SMYLEN PRIVACY NOTICE

This Privacy Notice describes how Smylen, Inc. (“we”, “us,” “our”) collects, uses and discloses

information about individuals who use our website, applications, services, tools and features, or otherwise

interact with us (collectively, the “Services”). For the purposes of this Privacy Notice, “you” and “your”

means you as the user of the Services, whether you are a customer, website visitor, job applicant,

representative of a company with whom we do business, or another individual whose information we

have collected pursuant to this Privacy Notice. Please note that the Services are designed for users in the

United States only and are not intended for users located outside the United States.

While this Privacy Notice may describe protected health information (as defined by the Health Insurance

Portability and Accountability Act of 1996, as amended, and regulations promulgated thereunder

(collectively, “HIPAA”)) that we process on behalf of healthcare providers, we process such information

as a “business associate” of those healthcare providers. If you have questions or would like to learn more

about how your healthcare provider processes your information, please refer to your healthcare

provider(s)’ HIPAA Notice of Privacy Practices or other privacy notices.

Please read this Privacy Notice carefully. By using any of the Services, you agree to the collection, use,

and disclosure of your information as described in this Privacy Notice. If you do not agree to this Privacy

Notice, please do not use or access the Services.

1. CHANGES TO THIS PRIVACY NOTICE

We may modify this Privacy Notice from time to time, in which case we will update the “Last Updated”

date at the top of this Privacy Notice. If we make material changes to the way in which we use or disclose

information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last

email address you provided us, by posting notice of such changes on the Services, or by other means

consistent with applicable law) and will take additional steps as required by applicable law. If you do not

agree to any updates to this Privacy Notice, please do not continue using or accessing the Services.

2. COLLECTION AND USE OF YOUR INFORMATION

When you use or access the Services, we collect certain categories of information about you from a

variety of sources.

Information You Provide to Us

Some features of the Services may require you to directly provide us with certain information about

yourself. You may elect not to provide this information, but doing so may prevent you from using or

accessing these features. Information that you directly submit through our Services includes:

● Basic contact details, such as name, address, birthdate, phone number, and email. We use this

information to create and maintain your account and provide the Services, and to communicate

with you (including to tell you about products or services that may be of interest to you, for

example, the CareCredit credit card).

● Account information, such as username, password, and other security-related information that

you select and the answers you provide. We use this information to provide the Services and to

maintain and secure your account with us. If you choose to register an account, you are

responsible for keeping your account credentials safe. We recommend you do not share your

access details with anyone else. If you believe your account has been compromised, please

● Payment information, such as bank account, credit or debit card information, and billing

address, which we collect using a third party payment processor. We use this information to

process your payment and provide the Services.

● Information you provide when using the Services, such as payment or insurance information.

We use this information to provide the Services.

● Applicant details, such as information included in your resume or CV, references, and job

history. We use applicant details to process your application for employment and to evaluate your

candidacy.

● Any other information you choose to include in communications with us, for example, when

sending a message through the Services.

Information We Collect Automatically

We may also automatically collect certain information about your interaction with the Services (“Usage

Data”). To do this, we may use cookies and other tracking technologies such as web beacons (“Tracking

Technologies”). Usage Data may include:

● Device information, such as device type, operating system, unique device identifier, and internet

protocol (IP) address.

● Other information regarding your interaction with the Services, such as browser type, log

data, date and time stamps, location, clickstream data, interactions with marketing emails, and ad

impressions.

We use Usage Data to tailor features and content to you, market to you, run analytics and better

understand user interaction with the Services. For more information on how we use Tracking

Technologies and your choices, see the section below, Cookies and Other Tracking Technologies.

Information Collected From Other Sources

We may obtain information about you from outside sources, including information that we collect directly

from third parties and information from third parties that you choose to share with us. Such information

includes:

● Information provided by your healthcare provider, which we use to provide the Services.

● Information provided by identity verification services, which we may use to confirm your

name and information.

● Information provided by credit card / financing partners, which we may use to help facilitate

offers from these providers or otherwise to provide the Services.

● Analytics data we receive from analytics providers such as Google Analytics.

● Information we receive from career websites, such as LinkedIn, Monster, or Indeed, which we

use to process your application for employment.

Any information we receive from outside sources will be treated in accordance with this Privacy Notice.

We are not responsible for the accuracy of the information provided to us by third parties and are not

responsible for any third party’s policies or practices. For more information, see the section below, Third

Party Websites and Links.

In addition to the specific uses described above, we may use any of the above information to provide you

with the Services and to maintain our business relationship, including by enhancing the safety and

security of our Services (e.g., troubleshooting, data analysis, testing, system maintenance, and reporting),

providing customer support, sending service and other non-marketing communications, monitoring and

analyzing trends, conducting internal research and development, complying with applicable legal

obligations, enforcing any applicable terms of service, and protecting the Services, our rights, and the

rights of our employees, users or other individuals.

Finally, we may deidentify, aggregate, or anonymize your information such that it cannot reasonably be

used to infer information about you or otherwise be linked to you (“deidentified information”) (or we

may collect information that has already been deidentified/anonymized), and we may use such

deidentified information for any purpose. To the extent we possess or process any deidentified

information, we will maintain and use such information in deidentified/anonymized form and not attempt

to re-identify the information.

3. COOKIES AND OTHER TRACKING TECHNOLOGIES

Most browsers accept cookies automatically, but you may be able to control the way in which your

devices permit the use of Tracking Technologies. If you so choose, you may block or delete our cookies

from your browser; however, blocking or deleting cookies may cause some of the Services, including

certain features and general functionality, to work incorrectly. If you have questions regarding the specific

information about you that we process or retain, as well as your choices regarding our collection and use

practices, please contact us using the information listed below.

Your browser settings may allow you to transmit a “do not track” signal, “opt-out preference” signal, or

other mechanism for exercising your choice regarding the collection of your information when you visit

various websites. Like many websites, our website is not designed to respond to such signals, and we do

not use or disclose your information in any way that would legally require us to recognize opt-out

preference signals.

4. DISCLOSURE OF YOUR INFORMATION

We may disclose your information to third parties for legitimate purposes subject to this Privacy Notice,

including the following categories of third parties:

● Our affiliates or others within our corporate group.

● Vendors or other service providers who help us provide the Services, including for system

administration, cloud storage, security, customer relationship management, marketing

communications, web analytics, payment networks, and payment processing.

● Third parties for marketing purposes.

● Professional advisors, such as auditors, law firms, or accounting firms.

● Third parties in connection with or anticipation of an asset sale, merger, or other business

transaction, including in the context of a bankruptcy.

We may also disclose your information as needed to comply with applicable law or any obligations

thereunder or to cooperate with law enforcement, judicial orders, and regulatory inquiries, to enforce any

applicable terms of service, and to ensure the safety and security of our business, employees, and users.

5. THIRD PARTY WEBSITES AND LINKS

We may provide links to third-party websites or platforms. If you follow links to sites or platforms that we

do not control and are not affiliated with us, you should review the applicable privacy notice, policies and

other terms. We are not responsible for the privacy or security of, or information found on, these sites or

platforms. Information you provide on public or semi-public venues, such as third-party social networking

platforms, may also be viewable by other users of the Services and/or users of those third-party platforms

without limitation as to its use. Our inclusion of such links does not, by itself, imply any endorsement of

the content on such platforms or of their owners or operators.

6. DATA SECURITY AND RETENTION

Despite our reasonable efforts to protect your information, no security measures are impenetrable, and we

cannot guarantee “perfect security.” Any information you send to us electronically, while using the

Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do

not use unsecure channels to send us sensitive or confidential information.

We retain your information for as long as is reasonably necessary for the purposes specified in this

Privacy Notice. When determining the length of time to retain your information, we consider various

criteria, including whether we need the information to continue to provide you the Services, resolve a

dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or

protect ourselves, including our rights, property or products.

7. HOW TO CONTACT US

Should you have any questions about our privacy practices or this Privacy Notice, please email us at

support@smylen.com.

Effective: 11/14/2025