PRIVACY POLICY

Last updated January 26, 2026

This Privacy Notice for MEDYNUS, Inc. ("we," "us," or "our") describes how and why we collect, use, store, and protect personal information in connection with the Align Insight application and related services (the “Services”).

Align Insight is an approved-access application made available only to users whose access requests have been reviewed and approved by MEDYNUS, Inc. Access to the Services requires submission of an application form and manual account registration.

This Privacy Notice applies to personal information processed when you:

Submit an access request to use Align Insight
Download and use the Align Insight mobile application via an authorized App Store distribution link
Communicate with us in connection with account access, support, or related professional interactions

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice. You can find out more details about any of these topics by reviewing the full notice below.

What personal information do we process? When you apply for access to Align Insight, we process personal information submitted as part of your access request, such as your name, Apple ID, professional affiliation, job title, and referrer. If you are approved and use the Services, we may also process limited technical information related to your device and app usage.

Do we process any sensitive personal information? We do not intend to collect or process sensitive personal information, including patient-identifiable data or protected health information. Users are responsible for ensuring that any information or images they upload do not contain such data.

Do we collect any information from third parties? We do not collect personal information from third parties except as necessary to verify user access and distribute the application through Apple’s platform.

How do we process your information? We process personal information to review access requests, register and manage approved user accounts, operate and secure the Services, improve functionality, and comply with applicable legal obligations.

In what situations and with which parties do we share personal information? We do not sell personal information. We may share limited information with service providers only as necessary to operate the Services, or in connection with corporate transactions or legal requirements.

How do we keep your information safe? We implement reasonable technical and organizational measures designed to protect personal information. However, no system can be guaranteed to be completely secure.

What are your rights? Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or request deletion of your data.

How do you exercise your rights? You can exercise your rights by contacting us through our privacy contact page or by email. We will respond in accordance with applicable data protection laws.

WHAT INFORMATION DO WE COLLECT?
HOW DO WE PROCESS YOUR INFORMATION?
WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
HOW DO WE HANDLE PLATFORM-BASED LOGIN?
HOW LONG DO WE KEEP YOUR INFORMATION?
HOW DO WE KEEP YOUR INFORMATION SAFE?
DO WE COLLECT INFORMATION FROM MINORS?
WHAT ARE YOUR PRIVACY RIGHTS?
CONTROLS FOR DO-NOT-TRACK FEATURES
DO WE MAKE UPDATES TO THIS NOTICE?
HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

We collect personal information that you provide when you submit an access request to use Align Insight. Submission of this information is required for us to review your request, approve access, and register you as an authorized user of the Services.

Personal Information Collected During Access Request

When you apply for access to Align Insight, we collect personal information necessary to review and approve your request. This may include your name, Apple ID, professional affiliation, job title, and referrer. This information is used solely for access verification, account registration, and administration of approved user access.

All personal information you provide must be accurate, complete, and kept up to date.

Sensitive Information. We do not intend to collect or process sensitive personal information, including patient-identifiable data or protected health information. Users are responsible for ensuring that information submitted or uploaded to the Services does not include such data.

Information collected when you use the application

If you use the Align Insight application, we may collect limited technical information necessary to operate, secure, and support the Services.

Device and Usage Data

We may automatically collect certain technical information about your device and application usage, such as device type, operating system version, application version, device identifiers, IP address, and information about how features of the application are accessed. This information is used for security, troubleshooting, and limited operational analytics, and is not used for diagnostic or clinical purposes.

Application Permissions

The application may request access to certain device features, such as the camera or local storage, solely to enable core functionality, including image capture or image selection for analysis. You may manage or revoke these permissions through your device settings.

Push Notifications

We may send push notifications related to account access or application functionality. You can opt out of receiving push notifications at any time through your device settings.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process personal information only for purposes that are consistent with providing a controlled-access, professional reference tool and operating the Services in a secure and compliant manner.

Specifically, we process your personal information for the following purposes:

To review access requests and manage approved user accounts. We process personal information to review access requests, verify eligibility, approve access, and register and administer authorized user accounts.
To operate and support the Services. We process information to provide core functionality of the Services, maintain system performance, and ensure the Services function as intended.
To respond to user inquiries and provide support. We process personal information to respond to requests, questions, and support communications related to account access or use of the Services.
To send administrative communications. We may process personal information to send service-related notices, updates to our terms or policies, and other non-promotional communications necessary for the operation of the Services.
To protect the security and integrity of the Services. We process information as necessary to monitor for security issues, prevent fraud or misuse, and maintain the safety and integrity of the Services.
To improve functionality and service quality. We may process limited usage and technical information to understand how the Services are used and to improve performance, reliability, and user experience. This processing is conducted for operational and quality-improvement purposes only and not for diagnostic or clinical decision-making.
To comply with legal obligations. We process personal information as necessary to comply with applicable laws, regulations, legal processes, and lawful requests from authorities.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We do not sell personal information and do not share personal information for targeted advertising or marketing purposes.

We may share limited personal information only in the following circumstances:

Infrastructure and Security Providers. We may share personal information with trusted third-party providers that support the operation, hosting, storage, security, and maintenance of the Services. These providers are authorized to process personal information only as necessary to provide such services to us and are subject to contractual confidentiality and data protection obligations.
Platform Providers. We may share limited information with platform providers (such as Apple or other operating system and application distribution platforms) as necessary to distribute the application, support authentication, and enable platform-related functionality.
Business Transfers. We may share or transfer personal information in connection with, or during negotiations of, any merger, financing, sale of company assets, or acquisition of all or a portion of our business.
Legal Obligations and Protection. We may disclose personal information where required to do so by law or in response to valid legal requests, or where we believe disclosure is necessary to protect our rights, users, or the security and integrity of the Services.

We do not authorize third parties to use personal information for their own independent purposes.

4. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

Align Insight includes features that use artificial intelligence and related technologies to automate the measurement of spinal angles from user-provided images. These features are designed to generate reference information to assist users in reviewing and interpreting measurements.

The AI-based features in Align Insight are provided for educational and informational purposes only and are not intended for diagnostic, clinical, or therapeutic use. The Services do not perform autonomous decision-making, and users remain solely responsible for verifying, interpreting, and applying any outputs generated by the AI.

How We Process Data in Connection with AI Features

When AI features are used, images and related usage data may be processed to operate the Services, improve functionality, and maintain system quality. Depending on user preferences, certain usage history data may be retained for these purposes or not retained at all.

Where data is retained, we apply technical measures intended to reduce identifiability, such as removing embedded text and metadata prior to further processing.

Any review of data for quality assurance or service improvement purposes is conducted on a limited basis, under access controls and confidentiality obligations, and does not involve the provision of medical or clinical judgment.

5. HOW DO WE HANDLE YOUR PLATFORM-BASED LOGINS?

Our Services may allow users to authenticate using third-party platform-based login services provided by operating system or application distribution platforms.

When you choose to authenticate using a platform-based login, we may receive limited information from the platform provider that is necessary to verify your identity and associate the login with an authorized user account. This information may include a platform-specific identifier and an associated email address, depending on the options you select and the information made available by the platform provider.

We use this information solely for authentication, account access management, and security purposes. We do not receive or access passwords associated with your platform account.

The use of platform-based login services is subject to the privacy policies and terms of the relevant platform provider. We do not control, and are not responsible for, how platform providers independently collect, use, or share your personal information.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Notice, including providing and securing the Services, managing authorized user access, and complying with applicable legal obligations.

When personal information is no longer required for these purposes, we will delete or anonymize it. In some cases, personal information may be retained for a longer period if required or permitted by law, such as to comply with legal, regulatory, accounting, or reporting obligations.

Where deletion is not immediately feasible (for example, due to information stored in backup systems), we will securely isolate the information and restrict further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement reasonable technical and organizational measures designed to protect the personal information we process. These measures are intended to reduce the risk of unauthorized access, disclosure, alteration, or destruction of personal information.

However, no method of electronic transmission or information storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. Any transmission of personal information to or from the Services is at your own risk, and you should access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

The Services are not intended for use by individuals under the age of 18. We do not knowingly collect, solicit, or process personal information from minors.

If we become aware that personal information from an individual under 18 has been collected, we will take reasonable steps to deactivate the associated account and delete such information in accordance with applicable law.

9. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your location and the applicable data protection laws, you may have certain rights regarding your personal information. These rights are not absolute and may be subject to limitations or exceptions under applicable law.

Your rights may include the right to access personal information we process about you, request correction of inaccurate or incomplete information, request deletion of personal information, and obtain a copy of certain personal information you have provided to us. You may also have the right not to be discriminated against for exercising your privacy rights.

Where processing of personal information is based on consent, you may have the right to withdraw that consent, subject to applicable legal requirements and limitations.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Some browsers and operating systems offer a Do-Not-Track ("DNT") setting that signals a preference regarding online tracking. At this time, there is no generally accepted standard for recognizing or responding to DNT signals, and we do not respond to such signals.

If a standard for online tracking is adopted in the future that we are required to follow, we will update this Privacy Notice accordingly.

California law requires us to disclose how we respond to DNT signals. Because no uniform standard currently exists, we do not respond to DNT signals at this time.

11. DO WE MAKE UPDATES TO THIS NOTICE?

We may update this Privacy Notice from time to time to reflect changes in our practices or to remain compliant with applicable laws. The updated version will be indicated by a revised date at the top of this Privacy Notice.

If we make material changes to this Privacy Notice, we may provide notice through the Services or by other appropriate means. We encourage you to review this Privacy Notice periodically to stay informed about how we protect your personal information.

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this Privacy Notice, you may contact us at:

MEDYNUS, Inc.

18 Technology Dr., Suite 109

Irvine, CA 92618

United States

You may also contact us by email at privacy@medynus.com.

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Depending on applicable law, you may request access to, correction of, or deletion of certain personal information we collect about you. Such requests are subject to applicable legal requirements and limitations.

If you wish to make a request or have questions regarding your personal information, please contact us using the contact details provided in Section 12 of this Privacy Notice.