This Consumer Health Data Privacy Policy (“the Policy”) applies specifically to Consumer Health Data collected and processed by Tempus through the olivia Personal Health Record (“PHR”), which is made available to you at app.oliviahealth.ai (“Site”) and through our mobile application (“App”) (which, collectively with the Site and the PHR, constitutes the “Service”). For more information about olivia’s privacy practices, please consult our Privacy Policy.

‍

Definitions

For purposes of this Policy, the following definitions shall apply:

• “Consumer Health Data” means Personal Information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. It includes any information that is regulated as “Consumer Health Data” under Washington’s My Health My Data Act, Nevada’s Health Data Privacy Act, and similar health privacy laws in effect in other jurisdictions.
• “Personal Information” means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with a particular consumer. “Personal Information” does not include non-identified information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person). To the extent that we process deidentified data, we will maintain and use the data in deidentified form and will not attempt to reidentify the data unless permitted by applicable law. Deidentified data that is reidentified and otherwise qualifies as Consumer Health Data is subject to this Policy.

‍

Collection of Consumer Health Data

We collect information from you when you provide it to us in relation to our PHR Service. This may include the following categories of Consumer Health Data:

• Health conditions, treatment, diseases, or diagnosis;
• Social, psychological, behavioral, and medical interventions;
• Health-related surgeries or procedures;
• Use or purchase of prescribed medication;
• Bodily functions, vital signs, symptoms, or other health-related measurements;
• Diagnoses or diagnostic testing, treatment, or medication;
• Gender-affirming care information;
• Reproductive or sexual health information;
• Genetic data;
• Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies;
• Data that identifies individuals seeking health care services; and
• Information that we derive from nonhealth data to associate or identify individuals with any of the categories of Consumer Health Data identified above.

‍

We collect the above categories of Consumer Health Data for the following purposes:

• Provide you with our Service (including providing you with information and responding to questions about the Service, as well as improving the Service);
• Fulfill the terms of any agreement you have with us; 

• Fulfill your requests for our Service or otherwise complete a transaction that you initiate, including processing payments;
• Send you information about our Service and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, including promotional emails; 

• Improve, analyze, develop, and build our artificial intelligence and machine learning capabilities; 
• Deliver confirmations, account information, notifications, and similar operational communications; 
• Improve and analyze your user experience and the quality of our products and Service; 
• Comply with legal and/or regulatory requirements; 

• Aggregate and deidentify information; 
• To promote and conduct educational or promotional events, including those that may be in person and to support our marketing and advertising activities; 
• Analyze how visitors use the Service and its various features, including to count and recognize visitors to the Site; 
• Create new products and services;
• Protect the security or integrity of the Services, including to perform security analyses to verify that the Services are working properly and has not been compromised based on our legitimate interests;
• Protect us, our users, and the public, and comply with applicable law, regulation, or legal process, including to validate user information for fraud and risk detection purposes, resolve disputes and protect the rights of users and third parties, respond to claims and legal process (such as subpoenas and court orders), fulfill our reporting obligations, monitor and enforce compliance with our contracts, including any agreements between you and us, and otherwise detect, prevent, or stop any activity that may be illegal, unethical, or legally actionable;
• Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our customers is among the assets transferred; and
• Manage our business.
  

We only collect the above categories of Consumer Health Data from the following sources:

• From you directly when you provide it to us via the olivia Service; and
• From your provider, a mobile health app, or other source of Consumer Health Data if you provide us with permission or authorization to retrieve such information on your behalf.

‍

‍Sharing of Consumer Health Data

We may share any of the categories of Consumer Health Data described in the “Collection of Consumer Health Data” section, above. We may share these categories of Consumer Health Data with the following categories of third parties and specific affiliates:

• Our service providers and agents in connection with services or business purposes that these individuals or entities perform for, or with, Tempus. These third-party service providers can include web-hosting companies, mailing vendors, and analytics providers. We may, for example, provide your Consumer Health Data to a service provider to send you information that you requested.

‍

In some cases, Tempus may disclose Consumer Health Data (i) if required to do so by law, court order or legal process, (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (iii) under the discovery process in litigation, or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity. Tempus also may transfer Consumer Health Data when a material event concerning its business operation(s), assets or shares, such as purchase, disposal, merger, joint venture or acquisition, is proposed or occurs.

‍

Exercising Your Rights

In accordance with applicable law, you may have the following rights in relation to your Consumer Health Data:

• The right to confirm whether we are collecting, sharing, or selling your Consumer Health Data;
• The right to access your Consumer Health Data, including a list of all third parties and affiliates with whom we have shared or sold the Consumer Health Data and an active email address or other online mechanism that you may use to contact these third parties;
• The right to withdraw consent for our collection, sharing, and selling of your Consumer Health Data;
• The right to delete your Consumer Health Data; and
• The right to correct or amend any Consumer Health Data that we have on file about you.

‍

For additional rights that may apply to your Personal Information, please see our Privacy Policy.

To exercise any of these rights, please contact us by email at privacy@tempus.com with your name, the email address associated with your interactions with Tempus (if different), and details about your interactions with Tempus. You may also designate an authorized agent to submit a request on your behalf. To designate an agent, please also send us a written and signed document by both you and the agent that authorizes the agent to act on your behalf. You may also use a power of attorney. Please note that we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we are receiving a request. We will respond to any request you submit in the time period required by applicable law and will allow you to appeal any decision we make in response to such request in accordance with applicable law. Appeals may be submitted to privacy@tempus.com.

If we deny your request and your information is protected by Washington’s My Health My Data Act, you may file a complaint to the Washington Attorney General’s office through this link: https://www.atg.wa.gov/file-complaint.

‍

Changes to the Policy

If we make material changes to how we treat our users’ Personal Information, we will update this Policy, and where required by applicable law, will make reasonable attempts to notify you of the fact that this Policy has been updated.

‍

Contact Us

For questions about our Privacy Policy, to make choices about receiving promotional communications, to request to exercise a Data Subject Right, or to update your Personal Information, you can contact us by email, at privacy@tempus.com with the phrase “Data Subject Request” in the subject line, or by writing us at 600 West Chicago Avenue, Chicago, IL 60654; Attn: Privacy.

‍

Policy Effective Date: March 5, 2026