HIPAA Notice of Privacy Practices

Effective Date: June 1, 2026

This Notice of Privacy Practices ("Notice") describes how medical information about you may be used and disclosed and how you can access this information.

This Notice applies to Thinnex, LLC ("Thinnex," "we," "us," or "our") and to licensed healthcare providers and affiliated entities who participate in your care through our platform.

We are required by law to maintain the privacy of your Protected Health Information ("PHI"), provide you with this Notice, and follow its terms.

1Your Protected Health Information (PHI)

PHI includes any health information that can identify you and relates to:

Your past, present, or future physical or mental health
Healthcare services provided to you
Payment for your healthcare services

We collect PHI when you complete your health intake form, communicate with our care team, receive a prescription, or otherwise interact with our platform.

2How We May Use and Disclose Your PHI

We may use or disclose your PHI for the following purposes:

Treatment

We may share your information with licensed healthcare providers involved in your care to evaluate, diagnose, and treat you. This includes sharing information with telehealth providers, compounding pharmacies, and other clinicians coordinating your treatment.

Payment

We may use your information to bill and receive payment for services provided, including communicating with payment processors and verifying insurance coverage where applicable.

Healthcare Operations

We may use PHI to operate and improve our services, including quality assessment, customer support, and administrative activities. This may include reviewing provider performance and conducting training.

As Required by Law

We will disclose PHI when required by federal, state, or local law, including to public health authorities, law enforcement when legally required, or in response to valid legal process such as a court order or subpoena.

For Public Health Activities

We may disclose PHI to public health authorities authorized to collect or receive such information for purposes such as preventing or controlling disease, injury, or disability.

Health Oversight Activities

We may disclose PHI to a health oversight agency for oversight activities authorized by law, such as audits, investigations, and inspections necessary for oversight of the healthcare system.

Business Associates

We may share your PHI with third-party "business associates" who perform services on our behalf, such as billing companies, IT providers, and telehealth platforms. These associates are required by contract to protect your PHI in accordance with HIPAA.

3Uses and Disclosures Requiring Your Authorization

Certain uses and disclosures of your PHI require your written authorization, including:

Most uses and disclosures of psychotherapy notes
Uses and disclosures of PHI for marketing purposes
Sale of PHI
Any use or disclosure not described in this Notice

You may revoke any authorization you have given us at any time in writing. Revocation will not affect any actions we took before receiving your revocation.

4Your Rights Regarding Your PHI

You have the following rights with respect to your Protected Health Information:

Right to Access

You may request to inspect or obtain a copy of your PHI maintained in our records, including electronic records.

Right to Amend

You may request that we amend PHI you believe is incorrect or incomplete. We may deny your request in certain circumstances.

Right to an Accounting

You may request a list of certain disclosures of your PHI made by us in the six years prior to your request.

Right to Request Restrictions

You may request restrictions on how we use or disclose your PHI for treatment, payment, or operations. We are not required to agree to all requests.

Right to Confidential Communications

You may request that we communicate with you about your PHI in a certain way or at a certain location (e.g., only by email).

Right to a Paper Copy

You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive it electronically.

To exercise any of the above rights, please submit a written request to our Privacy Officer using the contact information below.

5Our Obligations

We are required by law to:

Maintain the privacy and security of your PHI
Provide you with this Notice of our legal duties and privacy practices
Notify you promptly if a breach occurs that may have compromised your PHI
Follow the terms of the Notice currently in effect
Not use or disclose your PHI other than as described in this Notice without your written authorization (with limited exceptions)

6Changes to This Notice

We reserve the right to change this Notice at any time. We reserve the right to make the revised or changed Notice effective for PHI we already have about you as well as any information we receive in the future. We will post the current Notice on our website with the effective date. You may request a copy of the most current Notice at any time.

7Complaints

If you believe your privacy rights have been violated, you may file a complaint with Thinnex or with the Secretary of the U.S. Department of Health and Human Services. To file a complaint with HHS, visit:

www.hhs.gov/hipaa/filing-a-complaint

We will not retaliate against you for filing a complaint.

8Contact Our Privacy Officer

If you have questions about this Notice or wish to exercise any of your rights, please contact us:

Thinnex Privacy Officer

Company: Thinnex, LLC

Website: thinnex.com

Email: privacy@thinnex.com

All written requests should be sent via email with the subject line "HIPAA Privacy Request." We will respond within 30 days of receiving your request.