Privacy Policy

LUNA HEALTH, INC. PRIVACY POLICY

Last Updated: November 5, 2024

Introduction

Privacy is very important to us. We also understand that privacy is very important to you. This Privacy Policy tells you how Luna Health and our affiliates, protect and use information that we gather through this Luna Health website (the "website") as well as our Luna Health medical product and the software or mobile application (the "application") that support it ("Luna Health Services," and, together with the website and the application, the "Luna Services” or “Services"). The Services and this Privacy Policy are currently intended for a U.S. audience only.

Changes to this Privacy Policy.  We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law.  By using Luna Services, you understand and agree that you will be deemed to have accepted the terms of the most recent version of this Privacy Policy. Please also read our Terms of Service to understand the general rules about your use of the Luna Services. 

Please note that we may provide additional privacy notices to individuals at the time we collect their personal information. For example, we may provide a specific privacy notice to participants that describes our privacy practices in connection with conducting clinical trials or when you submit your information for recruitment to one of our clinical trials. These additional privacy notices may supplement this Privacy Policy or may apply in lieu of this Privacy Policy.

WHAT PERSONAL INFORMATION DO WE COLLECT?

The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law.  We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.  For residents of California and other states that provide additional rights, more information about the data we collect is available in our Notice at Collection and Supplemental Notice for Residents of California and Certain Other U.S. States, which is found here.

Information We Collect on Our Website

When you visit our website or contact us through a method provided on our website, you may provide us with personal information, including your name, birth date, address and other contact information, your doctor's name, and pharmacy benefits information We use this information to contact you, respond to your questions, and to provide our Services. In some places on this website, you have the opportunity to send us personal information about yourself, to elect to receive particular information or to participate in an activity. For example, you may fill out a registration form, a survey, or an e-mail form and you may elect to receive educational material about our products and therapies.

You also may choose to allow us to personalize your visits to the website, in which case we will ask you for certain personal information to make your visits to our website more helpful to you. When this information is combined with the information that we collect through cookies and online information (described below), we will be able to tell that you have visited our website before and can personalize your access to our website, for example, by telling you about new features that may be of interest to you.

Information We Collect Through the Luna Health Services

 We may collect personal information that you provide to us. 

• Account Creation. We may collect personal information when you create an account through the Services, such as:some text
  • Demographic information, such as your name, date of birth, gender, height, weight and photo/avatar
  • Contact information, such as your email address, phone number and mailing address
  • Information about your diabetes care, such as your diabetes type, year of diagnosis, glucose values, insulin temperature, carbs/meals and insulin type, doses, prior insulin delivery method, therapy settings and recommendations
  •  Information about your use of the Luna Health Services and mobile device, such as app usage data and date of first use
  •  Information related to your use of any linked products or services, such as a continuous glucose monitor
  • Information about your health care provider, such as your health care provider's name and contact information
  • Information about your health insurance, such as the name and contact information for your health insurance and pharmacy benefit manager
• Healthcare Professionals. If you are a healthcare professional, we may collect personal information such as your professional contact information, credential and institutional affiliations information, information about our programs and activities in which you have participated, information about our interactions with you, information about your published papers, your photograph, information about your prescribing of our products and services, and information contained in agreements executed with us.
• Enrollment and Clinical Trial Referral Information. If you enroll in certain Services, such as our patient support programs, or if you request to be matched to one of our clinical trial sites through one of our referral websites, we may collect personal information such as your name, email address, phone number, physical address, date of birth, and relevant information about your medical history.
• Clinical Trial Participants. If you participate in clinical trials that we sponsor, our clinical trial sites may collect personal information such as your driver’s license, passport number, tax identification number, health information related to your medications, medical history, medical insurance details, physical and mental health conditions, diagnoses, treatments, genetic information, and family medical history, and other relevant information in connection with your participation in clinical trials. Please note that, to the extent applicable, the clinical trial site may be a separate “controller” or “business” of your personal information and your personal information may be subject to the clinical trial site’s privacy policy. We collect personal information about you from clinical trial sites only where you have provided your consent to disclose that information to us or as required by law.
• Regulatory Information. We may collect personal information where required to comply with regulatory requirements, including information relating to any adverse events you may have experienced when using our products. 
• Patient Advocates. If you are a patient advocate, we may collect personal information such as your name, email address, and phone number.
• Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
• Your Communications with Us. We may collect personal information, such as email address, phone number, or mailing address when you request information about our Services, register for our mailing list or updates about our programs and offerings, request customer or technical support, or otherwise communicate with us.
• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
• Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events. 
• Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities. 
• Job Applications. We may post job openings and opportunities on our Services. If you respond to one of these postings, we may collect your personal information, such as your application, CV, cover letter, and/or any other information you provide to us.

Personal Information Collected from Other Sources 

• Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services and organizations.  For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect personal information about you from that third-party application that you have made available via your privacy settings. In addition, if you are a healthcare professional, we may collect personal information such as hospital affiliation, license information, areas of interest, contact information such as address, email, and phone number, and other due diligence related information from various sources.
• Referrals and Sharing Features. Our Services may offer various tools and functionalities that allow you to provide personal information about healthcare professionals, family members or other individuals involved in your care through our referral service.  Our referral services may also allow you to forward or share certain content with healthcare professionals, family members or other individuals involved in your care, such as an email inviting your relative to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., family member or caregiver). 

HOW DOES LUNA HEALTH KEEP AND USE PERSONAL INFORMATION? 

We may keep and use personal information we collect from you through our Services to provide you with access to our Services, to facilitate the creation of your account and to otherwise provide you with, and support your use of, the Luna Health Services. In addition, we may keep and use your personal information: 

A.    To Provide Our Services 

We use your information to fulfill our contract with you and provide you with our Services, such as: 

• to provide access to certain areas, functionalities, and features of our Services
• to answer requests for customer or technical support or otherwise respond to your requests
• to communicate with you about your account, activities on our Services, and policy changes
• to process your financial information and other payment methods for products or Services purchased
• processing applications if you apply for a job we post on our Services
• to allow you to register for events
• to manage your information and accounts
• to contact you regarding your use of the Luna Health Services
• to personalize your access to our Services, for example, by telling you about new features that may be of interest to you
• to develop records, including records of your personal information
• to contact you with information that might be of interest to you, including, to the extent permitted by law, information about clinical trials and educational and marketing communications about products and services of ours and of others
• for analytical purposes and to research, develop and improve programs, products, services and content
• for U.S. healthcare providers, to link your name, National Provider Identifier (NPI), state license number, and/or your IP address to web pages you visit, for compliance, marketing, and sales activities 

B.    For Administrative Purposes 

We use your information for various administrative purposes, such as: 

• to pursue our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
• to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and prosecute those responsible for that activity;
• to measure interest and engagement in our Services; 
• for short-term, transient use, such as contextual customization of ads;
• to improve, upgrade, or enhance our Services; 
• to develop new products and services;
• to ensure internal quality control and safety;
• to authenticate and verify individual identities, including requests to exercise your rights under this Privacy Policy;
• for debugging to identify and repair errors with our Services;
• for auditing relating to interactions, transactions, and other compliance activities;
• to share personal information with third parties as needed to provide the Services;
• to enforce our agreements and policies;
• to protect someone's health, safety or welfare;
• to protect our rights or property; and
• for carrying out activities that are required to comply with our legal obligations. 

We may use your information for other legitimate business purposes as permitted by law. 

C.    Marketing and Advertising our Products and Services 

We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.  

Some of the ways we market to you include email campaigns, text messages, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking.  If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth in “Contact Us” below.  

D.    With Your Consent 

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent. 

E.    De-identified and Aggregated Information 

We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about the device from which you access our Services, or other analyses we create. 

F.    Other Purposes 

We also use your personal information for other purposes as requested by you or as permitted by applicable law.

DOES LUNA HEALTH EVER SHARE PERSONAL INFORMATION WITH THIRD PARTIES?

We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A.    Disclosures to Provide Our Services

• Parties You Indicate are Involved in Your Care.  We may disclose personal information collected through the Luna Health Services to healthcare providers, family members or other individuals involved in your care or support that you choose to register using the Luna Health Services to receive such information. 
•  Service Providers.  In the ordinary course of business, we will share some personal information with companies that we hire to perform services or functions on our behalf. For example, we may use different vendors or suppliers to ship products that you order on our website. In these cases, we provide the vendor with information to process your order such as your name and mailing address. Service providers also include service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.
• Clinical Research Organizations. If you participate in clinical trials and research, the clinical trial sites may disclose any personal information you provide in conjunction with your participation to the Clinical Research Organization (“CRO”) that we have engaged to manage the research or conduct the clinical trial. We endeavor not to collect clinical trial participant personal information directly, and other than pharmacovigilance data, all personal information we receive from CROs about clinical trial participants is de-identified or pseudonymized unless an exception applies.
• Clinical Trial Sites. If you request to be matched with a clinical trial site through our Services, we may share your personal information with the clinical trial site so that the clinical trial site can contact you about participating in the trial.
• Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services or other persons, apps and devices that you choose to link to the Luna Health Services.
• Advertising Partners. Through our Services, we may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising,” “cross-context behavioral advertising,” or “personalized advertising.” 
• APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below. 

We may also share your information with third parties as appropriate and permitted by law. The privacy choices you may have about your personal information are determined by applicable law and are described below.

B.    Disclosures to Protect Us or Others

We may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law or regulation. We may cooperate with law enforcement authorities in investigating and prosecuting website visitors who violate our rules or engage in behavior which is harmful to other visitors (or illegal).

We may disclose your personal information to third parties if we feel that the disclosure is necessary to:

• enforce this Privacy Policy and the other rules about your use of this website
• protect your, our, or others’ rights, safety or property
• collect amounts owed to us; 
• assist with an investigation or prosecution of suspected or actual illegal activity
• enforce our policies or contracts
• comply with law enforcement or national security requests, a law or regulation, court order, subpoena or other legal process

C.    Disclosure in the Event of Merger, Sale, or Other Asset Transfers 

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

COOKIE POLICY (AND OTHER TECHNOLOGIES)

If you visit our website to read or download information, such as information about a health condition or about one of our products, or if you use our application or other software as part of the Luna Health Services, we may collect certain information about you from your computer or mobile device. This information may include:

• The name of the domain from which you access the Internet
• The Internet Protocol address ("IP Address") of the device you are using
•  The type of browser and operating system you are using
• The date and time you access our website or application
• The internet address of the site from which you linked directly to our website
•  Which pages you have visited on our website
• The search terms you use
• The links on which you click

We also may collect this information through cookies, pixels, web beacons, and similar technologies ("Technologies") that work through placing a small file (like a text file or graphic) in your browser files when you visit. 

• Cookies.  Cookies are used to collect information for business purposes, such as enabling essential website functions and improving the user experience. You are free to decline our cookies if your browser permits, but some parts of our website may not work properly for you if you do so.
• Pixel Tags/Web Beacons.  The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

Our uses of these Technologies fall into the following general categories:  

• Operationally Necessary.  This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality;
• Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below);
•  Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
• Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party digital properties. 

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

• Analytics. Luna Health may use third-party tracking, analytics and advertising providers, such as Google Analytics, Google Firestore, Google Identity Platform, Google BigQuery, Google Looker Studio, Google Cloud Storage, Google Cloud Functions, Google Crashlytics, Twilio, or Hubspot to act on our behalf to track and analyze your usage of our Services. Luna Health may also use third-party providers to enable certain functions, such as third-party login. For more information regarding how Google collects, uses, and shares your information please visit https://www.google.com/policies/privacy/partners/. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by visiting https://tools.google.com/dlpage/gaoptout. These third parties may collect, and share with us, as we may request, information sent by your browser or mobile device, including website usage information about visits to our sites and other usage information, measure and research the effectiveness of our advertisements, and track page usage and paths followed during visits through our Services. Also, these third-party providers may place our Internet banner advertisements on other sites that you visit, and track use of our Internet banner advertisements and other links from our marketing partners' sites to our sites.
• Social Media Platforms. Our Services may contain social media buttons, such as Twitter/X, Facebook, LinkedIn, YouTube, and Instagram, which might include widgets such as the “share this” button or other interactive mini programs). These features may collect personal information such as your IP address and which page you are visiting on our Services and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.

YOUR PRIVACY CHOICES AND RIGHTS 

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below. 

•  Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy). 
• Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.
• Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device.
• Phone calls. If you receive an unwanted phone call from us, you may opt out of receiving future phone calls from us by following the instructions which may be available on the call or by otherwise contacting us as set forth in “Contact Us” below.
•  “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. 
• Cookies and Personalized Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.
• The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.  Please note you must separately opt out in each browser and on each device. 

Your Privacy Rights. In accordance with applicable law, you may have the right to: 

• Access to and portability of your personal information, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (also known as the “right of data portability”);
•  Request correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
• Request deletion of your personal information; 
• Request restriction of or object to our processing of your personal information where the processing of your personal information is based on our legitimate interest or for direct marketing purposes, including (i) the right to opt-out of the sharing of personal information, (ii) object to or restrict our use of or your sensitive personal information, including the right to opt-out of the sharing of sensitive personal information, and (iii) opt out of the processing of your personal information for purposes of (a) targeted advertising, and (b) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you; and
•  Withdraw your consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal.

NOTICE AT COLLECTION AND SUPPLEMENTAL NOTICE FOR RESIDENTS OF CALIFORNIA AND CERTAIN U.S. STATES

This Supplemental Notice is for residents of states that have adopted comprehensive privacy legislation and others that may come into effect from time to time and are applicable to the Company, including, but not limited to, California, Connecticut, Colorado, Utah and Virginia (collectively, “Applicable State Laws”).  The following table describes the categories of personal information the Company has or may collected and whether we disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months.

Category of Personal Information Collected

Category of Third Parties Personal Information is Disclosed to for a Business Purpose

Identifiers. 

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers. 

·       Service providers

·       Business partners 

·       Affiliates 

·       Advertising networks

·       Internet service providers

·       Data analytics providers

·       Social networks

·       Clinical research organizations

·       Clinical trial sites

Personal information categories 

A name, signature, Social Security number, date of birth, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

·       Service providers

·       Business partners 

·       Affiliates

·       Internet service providers

·       Advertising networks

·       Data analytics providers

·       Clinical research organizations

·       Clinical trial sites

Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

·       Service providers

·       Business partners 

·       Affiliates

·       Clinical research organizations

·       Clinical trial sites

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

·       Service providers

·       Business partners 

·       Affiliates

·       Internet service providers

Biometric information

None

Internet or other electronic network activity

Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.

·       Service providers

·       Affiliates

·       Internet service providers

·       Advertising networks

·       Data analytics providers

Geolocation data

Physical location or movements.

None

Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

None

Professional or employment-related information

Current or past job history or performance evaluations.

·       Service providers

·       Affiliates

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g, 34 C.F.R. Part 99))

None

Inferences drawn from other personal information to create a profile about a consumer

None 

The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in “What Personal Information Do We Collect?” and “How Does Luna Health Keep and Use Personal Information?” above, respectively.  

“Sales” of Personal Information 

For purposes of certain state law, the Company does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age as the term “sell” is commonly understood.  That said, we may share information with third-party advertising partners for the purpose of promoting our Services as described above, such as for cross-context behavioral advertising. To the extent that such sharing is considered a “sale” under California law, you may limit such sharing by following the instructions found above in the section titled, Your Privacy Choices and Rights > Your Privacy Choices > Cookies and Personalized Advertising, or by contacting us as set forth in “Contact Us” below. 

Opt-out of “Sales” for Nevada, California, and Virginia Residents. If you are a resident of Nevada, California, or Virginia, you may have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at  [email protected] with the subject line “[Nevada, California, or Virginia] Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us by contacting us as set forth in “Contact Us” below. 

Additional Privacy Rights for Residents of Certain States 

• Non-Discrimination. Residents of certain states have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by applicable law.
• Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. To authorize an agent, provide written authorization signed by you and your designated agent and contact us as set forth in “Contact Us” below for additional instructions.
•  Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.
• California Shine the Light. The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.

WHAT ABOUT PRIVACY ON OTHER WEBSITES?

This website may contain links to other websites operated by third parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of web sites operated by others. We are not responsible for the performance of websites operated by third parties or for your business dealings with them. Therefore, whenever you leave this website, we recommend that you review each website's privacy practices and make your own conclusions regarding the adequacy of these practices.  Providing personal information to third-party websites or applications is at your own risk.

DOES LUNA HEALTH EVER COMMUNICATE DIRECTLY WITH VISITORS TO THIS WEBSITE?

We may contact you periodically by email, mail, telephone or text if you agree to that contact to provide information regarding programs, products, services and content that may be of interest to you. In addition, some of the features on this website allow you to communicate with us using an online form. If your communication requests a response from us, we will send you a response via email. The e-mail response or confirmation may include your personal information, including personal information about your health, your name, address, etc.

ARE THERE SPECIAL RULES ABOUT CHILDREN'S PRIVACY?

We will not intentionally collect on our website any personal information (such as a child's name or e-mail address) from children under the age of 13. If you think that we have collected personal information from a child under the age of 13, please contact us.  If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it.

WHAT ABOUT SECURITY?

Security is very important to us. We also understand that security is important to you. We have implemented security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. While we have implemented security measures, please keep in mind that "perfect security" does not exist on the internet or elsewhere and no transmission of information is guaranteed to be completely secure. In particular, e-mail sent to or from this site may not be secure, and you should therefore take special care in deciding what information you send to us via email.

CONTACT US – WHAT TO DO IF YOU HAVE A PROBLEM OR QUESTION

If Luna Health becomes aware of any ongoing concerns or problems with the Luna Services, we will take these issues seriously and work to address these concerns or problems when possible. If you have any further questions relating to our Privacy Policy, or if you have a problem or complaint, please contact us at: 

Luna Health, Inc.
Attn: Privacy Officer
1815 W. 13th Street, Suite 5
Wilmington, DE 19806
Email: [email protected]
Toll-Free Phone: +1 (650) 643-5472

Exhibit A

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

This notice of privacy practices (the "HIPAA Privacy Notice") describes how we may use and disclose your Medical Information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law, including by the Health Insurance Portability and Accountability Act, and all regulations issued thereunder ("HIPAA"). It also describes your rights to access and control your Medical Information. As used herein, "Medical Information" is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services.

Uses and Disclosures of Medical Information

We will only use and disclose your Medical Information as permitted by law. Except for disclosures outlined in this HIPAA Privacy Notice and/or permitted by law, we will obtain your written authorization before using your Medical Information or disclosing it to any outside persons or organizations. Most uses or disclosures of your Medical Information constituting psychotherapy notes will be made only after receiving your written authorization. We will not use or disclose your Medical Information for purposes of marketing, except as permitted by law and/or outlined in this HIPAA Privacy Notice. We will not sell your Medical Information, without first obtaining your written authorization. You may revoke any written authorization you have provided to us at any time, except to the extent that we have made any uses or disclosures of your Medical Information in reliance on such authorization. To revoke a previously issued authorization, please send your request in writing, along with a copy of the authorization being revoked to our Privacy Officer. If a copy of the applicable authorization is not available, please provide a detailed description and date of the same to our Privacy Officer.

There are some situations where we may use or disclose your Medical Information without your prior written authorization, as described further below:

Uses and Disclosures of Your Medical Information Related to the Treatment and Services Provided by Us

Treatment, Payment and Health Care Operations: We may use your Medical Information for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care that you receive without your authorization. We may use or disclose Medical Information about you without your authorization for several other reasons.

• Example of Treatment: In connection with treatment, we may use your Medical Information to provide you with one of our products.
• Example of Payment: We may use your Medical Information to generate a health insurance claim and to collect payment on invoices for services and/or medical devices provided.
• Example of Health Care Operations: We may use your Medical Information in order to process and fulfill your orders and to provide you with customer service.

• Appointment Reminder and Other Communications: We may use or disclose your Medical Information without your prior written authorization to provide you or others with, among other things, (i) appointment reminders; (ii) product/supply reorder notifications; and/or (iii) information about treatment alternatives or other health-related products and services that we provide.
• Family, Friends and Emergencies: If you require emergency treatment and we are unable to obtain your consent, we may disclose your Medical Information to a family member or relative who is involved in your care.
• Marketing: We may use or disclose your Medical Information to provide you with marketing communications about the health-related products and services that we provide, and about products, services, treatment or healthcare providers that may be of interest to you.
   

Additional Categories of Uses and Disclosures

• Required by Law: We may use or disclose your Medical Information to the extent that applicable law requires the use or disclosure of such Medical Information. Where the use and/or disclosure of Medical Information is by law, the use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
• Public Health: We may disclose your Medical Information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of preventing or controlling disease, injury or disability. We may also disclose your Medical Information, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
• Communicable Diseases: We may disclose your Medical Information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
• Health Oversight: We may disclose Medical Information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the healthcare system, government benefit programs, other government regulatory programs and civil rights laws.
• Food and Drug Administration: We may disclose your Medical Information to a person or company as directed or required by the Food and Drug Administration: (i) to collect or report adverse events (or similar activities with respect to food or dietary supplements), product defects or problems (including problems with the use or labeling of a product), or biological product deviations, (ii) to track FDA-regulated products, (iii) to enable product recalls, repairs or replacement, or look back (including locating and notifying individuals who have received products that have been recalled, withdrawn, or are the subject of look back), or (iv) to conduct post-marketing surveillance.
• Legal Proceedings: We may disclose your Medical Information in the course of any judicial or administrative proceeding (i) in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), and (ii) in certain conditions in response to a subpoena, discovery request or other lawful process, after we receive satisfactory assurance that the party seeking the information has reasonably attempted to notify you of the request or has reasonably attempted to secure a qualified protective order (in a court or administrative tribunal, or by stipulation) to limit disclosure of your Medical Information.
• Law Enforcement: We may disclose Medical Information, as long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include: (i) legal processes otherwise required by law, (ii) limited information requests for identification and location purposes, (iii) pertaining to victims of a crime, (iv) suspicion that death has occurred as a result of criminal conduct, (v) in the event that a crime occurs on the premises of the practice, and (vi) medical emergency in which it is likely that a crime has occurred.
• Research: We may disclose your Medical Information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your Medical Information.
• Criminal Activity: Consistent with applicable federal and state laws, we may disclose your Medical Information, if we believe the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose Medical Information if it is necessary for law enforcement authorities to identify or apprehend an individual.
• Military Activity and National Security: When the appropriate conditions apply, we may use or disclose Medical Information of individuals who are Armed Forces personnel (i) for activities deemed necessary by appropriate military command authorities; , or (ii) to foreign military authority if you are a member of that foreign military service. We may also disclose your Medical Information to authorized federal officials for conducting national security and intelligence activities.
• Workers' Compensation: We may disclose your Medical Information as authorized to comply with workers' compensation laws and other similar legally-established programs.
• Inmates: We may use or disclose your Medical Information to a correctional institution or law enforcement official if you are an inmate of a correctional facility and your physician created or received your Medical Information in the course of providing care to you, and disclosure is necessary for (i) providing you with health care; (ii) the health and safety of you, other inmates, or others at the correctional institution; or (iii) the administration and maintenance of the safety, security, and good order of the correctional institution.
• Required Uses and Disclosures: Under the law, we must make disclosures to you when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of HIPAA.
• Non-identifiable Information: We may use or disclose your Medical Information if we have removed from it any information that is personally identifiable to you.

Your Rights

The following is a statement of your rights with respect to your Medical Information and a brief description of how you may exercise these rights.

You Have the Right to Inspect and Copy Your Medical Information: This means you may inspect and obtain a copy of medical information about you, provided that applicable law may limit your ability to inspect or copy certain types of records. In certain circumstances, if we deny your request to review Medical Information, you may have a right to have this decision reviewed. If you would like to make a request to review your Medical Information, please submit a request here. We will respond to your request in a reasonable amount of time. If your request is honored, we may charge a nominal fee for photocopying expenses. Please contact our Privacy Officer if you have questions about access to your Medical Information.

You May Have the Right to Amend Your Medical Information: If you believe that the Medical Information we have about you is incorrect or incomplete, you may ask us to make an amendment to your Medical Information. You may request an amendment as long as the Medical Information is still maintained in our records. If you would like to make a request to review your Medical Information, please submit a request here. We will respond to your request in a reasonable amount of time. Please contact our Privacy Officer if you have questions about requesting an amendment to your Medical Information.

You Have the Right to Request a Restriction of Your Medical Information: You may ask us not to use or disclose any part of your Medical Information for the purposes of treatment, payment or healthcare operations. You may also request that any part of your Medical Information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this HIPAA Privacy Notice. Your request must state the specific restriction requested and to whom you want the restriction to apply. Except as otherwise provided in this HIPAA Privacy Notice, we are not required to agree to a restriction that you may request. We are required to agree to your request to restrict disclosure of your Medical Information to a health plan if (i) the disclosure is to carry out payment or healthcare operations and is not otherwise required by law; and (ii) your Medical Information pertains solely to a healthcare item or service for which you or someone (other than the health plan) on your behalf, has paid us in full. If we agree to the requested restriction, we may not use or disclose your Medical Information in violation of that restriction unless it is needed to provide emergency treatment. If you would like to request a restriction of the use of your Medical Information,please submit a request here. We will respond to your request in a reasonable amount of time. Please contact our Privacy Officer if you have questions about requesting a restriction of the use of your Medical Information.

You Have the Right to Request to Receive Confidential Communications from Us by Alternative Means or at an Alternative Location: We will accommodate reasonable requests to receive confidential communications from us by alternate means or at an alternative location. We may also limit this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact. We will not request an explanation from you as to the basis for the request. Please make this request in writing to our Privacy Officer here.

You Have the Right to Receive an Accounting of Certain Disclosures We Have Made, if any, of your Medical Information: This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this HIPAA Privacy Notice. It excludes disclosures we may have made to you, for a facility directory, to family members or friends involved in your care, for notification purposes, for national security or intelligence purposes, to correctional institutions or law enforcement officials, or as part of a limited data set. You have the right to receive specific information regarding these disclosures that occurred after April 14, 2003, or as otherwise provided for under applicable law. You may request a shorter timeframe. The right to receive this information is subject to certain exceptions, restrictions and limitations. If you would like to request an accounting of certain disclosure of your Medical Information, please submit a request here. We will respond to your request in a reasonable amount of time. Please contact our Privacy Officer if you have questions about requesting an accounting of the disclosures of your Medical Information.

You Have the Right to Obtain a Copy of this HIPAA Privacy Notice : You have the right to obtain a paper copy of this HIPAA Privacy Notice from us, upon request, even if you have agreed to accept this notice electronically. If you would like to request a paper copy of this HIPAA Privacy Notice, please submit a request here.

Our Duties

Generally: We are required by law to maintain the privacy and security of your Medical Information and to provide you with notice of our legal duties and privacy practices with respect to Medical Information, and to notify you if there is a breach resulting in disclosure of your unsecured Medical Information.

Revisions and Modifications: We may change this HIPAA Privacy Notice at any time. Before we make a significant change in our policies, we will change this HIPAA Privacy Notice and post our new notice (the "Revised HIPAA Privacy Notice"). We are required to abide by the terms of this HIPAA Privacy Notice until a Revised HIPAA Privacy Notice becomes effective. The Revised HIPAA Privacy Notice will be effective for all Medical Information that we maintain as of the effective date of the Revised HIPAA Privacy Notice even if we collected or received the Medical Information prior to the effective date of the Revised HIPAA Privacy Notice. The current HIPAA Privacy Notice is posted on our Website at www.lunadiabetes.com If you would like to request a paper copy of this HIPAA Privacy Notice, please submit a request here.

What to Do If You Have a Problem or Question

If you are unable to use the online privacy request form, you may obtain assistance by calling +1.650.643.5472.

If you have any further questions relating to this HIPAA Privacy Notice or if you have a problem or complaint, please contact us in writing or by phone at:

Luna Health, Inc.

Attn: Privacy Officer
Email: [email protected]
1815 W. 13th Street, Suite 5, Wilmington, DE 19806
+1.650.643.5472

Furthermore, if you believe that Luna Health has violated your privacy rights with respect to your Medical Information, you have the right to file a complaint in writing with our Privacy Officer or with the Secretary of Health and Human Services at 200 Independence Avenue, S.W. Washington, D.C. 20201 or by calling 877-696-6775. Luna Health will not retaliate against you for filing such a complaint.

Effective Date: November 5, 2024

LBL-00390-A

‍

‍