Privacy Policy

Effective Date: February 2024

MyID PRIVACY POLICY AND STATEMENT

1. Introduction:
Welcome to MyID, a mobile application that connects healthcare consumers to personal
and family health data. By using any of the MyID websites, services, and mobile apps
that link to these terms, you agree to the Privacy Policy and Statement. Any new
privacy features included in the future will also be subject to these Terms. You also
agree to our Cookie Policy, and MyID Community Rules, each of which are
incorporated herein by reference. Please read these documents and our Terms and
Conditions carefully because they contain important information about your rights and
responsibilities when you use the Services. You are entering into these Terms with
MyID, LLC. Additional terms may apply which will be disclosed to you when you sign up
for a new Service or take advantage of a new promotion or special offer, which terms
become part of your agreement with us if you use those Services, promotions, or offers.
If any additional terms conflict with these Terms, those additional terms will prevail. This
policy outlines how we use and protect your data. Please contact us at
info@getmyid.com if you have any questions. Thank you for using MyID. If you have
concerns that User Provided Content posted by other Users may infringe your rights,
contain illegal material, or violate these Terms, please contact us at info@getmyid.com.
We are also sensitive to the copyright and other intellectual property rights of others. For
complaints regarding copyright infringement or illegal content, including any Digital
Millennium Copyright Act takedown requests, click her This summary is intended to
help you better understand the most recent changes to MyID’s Privacy Statement and
how the changes may impact you.
2. Services

The updates to the Privacy Statement apply to your use of the Services when you view,
access, or otherwise use the Services. To fully understand the changes and terms that
will govern your use of our Services, please fully read the Privacy Statement.

Specifically, the most recent changes include:
 Clarifying certain sections to address requirements under the California Consumer
Privacy Act (“CCPA”) such as the categories of personal information collected,
used, and shared; and,
 Updating, clarifying, and simplifying existing language.

At MyID, your privacy is a top priority. MyID is committed to being a good steward of your
Personal Information (defined below), handling it in a responsible manner, and securing it
with administrative, technical, and physical safeguards.

We also believe in being honest, direct, and transparent when it comes to your data.
MyID follows three guiding principles when it comes to your privacy:
 Transparency. We work hard to be transparent about what Personal Information
we collect and process.
 Simplicity. We try to use easy-to-understand language to describe our privacy
practices to help you make informed choices.
 Control. We give you control over the Personal Information you provide to us,
including any of your personal health information, and how it is used, shared, and
retained.

Other Important Things for You To Understand When You Use Our Services

You always maintain ownership of your Personal Health Information (PHI) (defined
below)—you can manage and delete it as described in this Privacy Statement. Our full
Privacy Statement is below, and we encourage you to read it. It covers all MyID
websites, services, and mobile apps that link to this Privacy Statement.
3. Personal Information

At MyID, we empower the management of personal health information to enrich lives.
To provide and improve the websites, mobile applications, and services (collectively the
“Services”), we collect, process, and store "Personal Information," which is
information that can identify you, such as your name, email or address, or information
that could reasonably be linked back to you, including your Personal Health Information.
This Privacy Statement describes our practices for collecting, storing, and processing
your Personal Information and the controls we provide you to manage it within our
Services. In addition, our Cookie Policy describes our use of browser cookies and
similar tracking technologies which is considered a part of this Privacy Statement.
When you access the Services, we may ask you to voluntarily provide us certain
information that personally identifies (or could be used to personally identify) you
(“Personal Information”). Personal Information includes, but is not limited to, the
following: (a) contact data such as your e-mail address and phone number; (b)
demographic data such as your gender, your date of birth, and your zip code; (c)
insurance data such as your insurance carrier, insurance plan, member ID, group ID,
and payor ID; (d) medical data such as the doctors or other healthcare providers
(“Healthcare Providers”) you have visited, your reasons for visit, your dates of visit, your
medical history, and other medical and health information you choose to share with us;
and (e) other information that you voluntarily choose to provide to us including without
limitation your Social Security Number, unique identifiers such as passwords, and
Personal Information in e- mails or letters that you send to us. You may still access and
use some of the Services if you choose not to provide us with some Personal
Information, but certain features may not be accessible to you as a result.

Please note: Information about deceased persons is not Personal Information
under this Privacy Statement.
4. Billing Information
When you make a payment through our Services (as further described in and subject to
other provisions of the Agreement), your payment card information is processed by our
payment processing partner, Shopify collects your voluntarily provided payment card
information necessary to process your payment. Shopify’s use and storage of

information it collects is governed by Shopify’s applicable terms of service and privacy
policy. The information we store includes your payment card type and the last four digits
of the payment card. We may provide to you the option to remove your stored payment
card information through your account settings page.
5. Traffic Data
We also may automatically collect certain data elements when you use the Services,
such as (a) IP address; (b) domain server; (c) type of device(s) used to access the
Services; (d) web browser(s) used to access the Services; (e) referring webpage or
other source through which you access the Services; (f) geolocation information; and
(g) other statistics and information associated with the interaction between your browser
or device and the Services (collectively “Traffic Data”). Depending on applicable law,
some Traffic Data may be Personal Information.
We may also collect addition information, which may be Personal Information, as
otherwise described to you at the point of collection or pursuant to your consent.
6. HIPAA and PHI
Under a federal law called the Health Insurance Portability and Accountability Act
(“HIPAA”), some of the demographic, health and/or health-related information that
MyID collects as part of providing the Services may be considered “protected health
information” or “PHI.” Specifically, when MyID receives identifiable information about
you from or on behalf of your Healthcare Providers, this information is PHI. HIPAA
provides specific protections for the privacy and security of PHI and restricts how PHI
is used and disclosed. MyID may only use and disclose your PHI in the ways permitted
by your Healthcare Provider(s). If you choose to use the Services, you agree that MyID
may use and disclose your PHI in the same way it uses and discloses your Personal
Information that is not PHI.

MYID ENABLES PATIENTS TO VOLUNTARILY AND SELECTIVELY TRANSMIT
PHI TO TRUSTED HEALTHCARE PROVIDERS. THIS FEATURE IS INTENDED
TO STREAMLINE PATIENT INTAKE WORKFLOWS, IMPROVE
COMMUNICATION, AND FACILITATE CARE DELIVERY.

7. How We Collect Information
We collection information (including Personal Information and Traffic Data) when you
use and interact with the Services, and in some cases from third-party sources. Such
information includes (but is not limited to): when you use the Services’ interactive tools
and services, when you voluntarily provide information via health assessment
questionnaires, when you use the “Contact Us” function on the Site, send us an e-mail,
or otherwise contact us.
8. How We Use Information
We use the information we collect, including Personal Information, to provide and
continuously improve the Services. In particular, we use this information to: (a) help
Patient Users consolidate important medical information; (b) enable Patient Users to
transmit important medical information to trusted care providers; (c) communicate
patient-reported information to patient- selected care providers; and (d) send Patient
Users alerts to help better manage health concerns. When MyID users use the Services
to query state immunization registries to access personal and/or family immunization
records, MyID will collect user-reported information (e.g., First Name, Last Name, Date
of Birth, Sex, cellphone number, and/or e-mail). MyID retrieves and stores information
from state immunization registries such as but not limited to immunization records
(including line-level detail about shots such as when and where immunizations were
administered, immunization manufacturer, and other relevant clinical information),
immunization forecasting schedules, allergies, contradictions, immunities, home
address, and renderings of official state-issued immunization reports and certificates.
MyID primarily stores immunization data for the user’s enjoyment. MyID reports
deidentified immunization-related data (e.g., number of immunization records obtained
using MyID) to state immunization registries and other public health partners. We may
use information that is neither Personal Information nor PHI (including non-PHI
Personal Information that has been de-identified and/or aggregated) to better
understand who uses MyID and how we could enhance our products and services.

9. Disclosure of Information
We may disclose certain information that we collect from Patient Users. In particular,

we may disclose certain information, including Personal Information and/or PHI, when:
(a) Patient Users transmit medical data to patient-selected care providers (by using
MyID to scan a care provider’s MyID QR code); (b) we believe that Patient Users
experience emergency medical situations; and (c) when Patient Users use MyID to
remotely update care providers. MyID will not disclose Personal Information without
your consent. We do not sell e-mail addresses to third parties. We may, however, share
your e-mail addresses with our business partners to enable them to help MyID
customize our advertising. We may use information that is neither Personal Information
nor PHI (including non-PHI Personal Information that has been de-identified and/or
aggregated) to better understand who uses MyID and how we could enhance our
products and services. We may also need to disclose your Personal Information or any
other information we collect if we determine in good faith that such disclosure is needed
to: (a) comply with applicable law, regulation, court order, or other legal process; (b)
protect the rights, property, or safety of MyID or another party; (c) enforce the
Agreement or other agreements with you; or (d) respond to claims that any posting or
other content violates third-party rights. Tag4Life users expressly authorize MyID to
share the users (a) first and last name, and (b) email address. Tag4Life users may
revoke this authorization by emailing a request here.
10. Public Information
Any information that you may reveal in a review posting or online discussion or forum
is intentionally open to the public and is not in any way private. We strongly
recommend that you carefully consider whether or not to disclose any Personal
Information in a public posting or forum. If you decide to visit a third-party website, you
are subject to the privacy policy of the third-party website as applicable.
11. Information Security
Your privacy is important to us. As such, we endeavor to follow generally accepted
standards to protect Personal Information submitted to us, both in storing and during
transmission. Personal Information submitted to MyID is encrypted. Although we make
good faith efforts to store Personal Information in a secure operating environment, we
do not and cannot guarantee the security of your Personal Information. If we become

aware that your Personal Information has been disclosed in a manner not in
accordance with this Privacy Policy, we will use reasonable efforts to notify you of the
nature and extent of the disclose (to the extent we know that information) as soon as
reasonably possible and as permitted or required by applicable law.
12. Information Provided by or on Behalf of Children
The Services are not intended for use by children under the age of 13. MyID does not
knowingly collect information from children, not are the Services directed to children. By
accessing, using and/or submitting information to or through the Services, you represent
that you are not younger than age 13. If we learn that we have received any information
directly from a child under age 13 without his/her parent’s consent, we will use that
information only to respond directly to that child (or his/her parent or legal guardian) to
inform the child that he/she cannot use the Services and subsequently we will delete that
information. If you are between age 13 and the age of majority in your place of
residence, you may use the Services only with the consent of or under the supervision of
your parent or legal guardian. If you are a parent or legal guardian of a minor child, you
may, in compliance with the Agreement, use the Services on behalf of such minor child.
Any information that you provide us while using the Services on behalf of your minor
child will be treated as Personal Information as otherwise provided herein.
13. Controlling Personal Information
Registered Patient Users may view and modify certain data elements, including Personal
Information, submitted to MyID. MyID reserves the right to retain information from closed
accounts, including to comply with law, prevent fraud, resolve disputes, enforce the
Agreement, and take other actions permitted by applicable law.
14. Immunization Records
If you choose to utilize the Services to search state and local immunization registries,
you authorize MyID to query state immunization registries identified in the application
and certify that you are authorized to access any relevant immunization records you
obtain through MyID. MyID utilizes user-provided data (i.e., First Name, Last Name,
Date of Birth, Sex, and your verified cellphone or e-mail addresses) to search state and

local immunization registries. MyID verifies your cellphone and/or e-mail addresses via
multi-factor authentication. If you believe that anybody has unauthorized access to any
of your cellphone numbers or e-mail addresses, you must rectify the situation
immediately by either a.) changing all relevant passwords or b.) contacting your state or
local immunization registry. If you believe that an estranged spouse, partner, or
anybody not authorized to access your child’s records has access to your child’s
records through MyID, you must contact your state or local immunization registry
immediately to resolve any custody-related issues.
15. Additional Disclosures for California Residents
This section applies to California residents when and if the California Consumer
Protection Act is applicable to our Site and Services about whom we have collected
Personal Information, including through the use of our Site or Services, by purchasing
or utilizing our Service, or by communicating with us electronically, in paper
correspondence, or in person. For purposes of this section, the term "Personal
Information" includes information that identifies, relates to, describes, is reasonably
capable of being associated with, or could reasonably be linked, directly or indirectly,
with a particular California consumer or household.

We may disclose the following types of Personal Information to third parties for a
business or commercial purpose, as further described: identifiers, medical and health
insurance information, protected classifications under applicable law, commercial
information, biometric information, internet or similar network activity, geolocation data,
sensory data, professional or employment-related information, alerts for upcoming or
overdue immunizations, and inferences from other Personal Information. Functionality
within the MyID platform enables consumers to consolidate and share Personal
Information with care providers.
You may be entitled by applicable law to exercise the following rights with respect to your
Personal Information:
 Right to Know. You have the right to request what Personal Information we collect,
use, disclose, and/or sell, as applicable.
 Right to Delete. You have the right to request that we delete the Personal

Information that we have collected about you.
 Right to Opt-out of the Sale of Personal Information. You have the right to request
to be opted-out from the sale of your Personal Information.
 Right to Non-Discrimination. You have the right not to receive discriminatory
treatment by us for the exercise of the privacy right described herein.

You may also authorize someone to exercise the above rights on your behalf. If we have
collected information on your minor child (e.g., immunization records), you may
exercise the above rights on behalf of your minor child. In addition, residents of
California also have the right to request once per calendar year certain information with
respect to types of Personal Information (as defined by California law) we share with
third parties for those third parties’ direct marketing purposes, as the identities of the
third parties with whom we have shared such information during the immediately
preceding calendar year.

The above rights are subject to our ability to reasonably verify your identity and
authority to make these requests by providing verifiable information such as the
following:
 Provide sufficient information that allows us to reasonably verify you are the
person about whom we have collected Personal Information or an authorized
representative.
 Describe your request with sufficient detail that allows us to properly
understand, evaluate, and respond to it. We cannot respond to your request
if we cannot verify your identity or authority to make the request and confirm
the Personal Information relates to you.
To exercise your rights, submit your request by e-mail here. We will respond to
authorized and verified requests as soon as practicable and as required by law. In
addition, the above rights are subject to various exclusions and exceptions under the
law, and, under certain circumstances, we may be unable to implement your request.
We will advise you of any reason for denying or restricting a request.
16. COVID-19 Immunization Records

Through partnership with public health agencies, MyID offers consumer access to
COVID-19 immunization records. As such, MyID only accesses personal and sensitive
data required directly to support COVID-19-related efforts. Specifically, MyID uses this
data to facilitate consumer access to personal and family immunization records.
17. Camera
MyID supports the capability for users to select a profile picture. This functionality is
entirely optional. MyID users that choose to select a profile picture will need to
engage their phone’s camera and/or saved photos.
18. External File Storage
MyID supports the capability for users to share and/or save a PDF copy of their
personal and family immunization records. As such, MyID may require access to read
and/or write to your phone’s file storage.
19. Privacy Policy Updates
We will notify you of any material changes to this Privacy Policy. Your continued use of
the Services after changes to this Privacy Policy constitutes your acceptance of the
amended Privacy Policy. The amended Privacy Policy supersedes all previous versions.
IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU
MUST STOP USING THE SERVICES AFTER SUCH CHANGES OCCUR.
20. Account Creation and Your Engagement with MyID
The Personal Information required to create an account with MyID is limited to your
name, an email address, and a password.
Account Information
● Your Name
● Your birthdate
● Your current City and State
● An email address (required)
● A password that you create (required)
● Billing information *Plus Service
Credit Card/Payment Information
Payment information, such as your credit card number, and your billing and shipping

address(es), when you make a purchase.
Profile Information
We collect the information that you provide when you voluntarily create a user profile
(for example, a profile image, your name, age, or location). This information may be
seen by other Users (defined in the MyID Terms and Conditions, so please consider
limiting this information and using a username that is different from your real name to
protect your privacy.
User Provided Content
Information you provide when you voluntarily contribute to the Services, for example,
content you upload or contributions to community discussions, and, information you
voluntarily provide in response to our email surveys, or questionnaires available
through the Services. This may include health or medical information.
Note About Health-Related Information
MyID is not a covered entity under the Health Insurance Portability and Accountability
Act (“HIPAA”), and as a result no User Provided Content as defined in the MyID Privacy
Statement) provided by you is subject to or protected by HIPAA.
Your Communications
Your communications with other Users through our communications features and
information you provide in communications with MyID community and support teams for
our other Services, including audio and visual information (such as recordings of calls
with MyID Customer Services or information voluntarily shared when doing consumer
insights research).
Contests and Promotions
Personal Information when you voluntarily participate in contests and special promotions
we run or sponsor.
Other Protected Classifications and Sensitive Data
We may collect information related to certain protected classifications such as gender or

marital status.
Account creation also requires you to agree to the MyID Terms and Conditions and this
Privacy Statement.
By creating an account, you are telling us that you understand MyID will collect, process,
and share your Personal Health Information as described in this Privacy Statement.
Access to MyID content is self-generated.
At any time, you can delete information you have uploaded into your account. You can
also delete your entire account.
21. Security
MyID maintains a comprehensive information security program designed to protect our
customers’ Personal Information using administrative, physical, and technical
safeguards. The specific security measures used are based on the sensitivity of the
Personal Information collected. We have measures in place to protect against
inappropriate access, loss, misuse, or alteration of Personal Health Information under
our control. The MyID IT Team regularly reviews our security and privacy practices and
enhances them as necessary to help ensure the integrity of our systems and your
Personal Information. We use secure server software to encrypt Personal Health
Information, and we only partner with security companies that meet and commit to our
security standards. While we cannot guarantee that loss, misuse, or alteration of data
will not occur, we use reasonable efforts to prevent this. It is also important for you to
guard against unauthorized access to your Personal Information by maintaining strong
passwords and protecting against the unauthorized use of your own computer or
device.
22. Changes to This Statement
We may modify this Privacy Statement at any time, but we will provide prominent
advance notice of any material changes to this Statement, such as posting a notice
through the Services, on our websites, or sending you an email, to provide you the
opportunity to review the changes and choose whether to continue using the Services.

We will also notify you of non-material changes to this Statement as of their effective

date by posting a notice through the Services, on our websites, or sending you an
email.

If you object to any changes, you may delete your account as described below.
23. Identity and Contact Details of the Data Controller
If you reside in the United States or Outside the United States, MyID, LLC is responsible
for the use of your data and for responding to any requests related to your Personal
Information.
Contact information for MyID, LLC is listed at the bottom of this Statement.
Official Correspondence Can Be Sent Either To:
Email: info@getmyid.com; or,
Postal Addresses:
For Users Located in the United States
MyID, LLC.
Attn: Data Controller
491 North Bluff Street, Suite
106 St. George, Utah 84770
For Users Located Outside of the United States
MyID, LLC.
Attn: Data Controller
491 North Bluff Street, Suite
106 St. George, Utah 84770
For MyID Customers: MyID customers can reach us using our 800 number at 1-888-
500-9720.