Effective: March 5, 2026

This Privacy Policy (“Policy”) describes how Tempus AI, Inc., (“Tempus,” “we,” “our,” “us”) collects, uses, and discloses certain Personal Information obtained through the olivia Personal Health Record (“PHR”), which is made available to you at app.oliviahealth.ai (“Site”) and through our mobile application (“App”) (which, collectively with the Site and the PHR, constitutes the “Service”). By using our Service, you agree to the terms of this Policy and our Terms of Use.

For the purposes of this Policy, “PersonalInformation” means information about you that reasonably can be linked to you, such as your name, social security number, health information, demographic information, and/or other identifiers as may be defined under state and federal law.

‍

What Information We Collect and Maintain About You

Personal information collected from accountholders. If you make an account in relation to your use of our Service (and are an “accountholder”), we may collect information related to the creation and maintenance of your account. This may include your name, email address, birth date, gender, race/ethnicity information, state of residence, method of payment, and any username and password you create as part of accessing or maintaining your account.

If you use the PHR Service, we may collect the following categories of information about you:

• Information about your medical history, including information about your healthcare providers and the institutions where you have received care;
• Health insurance information;
• Information that you self-report about your health;
• Other instances when you choose to provide us with certain information or have us collect information on your behalf;
• Payment details, and other information to process your payments, including your billing address.

‍

We will only collect the above categories of information to the extent that you either affirmatively provide it or if you provide us with permission or authorization to retrieve such information on your behalf.

‍

Other Personal Information collected through the Site or App. You can visit the Site without submitting any information that directly identifies you. However, to use certain features on the Site or App, such as signing up for our updates, you will be required to provide Personal Information. Such information could include, for example, your name and email address.

‍Automatically Collected Information. There are certain categories of information, including Personal Information, that we collect automatically from you based on your interactions with the Service. These include: 

• Web log data: This may include such data as your IP address and domain name, the pages you visit on the Service, the date and time of your visit, the files that you download, the URLs from the websites you visit before and after navigating to the Service, your software and hardware attributes (including device IDs), your general geographic location (e.g., your city, state, or metropolitan region), and certain cookie information (see below). To obtain such information, we may use web logs or applications that recognize your computer and gather information about its online activity.
• Cookies:  Cookies are small files that are stored on your computer by your web browser. A cookie allows the Service to recognize whether you have visited before and may store user preferences and other information. For example, cookies can be used to collect or store information about your use of the Service during your current session and over time (including the pages you view and the files you download), your computer’s operating system and browser type, your Internet service provider, your domain name and IP address, your general geographic location, the website that you visited before visiting the Service, and the link you used to leave the Service. If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. However, if you choose to block or delete cookies, certain features of the Service may not operate correctly.
• Web beacons:  A web beacon (also known as a “clear gif” or “web bug”) is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include Personal Information. For example, it can allow an email sender to determine whether a user has opened a particular email.
• Third-party online tracking and behavioral advertising: We may partner with certain third parties to collect, analyze, and use the personal and other information described in this section. For example, we may allow third parties to set cookies or use web beacons on the Service or in email communications from us. This information may be used for a variety of purposes, including online interest-based advertising, as discussed below (see “With Whom and Why We Share Your Information”).

‍

How We Collect Information About You

We collect Personal Information directly from you in the below contexts. We also collect Personal Information from you using sources like advertising or marketing networks, data analytics providers, social media platforms, and other service providers or third parties.

• If you register an account with us or otherwise access the Service
• In connection with your interactions, inquiries, or other requests
• If you upload or share a photo or other digital content through one of our Service, or share content linking to any of our social media accounts
• If you participate in a contest, promotion, or survey
• If you contact us via e-mail or through our customer service, including through the use of online chat tools that we may make available
• Through the business services that our third-party vendors provide, including linking any information that we collect from other sources with information that you provide to us
• We and our third-party vendors may use tracking tools like browser cookies, flash cookies, pixels, and web beacons to collect information from you. This information may be used for a variety of purposes, including online interest-based advertising, as discussed below (see “With Whom and Why We Share Your Information”).

‍

How We Use and Process Your Information

We use the information that we collect (described in “What Information We Collect and Maintain About You,” above) for a variety of purposes. Our legal bases for processing your Personal Information are: 1) our legitimate interest in running and maintaining our business; 2) performance and fulfillment of our contracts; 3) your consent; and 4) compliance with our legal obligations. In many instances, more than one of these legal bases apply to the processing of your Personal Information.

The purposes for which we use your information include to:

• Provide you with our Service (including providing you with information and responding to questions about the Service, as well as improving the Service);
• Fulfill the terms of any agreement you have with us;
• Fulfill your requests for our Service or otherwise complete a transaction that you initiate, including processing payments;
• Send you information about our Service and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, including promotional emails;
• Improve, analyze, develop, and build our artificial intelligence and machine learning capabilities;
• Deliver confirmations, account information, notifications, and similar operational communications;
• Improve and analyze your user experience and the quality of our products and Service;
• Comply with legal and/or regulatory requirements;
• Aggregate and deidentify information;
• To promote and conduct educational or promotional events, including those that may be in person and to support our marketing and advertising activities, including delivering personalized advertising;

• Analyze how visitors use the Service and its various features, including to count and recognize visitors to the Site;
• Create new products and services; 
• Protect the security or integrity of the Services, including to perform security analyses to verify that the Services are working properly and has not been compromised based on our legitimate interests;
• Protect us, our users, and the public, and comply with applicable law, regulation, or legal process, including to validate user information for fraud and risk detection purposes, resolve disputes and protect the rights of users and third parties, respond to claims and legal process (such as subpoenas and court orders), fulfill our reporting obligations, monitor and enforce compliance with our contracts, including any agreements between you and us, and otherwise detect, prevent, or stop any activity that may be illegal, unethical, or legally actionable;
• Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our customers is among the assets transferred; and
• Manage our business.

‍

‍

With Whom and Why We Share Your Information 

We may share any of the information described in “What Information We Collect and Maintain About You,” above, with other parties for a variety of purposes, as described below.
‍

Third-party service providers. Tempus uses third-party service providers that perform services on our behalf, including web-hosting companies, mailing vendors, and analytics providers. These service providers may collect and/or use your information, including information that identifies you personally, to assist us in achieving the purposes discussed above.

Analytics. We partner with certain third parties to obtain the automatically collected information discussed above and to engage in analysis, auditing, research, and reporting. These third parties may use web logs or web beacons, and they may set and access cookies on your computer or other device. In particular, the Service uses Pendo, Segment, and Freshpaint to help collect and analyze certain information for the purposes discussed above. ‍

Interest-based advertising. The Service also enables third-party tracking mechanisms to collect information about you and your computing devices for use in online interest-based advertising. For example, third parties may use the fact that you used our Service to target online ads to you. In addition, our third-party advertising networks might use information about your use of our Service to help target advertisements based on your online activity in general, collected over time and across different websites or platforms. The Services utilize third party services provided by Meta, Segment, and Freshpaint for these purposes.

The use of online tracking mechanisms by third parties is subject to those third parties’ privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer or other device, you may set your browser to block cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance by opting out here. Our Site does not currently respond to “do not track” browser headers. However, our Site may recognize certain opt-out preference signals, such as the Global Privacy Control, and will process such signals in accordance with applicable law, potentially including “do not sell”, “do not share”, “limit the use or disclosure of sensitive personal information,” and opt out of targeted advertising requests. You may set such a signal through your browser or browser extension.

Please note that we do not use third-party advertising trackers to track your activity after you have logged into your account.

‍

Legal purposes. We may use or share your information with third parties when we believe, in our sole discretion, that doing so is necessary:

• To comply with applicable law or a court order, subpoena, or other legal process;
• To investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party;
• To establish, protect, or exercise our legal rights or defend against legal claims; or
• To facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.

‍

Aggregated and de-identified information. From time to time, Tempus may aggregate or de-identify information about users for internal purposes such as troubleshooting or analyzing and improving the Services.. Such aggregated or de-identified information is not Personal Information. To the extent that we process deidentified data, we will maintain and use the data in deidentified form and will not attempt to reidentify the data unless permitted by applicable law. Deidentified data that remains deidentified is not Personal Information, and we may use such data for any lawful purpose. Deidentified data that is reidentified and otherwise qualifies as Personal Information is subject to this Privacy Policy. 

Other third parties. We may share your information with other third parties when necessary to fulfill your requests; to complete a transaction that you initiate; to meet the terms of any agreement that you have with us or our partners; or to manage our business.
‍

Your Privacy Rights

If you want to learn more about the Personal Information that Tempus has about you, or you would like to update, change, or delete that information, please contact us by email at privacy@tempus.com.

You may opt out of receiving marketing emails and text messages from us by following the instructions in those messages or by emailing us at privacy@tempus.com. 

You may have the rights listed below (“Data Subject Rights”) with respect to the Personal Information that we collect or process about you, however, these rights differ depending on your place of residency, including California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. Please note that we reserve the right to honor your Data Subject Rights to the extent required by applicable law.

• Right to Confirm Processing, Access, and/or Obtain a Copy: If you ask us, we will confirm whether we are processing your Personal Information. Additionally, upon request, we will provide you with a copy of all Personal Information you are lawfully entitled to receive, potentially including specific pieces of information, along with certain other details.
• Right to Amend: If you believe your Personal Information is inaccurate or incomplete, you may request that we correct it.
• Right to Delete: You may request that we delete Personal Information that we maintain about you.
• Right of Portability: You may request that we move, copy, or transfer the electronic Personal Information that we hold about you to another organization.
• Right to Revoke Consent and/or Opt Out of Certain Processing Activities: You may ask us to restrict or stop the processing of your Personal Information. This includes general requests and requests in specific contexts, such as if we process Personal Information that is considered “sensitive” under applicable U.S. state laws or engage in certain automated decision-making activities.
• Right to Limit Use and Disclosure of Sensitive Personal Information: You may ask us to limit the use and disclosure of sensitive Personal Information by emailing privacy@tempus.com or calling (833) 514-4187.
• Right to Opt Out of Targeted Advertising or “Sharing”: Targeted advertising is the practice of serving you tailored advertisements based on your Personal Information gathered over time and across other businesses, websites, applications, or services. Some jurisdictions may refer to this activity as “sharing.” You have the right to opt out of this practice by emailing privacy@tempus.com or calling (833) 514-4187.
• Right to Opt Out of Sales: Some jurisdictions may consider targeted advertising a “sale” of Personal Information. You may request that we not “sell” your Personal Information by emailing privacy@tempus.com or calling (833) 514-4187.
• Right to Non-Discrimination: We will not discriminate against you for exercising Data Subject Rights, but we may charge a reasonable fee as permitted by law in fulfilling these rights, such as if you request multiple copies of your Personal Information.
• Right to Appeal: If we deny your request to exercise a Data Subject Right, you may have the right to appeal the decision with us. If you would like to appeal a prior decision, please be sure to include information about your prior request so that we may locate our earlier determination. Appeals may be submitted to privacy@tempus.com with the subject line “Appeal of Decision Related to Privacy Rights Request.”  
• Right to Lodge a Complaint: You may submit a complaint to the competent supervisory authority in the country or state in which you live if you have any concerns about our processing of your Personal Information or if we deny your appeal to review a prior decision about your Data Subject Rights.
  ‍

If you or your authorized agent would like to exercise a Data Subject Right, you may do so by following the instructions in “Contact Us” below. Please note that you may also login to your account to access and correct your account information at any time.

In order to process your request to exercise a Data Subject Right, we will ask you to verify your identity by confirming your name, e-mail address, phone number, or other identifiable information that we have in our records, such as most recent interaction with us, if applicable.

If you exercise your right to appeal our determination with respect to your Data Subject Rights, and we deny your appeal, you may have the right to submit a complaint to your regulator. Information for your relevant regulator may be found below.

Depending on your place of residency, you may have additional rights in relation to the processing of your consumer health data. Please review our Consumer Health Data Privacy Policy for more information. Additionally, if you are a resident of the state of California, please review our California Privacy Notice. If you are a resident of the state of Washington or the state of Nevada, please review our Consumer Health Data Privacy Policy.

‍

Data Security

We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information. We cannot, however, ensure or warrant the security of any information you transmit to us via the Service, and you do so at your own risk.
‍

Data Retention

We will retain your Personal Information for as long as is reasonably necessary to fulfill the relevant purposes set out in this Policy and during the period required or permitted by law. The retention period will primarily be determined by relevant legal and regulatory obligations and/or duration of our business relationship with you. We will securely delete or erase your Personal Information if there is no valid business reason for retaining your data.
‍

Children

Our Service is not designed nor intended to be used or accessed by children under the age of 16. No one under age 16 should provide any information to or through the Service. We do not intentionally collect Personal Information from children through the Services. If you are under the age of 16, do not use or provide any information on or through the Service. If we learn we have collected or received Personal Information from a child under the age of 16 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information from or about a child under 16, please contact us immediately at privacy@tempus.com.

‍

Links to Non-Tempus Websites and Services

While using our Service, you may encounter and choose to access websites or online services that may not be associated with us by clicking on hypertext links or icons. Tempus does not control and is not responsible for what these other parties do in connection with their websites or online services, or how they handle your Personal Information.

‍

Changes to This Privacy Policy

If we make material changes to how we treat our users’ Personal Information, we will update this Policy, and where required by applicable law, will make reasonable attempts to notify you of the fact that this Policy has been updated. 

How to Contact Us

Should you have any questions or concerns about this Policy, you can contact us at privacy@tempus.com.

‍

olivia Personal Health Record California Privacy Notice

Date Last Updated: March 5, 2026

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act (collectively, the “CCPA”) provide you with certain rights regarding your personal information, including the right to know about personal information collected, disclosed, or sold; the right to request that we delete personal information that we have collected from you; the right to update or correct your information; the right to opt-out of the sale or sharing of your personal information; the right to limit our use of your sensitive personal information; and the right not to be discriminated against for exercising your rights. These rights are subject to certain exceptions. You may also visit our Privacy Policy to learn more about how we protect your information.  

Any capitalized terms in this California Privacy Notice that are not otherwise defined have the same meaning as they do in the CCPA or our Privacy Policy.

This California Privacy Notice also serves as our “Notice at Collection” for purposes of the CCPA.
‍

Collection of Personal Information

If you visit, use, or interact with our Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). We may have collected the following categories of personal information about you over the past 12 months:

• Identifiers, such as your name, postal address, email address, and IP address.
• Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80, such as your name, address, telephone number, education, employment history, medical information, credit card or debit card number, and other payment details.
• Commercial information, such as information about a user’s interactions with advertisements.
• Internet or other electronic network activity information, such as your IP address, device type, device operating system, device make and model, device identifiers such as mobile advertising IDs, and information about your interactions with our Services.
• Geolocation data, such as geographic coordinates.
• Professional or employment-related information, such as job history and job title.
• Education information.
• Inferences drawn from any of the information identified above.
• Sensitive personal information, such as:
  
  • Precise geolocation
  • Personal information collected and analyzed concerning a consumer’s health
  • Payment details

‍

We collect the personal information listed above from the following sources:

• From you directly, when you provide it to us.
• From your provider, a mobile health app, or other source of consumer health data if you provide us with permission or authorization to retrieve such information on your behalf.
• Automatically from your browser or device, or from our Services.

‍

Disclosure, Sharing, and Sale of Personal Information

In the last 12 months, we may have disclosed for our business purposes the following categories of personal information subject to the CCPA:  

• Identifiers, such as your name, postal address, email address, and IP address.
• Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80, such as your name, address, telephone number, education, employment history, medical information, credit card or debit card number, and other payment details.
• Commercial information, such as information about a user’s interactions with advertisements.
• Internet or other electronic network activity information, such as your IP address, device type, device operating system, device make and model, device identifiers such as Mobile Advertising IDs, and information about your interactions with our Services.
• Geolocation data, such as geographic coordinates.
• Professional or employment-related information, such as job history and job title.
• Education information.
• Inferences drawn from any of the information identified above.
• Sensitive personal information, such as:
  
  • Precise geolocation
  • Personal information collected and analyzed concerning a consumer’s health
  • Payment details

‍‍Please read “What Information We Collect and Maintain About You” for more context and examples of our data collection.

We may have disclosed any of the information listed above to:

• Third-party service providers supporting the operation of our Services.
• Analytics providers, to help analyze the data that we collect.
• Your healthcare provider or insurer, at your direction.
• Our affiliates, subsidiaries, and parent companies.
• Other third parties for a legal purpose (such as in response to a court order or to defend against a legal claim).
• Other third parties when necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party.
• Other third parties when necessary to fulfill your requests for services; to complete a transaction that you initiate; to meet the terms of any agreement that you have with us or our partners; or to manage our business.
  ‍

Sale or Share of Personal Information: Because we engage in the practice of cross context behavioral advertising, also known as online targeted advertising, we may “sell” and/or “share” your personal information as those terms are defined by the CCPA. In the preceding 12 months, we may have “sold” or “shared” identifiers, commercial information, “sensitive” personal information in the form of health information (to the extent that our usage and interaction data with certain health-related webpages in our Services is considered “sensitive” health information), and internet or electronic network activity information with data analytics, advertising networks, and/or social media networks. We do not have any actual knowledge that we sell or share the personal information of users under the age of 16.
‍

Sensitive Personal Information Uses or Disclosures: We disclose your sensitive personal information for uses or discloses beyond the limited purposes specified under the CCPA regulations. The data that we capture about your interactions with some of our health-related online Services may be considered “sensitive” personal information. We use this interaction data to support cross-context behavioral advertising, as described above. You may request that we limit this use of your “sensitive” personal information by following the instructions at the end of this Privacy Policy.

‍

Purposes for Collection, Use, and Disclosure of Personal Information

We may collect, use, or disclose your personal information to the entities listed above for the following purposes:

• Provide you with our Services;
• Facilitate business transitions, such as a merger, acquisition by another company, or sale of all or a portion of our assets;
• Fulfill legal requirements.

‍‍Please read “How We Use and Process Your Information” for more context and examples of business purposes.

‍

Your Rights

If we maintain personal information about you that is subject to the CCPA, you may exercise certain rights in connection with this data if you are a California resident.

‍

Right to Know. California residents have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months (“Right to Know”). Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• The categories of personal information that we have disclosed for a business or commercial purpose.
• Our business or commercial purposes for collecting, selling, or sharing personal information.
• The categories of third parties with whom we share or disclose that personal information.
• The specific pieces of personal information we collected about you (i.e., a data portability request).

‍

Right to Delete. California residents have the right to request that we delete the personal information that we collected from you and retain, subject to certain exceptions (“Rightto Delete”). Once we receive and verify your request, we will delete (and direct our service providers/contractors to delete) your personal information from our records, unless an exception applies.

‍

Right to Correct. California residents have the right to correct or amend the personal information we have on file (“Right to Correct”). You may correct or amend by logging into your account or by contacting us using the information below.

‍

Right to Opt-Out of Sale or Sharing. The CCPA provides California residents with the right to opt-out of the “sale” or “sharing” of their personal information (“Right to Opt Out”). We do not sell or share your personal information without your consent. We do not have actual knowledge that we sell or share the personal information of California residents under the age of 16.

‍

Right to Limit the Use and Disclosure of Your Sensitive Personal Information. The CCPA provides California residents with the right to limit (“Right to Limit”) the use of their “sensitive personal information” to the purposes outlined in Cal. Code Regs. tit. 11, § 7027(m) of the CCPA regulations. We do not use your personal information for purposes that require us to provide a Right to Limit.

‍

Right to Nondiscrimination. The CCPA provides California residents with the right not to receive discriminatory treatment for the exercise of their privacy rights conferred by the CCPA. We will not discriminate against you for exercising any of your CCPA rights.

‍

Exercising Your Rights

If you are a California resident and wish to exercise any of the above rights, you may submit a request to us by email at privacy@tempus.com or by calling (833) 514-4187.

When you submit a request, we will confirm your identity by asking you to provide information associated with what we have on file for you, including your name, email address, and other identifying information. We may ask you for additional information to verify your identity or to comply with your request.

‍

Authorized Agent. You may authorize an agent to make a request on your behalf. To designate an agent, please provide a written and signed document by both you and the agent that authorizes the agent to act on your behalf. You may also use a power of attorney. We will still require you to provide information to allow us to reasonably verify that you are the person about whom we collected personal information.

‍

Data Retention‍

We retain personal information about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. We do not retain personal information longer than is necessary for us to achieve the purposes for which we collected it.  When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.

‍

Shine the Light Law

In addition to the CCPA, California's "Shine the Light" law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses' practices related to disclosing personal information to third parties for the third parties' direct marketing purposes. We do not disclose your personal information for these purposes.

‍

Contact for More Information

If you wish to contact us regarding this California Privacy Notice, you may do so by email at privacy@tempus.com.

‍

olivia Personal Health Record Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy (“thePolicy”) applies specifically to Consumer Health Data collected and processed by Tempus through the olivia Personal Health Record (“PHR”), which is made available to you at app.oliviahealth.ai (“Site”) and through our mobile application (“App”) (which, collectively with the Site and the PHR, constitutes the “Service”). For more information about olivia’s privacy practices, please consult our Privacy Policy.

‍

Definitions

For purposes of this Policy, the following definitions shall apply:

• “Consumer Health Data” means Personal Information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. It includes any information that is regulated as “Consumer Health Data” under Washington’s My Health My Data Act, Nevada’s Health Data Privacy Act, and similar health privacy laws in effect in other jurisdictions.
• “Personal Information” means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with a particular consumer. “Personal Information” does not include non-identified information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person). To the extent that we process deidentified data, we will maintain and use the data in deidentified form and will not attempt to reidentify the data unless permitted by applicable law. Deidentified data that is reidentified and otherwise qualifies as Consumer Health Data is subject to this Policy.
  ‍

Collection of Consumer Health Data

We collect information from you when you provide it to us in relation to our PHR Service. This may include the following categories of Consumer Health Data:

• Health conditions, treatment, diseases, or diagnosis;
• Social, psychological, behavioral, and medical interventions;
• Health-related surgeries or procedures;
• Use or purchase of prescribed medication;
• Bodily functions, vital signs, symptoms, or other health-related measurements;
• Diagnoses or diagnostic testing, treatment, or medication;
• Gender-affirming care information;
• Reproductive or sexual health information;
• Genetic data;
• Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies;
• Data that identifies individuals seeking health care services; and
• Information that we derive from nonhealth data to associate or identify individuals with any of the categories of Consumer Health Data identified above.

‍

We collect the above categories of Consumer Health Data for the following purposes:

•  Provide you with our Service (including providing you with information and responding to questions about the Service, as well as improving the Service);
• Fulfill the terms of any agreement you have with us; 
•  Fulfill your requests for our Service or otherwise complete a transaction that you initiate, including processing payments;
• Send you information about our Service and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, including promotional emails; 
•  Improve, analyze, develop, and build our artificial intelligence and machine learning capabilities; 
•  Deliver confirmations, account information, notifications, and similar operational communications; 
• Improve and analyze your user experience and the quality of our products and Service; 
• Comply with legal and/or regulatory requirements; 
• Aggregate and deidentify information; 
• To promote and conduct educational or promotional events, including those that may be in person and to support our marketing and advertising activities; 
• Analyze how visitors use the Service and its various features, including to count and recognize visitors to the Site; 
• Create new products and services;
• Protect the security or integrity of the Services, including to perform security analyses to verify that the Services are working properly and has not been compromised based on our legitimate interests;
• Protect us, our users, and the public, and comply with applicable law, regulation, or legal process, including to validate user information for fraud and risk detection purposes, resolve disputes and protect the rights of users and third parties, respond to claims and legal process (such as subpoenas and court orders), fulfill our reporting obligations, monitor and enforce compliance with our contracts, including any agreements between you and us, and otherwise detect, prevent, or stop any activity that may be illegal, unethical, or legally actionable;
• Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our customers is among the assets transferred; and
• Manage our business.

‍

We only collect the above categories of Consumer Health Data from the following sources:

• From you directly when you provide it to us via the olivia Service; and
• From your provider, a mobile health app, or other source of Consumer Health Data if you provide us with permission or authorization to retrieve such information on your behalf.

‍

Sharing of Consumer Health Data

We may share any of the categories of Consumer Health Data described in the “Collection of Consumer Health Data” section, above. We may share these categories of Consumer Health Data with the following categories of third parties and specific affiliates:

• Our service providers and agents in connection with services or business purposes that these individuals or entities perform for, or with, Tempus. These third-party service providers can include web-hosting companies, mailing vendors, and analytics providers. We may, for example, provide your Consumer Health Data to a service provider to send you information that you requested.

‍

In some cases, Tempus may disclose Consumer Health Data (i) if required to do so by law, court order or legal process, (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (iii) under the discovery process in litigation, or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity. Tempus also may transfer Consumer Health Data when a material event concerning its business operation(s), assets or shares, such as purchase, disposal, merger, joint venture or acquisition, is proposed or occurs.

‍

Exercising Your Rights

In accordance with applicable law, you may have the following rights in relation to your Consumer Health Data:

• The right to confirm whether we are collecting, sharing, or selling your Consumer Health Data;
• The right to access your Consumer Health Data, including a list of all third parties and affiliates with whom we have shared or sold the Consumer Health Data and an active email address or other online mechanism that you may use to contact these third parties;
• The right to withdraw consent for our collection, sharing, and selling of your Consumer Health Data;
• The right to delete your Consumer Health Data; and
• The right to correct or amend any Consumer Health Data that we have on file about you.

‍

For additional rights that may apply to your Personal Information, please see our Privacy Policy.

To exercise any of these rights, please contact us by email at privacy@tempus.com with your name, the email address associated with your interactions with Tempus (if different), and details about your interactions with Tempus. You may also designate an authorized agent to submit a request on your behalf. To designate an agent, please also send us a written and signed document by both you and the agent that authorizes the agent to act on your behalf. You may also use a power of attorney. Please note that we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we are receiving a request. We will respond to any request you submit in the time period required by applicable law and will allow you to appeal any decision we make in response to such request in accordance with applicable law. Appeals may be submitted to privacy@tempus.com.

If we deny your request and your information is protected by Washington’s My Health My Data Act, you may file a complaint to the Washington Attorney General’s office through this link: https://www.atg.wa.gov/file-complaint.

‍

Changes to the Policy

If we make material changes to how we treat our users’ Personal Information, we will update this Policy, and where required by applicable law, will make reasonable attempts to notify you of the fact that this Policy has been updated.

Contact UsFor questions about our Privacy Policy, to make choices about receiving promotional communications, to request to exercise a Data Subject Right, or to update your Personal Information, you can contact us by email, at privacy@tempus.com with the phrase “Data Subject Request” in the subject line, or by writing us at 600 West Chicago Avenue, Chicago, IL 60654; Attn: Privacy.

‍

Policy Effective Date: March 5, 2026