Discrimination: As noted above, we will not discriminate against you for exercising any of your CCPA rights. This means we won’t deny you services, charge you a different price, or provide a lesser quality of service just because you exercised your privacy rights under California law.
  
  
  

To exercise any of your California privacy rights, you (or your authorized representative) can send us a request as described in the Contact Us section. Please specify which right you intend to exercise (e.g., access request, deletion request) and provide enough information for us to verify your identity (we may need to ask for additional proof of identity to ensure we are protecting your data from unauthorized access). We will respond to your request within the timeframe required by law (generally within 45 days, with the possibility of a 45-day extension, which we would communicate to you if needed).

Business Transfers

In the unlikely event that 360H, Inc. goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal information may be among the assets transferred. For example, if another company acquires SlothMD or if we merge with another organization, user information (including personal data) would likely be transferred so that the service can continue to operate. By providing your personal information to us, you acknowledge that such transfers may occur. In any such transfer of ownership, the successor company will assume the rights and obligations regarding your personal information as described in this Privacy Policy. The new owner may continue to use your personal information in the same manner that we do, as outlined here, to the extent permitted by applicable law. If a business transfer occurs, we will make reasonable efforts to notify you and ensure that the successor entity is aware of and agrees to uphold the commitments we’ve made in this Privacy Policy.

Limits of Our Policy

Our website and app may contain links to external websites or services that are not operated by us. Please be aware that this Privacy Policy applies only to SlothMD (services managed by 360H, Inc.). We have no control over the content or privacy practices of third-party sites or services that you might access through external links from our platform. For example, if we link to a health resource or an article on another site, and you click that link, any information you provide to that external site or how that site collects information about you is governed by their privacy policy, not ours. We cannot accept responsibility or liability for the privacy and security practices of these other websites or applications. We encourage you to review the privacy policies of any third-party sites or services you visit, especially if you navigate to them from our platform, so that you can understand how they collect and use your information.

Changes to This Policy

At our discretion, we may update or change this Privacy Policy from time to time to reflect changes in our business practices, to accommodate new features or services, or to address new legal requirements. If we make changes, we will post the updated policy on this page (accessible through the same URL), and we will update the “last updated” date at the top of the policy. Changes to the Privacy Policy become effective immediately upon being posted here, unless stated otherwise.

If the changes are significant, or if required by law, we will also provide a more prominent notice or seek your consent when appropriate. For example, we might email you or display a notice within the app if a major change is made. In certain cases (especially if a change would allow us to use your personal information in a materially different way than we previously told you), we will either ask for your explicit consent or give you a chance to opt in or out of the new use, as applicable, before the change becomes effective.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of SlothMD after any changes to this Privacy Policy will signify your acceptance of those changes.

Cookies and Tracking Technologies

SlothMD may use cookies and similar tracking technologies (such as web beacons or pixels) to enhance your experience and to collect information about how you use our site. Cookies are small text files that are stored on your device (computer or mobile) via your web browser. We use cookies for several purposes, including:

• To improve functionality: Some cookies are essential for the operation of our website (for example, to keep you logged in or remember your preferences).
  
  
  

• To understand usage: We use analytics cookies to see how users navigate through SlothMD, which pages are popular, and other usage statistics. This helps us improve the site’s design and content.
  
  
  

• For marketing and performance: We might use tracking pixels or similar technologies in our emails or on our site to measure the effectiveness of campaigns and understand user engagement. For instance, a pixel in an email might tell us if you opened that email.
  
  
  

By using SlothMD, you consent to our use of cookies and tracking technologies as described in this policy. However, we respect that you have choices. You can manage or disable cookies through your browser settings. Each browser is a little different, but look for options to manage “cookies” or “tracking” in your browser’s privacy or security settings. Please note that if you disable cookies, some features of our site may not function properly (for example, you might not be able to stay logged in).

SlothMD’s website currently does not respond to “Do Not Track” (DNT) signals. DNT is a setting you can configure in some web browsers to request that websites not track your activities across different sites. Because there is not yet a common understanding of how to interpret the DNT signal, our systems may not recognize or react to it. That said, we do not engage in cross-site tracking of users, nor do we allow third parties to collect personally identifiable information about your online activities over time and across different websites through our platform. In summary, while we use cookies to enhance your experience on our own site, we do not track your browsing outside of SlothMD, and third parties are not given license to do so via our site.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

360H, Inc.
299 Fremont St, Unit 3003
San Francisco, CA 94105, USA
Email: founders@sloth.md

We are committed to addressing your inquiries promptly and responsibly. Whether you need help understanding something in this policy, want to exercise one of your rights, or have a concern about how we handle privacy, please reach out. We appreciate the opportunity to communicate with you and will do our best to resolve any issues to your satisfaction.