Consumer Health Data Privacy Policy

1. Scope

This Consumer Health Data Privacy Policy supplements our Privacy Policy and applies where InterNeuron Labs Inc. ("Recursite," "we," "our") processes "consumer health data" under Washington My Health My Data Act or similar laws.

• Consumer health data generally means personal information that is linked or reasonably linkable to an individual and identifies or can be used to infer health status, health conditions, treatment, or attempts to obtain health-related services.
• This policy applies only where we act as a data controller for consumer health data. It does not apply where we process data solely on behalf of a customer or where another organization controls the data.
• In case of conflict between this supplemental policy and our general Privacy Policy, this supplemental policy controls for consumer health data where applicable.
• Recursite is not a medical provider and is not intended to provide medical diagnosis, treatment, or emergency services.

2. Collection of Consumer Health Data

We may collect consumer health data only where you provide it, connect it, or where applicable law treats certain information as consumer health data.

• Health conditions, symptoms, status, diagnoses, testing, surgeries, procedures, treatments, or medical interventions that you include in prompts, files, projects, messages, or support requests.
• Medication use, prescriptions, treatment plans, care instructions, health-related purchases, or related context you choose to provide.
• Biometric, genetic, physiological, vital-sign, bodily function, or health measurement information you intentionally submit.
• Precise location or other information that could identify an attempt to seek or receive health care services or supplies, where applicable law treats it as consumer health data.
• Information from third-party integrations, files, or services you choose to connect or upload that contain consumer health data.
• Inferences derived from the above information where applicable law treats those inferences as consumer health data.

3. You Are Not Required to Provide Health Data

• You do not need to provide consumer health data to use core Recursite features.
• If you choose to include consumer health data in prompts, files, projects, or messages, we will process it to provide the requested feature and for the purposes described in this policy.
• You should not submit sensitive health information unless you want Recursite to process it for your requested use case.

4. Uses of Consumer Health Data

• To provide, maintain, and operate features you request, including processing prompts, files, outputs, projects, or connected services that contain consumer health data.
• To support integrations or third-party services you intentionally connect, subject to your settings and the third party's terms and privacy practices.
• To provide support, troubleshoot errors, debug functionality, and respond to requests related to your account or use of Recursite.
• To prevent and investigate fraud, abuse, security incidents, unauthorized access, unlawful activity, and violations of our Terms or Usage Policy.
• To protect rights, safety, service integrity, and legal interests, and to comply with applicable law, legal process, or governmental obligations.
• In aggregated or de-identified form, to understand and improve service quality, reliability, safety, and performance where permitted by law.
• For other purposes with your consent where consent is required by applicable consumer health data laws.

5. How We Disclose Consumer Health Data

• Service providers and processors that support hosting, infrastructure, authentication, security, debugging, customer support, analytics, compliance, or other operational services under contractual protections.
• Third-party services you choose to connect, access, or direct us to interact with. Data shared with those services is governed by those third parties' terms and privacy practices.
• Professional advisors, auditors, insurers, and other business support providers where necessary for legal, compliance, risk management, or business operations.
• Government authorities, regulators, courts, law enforcement, or other parties where required by law or necessary to protect rights, safety, or security.
• Relevant parties in connection with a merger, acquisition, financing, bankruptcy, reorganization, or other corporate transaction, subject to applicable law.
• Other parties with your consent, direction, or instruction.

6. Rights and Choices

Depending on where you live and the laws that apply, you may have specific rights regarding consumer health data.

• Right to know whether we collect, share, or sell consumer health data about you and to access that data.
• Right to receive a list of categories of consumer health data collected, categories of sources, purposes of collection and use, and categories of third parties or affiliates with whom data is shared.
• Right to delete consumer health data, subject to legal and operational exceptions.
• Right to withdraw consent where consent is required for collection, sharing, or other processing.
• Right to appeal certain request denials where applicable.
• Right to disable or remove third-party integrations and revoke permissions through Recursite settings or the relevant third-party service where available.
• To exercise rights, contact privacy@interneuronlabs.com. We may verify your identity before processing your request.

7. Consent and Revocation

• Where applicable law requires consent before collecting, using, sharing, or selling consumer health data, we will request consent before engaging in that activity.
• You may revoke consent by contacting privacy@interneuronlabs.com or using available product controls for connected services.
• Revoking consent will not affect processing that occurred before revocation, and some records may be retained where required for legal, security, or compliance purposes.

8. Retention and Security

• We retain consumer health data only as long as reasonably necessary for the purposes described in this policy, our Privacy Policy, legal obligations, security, and dispute handling.
• Retention periods vary depending on the data type, account status, feature context, user settings, legal requirements, and operational needs.
• We use administrative, technical, and organizational safeguards designed to protect sensitive data from unauthorized access, use, disclosure, alteration, or destruction.
• When consumer health data is no longer needed, we delete, anonymize, or de-identify it in accordance with applicable law and technical feasibility.

9. Changes and Contact Information

• We may update this policy periodically and will update the effective date when changes are made.
• For questions or requests related to this policy, contact privacy@interneuronlabs.com.
• General support contact: hello@interneuronlabs.com.