A. Our Privacy Assurance: We take reasonable steps to collect only Personal Information necessary or relevant to our business. We make a reasonable effort to ensure that Personal Information we act upon is accurate, relevant, timely, and complete. We use only legitimate means to collect Personal Information. We make reasonable efforts to make Personal Information available externally only to respond to legitimate business needs, to regulatory or other government authorities, or as otherwise permitted by law. We take reasonable steps to limit employees' access to those who need to handle Personal Information and who are trained in the proper handling of such Personal Information. We take industry standard precautions and reasonable measures to protect your Personal Information. We do not knowingly sell Personal Information to any person or company.

B. Personal Information We Collect from You: We get most of our Personal Information directly from you through the Services, such as when you create an account with us. We also might obtain Personal Information about you from transactions with us, our affiliates, resellers, or other third parties. Some examples of the Personal Information we may collect from you, usually by you providing it directly to us, include your: First and last name, Company name (if applicable), Email, Phone number, Your credit card or other payment information (typically by our third-party payment providers), and any other Personal Information you may provide to us by any means, including by email, phone, or by entering it into the Services (where you enter Personal Information into artificial intelligence features of the Services, such entries shall be referred to herein as "Inputs").

You can choose not to provide certain Personal Information to us, or to exclude certain Personal Information from your Inputs, but it may delay, prevent, or diminish the quality of Services we provide to you. Nevertheless, if you have any concerns about providing certain Personal Information to us or including it in Inputs, we encourage you to avoid doing so.

C. Personal Information from Internet Use: We may also automatically receive and store certain types of Personal Information whenever you visit the Services, such as the name of the domain and host from which you access the Internet and the IP address of the computer you are using. We may log and use your IP address to administer the Services, to help diagnose problems with our server, to analyze trends, to track users' webpage movements, to help identify you, and to gather broad demographic information for aggregate use.

We may use standard tools, such as "cookies" (which may be html files, flash files, or other technology), web beacons, or similar technologies (collectively, "Tracking Tools"). Cookies are small text files stored locally on your computer that help store user preferences. "Web beacons" or "clear gifs" are small pieces of code placed on websites used to collect advertising metrics, such as counting page views, promotion views, or advertising responses. We may use Tracking Tools to monitor the Services and Internet usage and to improve or customize the content on the Services.

In addition, on occasion we may also set a "session cookie" on the Services to help us administer the Services. The session cookie expires when you close your web browser and does not retain any Personal Information about you after it expires. If you do not want the benefits of these cookies, you may opt-out by visiting optout.networkadvertising.org. However, if you do so, you may not receive the full benefit from the use of the Services.

We may use Tracking Tools only to gather information as indicated in this Privacy Policy. In many web browsers, you can choose to delete, disable, turn off, or reject most Tracking Tools through the "Internet Options" sub-option of the "Tools" menu of your web browser or otherwise as directed by your web browser's support feature. Please consult the "Help" section of your web browser for more information. By agreeing to this Privacy Policy, you are consenting to the use of Tracking Tools as set forth in this Privacy Policy.

Finally, our web servers may collect "log data." Log data provides aggregate information about the number of visits to different pages on the Services. This Privacy Policy does not apply to other types of information you may disclose or that we may collect, including aggregate user statistics, demographic information, and other data that does not include Personal Information or from which you cannot be identified. We may use such aggregate log data to improve access to the Services based on visitors' web browsers and operating system types to make the Services available to as many relevant users as possible. We do not link the "log data" collected to Personal Information. Third party providers may also collect aggregate log data independently from us.

D. How We Use Your Personal Information: We only use your Personal Information if we have a proper reason for doing so, e.g.: For the performance of Services or to take steps at your request before engaging in Services with you; For our legitimate interests or those of a third party; Where you have given consent; or To comply with our legal and regulatory obligations. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

We use your Personal Information for the following purposes and reasons: To provide products and/or Services to you (for the performance of our contract with you); To make decisions about the types of products and prices we can offer to you (for our legitimate interests); To assess your eligibility for payment plans and to process your payments; To communicate with you and others as part of our business and to respond to your requests; To prevent and detect fraud or abuse; Conducting checks to identify our customers and verify their identity; Gathering and providing information required by or relating to audits, enquiries, or investigations by regulatory bodies; Ensuring business policies are adhered to; Operational reasons, such as improving efficiency, training, and quality control; Ensuring the confidentiality of commercially sensitive information; Statistical analysis to help us manage our business; Preventing unauthorized access and modifications to systems; Generally establish and defend legal rights and protect our operations; Updating and enhancing customer records; Statutory returns or responses; Ensuring safe working practices, staff administration, and assessments; Marketing our Services and those of selected third parties; External audits and quality checks; Facilitate social sharing functionality; Send you important information regarding changes to our policies; Compiling aggregated and anonymized data based on the Personal Information for use by us and third parties.

HIPAA Status: Aunti is not a HIPAA covered entity or business associate. We do not provide healthcare services, health plans, or healthcare clearinghouse services. While our Services facilitate connections with doulas and other providers who may be HIPAA-regulated, and while our Platform may enable communication that includes health-related information, Aunti is not subject to HIPAA.

Limitation on Health Data Collection: We strongly discourage you from sharing sensitive health information through the Services. Our Platform is designed to facilitate administrative coordination and general communication, not to store or process detailed medical records or protected health information. You should: Avoid including diagnostic information, treatment details, or other clinical health data in your Inputs or communications; Not upload medical records, test results, clinical photographs, or similar health documentation to the Platform; Use secure, HIPAA-compliant channels provided directly by your healthcare providers for any protected health information.

Treatment of Health Information: If you choose to share health information despite our recommendations, such information will be treated as Personal Information under this Privacy Policy and subject to the protections described herein, but will not receive HIPAA-level protections.

Data Minimization: We will take reasonable steps to minimize health information retained in our systems, including periodic reviews to identify and remove detailed health data that is not essential to providing the Services.

Provider Responsibilities: Any doulas, healthcare providers, or professionals using our Services remain solely responsible for their own HIPAA compliance obligations. These providers must: Maintain their own HIPAA-compliant systems for protected health information; Not use our Platform as a primary system of record for protected health information; Comply with all applicable privacy laws regardless of our Platform's capabilities. Users should consult directly with their providers about their privacy practices and HIPAA compliance.

In order to conduct our business and to better serve you, we may disclose all of the Personal Information we collect, as described above, to our affiliates, contractors, and agents. We may also disclose all the Personal Information we collect to companies or individuals that perform services on our behalf or with whom we have joint marketing agreements, such as third-party retailers and advertisers for providing products and services to you of relevance to our Services.

We may disclose all of the Personal Information we collect to: Our affiliated companies (other companies associated with Aunti may have access to and use of Personal Information in connection with the conduct of our business where appropriate); Other distribution parties (in the course of marketing and providing services, we may make Personal Information available to third parties such as intermediaries and agents, appointed representatives, marketing partners, and other business partners); Our artificial intelligence service providers (in order to enable our provision of the Services, we may share your Personal Information provided by you within your Inputs to third-party artificial intelligence service providers); Our service providers (we may also share your Personal Information with external third-party service providers, such as IT systems, support and hosting service providers, cloud services, content delivery services, support and safety monitoring services, printing, advertising, marketing and market research and analysis service providers, banks and financial institutions that service our accounts, document and records management providers, translators, and similar third-party vendors and outsourced service providers that assist us in carrying out business activities, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors, call center service providers - pursuant to our instructions, these third-parties will access, process, or store Personal Information only in the course of performing their duties to us).

Recipients of your social sharing activity (your friends associated with your social media account(s), other website users and your social media account provider(s), in connection with your social sharing activity); Governmental authorities and third parties involved in court action (Aunti may also share Personal Information with governmental or other public authorities including, but not limited to, workers' compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies, and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate to comply with applicable law, to comply with legal process, to respond to requests from public and government authorities, to enforce our terms and conditions, to protect our operations, to protect our rights, privacy, safety or property, and to allow us to pursue available remedies or limit our damages).

Other Users and Third Parties You Interact or Share Information With: Certain features of our Services may allow you to interact or share information, including Personal Information, with other users or third parties. Information you share with third parties is governed by their own terms and privacy policies, and you should make sure you understand those terms and policies before sharing information with them.

Other Third Parties: We may share Personal Information with purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, assets or stock.

Other Customers in Aggregated and Anonymized Form: We may share aggregated and anonymized data based on the Personal Information with other customers as part of the Services for use for any commercial purpose, provided that no Personal Information is shared with such customers and such data is shared solely in an aggregated and anonymized form.

We may disclose your Personal Information to third parties for the following reasons: Providing you the Services, Payment processing, Tracking how visitors use the Services, Fulfilling a transaction you requested, Preventing fraud, Marketing our products, Complying with requests from law enforcement, With your consent (e.g., if you authorize us to share your Personal Information), Protecting our rights, property, or safety, or that of users of Aunti or the general public.

In the event of a bankruptcy or a sale, merger, or acquisition, we may also transfer your Personal Information to a separate entity. That entity will be responsible for ensuring that your Personal Information is used only for authorized purposes and persons in a manner consistent with this Privacy Policy and applicable law.

Additionally, we may share Personal Information when it is required by a court or government agency or to respond to a Claim by you or a third party. In doing so, we may respond to any subpoena received from a court or government agency without prior notice to you. Unless prohibited by law or by a court order, we will use reasonable efforts to notify you of any subpoena received from any other party that requires us to disclose your identity and will wait ten (10) days thereafter, or a lesser amount of time as required by the deadline in the subpoena, before providing the requested Personal Information.

Personal Information may also be shared by you, on message boards, chat, profile pages and blogs, and other services to which you are able to post information and materials (including, without limitation, our social media pages and apps). Please note that any information you post or disclose through these services will become public information, and may be available to third parties who access Services and to the general public. We urge you to be very careful when deciding to disclose your Personal Information, or any other information, on the Services and our social media pages.

We do not knowingly sell any of your Personal Information to any third parties. We take commercially reasonable measures to anonymize aggregated Personal Information of yours that we use to improve our Services. We may send you marketing communications based on our legitimate interests; provided, however, that we will always attempt to provide a clear mechanism for you to opt-out of any such marketing communications. If you consent to participate in one of our surveys or provide publicly available comments, photos, or content, we may use those materials and any of your Personal Information contained therein for promotion or information purposes.

We store Personal Information for as long as reasonably necessary to fulfill the purposes described above, as we determine is necessary for business records, and as required under applicable law. In some cases, the length of time we retain Personal Information depends on your settings or the policies of third-party service providers we use.

We restrict access to Personal Information about you to those who need to know in order to provide products or Services to you and to conduct our internal operations. We make reasonable efforts to maintain, or take reasonable steps to ensure that our third-party service providers maintain on our behalf, physical, electronic, and procedural safeguards that comply with federal regulations to guard your Personal Information. However, please be aware that, despite our measures, no data security measures or method of transmission over the Internet or means of electronic or physical storage, is guaranteed to be absolutely secure.

Additionally, the Services are provided through a certificate trusted website and use commercially reasonable security measures to protect information before and during transmission to the internet. If we become aware of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Services if a security breach occurs. We may also send an email to you at the email address you have provided to use in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

Some of our security measures depend on the compatibility of your web browser. While we strive to protect your Information, the internet is not absolutely secure and, thus, we cannot promise guaranteed security. In the unlikely event that we believe that the security of your Information in our possession or control may have been compromised, we may seek to notify you of that development. If a notification is appropriate and to the extent we have your email address, we may notify you by email.

You should also take steps on your own to protect your Personal Information, such as: Using the latest version of your web browser; Keeping your username and password confidential; Accessing the Services only on personal or trusted computers or phones.

Please refer to the Federal Trade Commission's website at business.ftc.gov for information about how to protect yourself against identity theft.

If you delete your account with us, we use commercially reasonable efforts to delete all of your Personal Information from our Services.

A. Links and Features: The Services may include links to other websites or utilize features from other companies that operate independently from Aunti, such as the artificial intelligence services and payment processing services. This Privacy Policy does not apply to such companies and only applies to our Services. We do not make any representations about any websites and features other than our own. Any Personal Information you provide to any linked websites will be subject to the privacy policies of that website. If provided, you should review the privacy policies of any linked websites carefully. Please note that Personal Information collected by third parties may not have the same security protections as Personal Information you submit to us, and we are not responsible for protecting the security of such Personal Information.

B. Social Media: The Services may include social media features. These features may collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Services. Your interactions with these features are governed by the privacy policy of the company providing them.

C. Commercial Electronic Messages: If you provide your email address to us, you affirmatively and expressly consent to receiving commercial emails from us and from our third party providers, affiliates, and resellers. These parties may send you commercial emails in order to deliver information about the Services, information about developments relating to our products and Services, special offers, and other information, including but not limited to updates to the Services.

D. Children: The Services is intended to be used in connection with our Services and is not intended for minors as defined by local jurisdictions. Consistent with the United States Federal Children's Online Privacy Protection Act of 1998 (COPPA), the Services is not directed at children and we do not knowingly collect Personal Information from anyone under the age of thirteen (13) years. If you are a parent or guardian and believe that your child has provided Personal Information to the Services without your consent, for example by misrepresenting their age, please notify us. If we become aware that information is or has been submitted by or collected from a minor under the age of 13, we will delete this information unless it was provided by a parent or guardian.

We make reasonable efforts to comply with the privacy laws of the U.S. and make no representation that this Privacy Policy or the Terms of Service comply with the laws of any other jurisdiction. If you choose to visit the Services, you do so at your own initiative and at your own risk and you are responsible for complying with all applicable local laws and you waive any causes of action, suits, penalties, fines, losses, damages, costs, or expenses, including attorneys' fees ("Claims") that may arise under such local laws.

International Visitors: We are based in the United States and the Services we own or operate is located and hosted in the United States. In most cases, the Personal Information we collect is stored and used in the United States. While we do not generally direct our Services to residents of the European Union (EU), it is possible that EU residents may access and use the Services. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing.

We may also transfer your data, including Personal Information, from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. By providing any information, including Personal Information, to us, you consent to such transfer, storage, and processing.

If you are a resident of the EU and if GDPR applies to our Services, you may have certain additional rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR") with respect to any of your Personal Information that we may collect, including the following: the right of access to your Personal Information; the right to rectify your Personal Information if it is incorrect or incomplete; the right to have your Personal Information erased ("right to be forgotten") if certain grounds are met; the right to withdraw your consent to our processing of your Personal Information at any time (if our processing is based on consent); the right to object to our processing of your Personal Information (if processing is based on our legitimate interests) provided that we may retain your Personal Information for certain compelling purposes such as legal, auditing, accounting, and billing purposes; the right to object at any time to our processing of your Personal Information for direct marketing purposes, including, without limitation, for profiling purposes to the extent that it is related to direct marketing (if you object to processing for direct marketing purposes, we will no longer process your Personal Information for such purposes); the right to receive your Personal Information from us in a structured, commonly used and machine-readable format, and the right to transmit your Personal Information to another controller without hindrance from us (data portability).

The following terms shall also apply to our collection, use, and retention of the Personal Information of applicable EU residents and in the event GDPR applies to our Services: Basis for collection - We collect and process Personal Information for which you have given your express consent at the time of collection or where we have another legitimate legal basis for such collection, such as a legitimate business interest in improving our Services, to deliver Services and perform obligations under contracts we have with you, and to comply with legal obligations. Sensitive data - We do not intentionally collect sensitive data, for example, biometric data, health data, or data revealing racial or ethnic origin, from visitors to our Services.

Onward transfer - Except as otherwise provided in this Privacy Policy, we only disclose Personal Information to third parties who reasonably need to have access to it for the purpose of the transaction or activity for which it was originally collected or to provide services to or perform tasks on our behalf or under our instruction. All such third parties must agree to use the Personal Information we provide to them only the purposes for which we have engaged them and they must either: (a) comply with a mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Information; and (b) agree to provide adequate protections for the Personal Information that are no less protective than those set out in this Privacy Policy. Where we have knowledge that an entity to whom we have provided Personal Information is using or disclosing Personal Information in a manner contrary to this Privacy Policy, we will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure.

Authorized transfer - We also may disclose Personal Information for other purposes or to other third parties when you have consented to or requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We are not liable for appropriate onward transfers of Personal Information to third parties.

Data processors - We may retain third parties to process or analyze Personal Information we collect through our Services. For example, a site may be maintained or hosted by a third-party service provider or a promotion may be administered by a sales promotion agency. We take reasonable steps to ensure that these suppliers and other third parties who provide services for us are contractually obligated not to use Personal Information about you except as we authorize.

Profiling - We may analyze Personal Information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use Personal Information about you to detect and reduce fraud and credit risk.

If you are located in the EU, and you are or have been our customer, we may send you marketing communications based on our legitimate interests, subject always to your right to opt out of such communications. Further, if you are located in the EU and the GDPR applies to us, we will not knowingly share your Personal Information with a third party for such third party's marketing purposes, unless you have specifically consented to us doing so.

You may contact us as indicated below to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances we may charge a reasonable fee for access to your Personal Information. We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected Personal Information, or is someone authorized to act on such person's behalf. Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

If you believe that our processing of your Personal Information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you may have the right to lodge a complaint with the Data Protection Supervisory Authority of your country. For purposes of the GDPR, we are a "controller" and you are a "data subject."

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other U.S. states with comprehensive privacy legislation, you may have additional rights regarding your Personal Information under applicable state privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Your State Privacy Rights. Subject to certain limitations and exceptions, you may have the following rights: Right to Know - You may request that we disclose to you the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which such information was collected, the business or commercial purpose for collecting such information, and the categories of third parties with whom we share such information. Right to Delete - You may request that we delete Personal Information we have collected from you, subject to certain exceptions. Right to Correct - You may request that we correct inaccurate Personal Information we maintain about you. Right to Opt-Out - You have the right to opt out of the "sale" or "sharing" of your Personal Information. As stated in this Privacy Policy, we do not knowingly sell your Personal Information to third parties. To the extent we share Personal Information for purposes that could be considered a "sale" or "sharing" under applicable law, you may opt out by contacting us as provided below. Right to Limit Use of Sensitive Personal Information - If we use or disclose sensitive Personal Information for purposes beyond those permitted under applicable law, you may have the right to limit such use or disclosure. Right to Non-Discrimination - You have the right not to receive discriminatory treatment for exercising any of your privacy rights.

Exercising Your Rights: To exercise any of these rights, please contact us at contact@aunti.com. We will verify your identity before processing your request and will respond within the timeframes required by applicable law. You may designate an authorized agent to make requests on your behalf, subject to verification requirements.

California "Shine the Light" Law: California residents may also request information about our disclosure of Personal Information to third parties for their direct marketing purposes. As noted in this Privacy Policy, we do not share Personal Information with third parties for their direct marketing purposes without your consent.

We may, from time to time, unilaterally modify the Privacy Policy without notice to you, so it is important that you review this Privacy Policy every time you use or access the Services. Such modifications by us are effective upon posting to the Services and your access to or use of the Services at any time constitutes acceptance of the Privacy Policy in effect at that time. Our use of Personal Information collected or obtained at any time is subject to the Privacy Policy in effect at the time of such use.

This Privacy Policy supplements, but does not replace other applicable policies, practices, and privacy notices that may relate to specific business relationships you have with us or to certain products or Services, as described in the applicable privacy notice. At the start of our business relationship with you as a client, we will give you a copy of our privacy notice that applies to that relationship, if applicable. In the event of a conflict between this Privacy Policy and a privacy notice for a specific product or service, the specific product or service privacy notice shall govern.

Contacting Aunti: For clarification or if you have any concerns about the Privacy Policy or requests related to any Personal Information that we collect, use, or share about you, please write to us at hello@aunti.com, and we will promptly respond. We will promptly investigate and attempt to respond in a manner that complies with the principles described in this Privacy Policy.