Privacy Policy

Effective Date: January 1, 2025

LAST UPDATED: February 2, 2026

Lotus Health AI, Inc., together with its subsidiaries and affiliates (collectively, “Lotus Health AI,” “Lotus Health,” “Lotus AI,” “Lotus,” “Company,” “us,” “we,” or “our”) is committed to protecting the privacy of Personal Data (i.e., information reasonably related to a specific individual).  This Privacy Notice describes how we process Personal Data collected through our websites, social media accounts, mobile applications, and other online interactions and communications such as email (collectively, our “Digital Properties”); in-person events and purchases; and other online and offline interactions.

This Privacy Notice applies to information we collect about individual consumers, such as general website visitors (“Individuals”) as well as information we collect about the personnel of our business partners, including vendors and business customers, in business-to-business interactions (“Business Contacts”).  However, this Privacy Notice does not apply to:

1. Information about our current/former employees, applicants, and other individuals who interact with us for employment-related purposes; or

2. Protected health information subject to the Health Insurance Portability and Accountability Act.  Please review our Notice of Privacy Practices for additional information on our processing of protected health information.

Whenever you interact with us on behalf of another individual or entity, such as if you refer a friend to us, you must obtain their consent (or have the legal authority without consent) to share their Personal Data with us.

Changes: We may update this Privacy Notice from time to time.  Any updated Privacy Notice will be effective when posted.  Please check this Privacy Notice periodically for updates.  If required by law, we will obtain your consent or contact you directly if there are material changes to this Privacy Notice. 

1. Sources of Personal Data

   We collect Personal Data about you from the following sources:

   1. Directly from you.  We may collect Personal Data you provide to us directly, such as when you contact us through our Digital Properties, interact with us in person, sign up for offers or newsletters, communicate with us, place or customize orders, or sign up for an account or other services.

   2. Data collected automatically and through Cookies.  We may automatically collect information or inferences about you, such as through cookies, pixels, tags, scripts, SDKs, and other technologies (collectively, “Cookies”), when you interact with our Digital Properties.  This may include information about how you use and interact with our Digital Properties, information about your device, and internet usage information.

   3. From third parties.  We may collect Personal Data from third parties, such as service and content providers, our affiliated companies and subsidiaries, business partners, data brokers, social media companies or other parties who interact with us.

   4. From publicly available sources.  We may collect Personal Data about you from publicly available sources, such as public profiles and websites.

      We may combine information that we receive from the various sources described in this Privacy Notice, including third party sources, and use or disclose the combined information for the purposes identified below.

   
   

2. Types of Personal Data We Collect

   We may collect the following types of Personal Data about you, such as when you interact with the Lotus Health mobile application.  Except as otherwise specified, we may collect this Personal Data from both Individuals and Business Contacts:

   1. Identifiers, such as your name, email address, physical address, telephone number, business contact information, and device identifiers (e.g., cookie IDs and IP address).

   2. Records about you, such as signatures; physical characteristics or a description of you; the content, timing and method of communications you have with us, such as online chats (including our AI-powered chat and clinical support team), calls, and emails; and information you share with or upload to our Digital Properties, such as reviews and comments.

   3. Demographic information, such as age (including birthdates) and gender.

   4. Commercial information, such as information related to your transactions; products or services purchased, obtained, or considered; subscription information; or other purchasing or consuming histories or tendencies.

   5. Biometric information, such as a fingerprint or face scan.

   6. Internet or other electronic network activity information, such as your browsing history, search history, preference information (including marketing and purchasing preferences), account settings (including any default preferences), and other information regarding your interactions with and use of the Digital Properties.  For more information about Cookies, please see Section 6.

   7. Non-precise geolocation data, such as your location as derived from your IP address.

   8. Audio, electronic, visual, or other sensory information, such as photographs and audio/video recordings.

   9. Professional or employment-related information (for Business Contacts), such as job title; organization; professional licenses, credentials, or affiliations; and other professional information.

   10. Education information (for Business Contacts).

   11. Inferences drawn from any of the information we collect about your preferences or behavior, including to assess the level of interest in our products and services based on frequency of visits and contact, and to determine your preferred frequency for receiving offers.

   12. Sensitive Personal Data, including the following:

       1. Social Security number, driver’s license number, or passport number.

       2. Account log-in information.

       3. Precise geolocation, such as location based on device GPS.

       4. Racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership.

       5. Genetic data.

       6. Biometric data processed for the purpose of uniquely identifying you.

       7. Information about your health, including health records retrieved from healthcare providers via FHIR APIs and health information exchanges, with your authorization; health and fitness data from Apple HealthKit and/or fitness trackers and wearables, if you choose to connect them.

       8. Information concerning your sex life or sexual orientation. 

       
       

3. How We Use Personal Data

   We may use Personal Data for the following purposes:

   1. To provide you or your company products and services, such as making our Digital Properties and other products and services available to you; registering, verifying, and maintaining your account with us; providing and delivering you the goods and services you request, providing customer service; processing or fulfilling orders and transactions (including processing payments); developing and improving algorithms, artificial intelligence or machine learning tools and models (see Section 5); verifying customer information and eligibility for certain programs or benefits; communicating with you (including soliciting feedback or responding to requests, complaints, and inquiries); hosting informational webinars; and providing similar services or otherwise facilitating your relationship with us.

   2. For our internal business purposes, such as day-to-day operation of our business; maintaining internal business records, such as accounting, document management and similar activities; enforcing our policies and rules; management reporting; auditing; developing and improving algorithms, artificial intelligence or machine learning tools and models (see Section 5); and IT security and administration.

   3. For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products or services; designing new products and services; developing and improving algorithms, artificial intelligence or machine learning tools and models (see Section 5); evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.

   4. For legal, safety or security reasons, such as complying with legal, reporting, and similar requirements; investigating and responding to claims against us, our personnel, and our customers; for the establishment, exercise or defense of legal claims; protecting our, your, our customers’, and other third parties’ safety, property, or rights; detecting, preventing, and responding to security incidents and health and safety issues (including managing spread of communicable diseases); and protecting against malicious, deceptive, fraudulent, or illegal activity.

   5. In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.

   6. For marketing and targeted advertising, such as marketing our products or services or those of our affiliates, business partners, or other third parties.  For example, we may use Personal Data we collect to personalize advertising to you (including by developing product, brand, or services audiences and identifying you across devices/sites); to analyze interactions with us or our Digital Properties; to develop and improve algorithms, artificial intelligence or machine learning tools and models (see Section 5); or to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars.  You can unsubscribe from our email marketing via the link in the email, by responding “STOP” to the text message, or by contacting us using the information in Section 9 (Contact Information) below.

   We may use anonymized, de-identified, or aggregated information for any purpose permitted by law.

   
   

4. How We Disclose Personal Data

   We may disclose Personal Data to third parties, including the categories of recipients described below:

   1. Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.

   2. Service providers that work on our behalf to provide the products and services you request or support our relationship with you, such as IT providers, internet service providers, data and web hosting providers, software service providers, email marketing providers, data analytics providers, AI model providers (see Section 5), and companies that provide business support services, financial administration, or event organization.

   3. Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.

   4. Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.

   5. Law enforcement, government agencies, and other recipients for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements, to enforce or apply our Terms of Service and other agreements or policies, and to protect our, our customers’, or third parties’ safety, property, or rights.

   6. Other entities in connection with a corporate transaction, such as if we acquire assets of another entity, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.

   7. Business partners that may use Personal Data for their own purposes, such as:

      1. Advertisers, ad platforms and networks, and social media platforms;

      2. Third parties whose Cookies we use as described in Section 6 below.

      3. Commercial data partners to whom we make information available for their own marketing purposes; and

      4. Partners who work with us on promotional opportunities, including co-branded products and services.

         Where recipients use your Personal Data for their own purposes independently from us, we are not responsible for their privacy practices or personal data processing policies.  You should consult the privacy notices of those third-party services for details on their practices.

   8. The public, such as when you have an opportunity to make comments regarding us or our products that we may share with the public, including comments on our blog posts and reviews on our product pages.  Any Personal Data in comments, reviews, or other content that you share in public areas of our Digital Properties may be read, collected, or used by other users or the public.

   9. Entities to which you have consented to the disclosure.

      
      

5. Artificial Intelligence Data Uses and Disclosures

   In addition to the descriptions of how data is collected, used, and disclosed above, we may also collect, use, and disclose data for purposes involving our use of artificial intelligence (“Al”), such as:

   1. Types of Personal Data AI May Process.  In addition to the data types listed in Section 2 and depending on how you use our Digital Properties and the features you enable, we may also process the following Personal Data related to AI products and services:

      1. Messages and other inputs you submit, and files or images you upload;

      2. Audio you choose to submit (for example, voice notes) and transcripts, where available;

      3. Health records, medical documents, and other health information you choose to upload, input, or connect; and

      4. Health and fitness information from third-party sources you choose to connect (for example, Apple HealthKit or other integrations), subject to your settings and permissions.

   2. How We Use Personal Data Related to AI Services.  In addition the uses described in Section 3, we may also use your Personal Data to develop, train, or provide AI models, products, or services.  Lotus Health personnel, including clinicians and support staff, may access or review Personal Data to provide the services, respond to requests, ensure safety, comply with law, and improve service quality.

   3. How We Disclose Personal Data Related to AI Services.  In addition to the disclosures described in Section 4, we may also disclose your Personal Data to the following parties in relation to AI products and services:

      1. Service Providers, such as those that help us provide AI functionality and related services (e.g., cloud hosting, AI model providers, and safety, security, and monitoring tools).

      2. Third-party AI providers, such as those that provide an AI-assisted feature.  Where required by law, we obtain your explicit permission before sharing Personal Data with third parties, including third-party AI providers.

   4. Your choices and controls.  You may choose what Personal Data to submit through our Digital Properties and which integrations to connect.  You may revoke permissions or disable certain features through your device settings or within our Digital Properties, as applicable.  If an AI-assisted feature requires consent, you may decline consent.

   
   

6. Cookies

   Our Digital Properties and authorized third parties use Cookies to collect information about you, your device, and how you interact with our Digital Properties.  This section contains additional information about:

   • The types of Cookies we use and the purposes for which we use them

   • The types of information we collect using these technologies

   • How we disclose or make information available to others

   • Choices you may have regarding these technologies

   1. Types of Cookies

      We and the third parties that we authorize may use:

      1. Cookies, which are a type of technology that install a small amount of information on a user’s computer or other device when they visit our Digital Properties.

      2. Pixels, web beacons, and tags, which are types of code or transparent graphics that contain a unique identifier.  In addition to the uses described below, these technologies provide information about interactions with our Digital Properties, (including communications such as email we may send to you) and help us customize our marketing activities.  In contrast to cookies, which are stored on a user's device hard drive, pixels, web beacons, and tags are embedded invisibly on our Digital Properties.

      3. Session replay tools, which record your interactions with our Digital Properties, such as how you move throughout our Digital Properties and engage with our webforms.  In addition to the uses described below, this information helps us improve our Digital Properties and identify and fix technical issues visitors may be having with our Digital Properties.

      4. Embedded scripts and SDKs, which allow us to build and integrate custom experiences on our Digital Properties.  Embedded scripts are temporarily downloaded onto your device from our web server, or from a third party with which we work, and are active only while you are connected to our Digital Properties and are deleted or deactivated thereafter.

         We may use both first-party Cookies, which are set by us, and third-party Cookies, which are set by other parties.  Some of the Cookies we use may last solely for your browsing session and are deleted when you close your browser, while others are persistent and stored after you close your browser.

         
         

   2. Purposes for using these technologies

      We and authorized third parties use these technologies for purposes including:

      1. Personalization, such as remembering language preferences and pages and products you have viewed in order to enhance and personalize your experience when you visit our Digital Properties;

      2. Improving performance, such as maintaining and improving the performance of our Digital Properties;

      3. Analytics, such as analyzing how our websites are used.

      4. Advertising, such as conducting advertising and content personalization on our Digital Properties and those of third parties; tracking activity over time and across properties to develop a profile of your interests and advertise to you based on those interests (“interest-based advertising”); providing you with offers and online content that may be of interest to you; and measuring the effectiveness of advertising campaigns and our communications with you, including identifying how and when you engage with one of our emails; and

      5. Security, such as preventing fraud and malicious behavior.

         
         

   3. Information collected

      These Cookies collect data about you and your device, such as your IP address, location (both approximate and precise) cookie ID, device ID, Ad ID, operating system, device type, device settings and other device information, browser used, browser history, search history, pages viewed, search queries, login information, shopping cart information, information entered into webforms, and information about how you interact with our Digital Properties (such as pages on our Digital Properties that you have viewed).

      
      

   4. Disclosures of your information

      We may disclose information to third parties or allow third parties to directly collect information using these Cookies on our Digital Properties, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our business and Digital Properties.

      
      

   5. Your choices

      You may be able to control how we use Cookies through the following mechanisms.  Please be aware that if you disable the use of Cookies, the functionality of our Digital Properties may be negatively impacted, and certain areas or features may not display or work correctly.  If you change computers, devices, or browsers; use multiple computers, devices, or browsers; or delete your Cookies, you may need to repeat this process for each computer, device, or browser.

      1. Interest-Based Advertising.  Some of the third parties we work with participate with the Digital Advertising Alliance (“DAA”).  The DAA provides a mechanism for you to opt out of interest-based advertising performed by participating members at https://youradchoices.com/.  Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives.  If you are using a mobile device, you can manage interest-based ads on your device by adjusting the settings provided by your device manufacturer or the operating system provider: Manage settings on iOS devices; and Manage settings on Android devices.

      2. Browser Settings.  You can also refuse or delete Cookies using your browser settings.  If you want to disable the use of certain specific Cookies or remove them from your device, you can disable or delete them using your browser settings.  Please be aware that not all Cookies can be deleted through browser settings.  Please refer to your browser’s Help instructions to learn more about how to manage Cookies, or use the following links for instructions for commonly used browsers: Apple Safari; Google Chrome; Microsoft Edge; and Mozilla Firefox. 

      3. Do Not Track.  Some web browsers may include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your preference to not have data about your online browsing activities monitored and collected over time and across websites.  At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized.  As a result, we do not currently respond to DNT browser signals or similar mechanisms.

         
         

7. Data Security and Data Retention

   Although we maintain reasonable security safeguards, no security measures or communications over the Internet can be 100% secure, and we cannot guarantee the security of your information.

   Your Personal Data will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law.  This includes retaining your Personal Data to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures.  Once you have terminated your relationship with us, we may retain your Personal Data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest.

   
   

8. Children’s Privacy

   Our Digital Properties are intended for individuals 18 years of age and older.  The Digital Properties are not directed at, marketed to, nor intended for, children under 18 years of age.  As a general rule, we do not knowingly collect any information, including Personal Data, from children under 18 years of age.  If you believe that we have inadvertently collected Personal Data from a child under the age of 18, please contact us at the address in Section 10 (Contact Information) below, and we will take prompt steps to delete the information.

   
   

9. External Links

   Our Digital Properties may contain links to external sites or other online services that we do not control, including those embedded in third party advertisements or sponsor information.  We are not responsible for the privacy practices or data collection policies of such third-party services.  You should consult the privacy notices of those third-party services for details on their practices.

   
   

10. Contact Information

    If you have questions regarding this Privacy Notice, please contact us at: support@lotus.ai.

    
    

11. Supplemental U.S. State Privacy Disclosures

    California Shine the Light: If you are a California resident, you may opt out of sharing your Personal Data subject to California Civil Code §1798.83 (the “Shine the Light law”) with third parties for those third parties’ direct marketing purposes by emailing us at support@lotus.ai.

    California Eraser Law: Any California residents under the age of eighteen (18) who have posted content or information on our Digital Properties can request removal by emailing us at support@lotus.ai, detailing where the content or information is posted, and attesting that you posted it. We will make reasonable, good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law.  This removal process cannot ensure complete or comprehensive removal.  For instance, third parties may have republished or archived content that we do not control.