1. Introduction

USMD Direct, Inc. (“USMD Direct,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of the information collected through the USMD Direct Remote Patient Monitoring (“RPM”) mobile application and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our app, website, connected devices, and clinical monitoring services.

This Privacy Policy is intended to support compliance with applicable U.S. privacy requirements, including the Health Insurance Portability and Accountability Act (“HIPAA”), and to satisfy Google Play privacy disclosure expectations for healthcare applications.

2. About USMD Direct

USMD Direct, Inc. is a healthcare and telemedicine organization providing remote patient monitoring, telehealth, mobile urgent care, and related digital health services. Our RPM services are designed to help patients and clinicians monitor health conditions using secure communication tools and connected medical devices.

3. Information We Collect

3.1 Personal Information

• Full name
• Date of birth
• Email address
• Phone number
• Mailing address

3.2 Protected Health Information (PHI)

• Blood pressure readings
• Heart rate
• Weight and body metrics
• Blood glucose values
• Oxygen saturation
• Symptoms, clinical notes, and medical history

3.3 Device and Technical Data

• Device model and operating system
• App usage activity
• Internet protocol (IP) address
• Crash logs and diagnostic reports

3.4 Connected Medical Devices

• Bluetooth-enabled monitoring devices
• Wearables and approved sensors
• Data imported through authorized third-party integrations

4. How We Use Your Information

We use collected information to provide, maintain, and improve the USMD Direct RPM platform and associated healthcare services. This includes using your information to:

• Deliver remote patient monitoring and telehealth services
• Support clinical review and care coordination
• Communicate alerts, reminders, and notifications
• Improve user experience, app functionality, and platform performance
• Maintain patient safety and operational integrity
• Comply with legal, regulatory, and healthcare obligations

5. Data Sharing and Disclosure

We may share your information only as needed to support care delivery, platform operations, and legal compliance.

5.1 Healthcare Providers

We may share information with physicians, nurses, care coordinators, and other authorized healthcare professionals involved in your treatment or care management.

5.2 HIPAA-Compliant Vendors

We may use service providers and vendors that support cloud hosting, notifications, analytics, device connectivity, or technical operations. Where applicable, such vendors are expected to operate under appropriate privacy and security obligations, including Business Associate Agreements when required.

5.3 Legal Requirements

We may disclose information if required to do so by law, subpoena, court order, government request, or to protect patient safety, our legal rights, or the security of our systems.

6. Data Security

USMD Direct uses administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, disclosure, alteration, or destruction. Security measures may include:

• Encryption of data in transit and at rest
• Role-based access controls
• Authentication and password protections
• Monitoring, logging, and audit capabilities
• Secure cloud and application infrastructure

Although we strive to use commercially reasonable safeguards, no system can be guaranteed to be completely secure.

7. HIPAA Compliance

To the extent applicable, USMD Direct handles protected health information in accordance with HIPAA and related healthcare privacy and security rules. We maintain safeguards intended to support confidentiality, integrity, and availability of protected health information and work with vendors under Business Associate Agreements when required.

8. Data Retention

We retain information for as long as reasonably necessary to provide healthcare services, maintain required business records, comply with legal obligations, and satisfy applicable record retention laws. Retention periods may vary depending on the type of data and the legal or clinical purpose for which it is maintained.

9. Your Rights

Depending on applicable law and the nature of your relationship with us, you may have the right to:

• Request access to your information
• Request correction of inaccurate information
• Request a copy of certain records
• Request deletion where legally permitted
• Contact us with privacy-related questions or concerns

Some rights may be limited by healthcare record retention requirements, legal obligations, or patient safety considerations.

10. Third-Party Services

The USMD Direct RPM platform may use third-party tools or integrations for hosting, analytics, communications, crash reporting, or connected device functionality. Use of those services may be subject to separate terms or privacy policies, but we expect service providers supporting healthcare operations to maintain appropriate privacy and security standards.

11. Children’s Privacy

This app is not intended for children under the age of 13 unless access and use are authorized by a parent, guardian, and healthcare provider where appropriate. We do not knowingly collect personal information from children in a manner inconsistent with applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any updates will be reflected by revising the “Last Updated” date at the top of this page. Material changes may also be communicated through the app, website, or other appropriate channels.

13. Contact Information