CodaHx Privacy Policy

Privacy Policy This Privacy Policy ("Policy") applies to https://www.codahx.com, and CodaHx ("Company") and governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to the Company include https://www.codahx.com. The Company's website is a health information technology site. By using the Company website, you consent to the data practices described in this statement. Our Commitment to Protecting Your Health Information As a health information technology company, we recognize the sensitive nature of the data you entrust to us. This policy distinguishes between "Personal Information" (such as your name and contact details) and "Protected Health Information" or "PHI" (which includes your medical, insurance, and billing data). The Company is committed to protecting the privacy and security of your PHI in accordance with the applicable standards set forth in the Health Insurance Portability and Accountability Act (HIPAA). By creating an account and using our services, you are providing express consent and authorizing the Company to collect and use your PHI for the specific purpose of providing our services to you, as described in this Policy and our Terms and Conditions. Collection of Your Personal Information To provide you with our services, the Company collects information that you voluntarily provide to us. This information includes: • Contact and Account Information: First and last name, mailing address, email address, phone number. • Protected Health Information (PHI): Date of birth, insurance information (plan, policy number, group number), medical data from bills and claims (including dates of service, provider names, procedure codes, diagnosis codes, and cost information), and data related to health conditions. • Financial Information: Household income, number of dependents, and other financial or identification documents for the purpose of accessing financial assistance for medical costs. If you purchase a subscription or service with the Company, we will collect billing and credit card information through our secure payment processor to complete the purchase transaction. Purpose of Data Collection We do not collect any personal or health information about you unless you voluntarily provide it to us when you: (a) register for or add information to an account; (b) upload medical bills or claims documents; (c) send us an email or message; or (d) submit payment information. We use this information solely to operate our services, which includes organizing your medical bills, analyzing your billing and claims data to identify suspected errors and potential avenues for savings on your behalf, and to communicate with you about your account and our services. Use of your Personal Information The Company collects and uses your personal information in the following ways: • To operate and deliver the services you have requested • To provide you with information, products, or services that you request from us • To provide you with notices about your account • To carry out the Company's obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collection • To notify you about changes to our https://www.codahx.com or any products or services we offer or provide through it • In any other way we may describe when you provide the information • For any other purpose with your consent. Marketing and Communications The Company may use your name and email address for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication related to the Company or affiliates. In order to improve our services, we may receive a notification when you open an email from the Company or click on a link therein. You may opt out of receiving marketing or promotional communications at any time by clicking the "unsubscribe" link in the email. Sharing Information with Third Parties The Company does not sell, rent, or lease its customer lists to third parties. The Company may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to the Company, and they are required to maintain the confidentiality of your information. The Company may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the Company or the site; (b) protect and defend the rights or property of the Company; and/or (c) act under exigent circumstances to protect the personal safety of users of the Company, or the public. Our Vendors and Business Associates We may share necessary data with trusted partners who perform essential services on our behalf, such as cloud data hosting, payment processing, or customer support. These partners are our "Business Associates" under HIPAA. We do not sell, rent, or lease your information. Any partner that may come into contact with your PHI is required to enter into a Business Associate Agreement (BAA) with us. This is a contract that legally obligates them to protect your PHI with the same stringent security and privacy standards that we are required to follow under HIPAA. Automatically Collected Information The Company may automatically collect information about your computer hardware and software. This information can include your IP address, browser type, domain names, access times, and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding the use of the Company's website. Links This website contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information. Security of Your Personal Information The Company takes its responsibility to secure your personal and health information from unauthorized access, use, or disclosure very seriously. We have implemented a comprehensive security program based on the requirements of the HIPAA Security Rule, which includes the following categories of safeguards: • Administrative Safeguards: We maintain security policies and procedures for all employees, who are required to complete mandatory privacy and security training. We conduct regular risk assessments to identify and mitigate potential threats to your data and have designated a Privacy Officer to oversee our compliance program. • Physical Safeguards: Access to our physical offices and the servers where your data is stored is controlled and restricted to authorized personnel. We have implemented policies for secure workstation use and data handling. • Technical Safeguards: We use encryption to protect your data both in transit (using protocols like SSL/TLS) and at rest (when stored in our databases). Access to PHI within our systems is strictly controlled through unique user identification, and we maintain audit logs and trails to monitor access and activity. Our network is protected by robust firewalls and other security technologies. While we implement these extensive measures, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. You acknowledge that there are security and privacy limitations inherent to the Internet that are beyond our control. Your Rights Regarding Your Health Information In accordance with HIPAA and other applicable laws, you have the following rights concerning the Protected Health Information (PHI) that we maintain about you. • Right to Access: You have the right to inspect and obtain a copy of the PHI we maintain about you. • Right to Amend: If you believe that the PHI we have about you is incorrect or incomplete, you have the right to request that we amend the information. We will review your request and make a determination in accordance with applicable law. • Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI to other persons or entities. • Right to Request Restrictions: You have the right to request a restriction on how we use or disclose your PHI. While we will carefully consider your request, we are not required to agree to all restrictions. • Right to Deletion: Subject to our legal and data retention obligations, you may request the deletion of your personal information and the closing of your account. To exercise any of these rights, please submit a verifiable written request to us using the contact information provided at the end of this Policy. We will respond to your request in a timely manner. Please note that we may not be able to comply with requests to delete your personal information if it is necessary to: • Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, and provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity • Debug to identify and repair errors that impair existing intended functionality • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law • Comply with the California Electronic Communications Privacy Act • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us • Comply with an existing legal obligation • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information Children Under Thirteen The Company's services are not directed at or intended for use by children under the age of 13. The Company does not knowingly collect personal information from children under the age of 13 without parental consent or provision. If we learn that we have collected or received personal information from a child under 13 without parental consent or provision, we will take immediate steps to delete that information from our records. Disconnecting your Company's Account from Third Party Websites You will be able to connect your Company's account to third-party accounts. BY CONNECTING YOUR COMPANY'S ACCOUNT TO YOUR THIRD-PARTY ACCOUNT, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE CONSENTING TO THE CONTINUOUS RELEASE OF INFORMATION ABOUT YOU TO OTHERS (IN ACCORDANCE WITH YOUR PRIVACY SETTINGS ON THOSE THIRD-PARTY SITES). IF YOU DO NOT WANT INFORMATION ABOUT YOU, INCLUDING PERSONALLY IDENTIFYING INFORMATION, TO BE SHARED IN THIS MANNER, DO NOT USE THIS FEATURE. You may disconnect your account from a third-party account at any time. Changes to This Statement The Company reserves the right to change this Policy from time to time. For example, when there are changes in our services, changes in our data protection practices, or changes in the law. When changes to this Policy are significant, we will inform you. You may receive a notice by sending an email to the primary email address specified in your account, by placing a prominent notice on our website, and/or by updating any privacy information. Your continued use of the website and/or services available after such modifications will constitute your: (a) acknowledgment of the modified Policy; and (b) agreement to abide and be bound by that Policy. Contact Information The Company welcomes your questions or comments regarding this Policy. If you believe that the Company has not adhered to this Policy, please contact the Company at: CodaHx, Inc. Email: oren@codahx.ai Effective as of June 01, 2025