Privacy Policy


MERU HEALTH PRIVACY POLICY

Last Modified: December 15, 2021

1. INTRODUCTION

This Privacy Policy describes how Meru Health, Inc. collects and uses
Personal Data about you through the use of our Websites, mobile applications, and through email, text, and other
electronic communications between you and Meru Health, Inc.

Meru Health, Inc. (“Meru Health,” or “we,”
our,” or “us”) respects your privacy, and we are committed to protecting it
through our compliance with this policy.

This Privacy Policy (our “Privacy Policy”) describes the
types of information we may collect from you or that you may provide when you visit the website meruhealth.com and
meruhealth.fi (our “Websites”) and the Meru Health applications (each, an
Application”), and our practices for collecting, using, maintaining, protecting, and disclosing
that information.

Note, Meru Health is not a medical group or health care provider.
Any telemedicine consults obtained through our Websites or Applications are provided by independent medical
practitioners, including Meru Health Medical, P.A. (“Meru Medical”), an independent medical group with a network
of United States based health care providers (each, a “Provider”). Meru Health Medical (or your own medical
provider if you do not use a Meru Health Medical Provider) is responsible for providing you with a Notice of
Privacy Practices describing its collection and use of your health information, not Meru Health. If you do not
agree to be bound by those terms, you are not authorized to access or use our Websites and Applications, and you
must promptly exit our Websites and Applications.

This policy applies to information we collect:

  • on our Websites and Applications, for example when you visit our
    Websites and Applications;

  • in email, text, and other electronic messages between you and our
    Websites and Applications;

  • from referrals from other healthcare providers, health plans, and intake
    calls; and

  • when you interact with our advertising and applications on third party
    websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

  • by any third party, including through any application or content
    (including advertising) that may link to or be accessible from or on the Websites or Applications; or

  • from users who log-in to the password-protected and secure portions of
    our Website or Applications (“Secure Platform”). The Secure Platform allows users who obtain the services
    (“Customers”) to perform certain functions or obtain the services (such as telehealth visits from medical groups
    or health care providers). All information collected and stored by us or added by Customers into such Secure
    Platform is considered Protected Health Information (“PHI”) and is governed by applicable state and federal laws
    that apply to that information, including the Health Insurance Portability and Accountability Act and its
    implementing regulations (“HIPAA”). We use and disclose such PHI in accordance with the applicable Notice of
    Privacy Practices provided to you by the medical groups.

Please read this policy carefully to understand our policies and practices
regarding your information and how we will treat it. If you do not agree with our policies and practices, your
choice is not to use our Websites and Applications. By accessing or using our Websites or Applications, you agree to
this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your
continued use of our Websites or Applications after we make changes is deemed to be acceptance of those changes, so
please check this Privacy Policy periodically for updates.

2. CHILDREN UNDER THE AGE OF 13

Our Websites and Applications are not intended for children under the
age of 13 and children under the age of 13 are not permitted to use our Websites or our Applications. We will
remove any information about a child under the age of 13 if we become aware of it.

Our Websites and Applications are not intended for children under 13 years
of age. No one under age 13 may provide any information to or through the Websites or Applications. We do not
knowingly collect Personal Data from children under 13. If you are under 13, do not use or provide any information
on our Websites or in our Applications or on or through any of their features, including your name, address,
telephone number, email address, or any screen name or user name you may use. If we learn we have collected or
received Personal Data from a child under 13 without verification of parental consent, we will delete that
information. If you believe we might have any information from a child under 13, please contact us at
[email protected] or call us at (650)-505-4947.

3. INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

We collect different types of information about you, including information
that may directly identify you, information that is about you but individually does not personally identify you, and
information that we combine with our other users. This includes information that we collect directly from you or
through automated collection technologies.

Generally

We collect several types of information from and about users of our Websites
and Applications, specifically information:

  • by which you may be personally identified, such as name, postal address,
    billing address, shipping address, e-mail address, telephone numbers, driver’s license number (or other
    government identification number), date of birth, credit or debit card number (for payment purposes only), your
    medical history, and health information (“Personal Data”);

  • that is about you but individually does not identify you, such as
    education level, number of dependents, age, race, skin color, national origin, religion, marital status, medical
    conditions, disabilities, sexual orientation, religious beliefs, sex/sex life data, emergency contacts, and your
    physician. We may also collect traffic data, logs, referring/exit pages, date and time of your visit to our
    Websites or use of our Applications, error information, clickstream data, information about your mobile device
    (e.g., unique device identifier), IP address, mobile telephone number and other data and the resources that you
    access and use on the Websites or through our Applications;

  • any other information that you may voluntarily disclose; or

  • about your Internet connection, the equipment you use to access our
    Websites or use our Applications and usage details.

We collect this information:

  • directly from you when you provide it to us;

  • automatically as you navigate through the Websites or use our
    Applications. Information collected automatically may include usage details, IP addresses, and information
    collected through cookies and other tracking technologies; and

  • From third parties, for example, our business partners.

Information You Provide to Us

The information we collect on or through our Websites or through our
Applications is:

  • information that you provide by filling in forms on our Websites or the
    Applications. This includes information provided at the time of registering to use our Websites or Applications,
    using our Provider consultation services, or requesting further services. We may also ask you for information
    when you report a problem with our Websites or Applications;

  • records and copies of your correspondence (including email addresses),
    if you contact us; and

  • details of transactions you carry out through our Websites or through
    the Applications and of the fulfillment of your orders. You may be required to provide financial information
    before placing an order through our Websites or Applications.

You also may provide information to be published or displayed (hereinafter,
posted”) on public areas of the Websites or Applications or transmitted to other users of the
Websites or Applications or third parties (collectively, “User Contributions”). Your User
Contributions are posted on and transmitted to others at your own risk. We may also use your User Contributions in
an anonymized form in our marketing materials. Although we limit access to certain pages, please be aware that no
security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the
Websites and Applications with whom you may choose to share your User Contributions. Therefore, we cannot and do not
guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Websites and Applications, we
may use automatic data collection technologies to collect certain information about your equipment, browsing
actions, and patterns, specifically:

  • details of your visits to our Websites or Applications, such as traffic
    data, location, logs, referring/exit pages, date and time of your visit to our Websites or use of our
    Applications, error information, clickstream data, and other communication data and the resources that you
    access and use on the Websites or in the Applications; and

  • information about your computer, mobile device, and Internet connection,
    specifically your IP address, operating system, browser type, and Application version information.

  • The information we collect automatically may include Personal Data or we
    may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It
    helps us to improve our Websites and Applications and to deliver a better and more personalized service by
    enabling us to:

  • estimate our audience size and usage patterns;

  • store information about your preferences, allowing us to customize our
    Websites and our Applications according to your individual interests;

  • recognize you when you return to our Websites and our Applications.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). We and our service
    providers may use cookies, web beacons, and other technologies to receive and store certain types of information
    whenever you interact with our Websites and Applications through your computer or mobile device. A cookie is a
    small file placed on the hard drive of your computer or mobile device. On your computer, you may refuse to
    accept browser cookies by activating the appropriate setting on your browser, and you may have similar
    capabilities on your mobile device in the preferences for your operating system or browser. However, if you
    select this setting you may be unable to access certain parts of our Websites or use certain parts of our
    Applications. Unless you have adjusted your browser or operating system setting so that it will refuse cookies,
    our system will issue cookies when you direct your browser to our Websites or use our Applications.

THIRD-PARTY USE OF COOKIES

Some of the cookies used on our Websites and Applications may be served by
third parties alone or conjunction with web beacons or other tracking technologies to collect information about you
when you use our Websites and Applications. The information they collect may be associated with your Personal Data
or they may collect information, including Personal Data, about your online activities over time and across
different websites and other online services. They may use this information to provide you with interest-based
(behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may
be used. If you have any questions about an advertisement or other targeted content, you should contact the
responsible provider directly. You can learn more about interest-based advertisements and your opt-out rights and
options from members of the Network Advertising Initiative (“NAI”) on its website (www.networkadvertising.org) and
from members of the Digital Advertising Alliance on its website (www.aboutads.info). We do not control third
parties’ collection or use of your information to serve interest-based advertising. However, these third parties may
provide you with ways to choose not to have your information collected or used in this way. You can also opt out of
receiving targeted ads from members of the NAI on its website.

4. HOW WE USE YOUR INFORMATION

We use your Personal Data for various purposes described below, including
to:

  • provide our Websites or Applications to you;

  • provide products and services to you;

  • provide you with information you request from us;

  • enforce our rights arising from contracts;

  • notify you about changes; and

  • provide you with notices about your account.

We use information that we collect about you or that you provide to us,
including any Personal Data:

  • to present our Websites and its contents to you;

  • to present our Applications;

  • to provide our products and services to you;

  • to provide you with information that you request from us or that may be
    of interest to you;

  • to process, fulfill, support, and administer transactions and orders for
    products and services ordered by you;

  • to administer and analyze surveys;

  • to provide you with notices about your Meru Health account;

  • to contact you in response to a request;

  • to fulfill any other purpose for which you provide it;

  • to carry out our obligations and enforce our rights arising from any
    contracts entered into between you and us, including for billing and collection;

  • to notify you about changes to our Websites, our Applications, or any
    products or services we offer or provide though them;

  • in any other way we may describe when you provide the information; and

  • for any other purpose with your consent.

We may also use your information to contact you about goods and services
that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such
communications, you may do so at any time by clicking unsubscribe at the bottom of these communications or by
visiting your Account Preferences page. For more information, see Choices About How We Use and Disclose
Your Information.

5. DISCLOSURE OF YOUR INFORMATION

We do not share, sell, or otherwise disclose your Personal Data for purposes
other than those outlined in this Privacy Policy. We disclose your Personal Data to a few third parties, including:

  • our affiliates and third party service providers that we use to support
    our business;

  • Meru Medical and its Providers to provide you with telehealth services;

  • to a company we merge, acquire, or that buys us, or in the event of
    change in structure of our company of any form;

  • to comply with our legal obligations;

  • to enforce our rights; and

  • with your consent.

We do not share, sell, or otherwise disclose your Personal Data for purposes
other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users,
and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in
this privacy policy:

  • to affiliates, contractors, service providers, and other third parties
    we use to support our business. The services provided by these organizations include IT and infrastructure
    support services, and ordering, marketing, and payment processing services;

  • Meru Medical and its Providers to provide you with telehealth services;

  • to a buyer or other successor in the event of a merger, divestiture,
    restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a
    going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Meru
    Health about our Websites and Applications users are among the assets transferred;

  • to fulfill the purpose for which you provide it. For example, we may
    disclose your personal information to a Provider;

  • for any other purpose disclosed by us when you provide the information;

  • with your consent.

We may also disclose your Personal Data:

  • to comply with any court order, law, or legal process, including to
    respond to any government or regulatory request;

  • to enforce or apply our Terms of Use meruhealth.com/tcs and other
    agreements, including for billing and collection purposes; and

  • if we believe disclosure is necessary or appropriate to protect the
    rights, property, or safety of Meru Health, our customers, or others. This includes exchanging information with
    other companies and organizations for the purposes of fraud protection and credit risk reduction.

6. CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We offer you choices on how you can opt out of our use of tracking
technology, disclosure of your Personal Data for our advertising to you, and other targeted advertising.

We do not control the collection and use of your information collected by
third parties described above in Disclosure of Your Information. These third parties may
aggregate the information they collect with information from their other customers for their own purposes.

In addition, we strive to provide you with choices regarding the Personal
Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

  • Promotional Offers from Meru Health. If you do not wish
    to have your email address used by Meru Health to promote our own products and services, you can opt-out at any
    time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive
    from. This opt out does not apply to information provided to Meru Health as a result of a product purchase, or
    your use of our services.

7. YOUR RIGHTS REGARDING YOUR INFORMATION AND ACCESSING AND CORRECTING YOUR
INFORMATION

You may review and change your personal information by contacting us at
[email protected]. To access medical records, submit a request 
here

You can review a subset of your Personal Data by logging into our
Application and visiting either the Settings or Account Preferences sections of our Application. To review all
personal information that you have given to Meru Health, contact [email protected]. You may also notify us
through the Contact Information below of any changes or errors in any Personal Data we have about you to ensure that
it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal
information except by also deleting your account with us. We may also not be able to accommodate your request if we
believe it would violate any law or legal requirement or cause the information to be incorrect.

8. JURISDICTION-SPECIFIC PRIVACY RIGHTS

The law in certain jurisdictions may provide their residents or
individuals located in those jurisdictions with additional rights regarding our use of your Personal Data.

The law in some jurisdictions may provide you with additional rights
regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a
resident of one of these jurisdictions, please see the privacy addendum for your jurisdiction that is attached to
this Privacy Policy.

For Individuals Located within the European Economic Area or the
United Kingdom

If you are located in the European Economic Area or the United Kingdom, you
have the additional rights described in our GDPR Privacy
Addendum
.

For Residents of California

California law permits minors under the age of 18 to request the removal of
your User Contributions, subject to certain exceptions. If you are under the age of 18 in California, you may
contact us using the Contact Information below (if you contact us via email, please use the subject “California
Eraser Law Request”). We may not remove your User Contributions that we are required to retain under any federal or
state law, or that have been provided to a third party. While we will do our best to remove a minor’s information
upon a valid request, we cannot ensure the complete or comprehensive removal of your User Contributions from our
Websites or Applications or any information that has been republished, copied, downloaded, or reposted by any third
party, and we cannot guarantee that any such information may not be accessible to users of the Internet in the
future. We do not advertise or market any of the products or services identified in California Business and
Professionals Code Section 22580(i) to users who we have actual knowledge are under 18 years of age.

9. DO NOT TRACK SIGNALS

We may use automated data collection technologies to track you across
websites. We currently do not honor do-not-track signals that may be sent by some browsers.

We also may use automated data collection technologies to collect
information about your online activities over time and across third-party websites or other online services
(behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating
a preference that they “do not track” your online activities. At this time, we do not honor such signals, and we do
not modify what information we collect or how we use that information based upon whether such a signal is broadcast
or received by us.

10. DATA SECURITY

Information transmitted over the Internet is not completely secure, but
we do our best to protect your Personal Data. You can help protect your Personal Data and other information by
keeping your password to our Websites confidential.

We have implemented measures designed to secure your Personal Data from
accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where you
have chosen a password for the use of our Websites or Applications, you are responsible for keeping this password
confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the Internet is not
completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your
Personal Data transmitted to our Websites or on or through our Applications. Any transmission of Personal Data is at
your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on
the Websites, in your operating system, or in the Applications.

11. CHANGES TO OUR PRIVACY POLICY

We will post any changes to our Privacy Policy on our Website. If we
make material changes to our Privacy Policy, we may notify you of such changes through your contact information
and invite you to review (and accept, if necessary) the changes.

We may change this Privacy Policy at any time. It is our policy to post any
changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the
Website’s home page or the Application’s home screen. If we make material changes to how we treat our users’
Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on
the Website’s home page or the Application’s home screen. The date this Privacy Policy was last revised is
identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable
email address for you, and for periodically accessing the Applications or visiting our Websites and reviewing this
Privacy Policy to check for any changes.

12. CONTACT INFORMATION

You may contact us through the contact information below.

If you have any questions, concerns, complaints or suggestions regarding our
Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the
“Contact Us” page on our Websites or in the Applications.

Meru Health, Inc. | 720 South B Street | San Mateo, CA 94401 | Telephone:
(650)-505-4947 | Email: [email protected]