1. Introduction

MyTurnPlus, Inc. (“MTP,” “we,” “our,” or “us”) is committed to safeguarding your privacy and protecting your personal and health-related information. This Privacy Policy describes how we collect, use, store, share, and protect information obtained through the MyTurnPlus™ mobile application (“App”), our website at https://myturnplus.com/, and any related services (collectively, the “Service”).

By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Service.

2. HIPAA Notice — Protected Health Information (PHI)

2.1 Your HIPAA Rights

Where MTP operates as a Business Associate to your healthcare provider, you have rights under HIPAA, including:

• Right to access and obtain a copy of your PHI held by your covered healthcare provider
• Right to request amendment of inaccurate or incomplete PHI
• Right to an accounting of disclosures of your PHI
• Right to request restrictions on use or disclosure of your PHI
• Right to request confidential communications
• Right to file a complaint with the U.S. Department of Health & Human Services (HHS)

To exercise these rights, contact: contact@myturnplus.com or 10615 E. Landmark Way, Clovis, California 93619. To file a complaint with HHS: https://www.hhs.gov/hipaa/filing-a-complaint

2.2 Minimum Necessary Standard

In accordance with HIPAA’s minimum necessary standard, MTP limits the collection, use, and disclosure of PHI to the minimum amount necessary to fulfill the queuing and notification services described in this policy.

3. Information We Collect

3.1 Information You Provide

• Full name and username
• Phone number(s)
• Email address
• Date of birth / Age
• Appointment details and reason for visit (for clinic queue coordination)
• Demographic and registration information (for returning patient profiles)

3.2 Information Collected Automatically

• Device identifiers (device type, operating system, app version)
• IP address and approximate geolocation (when location services are enabled)
• App usage data, session logs, and interaction events
• Notification delivery and read status

3.3 Optional Device Permissions

The following are optional. Core app functionality is available without granting them:

• Location (GPS): Used to estimate travel time and trigger departure notifications at the right moment
• Camera: Enables direct upload of identification or insurance documents from your camera
• Photo Gallery: Enables document upload from your saved photos

4. How We Use Your Information

We use collected information to:

• Operate and manage the dynamic patient queuing platform
• Send appointment confirmations and real-time departure notifications to your device
• Coordinate patient flow with participating urgent care clinics
• Facilitate healthcare operations at clinics that have engaged MTP as a Business Associate
• Improve app performance, user experience, and queuing accuracy
• Respond to customer service inquiries and support requests
• Comply with HIPAA, CCPA, CalOPPA, and all other applicable legal obligations
• Conduct fraud detection, security monitoring, and system integrity checks

We do NOT use your information for third-party advertising and we do NOT sell your personal data to any party.

5. How We Share Your Information

5.1 Permitted Disclosures

We may share your information with:

• Participating urgent care clinics: To fulfill the queuing and notification services you have requested, under Business Associate Agreements where applicable
• HIPAA-compliant cloud infrastructure and hosting providers: For secure data storage and processing
• Identity verification and fraud prevention service providers
• Legal and regulatory authorities: When required by law, court order, subpoena, or to protect rights, safety, or property
• Successors in a merger, acquisition, or business reorganization — subject to equivalent privacy protections

5.2 What We Do NOT Do

• We do not sell your personal information to any third party
• We do not share PHI with advertisers or marketing companies
• We do not disclose your health information beyond what is permitted by HIPAA
• We do not use your PHI for marketing without your explicit written authorization

6. Data Security

We implement administrative, physical, and technical safeguards to protect your information in compliance with the HIPAA Security Rule, including:

• Encryption of all data in transit using TLS 1.2+ / SSL protocols
• Encryption of stored PHI and personal data at rest
• Role-based access controls strictly limiting staff access to PHI
• Business Associate Agreements (BAAs) with all HIPAA-regulated third-party service providers
• Regular security risk assessments and vulnerability reviews
• Audit logs and access monitoring for all systems containing PHI

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. In the event of a data breach affecting unsecured PHI, we will notify affected individuals and, where required, HHS and other authorities in accordance with the HIPAA Breach Notification Rule.

To report a suspected security incident: contact@myturnplus.com

7. Data Retention

We retain your information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Health-related information retained in connection with HIPAA obligations is maintained for a minimum of six (6) years from the date of creation or last effective date, consistent with federal HIPAA record retention requirements.

Non-PHI personal data is removed or anonymized within 60 days of account deletion. You may request deletion of your account at any time by contacting contact@myturnplus.com.

8. Your Privacy Rights

8.1 California Residents (CCPA / CalOPPA)

California residents have the right to:

• Know what personal information we collect, how it is used, and with whom it is shared
• Request a copy of the personal information we hold about you
• Request deletion of your personal information (subject to legal retention obligations)
• Opt out of the sale of personal information — note: MTP does not sell personal information
• Non-discrimination: we will not discriminate against you for exercising your privacy rights

8.2 European Economic Area Residents (GDPR)

EEA residents have rights including: access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Contact us at contact@myturnplus.com. We respond to all verifiable requests within 30 calendar days.

8.3 All Users, Account & Data Correction

Any user may contact us to update, correct, or request deletion of their personal information. Personnel of MTP may update their employment-related information per our internal HR policies.

9. Cookies and Tracking Technologies

Our website uses cookies to enhance functionality, remember user preferences, and analyze site traffic. We use the following tracking technologies:

• Session Cookies: Maintain your logged-in state during a session
• Functional Cookies: Remember preferences such as language and login details
• Analytics Cookies: Help us understand how the Service is used, to improve it
• Google Maps API: Used for travel time estimation and location-based departure notifications, governed by Google’s Privacy Policy

You can disable cookies in your browser settings. Some features may not function properly without cookies. We do not store PHI or sensitive personal data in cookies.

10. Children’s Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at contact@myturnplus.com and we will promptly delete that information.

11. International Data Transfers

MyTurnPlus, Inc. is incorporated in the United States. If you access our Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to such transfer and processing. We implement appropriate safeguards for cross-border data transfers as required by applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via the App or by email at least 30 days before taking effect. The effective date at the top of this policy will be updated accordingly. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.

13. Contact Us — Privacy