Syai-Privacy Policy-20250317

TABLE OF CONTENTS

1. Definitions

2. About Us

3. How We Collect Your Data

4. Our Use of Your Data

5. Adherence to Legal and Regulatory Standards

6. Data Retention Policy

7. Disclosure of Your Data

8. Data Security

9. Transfer of Your Information

10. Marketing and Advertising Practices

11. Your Rights and Choices

12. Account Deletion

13. Policy Updates

14. Contact Us

At Syai, we're committed to protecting your personal data. Syai Health provides you with our collection of products and services, including applications such as the "Syai Tag" App, the "Syai Link" App, the "Syai Doctor" App/Web Portal, the "Syai Essential" App, the "Syai Academia" App and the "Syai Partner" platforms with other mirroring versions and services where applicable following the business development and adjustments. The Privacy Policy outlines how we collect, use, and safeguard your personal information when you use our products and services. Please read carefully before use. If you have any questions or concerns that require our statements or clarifications, please see the details in the "Contact Us" section. By proceeding to use the above-mentioned applications, services and so forth, you agree to and consent to this Privacy Policy.

Definitions

• Syai Health Ecosystem: the collection of products that include but are not limited to the Syai official website, mobile/desktop software applications as well as other products developed and branded as Syai Health products.

• Monitor: refers to the Syai Health CGM device, which uses an electrochemical sensor to monitor glucose levels in interstitial fluid.

• Glucose data: it encompasses pertinent information that includes monitoring readings, graphical representations of glucose trends and patterns, time in range (TIR) summaries, and generated glucose reports based on the Monitor readings with the event logs, among other relevant data. This information may be shared with healthcare providers within the application, contingent upon the user's consent. When access is granted, healthcare providers can view the data with real-time updates.

Effective Date: 17 Mar, 2025.

About Us

The Syai Health Technology Pte. Ltd. of 112 Robinson Rd, Singapore, 068902 is the developer of the Syai ("Syai Health") collection of products that include but are not limited to the Syai official website, mobile applications which contain the "Syai Tag App", Syai Link App ("Syai Link"), Syai Doctor App ("Syai Doctor") as well as Syai Health branded Monitors, etc. When the Syai Health collection of products is used in conjunction with specific usage scenarios, they may be referred to as the "Syai Health Ecosystem (applicable software)". For example, an HCP will utilize Syai Doctor Web or mobile application to set up connections with Syai Tag users and access their healthcare data upon permission.

How We Collect Your Data

Key Points to Remember:

• Your Information, Your Control: We believe you should have control over your personal information.

• Security First: We implement robust security measures to protect your data.

• Transparency: We're open about our data practices.

The personal data includes but is not limited to your health-related data, processed by us for example usage scenarios as below:

1. Registration of the Syai account to access our applications and services in the collection (requires your details such as name, height, weight, year diagnosed with diabetes mellitus, gender, treatment options, etc.).

2. Data generated and stored under your Syai account from using our products in the collection (your Monitor readings, application-generated analytics and standardized glucose reports).

3. Your Syai account information updates and data storage (Logs made with the Logbook feature, etc.).

4. Your customer service records with us, our distributors and other verified channels (Customer Service Feedback Form with your personal details, delivery address, relevant diagnostic data and Monitor details as SN numbers.).

5. Your participation in our marketing promos and other activities within our software systems and official website (Email subscriptions).

6. You consent to share usage information such as error codes with us so that we can investigate cases and provide further assistance with your Monitor, application, and so forth (feedback form with device details and your personal details).

7. When you contact us, share your troubleshooting/diagnostics data to fix technical issues.

8. When you acknowledge and are authorized to use the in-app messaging feature to connect with healthcare providers, and conduct video/voice calls when necessary, we collect:

* Message content: Text, and any attachments you send.

* Message metadata: Sender, recipient, timestamps, and message status (sent, delivered, read).

* HCP information: Name and, where provided, professional affiliation with other essential account details.

For users of the Syai Health Ecosystem (devices, applications and services all together):

1. To access the full features of specific applications & services, you may be prompted to provide or submit private information such as your personal details. The information may or may not be required for the service to operate but will aid in analytics for your glucose management routine in-app.

2. Device services will be utilized by the applications and services from us, such as Bluetooth, NFC, location services, notification and storage permissions, they are mandatory for essential features.

Our Use of Your Data

Syai uses your personal information, including health-related information, data derived from your Monitor or other Syai devices, and technical information about your mobile device if you use the Syai Tag App, Syai Link App or other component in the Syai Health Ecosystem, including but not limited to the following ways:

• To provide you with real-time monitoring data and analytics in-app and via other components in the Syai Health Ecosystem.

• To ensure secure access to your account registered and private information submitted, etc.

• To facilitate communication between the user and their HCPs, regarding the diabetes management. But the data will not be used for other purposes such as research/analytics, or commercial usage scenarios.

• For internal troubleshooting and support.

• To provide you with relevant information, such as customer services, product info and Monitor details, etc.

• To make sure the application functions as designated, such as location services required by the Syai Tag application to pair your Monitor during individual device applications.

• For users of the Syai Link App and Syai Doctor App: to provide you with a Syai account to be able to view the glucose readings of your family member or friend, or access a patient's report/other glucose data with a Syai Doctor account registered.

Adherence to Legal and Regulatory Standards

We may process your personal information, including health-related data, as required by law. To protect your privacy, we will take steps to de-identify, anonymize, or aggregate the data whenever possible following the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) regulations where applicable.

We will implement technical and administrative measures to ensure data separation and will never combine them unless for the identical scenarios as described below:

We may be required by law to disclose your personal information, including health-related information. In such cases, we'll take steps to minimize the amount of information shared and to de-identify or anonymize it whenever possible.

We process this sensitive health information based on your explicit consent, which you provide when you activate and use the in-app messaging feature. You can withdraw your consent at any time by disabling the relevant feature or deleting your Syai account. Additionally, any third-party integrations and services implemented will operate in accordance with applicable local legal obligations.

We may be required to disclose your personal information to comply with legal obligations, such as responding to lawful requests from law enforcement or regulatory authorities. We may also disclose information to protect the safety of our users or others, to investigate potential fraud or illegal activities, or to exercise our legal rights.

Syai Health will process your private information following the GDPR articles where applicable. The word 'pseudonymization' is defined in the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), effective May 25, 2018, as ‘the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.' Anonymization mentioned in this document refers to information or data that cannot be used to identify any relevant person or individual and is not related to any data protection or privacy legal requirements or subject to changes following their updates.

Data Retention Policy

Personal information, including health-related information, may be retained if required to comply with legal obligations. In such instances, the information will, where applicable, be de-identified, pseudonymized, aggregated, or anonymized to ensure adherence to legal requirements.

Personal information will be retained for the minimum period necessary to fulfill the purposes outlined in this policy, unless deletion is requested by the individual or retention is mandated by law.

The determination of the appropriate retention period will be based on factors including the nature of the personal information, the purpose for which it was collected, and any pertinent legal obligations.

Message data will be retained for a duration not exceeding the maximum allowable period as dictated by applicable healthcare record retention requirements and third-party integration agreements. Upon expiration of this period, the data will be securely deleted or anonymized.

With respect to third-party integrations, regular reviews of their usage will be conducted to mitigate the potential for abuse and to ensure regulatory compliance to the fullest extent possible.

Disclosure of Your Data

Connectivity with other users of the Syai Health Ecosystem residing in different countries may be subject to limitations, contingent upon the user's selected country.

In instances where the share functionality within the Syai Health Ecosystem is utilized, explicit consent will be obtained prior to the disclosure of personal information to the user's healthcare provider or other third parties. This provision also applies in circumstances where the user has expressly requested or consented to the sharing of their data with Syai's partners and other third parties.

Personal information, including health-related information, is disclosed to the following entities. In each instance, disclosure is limited to the minimum amount of personal information necessary for the intended purpose of the third party's engagement.

• Syai Health Ecosystem and Location Services:

○ For Android devices, access to location services is required to facilitate the discovery of nearby Monitors or to enable relevant features within the Syai Health Ecosystem.

○ Users retain the option to temporarily deactivate this service following the connection or activation of the Monitor within the application.

○ Syai Health does not collect or sell any location data associated with this permission.

○ The activation of location services serves to ensure a seamless user experience with Syai Health devices; its utilization is restricted to the monitoring of data transfers pertaining to application and device connectivity.

• Syai Local Distributors or Partners:

○ Explicit consent will be obtained prior to the disclosure of personal information to local distributors in scenarios such as customer service provision.

○ Such disclosure is contingent upon the user's consent.

○ In situations where collaboration with local distributors or partners within the user's country/region is undertaken to facilitate problem resolution and address user feedback, disclosure will be limited to the minimum amount of personal information necessary.

• Third-Party Utilization of the Syai Health Ecosystem:

○ Explicit consent will be obtained prior to the disclosure of personal information with third parties in cases where the user explicitly consents to such disclosure, such as through the use of sharing features within the Syai Health Ecosystem.

○ By way of illustration, when the "Home/Doctor Care" feature in the Syai Tag App is employed, personal information, including health-related data such as real-time glucose readings, trend graphs, generated glucose reports, and potential glucose alerts, will be disclosed to third-party service providers such as certified Healthcare Professionals (HCPs).

○ It is important to note that disclosure behaviors initiated by the user with third-party providers/software applications are not governed by this document, but rather adhere to the privacy policy announcements of the designated endpoints, where applicable.

○ The user's designated Healthcare Professional (HCP) will have access to the content of messages and any attachments.

Where applicable, your third-party connected device may exchange data with the Syai Health Ecosystem, subject to your consent. For instance, if you share your glucose data from the Syai Tag App with Apple Health, the device will also share relevant information to aid in services provided within the Syai Health Ecosystem. The consented choices that you have elected for the Syai Health Ecosystem will be applied to the data transmitted to and received from the connected device. The third-party partner's privacy policy will govern the sharing and utilization of your data, when applicable.

Personal information will not be sold to third parties for commercial gain.

Consent will be sought prior to the sharing of your information with trusted third-party service providers who assist in the delivery of our products and services.

Information will only be shared with third parties upon your explicit consent or as mandated by law.

In the event of a merger, acquisition, or sale of our business, notification will be provided regarding the transfer of your personal information to the relevant party.

Disclosure of personal information and message data may be required to comply with legal obligations, such as responding to lawful requests from law enforcement or regulatory authorities, or in response to a court order or subpoena. Disclosure may also be made to protect the safety of users or others, to investigate potential fraud or illegal activities, or to exercise our legal rights.

Please be advised that your personal information may be subject to foreign laws and accessible by foreign authorities.

Data Security

By using Syai products, you trust us with your personal information. We're committed to honouring that trust with a commitment to continually improving our security measures.

1. We implemented robust security measures to protect your personal information stored, including:

Access Controls: Limiting access to authorized personnel on a need-to-know basis.

Encryption: Using complex encryption technologies to safeguard sensitive information.

Physical Security: Ensuring the protection of our facilities and equipment through the implementation of stringent security access measures and additional access control protocols.

Please be advised that no Internet transmission can be considered completely secure. We strongly encourage you to exercise caution when transmitting sensitive information over Wi-Fi networks.

Although we implement substantial measures to safeguard your information, we cannot guarantee absolute security. We shall not be held liable for breaches resulting from factors beyond our reasonable control, including but not limited to cyberattacks or unauthorized access.

2. When Syai Discontinues Services

If Syai discontinues its products or services, we will:

Cease Data Collection: Immediately stop collecting new/additional personal information.

Notify You: Inform you about the service discontinuation.

Data Deletion or Anonymization: We will delete or anonymize your personal information in accordance with applicable legal requirements.

3. Please be aware that mobile/desktop applications may be unavailable during periods of routine maintenance.

4. You (the user) are responsible for safeguarding your Syai account and devices. To enhance security, we recommend:

Strong Passwords: Create a strong, unique password for your Syai account.

Device Security: Implement strong security measures on your devices, such as using passwords or biometric authentication.

Privacy: Keep your account information and password confidential.

If you suspect unauthorized access to your account, please contact us immediately.

Please note that Syai Health is not liable for any unauthorized activity resulting from

your failure to protect your account information and devices. In the event of a data

breach, we will notify affected users and relevant authorities within a specified

timeframe as required by law.

Transfer of Your Information

We will not share your personal information with third parties, except in the following circumstances:

With Your Consent: We may share your information with other parties if you explicitly consent to it.

Business Transfers: In the event of a merger, acquisition, or bankruptcy, your information may be transferred to the acquiring company. We will require the acquiring company to adhere to the principles outlined in this Privacy Policy or obtain your consent.

Marketing and Advertising Practices

Cookies:

Regarding our official website and web portals, we use cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device to track your preferences and browsing behaviour. You can manage cookie settings and preferences in the device or browser settings. Our cookies share data about your use of our website with analytics, social media platforms, and other advertising partners in strict accordance with our Privacy Policy and Terms of Use. By continuing to access our web pages and corresponding services, you consent to the sharing of your data.

Marketing activities:

We may send you marketing communications, such as newsletters, special offers, and survey invitations based on your subscription with us, if you've opted in to receive them or if we have a legal basis to do so. These communications may relate to diabetes care, the latest Syai products, or local services from our Syai partners.

We may use information from your applications within the Syai Health Ecosystem, such as your usage patterns and account details (name, email address, country, delivery address), etc. to tailor our marketing communications to your interests. This helps us provide you with relevant information about diabetes care and other products or services.

You can unsubscribe from these communications anytime by clicking the "unsubscribe" hyperlink in the email or contacting us directly.

Syai Health will not knowingly send marketing materials to minors or sell your personal information to third parties for their marketing purposes or relevant surveys.

Even if you unsubscribed from our telecommunications, we may still send you important non-marketing information (where required by law), such as essential announcements regarding product updates.

Your Rights and Choices

You can update your profile information (such as name, mobile phone number, gender, weight, height, country, date of birth (excluding children's), email address, and password) through your Syai account settings or within the Syai Tag, Syai Link, or Syai Doctor App and other services or platforms included in the Syai Health Ecosystem. However, Monitor readings stored in your Syai account cannot be corrected or amended.

Your Rights

Subject to applicable legal frameworks, such as the EU General Data Protection Regulation, you may possess the following rights with respect to your personal details:

Access: The right to obtain access to and review your personal details and message data.

Correction: The right to submit a request for the correction of any inaccurate or incomplete information and message data.

Erasure: The right to request the deletion of your personal details and message data, contingent upon legal and regulatory obligations.

Restriction: The right to request a restriction on the processing of your personal details and message data, where applicable.

Objection: The right to object to the processing of your personal details and other relevant data; however, this may have implications for your ability to utilize the messaging feature.

Data Portability: The right to receive your personal details in a portable format or to request the transmission of said data to another entity.

It should be noted that the aforementioned rights may be subject to certain limitations and exceptions as defined by applicable law within specific countries or regions. Furthermore, Syai may encounter technical limitations that preclude the direct transfer of data to an alternative company.

In the event that requests are received from parents or guardians seeking access to their child's personal information within the Syai Health Ecosystem, Syai will undertake to verify the identity of the requester prior to authorizing access to the child's information, irrespective of whether the child satisfies the age criteria for utilization of Syai Health products.

Account Deletion

Your Syai account can access general applications and services such as the Syai Link, Syai Tag, and Syai Essential Apps.

For professional applications and services such as the Syai Doctor and Syai Doctor Web, you will need to register for a Syai Doctor account.

Syai Health will assist our Syai Partners to set up their Syai Partner account for the Syai Partner platform.

The deletion means to terminate the access permanently on corresponding applications or services and the mirroring software versions or services on other platforms with us.

If you would like to delete your account, you may do so by logging into the corresponding application or services first and using the delete account functionality in-app or web portals. Please be aware that if you delete your account, all data in the Syai account will be erased, but we may retain information that has already been or is in the process of anonymization, aggregation, pseudonymization, and/or de-identified for the purposes mentioned in the "Data Retention Policy" section above. We may also be required to retain certain information by law.

Once you delete your Syai account, you will lose access to all associated applications and platforms. This action is irreversible, meaning you cannot reactivate your account or recover any personal information afterwards, including but not limited to healthcare info, analytics, generated reports, patient details, etc. Before deleting your account, please ensure you have downloaded and saved any necessary information.

If you have established connections with healthcare providers (HCPs) or other caregivers through the Syai Link or Syai Doctor App, please note that deleting your account will terminate their access to your glucose data. Furthermore, you will no longer be able to receive updates from Syai Tag users via in-application invitations.

For healthcare providers (HCPs), account deletion may result in the loss of access to patient information and historical data pertaining to specific patients. Syai Partners should be aware that account deletion may impede their capacity to manage resources involving hospitals and physicians.

Syai Health reserves the right to delete accounts that have been inactive for a certain duration. In such cases, a notification will be sent in advance to the email address or phone number associated with the account, thereby affording the account holder an opportunity to verify their account status.

Policy Updates

This Privacy Policy document is regularly updated to reflect the latest changes to our privacy policy.

We will notify you of any major material changes to this privacy policy supplement through in-app notifications and/or email.

You will be required to review and accept the updated policy before continuing to use specific features.

Syai Health reserves the right to update and amend the document without prior notice for changes that will not materially impact the way we handle your details and relevant data.

If you do not agree to the updates regarding the Privacy Policy, you should execute the account deletion procedure in-app or through the corresponding web portals. By using the application and services from the Syai Health Ecosystem, you acknowledge that you have read and understood this privacy policy supplement.

Contact Us

Should you have any questions, comments, or concerns regarding our privacy practices, please do not hesitate to contact us using the information provided below:

Company Name: Syai Health Technology Pte., Ltd.

Address: #03-01, 112 Robinson Rd, SINGAPORE 068902

Email inquiries: info@syai.com