Consumer Health Data Privacy Policy

Last Updated: March 21, 2026

This Consumer Health Data Privacy Policy ("Policy") supplements our Privacy Policy and applies to consumer health data as defined under applicable state laws, including the Washington My Health My Data Act (RCW 19.373), Nevada's Consumer Health Data Privacy Act, and similar state consumer health data privacy laws (collectively, "Consumer Health Data Laws").

This Policy describes how DirectGLP and/or our owners and/or affiliates (collectively "Company," "our," "we," or "us") collect, use, share, and protect consumer health data through the DirectGLP website located at directglp.com (the "Site").

What is Consumer Health Data?

Consumer health data is personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. This may include, but is not limited to:

• Health conditions, symptoms, diagnoses, or treatments
• Information related to medications, prescriptions, and dosage (including GLP-1 receptor agonists)
• Bodily functions, vital signs, and biometric data
• Health-related measurements such as weight, BMI, and body composition
• Information about your use of healthcare services, including telehealth consultations
• Health-related information derived from your quiz responses and medical intake forms
• Precise location data that could reasonably indicate an attempt to access healthcare services
• Data that identifies a consumer seeking healthcare services

Categories of Consumer Health Data We Collect

When you use our Site and Services, we may collect the following categories of consumer health data:

• Medical history and health conditions: Information you provide about your current health, medical history, allergies, and existing conditions through our intake questionnaire and consultations.
• Treatment information: Details about your prescribed treatments, medications, dosages, and treatment progress.
• Physical measurements: Height, weight, BMI, and other measurements relevant to your weight management program.
• Lifestyle information: Diet, exercise habits, and other wellness-related information you share with us.
• Payment and insurance data: Information related to payment for health-related services.

Sources of Consumer Health Data

We collect consumer health data from the following sources:

• Directly from you: When you complete our health questionnaire, communicate with providers, or submit information through the Site.
• Healthcare providers: Licensed providers who conduct your telehealth consultations and prescribe treatment.
• Pharmacies: Partner pharmacies that dispense and ship your medications.
• Automatically: Through your interactions with our Site, such as pages visited and features used.

How We Use Consumer Health Data

We collect and use consumer health data for the following purposes:

• Providing and facilitating telehealth consultations and treatment
• Processing and fulfilling prescription orders
• Coordinating care with healthcare providers and pharmacies
• Communicating with you about your treatment, appointments, and account
• Improving our services and developing new features
• Ensuring the safety, security, and integrity of our services
• Complying with legal and regulatory obligations
• Responding to your requests and providing customer support

How We Share Consumer Health Data

We may share your consumer health data with the following categories of third parties:

• Healthcare providers: Licensed physicians and medical professionals who provide your telehealth consultations and treatment.
• Pharmacies: Licensed pharmacies that compound, dispense, and ship your prescribed medications.
• Service providers: Companies that help us operate our platform, process payments, and deliver services, bound by contractual obligations to protect your data.
• Legal and regulatory: Government agencies, law enforcement, or other parties when required by law, legal process, or to protect our rights and safety.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

We do not sell your consumer health data. We do not share your consumer health data for advertising purposes without your affirmative consent.

Your Rights

Depending on your state of residence, you may have the following rights regarding your consumer health data:

• Right to know: You may request confirmation of whether we are collecting, sharing, or selling your consumer health data, and request access to your data.
• Right to delete: You may request deletion of your consumer health data that we have collected, including from our archives and backups.
• Right to withdraw consent: You may withdraw your consent to the collection and sharing of your consumer health data at any time.
• Right to a list of third parties: You may request a list of the categories of third parties to whom we have disclosed your consumer health data.
• Right to non-discrimination: We will not discriminate against you for exercising any of your rights under applicable Consumer Health Data Laws.

How to Exercise Your Rights

To exercise any of your rights under this Policy, you may contact us using the following methods:

• Email: [email protected]
• Phone: +1 (877) 691-4571
• Mail: DirectGLP, Attn: Privacy Team, 1645 Commerce Drive, Marquette, MI 49855

We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request to protect your privacy and security.

How We Protect Your Data

We implement reasonable administrative, technical, and physical safeguards designed to protect consumer health data from unauthorized access, use, or disclosure. These measures include encryption of data in transit and at rest, access controls, and regular security assessments.

Data Retention

We retain consumer health data only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. When consumer health data is no longer needed, we will securely delete or de-identify it in accordance with our data retention policies and applicable legal requirements.

Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Policy periodically.

Contact Us

If you have any questions about this Consumer Health Data Privacy Policy, please contact us at [email protected] or call us at +1 (877) 691-4571.

DirectGLP
Attn: Privacy Team
1645 Commerce Drive
Marquette, MI 49855