Privacy Policy

Effective Date: April 30, 2026  ·  Last updated: April 30, 2026

Introduction — This Privacy Policy ("Privacy Policy") describes the data protection practices of Mito Health Holdings Corp. ("RetaClinic"). We refer to the Websites, and other services provided by RetaClinic together in this Privacy Policy as the "Services." This Privacy Policy is incorporated into our Terms of Use. All capitalized terms used in this Privacy Policy but not defined herein have the meanings assigned to them in the Terms of Use. RetaClinic also delivers services in conjunction with our Partners and their terms.

If you are a California resident, please see our Privacy Information for California Residents section below.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

This Privacy Policy does not cover the practices of third parties and/or companies that RetaClinic doesn't own or control or people we don't manage. This Privacy Policy also does not cover Protected Health Information (as defined by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and HIPAA Privacy Rule) collected by the Practice (as defined herein) and providers with whom RetaClinic contracts to facilitate medical visits through the RetaClinic platform.

The Information We Collect and the Sources of Such Information

We obtain information about you through the means discussed below when you use the Services. Please note that we need certain types of information so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use part or all of our Services.

1. Information You Provide to Us

We collect a variety of information that you provide directly to us. For example, we collect information from you through:

• Account and product registration and administration of your account
• Processing your orders and requests for treatment, including orders and requests made by your provider in connection with your care
• Questions, communications, or feedback you submit to us via forms or email
• Your participation in research, surveys, contests, and sweepstakes
• Requests for customer support and technical assistance, including through online chat functionalities
• Uploads or posts to the Services
• Employment applications you submit

The specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you includes:

• Identifiers, such as name, address, telephone number, date of birth, and email address
• Billing information, such as shipping address, credit or debit card number, verification number, and expiration date, collected by our payment processors on our behalf
• Commercial information, such as information about purchases or other transactions with us, including information about your healthcare provider, if applicable
• Customer service information, such as information about your customer service and maintenance interactions with us
• Demographic information such as your gender, age, marital status, and similar information in connection with the Services
• Information you provide on the Website, such as videos (and in some cases the recordings of such videos), photos, and signatures
• General geolocation information, such as city, state, or zip code
• Information about others, such as if you provide a family or friend's email address or contact information to allow access to your information or name them as an emergency contact
• User-generated content you post in public online forums on our Services or disclose to other users or your healthcare providers

Sensitive Personal Information:

• Health information, such as information about your symptoms, medical history, lifestyle, prescriptions, mental health, drug or alcohol use, genetics, treatment options, and relevant physical characteristics (e.g., your height and weight) as well as medical photos you upload, lab results, and your insurance information
• Information about your sex life and sexual orientation
• Log-in credentials, if you create an account
• Sensitive demographic data, such as race and ethnicity
• Identity verification information (e.g. driver's license or other government-issued ID card or number), and your signature (if required for notarization purposes)
• Contents of communications made via the Services
• Any other information you choose to directly provide to us in connection with your use of the Services

2. Information We Collect Through Automated Means

We collect certain information about your use of the Services and the devices you use to access the Services. We and our service providers may use a variety of technologies, including cookies, SDKs, and similar tools, to assist in collecting this information.

Our Websites. When you use our Websites, we collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs), referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar information.

Location Information. When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and or postal code associated with an IP address) from your computer or mobile device.

Cookies and Similar Online Tools. To collect the information in this section, we and our service providers use web server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. Please note that you can change your browser settings to notify you when a cookie is being set or updated, or to block cookies altogether. By blocking or disabling cookies, you may not have access to certain features or offerings of the Services.

3. Information We Collect From Social Media and Other Content Platforms

When you "like" or "follow" us on Facebook, Instagram, Twitter, or other social media platforms, we may collect some information from you including your name, email address, and any comments or content you post relevant to us. If you access the Services through a third-party connection or log-in, you may allow us to have access to and store certain information from such third parties depending on your settings on such services.

4. Information We Receive From Other Sources

We work closely with third parties (including physicians, medical professionals, and pharmacies) to provide you with the Services, as well as with advertising networks, analytics providers, marketing partners, and search information providers. Such third parties will sometimes provide us with additional information about you.

Purposes for How We Use Your Information

In connection with providing you with the Services, we may use your information for the following business purposes:

• Provide and Manage the Services — Carry out, improve, and manage the Services; facilitate the provision of health care services by physicians or other health care providers; provide technical support and customer service; communicate with you about the Services; and verify your identity and administer your account.
• Analyze and Improve the Services — Engage in internal research to understand the effectiveness of our Services; ensure content is presented effectively; and help us better understand your interests and needs.
• Advertising and Marketing — Communicate with you about surveys, promotions, special events or our products and Services; and provide you with more relevant advertisements and personalized content.
• Legal Purposes — Comply with applicable laws and regulations; and establish, exercise, or defend our legal rights.

Aggregate/De-Identified Data. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device. We may use Aggregate/De-Identified Information for any purpose, including research and marketing purposes.

Online Analytics and Advertising

1. Online Analytics

We may use third-party web analytics services (such as Google Analytics, and similar tools) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and assist with fraud prevention. To prevent Google from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.

2. Online Advertising

The Services may integrate third-party advertising technologies (e.g., ad networks and ad servers such as Facebook, Google Ad Words, TikTok, and others) that use cookies, pixels, and other technologies to deliver relevant content and advertising for RetaClinic products on the Services, as well as on other websites you visit and other applications you use.

3. Do Not Track

Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated DNT signals, however we do honor legally recognized browser-based opt out signals referenced in the "Your Rights and Choices" section below in accordance with applicable law.

How We Disclose Your Information

• Affiliates and Subsidiaries. We may disclose information we collect within any RetaClinic member or group to deliver products and services to you and enhance your customer experience.
• Health Care Providers and Services. We disclose your information to health care providers to schedule and fulfill appointments and provide health care services as part of the Services.
• Service Providers. We provide access to or disclose your information to select third parties who use the information to perform services on our behalf, including billing, sales, marketing, advertising, analytics, research, customer service, data hosting and storage, IT and security, fraud prevention, and payment processing.
• Protection of RetaClinic and Others. We may access, retain and disclose information we collect about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to comply with legal process, enforce our Terms of Use, respond to claims that content violates the rights of third parties, or protect the rights, property or personal safety of RetaClinic, its agents and affiliates, its users and/or the public.
• Business Transfers. In the event of a sale, merger, or partnership, user information may be among the transferred assets.
• Consent. We may also disclose your information in other ways you direct us to and when we have your consent.

Your Rights and Choices

Depending on the state in which you live, you may have legal rights with respect to your information, including:

• Information about the categories of information we process, our uses of your information, and our sources of such information
• Access to the information that RetaClinic has collected about you
• Correct certain information we have about you
• Deletion of the information we have about you

You may make a request by emailing us at hello@retaclinic.com. Before we disclose, correct or delete information in response to any of these requests, we will need to verify your identity.

RetaClinic will not discriminate against anyone that makes a rights request, but in some cases we will not be able to provide our Services to you without that information.

Opt Out of Targeted Advertising

RetaClinic allows third parties to receive certain information such as cookies, IP address, device identifiers, hashed contact information, and browsing behavior to enable the delivery of targeted advertising to you. Residents of certain states may opt out of the sale of personal information or sharing of their personal information for targeted advertising by emailing us at care@retaclinic.com. If you have a legally recognized browser-based opt out preference signal turned on via your device browser (such as Global Privacy Control), we recognize such preference in accordance with applicable law.

Marketing Preferences

You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events by contacting us using the information below. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.

Third Party Services and Notice About Health Information

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including physicians and other health care providers using the Services. We have no control over the privacy practices of these third parties. We urge you to read the privacy and security policies of these third parties.

How We Protect Your Information

RetaClinic takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. You acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services or via the Internet and that any such transmission is at your own risk.

Privacy Information for California Residents

If you are a California resident, the California Consumer Privacy Act ("CCPA") requires us to provide you with additional information about the purpose for which we use each category of "personal information" and "sensitive personal information" we collect, and the categories of third parties to which we disclose such information.

Our use of third-party analytics services and online advertising services may result in the sharing of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a "sale" under the CCPA.

We do not knowingly "sell" or "share" the personal information of children under 16.

Incentive Programs

The Services may offer opportunities to receive certain services or benefits such as gift cards, discounts, or free services, which may require the provision of Personal Information. When you participate in an Incentive Program, you agree to the terms of that Incentive Program.

Right to Limit Sensitive Personal Information

The CCPA allows you to limit the use or disclosure of your "sensitive personal information" if it is used for certain purposes. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. To opt out, please use the Global Privacy Control described in the "Your Rights and Choices" section.

Shine the Light Disclosure

The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we disclose certain categories of personal information with third parties for their direct marketing purposes. We do not disclose your personal information to third parties for their own direct marketing purposes.

Privacy Information for Nevada Residents

Under Nevada law, certain Nevada consumers may opt out of the sale of "personally identifiable information" for monetary consideration. We do not engage in such activity; however, if you are a Nevada resident who has purchased services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing care@retaclinic.com.

Retention of Your Information

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it, the nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, and our legitimate interests and/or requirements to comply with applicable laws.

Children

We do not knowingly collect personal data from anyone under the age of 13 through our Services, and our Services are not directed to children under the age of 13. If we discover we have received any "personal information" from a child under the age of 13 in violation of this Privacy Policy, we will take reasonable steps to delete that information as quickly as possible.

Revisions to Our Privacy Policy

We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Policy accessible through the Services, so you should review it periodically. Your continued use of our Websites after such amendments will be deemed your acknowledgment of these changes to this Privacy Policy.

Contacting Us

If you have any questions about this Privacy Policy or RetaClinic's privacy practices, please contact us at: hello@retaclinic.com