PRIVACY POLICY

HALO HEALTH BY VOGASOFT INC.

Effective Date: 9/10/2025

1. OUR COMMITMENT TO YOUR PRIVACY

At Halo Health ("we," "our," or "us"), we are committed to protecting your privacy and the security of your personal and genetic information. We will NEVER sell or share your medical or genetic data with third parties for their commercial purposes.

2. INFORMATION WE COLLECT

2.1 Personal Information: We collect basic personal information including your name, email address, phone number, date of birth, billing and shipping addresses, and payment information (which is processed by secure third-party providers).

2.2 Genetic Information: We process genetic information including raw genetic data files from third-party services such as 23andMe or Ancestry.com, DNA samples that are processed by our partner laboratories, and the resulting genetic analysis results and interpretations.

2.3 Health and Wellness Information: We collect health-related information you provide through health questionnaires and surveys, your wellness goals and preferences, and your interaction history with our AI health companion.

2.4 Technical Information: We automatically collect certain technical information including your IP address, browser type, device information, usage data and analytics, and information from cookies and similar tracking technologies.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses: We use your information to process and analyze your genetic data through our proprietary systems, generate personalized wellness reports, provide AI-powered health insights for entertainment and experimental purposes, facilitate coaching sessions and result readouts, train and improve our AI models and recommendations, communicate with you about our services, and process payments and fulfill orders. We may also send you updates, promotions, and service-related communications unless you opt out.

3.2 Our Commitments: We do NOT sell your genetic or health data, share your data with insurance companies, share your data with employers, share individually identifiable data for research without explicit consent, or use your personal likeness without permission.

4. GENETIC INFORMATION SPECIAL PROTECTIONS

4.1 Genetic Information Nondiscrimination: We support and comply with the Genetic Information Nondiscrimination Act (GINA) principles, even though we are not a covered entity.

4.2 Enhanced Security: Genetic data is encrypted both in transit and at rest using industry-standard encryption methods.

5. DATA SHARING AND DISCLOSURE

5.1 Service Providers: We may share information with trusted service providers who assist us in operating our business, including CLIA-certified genetic testing laboratory services, cloud storage and computing services (encrypted and HIPAA-compliant where available), payment processing through Stripe and ACH providers, and customer support services. All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements: We may disclose information if required by law, including in response to court orders or subpoenas, law enforcement requests with valid legal process, or to protect rights, safety, or property.

5.3 Business Transfers: In the event of a merger, acquisition, or sale of our company, your information may be transferred to the successor entity. We will provide prior notice and give you the option to delete your data before any such transfer.

6. DATA RETENTION

6.1 Active Accounts: We guarantee retention of your genetic data for a minimum of one year from the processing date. Data may be retained longer but is not guaranteed beyond one year unless you request extended retention.

6.2 Deletion Requests: Upon request, we will delete your personal and genetic data within 30 days and remove data from all backups within 60 days. We can provide your data via USB drive or secure download before deletion if requested, and will provide confirmation once deletion is complete.

6.3 Legal Retention: Some information may be retained as required by law or for legitimate business purposes, such as transaction records for tax and accounting purposes.

6.4 Aggregated Data: We may retain anonymized, aggregated metadata indefinitely for research and product improvement purposes.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability: You have the right to access your personal information, download your genetic data, and receive your information in a portable format.

7.2 Correction: You may update or correct inaccurate information through your account settings or by contacting us.

7.3 Deletion: You have the right to request deletion of your information at any time. Email info@gethalohealth.com with deletion requests.

7.4 Opt-Out: You may opt-out of marketing communications, data analytics, and certain data processing activities at any time through your account settings or by contacting us.

8. SECURITY MEASURES

8.1 Technical Safeguards: We implement comprehensive security measures including AES-256 encryption for data at rest, TLS 1.3 for data in transit, multi-factor authentication availability, and regular security audits and penetration testing.

8.2 Administrative Safeguards: We limit access to your information on a need-to-know basis, provide employee training on data protection, and require confidentiality agreements with all personnel who handle user data.

8.3 Physical Safeguards: Our data is stored in secure data center facilities with access controls and monitoring, and we maintain redundant backup systems to prevent data loss.

9. CHILDREN'S PRIVACY

9.1 Minors Under 18: Our Services may be used by minors only with parental or guardian consent and supervision.

9.2 Parental Controls: For minors, parents or guardians must create and manage the account, all genetic results are delivered exclusively to parents or guardians, parents or guardians must be present for all coaching sessions, and parents or guardians must certify their legal authority to consent for the minor.

9.3 Verification: We may request verification of parental or guardian status before processing a minor's genetic data.

9.4 Data Protection: Minor's data receives the same security protections as adult data, with additional access restrictions to ensure parental control.

10. CALIFORNIA PRIVACY RIGHTS

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what information is collected, the right to delete personal information, the right to opt-out of sale (we do not sell data), and the right to non-discrimination for exercising privacy rights.

11. DATA BREACH NOTIFICATION

In the event of a data breach affecting your personal or genetic information, we will notify you within 72 hours of discovery, provide details about the affected information, and offer appropriate remediation such as credit monitoring where applicable.

12. COOKIES AND TRACKING

We use essential cookies required for site functionality and security. We also use analytics cookies to help us understand usage patterns (which can be disabled) and marketing cookies for relevant advertising (which can also be disabled). You can manage your cookie preferences through your browser settings.

13. THIRD-PARTY LINKS

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

14. INTERNATIONAL DATA TRANSFERS

We operate in the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. We will notify you of material changes via email or through prominent notice on our Services. Your continued use of our Services after such modifications constitutes acceptance of the updated Privacy Policy.

16. CONTACT US

For privacy-related questions or concerns, please contact:

Privacy
VogaSoft Inc. / Halo Health
Email: info@gethalohealth.com
270 N. El Camino Real, Suite F231, Encinitas, CA 92024

Data Protection Requests:
Email: info@gethalohealth.com

To exercise your privacy rights or request data deletion, email us with "Privacy Rights Request" in the subject line.

17. REGULATORY COMPLIANCE

While we are not a HIPAA covered entity, we voluntarily implement HIPAA-compliant security practices where feasible. We use HIPAA-certified storage and security systems to protect your information. We comply with applicable California and federal privacy laws. This Privacy Policy is designed for U.S. residents only.

YOUR PRIVACY IS OUR PRIORITY. WE WILL NEVER SELL YOUR GENETIC OR HEALTH DATA.

Last Updated: 9/10/2025