Consumer Health Data Privacy Policy

Introduction

DuoSync LLC ("we," "our," "us") operates Re:Bond (the "App"). This Consumer Health Data Privacy Policy ("CHD Policy") supplements our Privacy Policy and describes how we collect, use, share, and protect data that may be classified as "consumer health data" under certain state laws (including Washington and Nevada).

This CHD Policy applies to:

• Residents of Washington and Nevada (and other jurisdictions with similar "consumer health data" rules), and
• Any user whose mood/emotional check-in data we treat as consumer health data for compliance purposes.

Consumer Health Data We Collect

We may collect the following categories of data that may qualify as consumer health data:

• Mood ratings: Numerical mood scores you provide during daily check-ins
• Emotional reflections: Written text describing feelings, thoughts, and experiences submitted through check-ins
• Derived insights and recommendations: Observations, patterns, themes, and micro-actions generated based on your check-ins

We do not collect biometric data, genetic data, reproductive health data, or data from health-related devices or sensors.

Purposes of Collection and Use

We collect and process consumer health data only to:

• Generate insights: Process check-ins to generate insights for you (and, where applicable, shared weekly insights for you and your partner)
• Provide personalized micro-actions: Suggest small actions tailored to your check-ins
• Improve our services: Use aggregated and/or de-identified information to improve quality, reliability, and user experience

We do not use your identifiable consumer health data to train third-party AI models.

We do not use consumer health data for advertising, cross-context behavioral tracking, or marketing to third parties.

Sources of Consumer Health Data

We collect consumer health data:

• Directly from you when you submit check-ins in the App; and
• Derived from your submissions (e.g., insights generated from check-ins)

We do not purchase consumer health data from data brokers.

How We Share Consumer Health Data

A) Sharing with your partner (at your direction)

If you pair your account with a partner, certain derived insights may be shared as part of the App's core functionality. We do not share your raw check-in entries unless a feature explicitly asks you to share them.

Important: Even when raw entries are not shared, insights may summarize themes and could allow your partner to infer aspects of your reflections.

B) Sharing with vendors (service providers)

We may share consumer health data with the following categories of service providers, only as needed to operate and secure the App:

AI service providers (insight generation)

We use AI providers to generate insights from check-ins under contractual restrictions that:

• Limit use to providing services to us,
• Prohibit use for the provider's own purposes (including training their models), and
• Prohibit attempts to identify you.

Pseudonymous routing (per-couple identifier): When sending check-in data for AI processing, we do not include direct identifiers such as name or email address. We use a pseudonymous internal couple identifier so results can be returned to the correct paired accounts. The mapping between that identifier and your account(s) is maintained by us.

Cloud infrastructure (hosting/storage/security)

We store and process data on cloud infrastructure (e.g., Microsoft Azure) in the United States.

We do not share consumer health data with advertising networks, data brokers, or third parties for marketing purposes.

C) Affiliates

We do not share consumer health data with affiliates.

D) No sale of consumer health data

We do not sell consumer health data.

Your Rights (Consumer Health Data)

Depending on your state of residence, you may have the right to:

• Access/confirm: Request confirmation of whether we collect/share your consumer health data and obtain access to it. Where required, this may include a list of third parties and affiliates with whom we shared consumer health data, and a contact mechanism for those third parties.
• Delete: Request deletion of your consumer health data
• Withdraw consent: Withdraw consent for future collection/sharing/processing (where processing is based on consent)
• Non-discrimination: Not receive discriminatory treatment for exercising rights

How to Exercise Your Rights

To submit a consumer health data request, you may:

• Email support@duosync.net with the subject line "Health Data Request", or
• Submit a request through our contact page.

We will verify your identity before processing your request. We aim to respond promptly and within timelines required by applicable law.

Appeals

If we deny your request, you may appeal by emailing support@duosync.net with the subject line "Health Data Appeal." We will respond within the timeframe required by applicable law. Where required, we will also provide information on how to contact the appropriate regulator.

Consent and Withdrawal

How we obtain consent: Where required by applicable law, we obtain affirmative, express consent before collecting and/or sharing consumer health data. This may be presented through in-app notices and controls before your first check-in and when practices materially change. The consent notice describes:

• Categories of consumer health data collected and/or shared,
• Purposes and specific uses,
• Categories of entities we share with, and
• How to withdraw consent.

How to withdraw consent: You can withdraw consent by:

• Stopping submission of check-ins, and/or
• Deleting your account in settings, and/or
• Contacting us at support@duosync.net to request we stop future processing.

Withdrawing consent does not affect processing that occurred before withdrawal. If you withdraw consent, we will stop processing new consumer health data as required, but previously generated insights may remain unless you request deletion.

Data Retention (Consumer Health Data)

We retain consumer health data while your account is active.

Upon a verified deletion request, we delete consumer health data from our systems within the timeframe required by applicable law and consistent with our main Privacy Policy.

Backup copies are purged consistent with backup/restore cycles and legal requirements, and may be retained longer if required by law or for legal holds.

No Location Data / No Geofencing

We do not collect precise location data for the App and we do not use geofencing.

Changes to This Policy

If we materially change how we collect, use, or share consumer health data, we will update this CHD Policy and, where required, provide additional notice and obtain additional consent(s) before the changes apply.

Contact Us

If you have questions about this Consumer Health Data Privacy Policy or how we handle your health data, please contact us:

DuoSync LLC
support@duosync.net