SYNC.MD PRIVACY POLICY

Sync.MD is a company with a technological platform that helps facilitate the exchange of information between individuals and organizations in a more secure, efficient, and electronic manner. Sync.MD’s software, mobile applications, website, and our associated services (collectively the “Services”) can be used to collect, verify, and exchange your personal information and any necessary financial, legal, and/or contractual documentation or agreements that may be required.

The team at Sync.MD takes the privacy and protection of your personally identifiable information (or “PII”) as our top priority. Your PII will never be sold or rented to third parties for profit, and we take strong security measures and precautions to prevent any unauthorized attempts to access your PII. However, in order to provide you with our Services, Sync.MD must collect and use some of your PII. This Privacy Policy describes the ways in which Sync.MD can collect, store, process, use, share, and destroy your PII.

If you do not want your PII to be collected and used by Sync.MD, do not agree to this Privacy Policy and stop using our Services. By continuing to use our Services, you are agreeing to the terms of this Privacy Policy and Sync.MD’s continued collection and use of your PII as described below.

Section 1. Collection of Information

Information Provided to Sync.MD When you use Sync.MD, you may submit or Sync.MD may collect a variety of PII in order to provide you with access to our Services. Depending on the type of product or service that you are using, this PII may include the following categories and types of information:

Contact Information (name, email, address, telephone number)
Demographic Information (birthdate, age, gender, marital status)
Financial Information (employment status, employer, salary)
Government-Issued Driver’s License Information (driver’s license number, barcode, copy or image of license)
Automotive Insurance Information (insuring organization, insurance status, account number, copy or image of insurance card)
Payment information (billing address and credit card details, including card number, expiration date, and security code)
Biometric Information (temporary processing of face, facial, eye, iris, retina, and other ‘Selfie’ related image data, scans, or identifiers for identity verification services)
Personal Health Information (information and data related to the provision of health care to you such as your health status, medical records and related information or documents, consent to treatment forms, authorization to disclose medical information forms, Medicare forms, Medicaid forms, living wills, Directives to Physicians and Family or Surrogates, Medical Powers of Attorney, Out of Hospital Do Not Resuscitate Orders, Declarations of Mental Health Treatment, images, reports, labs and test results, medical treatments performed on you, and any other “protected health information” that may otherwise be defined under HIPAA and similar terms as defined by state, national, or international law)
Self-Reported Health Information (information that you voluntarily enter or provide during the course of using our Services, such as information regarding your health and/or medical condition and related behaviors such as medications, exercise, or other activities)
Legal Forms, Contracts, and Agreements (forms, contracts, agreements, authorizations, and other types of legally binding documents that may be provided through our services for your storage, transfer, review, consent, execution, or electronic signature including originals and/or copies)
Electronic Signatures (record and/or image of your electronic signature including name, date, and time that the signature was made)
Business Contact Information (name of organization, business email, business address, business telephone number)
Other information that you provide directly to us or authorize to be provided to us

Automatically Collected Information while using our Services In addition to the specific forms of PII listed above, Sync.MD may automatically collect, store, and analyze data from your computer, mobile device, or smartphone. Sync.MD automatically collects IP addresses and web site usage information when you access our Services including information such as:

The type of web browser being used
Access times
Webpages viewed
Location
The Webpage viewed before navigating to our Services
Information about the computer, mobile device, or phone being used to access our Services, including hardware model, operating system and version, unique device identifiers, and mobile network information.

This information helps Sync.MD evaluate how our users, visitors, and customers navigate our platform on an aggregated basis, including but not limited to the number and frequency of individuals accessing each web page and the length of their visits.

Use of Cookies Sync.MD may use cookies to collect and store information about your usage of Sync.MD. Cookies are data files stored on your computer’s hard drive or in the device memory of your phone or mobile device that help Sync.MD to improve how deliver Services to you. By measuring our online features and user experiences with them, we can determine areas and features of our online Services that are most popular or in need of improvement.

Web browsers are often set to accept cookies by default. If you prefer not to share cookies with Sync.MD, you may be able to set your browser to delete or reject all cookies or specific browser cookies. Please note that if you choose to delete or reject cookies from Sync.MD, this could impact the functionality of the services provided through Sync.MD.

Information Collected from Third-Party Sources Sync.MD may collect information about you from additional online or offline sources including commercially available third-party sources for the purposes of verifying eligibility and securely offering our services to you. We may combine this information with the PII we have collected about you under this Privacy Policy.

Section 2. Usage of Personal Information**

Sync.MD does not sell, rent, or otherwise share your PII with any third parties other than as provided in this Privacy Policy or with your consent.

Sync.MD may use the PII collected about you only for the following purposes:

For the purposes to which you specifically provided the information
To register you as a customer or potential customer with organizations or individuals that you select
To provide you with the Services or access to the Services
To provide Services to the organizations or individuals you select, work with, or consent to sharing and exchanging information with through Sync.MD
To send you electronic notices or otherwise communicate with you via email in order to provide informational and operational support such as user management, customer service, system maintenance, or legal notifications
To verify your identity and the legitimacy of your submitted PII
To evaluate, enhance, and develop features, products, and services
To provide advertisers or other third parties with aggregated, de-identified information about our user base and usage patterns
To detect and prevent fraudulent or illegal usage of our services
To ensure internal quality control
To perform accounting, auditing, and other internal functions
To carry out any other purpose for which the information was collected

We may also use the information in other ways with your express consent, such as when you choose to use a service or product that we may offer jointly or through another entity. We may also use the information we collect about you in other ways if we provide specific notice at the time of its collection.

Retention of PII Sync.MD may retain the PII we obtain for as long as you continue to use or maintain our services, as necessary to fulfill the specific purpose(s) for which it was collected, and/or to provide ongoing services to the organizations or individuals with whom you are or have shared or exchanged your PII. We may also be required to retain your PII in order to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws and regulations.

Certain types of PII, financial documents, and legal contracts that are used or collected as part of specific types of our Services (such as Sync.Auto) are subject to more stringent or specific regulations regarding retention periods. Sync.MD will retain any and all applicable PII in accordance with these regulations in order to facilitate the compliance of ourselves and the organizations, individuals, or entities to whom we provide services.

Legal Foundation for Handling Your PII Some jurisdictions require companies to inform you about the legal framework that gives them authority to use, disclose, or otherwise process your PII. To the extent that any of those laws apply, our legal foundation for handling your PII is as follows.

To uphold the contractual obligations we have made with you
- The majority of our processing of PII is done in order to provide you with continued access to and usage of our services for the exchange and sharing of your information with organizations, individuals, or entities that you choose.
Legitimate business interests
- Other processing of PII occurs on the basis that it furthers a legitimate or protected business interest in ways that not overridden by the interests or fundamental rights and freedoms of affected individuals. This includes activity such as:
  - Providing a safe and enjoyable user experience
  - Customer Service
  - Marketing Communications
  - Protecting our users, employees, property, or trade secrets
  - Analyzing and improving our business operations by collecting information about how you use our services in order to iterate on the design and placement of features
  - Managing legal, regulatory, or compliance-based issues
Legal Compliance
- We may need to use, disclose, and maintain PII in certain ways in order to comply with legal obligations or for certain activities or features offered within our services that require different standards.
Consent
- Where required by law, and in some other circumstances, we handle PII on the basis of your express or implied consent to use it.
To protect or safeguard vital interests of individuals or other people.

Sync.MD does not engage in the business of selling your PII for profit. The services we provide to you involve the sharing of sensitive information, and the trust you place in Sync.MD to handle that information on your behalf is why we consider the protection and safeguarding of your privacy our biggest priority. However, there are certain situations in which we may share your information with specific third parties based on the following.

Consent We may share information about you with your consent, at your direction, or based on your usage of Sync.MD which implicitly require such sharing. Your acceptance of this Privacy Policy and your continued usage of Sync.MD represents your explicit consent for us to share, exchange, and store your PII directly with the organizations and individuals that you select, work with, or otherwise consent to share information with.

Sync.MD Identity Verification Services As part of Sync.MD, we may provide or offer you the ability to engage with or consent to additional Identity Verification products or services based on PII that has been collected from you. By using our Services and sharing your PII with us, you acknowledge, agree, and consent for Sync.MD to collect, process, and disclose any portion of your PII that was submitted or collected for the purposes of Identity Verification to the organizations or individuals who have hired us to perform such services on their behalf, and/or to any third parties with whom we have sub-contracted to fulfill such Identity Verification Services (to the extent permitted by applicable laws and regulations).

Related Companies, Agents, Consultants, and Related Third Parties We may share information about you with Sync.MD related companies as part of the delivery of our services to you. We may share information about you with affiliates, consultants, and other service providers in order to enhance the services and features we can provide to you, or for legal and routine business purposes.

The types of service providers to whom we provide or process PII with include service providers for:

The provision of Information Technology (IT) and related services
The provision of Business Technology (BT) and related services
The provision of Information and Services which you have specifically requested
Payment Processing
Customer Service Activities
Fraud Prevention
In connection with the Provision of our Services

Legal Requirements

We may be allowed to disclose, or forced to disclose, information we obtain about you in specific legal situations.
Pursuant to legal requirements or legal process (such as a court order or subpoena)
In response to requests by government agencies such as law enforcement authorities
To establish, exercise, or defend the rights of Sync.MD
When disclosure is necessary or appropriate in order to prevent physical, financial, or other harm
In connection with an investigation of suspected or actual illegal activity or content
With your consent or at your discretion

Business Transfers If all or a part of Sync.MD is sold, merged, or otherwise transferred to another entity, the PII you have stored with us may be transferred as part of that transaction.

Aggregated De-Identified Information We may share aggregated de-identified and non-personal information about you with third parties as permitted or allowed by law. De-identified information means your PII has been altered so that any information, elements, and data points that could be used to reasonably identify you or could be reasonably used in combination with other information to specifically identity you, have been removed. Aggregation of de-identified information means that even after transforming your PII into non-personal information, it must be combined with the non-personal information of many other individuals before it can be shared with other third parties. We may or may not limit the third parties’ use of this aggregated de-identified information.

Sync.MD is specifically offered to help facilitate the electronic exchange of information between parties. By using Sync.MD and providing your PII, you are explicitly consenting for Sync.MD to share, transfer, and exchange your PII with the organizations and individuals that you select, work with, or otherwise consent to sharing information with. You are the only one with the authority to consent and provide your PII to Sync.MD for these purposes. Do not use Sync.MD or provide your PII if you do not wish for your PII to be used or shared in this manner.

Once you have used Sync.MD and provided your PII as part of our Services, Sync.MD may share, exchange, or otherwise provide access to your PII with the organizations or individuals that you select, work with, or otherwise consent to sharing information with. You acknowledge and agree that Sync.MD is not liable for any such PII that is sent to the requested organizations or individuals, including without limitation any liability for any action or decision such organization or individual may take with respect to your PII. We strongly suggest that you discuss any privacy and confidentiality issues you may have with the organization or individual that you want to share information with before you use Sync.MD or provide PII to Sync.MD.

Section 5. Geographic Processing of Information – Consent to Transfer, Process, and Use your PII in the US from other countries

Sync.MD is based in the United States and our Services are exclusively offered as part of operations within the United States. The laws of the United States which govern the collection and use of personal data may not be as comprehensive or protective as the laws of many other countries. If you are a member of a country or region whose laws governing data collection and use may conflict with the laws of the United States, you consent to the processing and transferring of your information, including your PII, into the United States. By accessing and using our Services, you consent that Sync.MD may collect, store, process, use, disclose, and transfer your data and PII as described in this Privacy Policy.

By using our Services or providing your PII to Sync.MD, you agree that Sync.MD may need to communicate with you electronically regarding important security, privacy, and/or administrative matters relating to your use of the services. If we learn of a security or data breach, we may attempt to notify you electronically by posting a notice on syncmd.com or sending an email to you. You may also have a legal right to receive such notice in writing.

Section 7. Unsolicited Information

You may provide us with ideas for new products, modifications to existing products, or other unsolicited submissions, feedback, or contributions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and Sync.MD is free to reproduce, use, disclose and distribute such Unsolicited Information to others without limitation or attribution.

Section 8. Your Choices

We will provide reasonable opportunity for individuals to access, update, or delete PII about them that we have in our possession. We will not use PII provided to us for purposes incompatible with the purpose for which it was provided or collected without first obtaining authorization from the subject of the information. If you wish to request access or deletion of your personal information, please contact us at help@syncmd.com. Note that we may still be required to retain certain information as required by law, to provide ongoing services for the organizations, individuals, or entities with whom your PII has already been shared, or for legitimate business purposes. We will respond to your request within a reasonable period of time, usually within thirty business days.

Although Sync.MD makes good faith efforts to provide individuals with access to their PII when requested, there may be circumstances in which Sync.MD is unable to provide access, including but not limited to situations where:

The information contains legal privilege
The information would compromise the privacy or rights of other individuals
The burden or expense of providing access would be disproportionate to the risks to the individual’s privacy
Where it is commercially proprietary

If Sync.MD determines that your requested access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for further inquiries or disputes.

The rights and options as described above are subject to the inherent limitations and exceptions under all applicable law. In addition to those rights, you have the right to lodge complaints with relevant supervisory authorities. We strongly encourage that you first contact Sync.MD so that we may work directly with you to best resolve your concerns.

Section 9. Data Security

Sync.MD takes appropriate technical, security, and organizational measures to protect against unauthorized access, unlawful processing, accidental loss, destruction or damage to PII and other data. You acknowledge and agree however, that no security measures are perfect or impenetrable, and Sync.MD cannot guarantee that the information submitted to, maintained on, or transmitted from our systems will be completely secure. Sycn.MD is not responsible for the circumvention of any privacy settings or security measures contained on the Sync.MD platform or services by any users or third parties.

Section 10. Policy for Minor Users

The services made available on Sync.MD are not directed or made available to anyone under the age of thirteen (13) years old and we do not knowingly collect data from minors under the age of thirteen (13) years old. Minors between the ages of thirteen (13) and seventeen (17) may use our Services, but a parent, guardian, or personal representative must consent to this Privacy Policy and any other associated Agreements on their behalf.

Section 11. Changes to Policy

Sync.MD may change this Privacy Policy from time to time. If we do, we will let you know by appropriate means such as posting the revised policy on this page with a new “Last Updated” date. All changes become effective when posted unless indicated otherwise. If we make any material changes, we will also notify you by email (sent to the email address associated with your account) or by means of a notice on this website prior to the change becoming effective. If you object to any changes or proposed changes, you may request to have your PII deleted. Continuing to use the web portal and our services after we make, publish, or communicate a notice about changes to this Privacy Policy means that you are consenting to those changes.

Section 12. Governing Law

By choosing to visit or utilize Sync.MD or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the United States and the State of South Carolina.

Section 13. How to Contact Us

If you would like to submit a request, have a question about the policy, or otherwise are seeking privacy related information, please send us an email at help@syncmd.com.

Section 14. Notice to California Users

The information provided in this section applies only to California residents.

The California Consumer Privacy Act of 2018 (“CCPA”) requires us to provide an explanation of the rights and choices we offer to California residents regarding our handling of their personal information, along with information regarding the categories of personal information we collect, use, and share.

1. California Residents’ Privacy Rights

The CCPA grants California residents the following rights:

Information: You can request information about how we have collected, used, and shared your personal information during the past 12 months.
Access: You can request a copy of the personal information that we maintain about you.
Deletion: You can ask us to delete the personal information that we collected or maintain about you.

It should be noted that the CCPA places limits on these rights. We may be prohibited from providing certain sensitive information in response to an access request or we may be limited in the circumstances in which we must comply with a deletion request. If we do deny or limit your request, we will communicate our decision to you. You may exercise the rights listed above free from discrimination.

2. How to Submit a Request

To request access or deletion of personal information from out databases, please send us an email at help@syncmd.com. Please note that the CCPA requires us to take certain steps to properly verify the identity of the individual submitting a request before we can process it.

We will contact you independently using the email address associated with your PII in order to confirm the validity of the request and your ownership of the data. We may also ask that you provide certain details and information about yourself to assure us that you are in fact the individual to whom the information you have requested belongs to.
Once your identity has been confirmed to a satisfactory level in keeping with the principles of the CCPA, we will begin processing your request and notify you of any limitations or denials.
California residents may empower an “authorized agent” to submit requests on their behalf. As part of our security and privacy measures, we require that any authorized agents have a written authorization with your signature confirming their authority to act on your behalf.

3. Personal Information that Sync.MD Collects, Uses, and Shares

Sync.MD will never sell or rent your personal information without your consent.

Information that Sync.MD directly collects from you:

Our services may collect information directly from you, which identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or device (“Personal Information”).
This Personal Information may be collected directly from you on our web portal or through our services, or indirectly from you, such as by observing your actions when using our web portal, our services, or our website.
As described in our Privacy Policy, we use cookies and other tracking tools on our web portal and website to analyze traffic and usage patterns.

4. Categories of Personal Information

The CCPA requires that companies disclose their collection and use of specific categories of Personal Information enumerated in CCPA. Below is a table of those categories and a notification as to whether Sync.MD collects each. Please note that while each “CCPA category” may cover many types of personal information, Sync.MD only collects, uses, and shared the personal information described in this Privacy Policy.

CCPA Categories	Collected
Identifiers	Yes
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code Section 1798.80(e))	Yes
Protected Classification Characteristics under California or federal law	Yes (age)
Commercial Information	Yes
Biometric Data	Yes
Internet or other similar network activity	Yes
Geolocation Data	No
Sensory Data	No
Professional or employment-related information	Yes
Non-public education information (per the Family Educational Rights and Privacy Act (20 USC Section 1232g, 34 CFR Part 99))	No
Inferences drawn from other personal information	Yes