Last revised August 1, 2025

Table of Contents

1. Introduction
2. How your information may be collected
3. How your information may be used
4. Disclosure of your information
5. Choices about how we collect, use, and disclose your information
6. Requests regarding your information
7. Information for international users
8. Information security and retention
9. No medical advice or care
10. Not intended for children
11. Changes to this Privacy Policy
12. Ethical conduct
13. Contact us

1. Introduction.

We respect your privacy, and we are committed to protecting it. This Privacy Policy describes how Rise Healthcare Tech, Inc., doing business as both “Ostro” and “RxDefine”, and our affiliates (collectively, “Ostro”, “we” and “us”) collects, uses, and protects information about you on behalf of our customers to enable our customers’ own services.

In such cases, we act as a processor or service provider on behalf of those customers, and our processing is governed by an applicable agreement with those customers and those customers’ instructions. This Privacy Policy is provided solely for informational purposes, and our customers’ Privacy Policies will continue to govern our customers’ handling of end-user personal information. If you are an end-user of one of our customers and have questions about how your information is processed through the customers’ use of our technologies, products or services (collectively “services”), please contact the customer who has provided your information to us for more information.

Please refer to our Controller Privacy Policy for more information about how we process data as a data controller.

2. How your information may be collected.

We collect different types of information about you on behalf of our customers through our services.

As part of providing our services to customers, we may collect certain information you provide while using the services, including contact information, date of birth, gender, professional information (such as license and NPI numbers), insurance information, medical or health history (such as prescription drug or other product history and status or questions that you may have, and adverse event reports or product quality concerns), and other information you voluntarily provide.

For example, we collect information when you use our tools and services on one of our customers’ websites. We use any information you provide on our customers’ sites solely for the purposes described in this Privacy Policy.

In addition to collecting data directly from you, our customers may customize certain of the technologies, products, and interactions that we provide to deploy their own preferred first-party or third-party technologies (for example, technologies like cookies, pixels, and tags) within or alongside our services. In each such case, such collection and use of your information will be governed by that customer’s own terms of use and privacy policy (not ours), which is typically accessible from the website, application or other channel from which you accessed our services.

3. How your information may be used.

As a processor or service provider, we use the information we collect about you, including information that you provide to us through your use of our services, to provide the services to our customers and as otherwise agreed with such customers, such as to improve the services. We provide our customers with various tools that enable functionality and features for healthcare providers, consumers, patients, and other end users of our tools.

Our use of your information, including as described above, is at all times subject to the limitations and conditions of this Processor Privacy Policy, our customers’ privacy policies, and of the laws applicable to your privacy and personal information (as such term is defined under applicable law) (“Privacy Laws”). In general, we use the information you provide to enable the services you are requesting from our customers (e.g., searching for certain information), to keep our services secure, and to detect and prevent potential fraud.

For avoidance of doubt, we may also collect and create aggregated or de-identified information that cannot reasonably identify you or your device (“De-identified Information”) from a variety of sources, including information about and generated by your use of our services. We may use De-identified Information for any lawful purpose, including to disclose to our customers and business partners, to support, develop, improve, and enhance our services and other products, technologies, and services, and to perform quality assurance and other security testing and monitoring with respect to our services and our business.

Please note, our customers may use information they collect via our services for their own purposes, which may include without limitation:

• to record adverse events,  
• advertising and marketing their products and services,
• improve their own products and services,
• to communicate with you about products and services that our customers believe may be of interest to you, and
• to meet their own legal obligations.  

4. Disclosure of your information.

We may disclose your information only as directed by our customers or as required or permitted by applicable law, such as:

• to our service providers in connection with the services we provide on behalf of our customers. The services provided by these organizations include without limitation:

• • IT and infrastructure support services;
  • information and cybersecurity services;
  • data analytics services;
  • information, product marketing, or content hosting and fulfillment services;
  • patient safety, including adverse event or adverse reaction reporting services, including on behalf of our clients; and
  • internal infrastructure and support services, including communications, product development, user support, and quality assurance.

• to the customer associated with the end user, including as part of the services that we provide and for which we receive financial and/or other compensation from our customers. In such cases, such customer’s use of your information will be governed by that customer’s own terms of use and privacy policy, which is typically accessible from the website, application or other channel from which you accessed our services. Please note that our services may also enable customers to integrate additional technologies, products, and services that facilitate disclosures of your information to such customers’ service providers and other third parties that provide advertising, marketing, analytics, and other services to our customers.  
• to a buyer or other successor in interest of our business in the event of an actual or contemplated merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which user information is among the assets subject to such transaction or otherwise part of the due diligence of such a transaction;  
• for any other purpose disclosed by our customer when you provide the information; and
• with your consent.

We may also disclose your information:

• to comply with any legal obligations,
• to prevent security incidents; and

• if we believe disclosure is necessary or appropriate to protect the security, health, rights, property, or safety of us, our customers, our or their users, any member of the public, or others. This includes exchanging information with government agencies and authorities, other companies and organizations for the purposes of fraud protection, information security, health and safety, and other lawful purposes.

5. Choices about how we collect, use, and disclose your information.

We do not control the collection and use of your information when our customers integrate our services on their services. In such cases, the relevant customer acts as a data controller or business and we are the customer’s data processor or service provider.

Our customers may use the information they collect from or about you for their own purposes, which may be different from those described in this Privacy Policy. Please familiarize yourself with the privacy policies and other terms provided by the relevant customers about their own products and services.

In addition to the choices our customers provide you regarding your information, you may have additional choices regarding the your information, such as:

• Tracking technologies. As described above, our customers may integrate third-party tracking technologies such as cookies into our services, and such technologies may transmit your information to third parties for advertising, marketing, analytics, and similar services. On your device, you may be able to choose to be alerted and/or to refuse to accept some or all cookies or other tracking technologies by activating the appropriate setting in your browser and/or device settings. However, refusing these technologies, including cookies, may cause certain parts of the services to be unavailable to you or to not work as intended. Our customers may offer other tools that allow you to opt out of such tracking technologies; please see their privacy policies for more information.
  
  Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. While you can disable cookies and/or other tracking technologies as described above, many customers may not honor or recognize when your browser sends “do not track” signals.  
• Email communications. By providing your e-mail address via the services, you are agreeing to be contacted by or on behalf of the relevant customer, including by Ostro acting on behalf of the customer, at the address you have provided to receive informational, transactional, product or service related, or marketing communications relating to the customer’s services. If you do not wish to receive such communications, please refer to the marketing communication for instructions as to how to unsubscribe. Please note that opting out will not prevent customers from sending you transactional communications, such as product warnings, recall information, or legal notices.

• SMS and Phone Communications. Where you provide consent to one of our customers to receive communications via SMS, you are agreeing to be contacted by or on behalf of the relevant customer, including by Ostro acting on behalf of the customer, at the number you have provided, including voice and text messages, to receive informational or transactional messages and communications related to the customer’s service. Voice and text messages may be sent using automated or nonautomated technology. If you are experiencing issues with any text messaging program or service that we provide, please reply with the keyword HELP for further assistance. To stop receiving text messages text a reply to us with the word STOP. We may confirm your opt out by text message. If you subscribe to multiple types of text messages from us, we may unsubscribe you from the service that most recently sent you a message or respond to your STOP message by texting you a request to identify services you wish to stop. Please note that by withdrawing your consent some of our customers’ services may no longer be available to you.  

Please refer to the relevant customer’s privacy policy – which is typically accessible from the website, application or other channel from which you accessed our services – for other choices that the customer may provide to you.

6. Requests regarding your information.

Please note that we are not obligated to respond to requests regarding information that we handle as a processor or service provider to our customers. The relevant customer is responsible for responding to such requests. If you submit a request regarding information for which we are a processor or service provider, we may forward your request to the applicable customer so that they may review and, if appropriate, accommodate your request.

Please note that we reserve the right not to respond to requests related to your information if we are not legally required to respond.

7. Information for international users

Ostro is headquartered in the United States, and we may transfer, store, and/or process your information to or with other entities within the Ostro family of companies or other third parties such as trusted service providers and partners in locations around the world for the purposes described in this Privacy Policy. Wherever your information is transferred, stored, or processed by us, we take appropriate steps to protect your information in accordance with this Privacy Policy and applicable laws.

8. Information security and retention.

We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology, multifactor authorization, and various authentication and identity management tools to safeguard the information sent and received by us, and take steps to comply with any security-related requirements of our customers in accordance with the terms of our agreements with customers.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your information, we cannot guarantee the security of your information when it is transmitted to, on, or through our services or otherwise disclosed to us. Any transmission or disclosure of your information is at your own risk.

Please note, we retain information for as long as necessary to fulfill the purposes specified in an applicable agreement with our customers.

9. No medical advice or care.

Ostro is not a medical group. We do not provide medical advice or care. Information communicated to you through our services is not a substitute for a discussion with a licensed medical practitioner and should never be applied or interpreted as medical advice or any form of personal treatment plan.

Any healthcare or clinical services scheduled, obtained or otherwise facilitated through our services are provided by an independent “healthcare provider” unaffiliated with Ostro. In this Privacy Policy, “healthcare provider” means any individual who is acting in any medical or clinical capacity, including in the capacity of a doctor, nurse, or other medical professional. Your healthcare provider, and not Ostro, is responsible for providing you with a Notice of Privacy Practices that describes its collection and use of your health information. Please contact your healthcare provider with any questions about your healthcare provider’s Notice of Privacy Practices.

Any information shared through the services, including without limitation information about healthcare provider availability or qualifications, formulary or other insurance coverage status, eligibility criteria for financial support, is delivered in a non-personal way and is not an explicit statement or expectation of suitability to your or any other individual’s specific healthcare, financial or other circumstances. Your interaction with the services is never intended to take the place of your relationship with your own healthcare provider, and you are at all times responsible for discussing and agreeing on all health and medical care decisions with your own healthcare provider, which shall not include us or our Customers or either of our personnel.

Certain elements of the services may be provided, in our sole discretion, by Ostro personnel, including employees, contractors, service providers, and agents, who hold former or current medical qualifications (e.g., MD, RN). Whether qualified as a medical professional or not, in no event shall any navigator or other individual acting on behalf of us act as a healthcare provider in connection with the services, whether to or on behalf of you or any other person, or enter into or be deemed to be enter into a patient relationship with, or otherwise provide any form of clinical or medical advice, to you or to any other person, whether directly or indirectly. This includes, if you are a healthcare provider or acting on behalf of a healthcare provider, to any patient or other individual with whom you may have a patient relationship. As part of the services, such individuals may provide general and/or personalized “navigation” or similar services (“Navigation Services”) to users of the services, including you. Ostro personnel providing Navigation Services (“Navigators”) are limited to educating on the product indications, disease state information, and other topics, and to providing the related support services, for which they are trained. Navigators do not provide medical advice nor do they advise on any other element of a personalized healthcare arrangement. Navigators do not work under the direction of any institution or medical provider with whom you may interact and, if you are a healthcare provider or acting on behalf of a healthcare provider, Navigators are not authorized to work under your direction. Navigators may not be licensed to practice nursing in your state of residence.

As part of the services, Navigators may assist you in scheduling or booking appointments with healthcare providers, identify a pharmacy or other location to receive a specific medicine or product, or other similar facilitation activities. In doing so, our role is limited to facilitating the specific activity for your convenience. We do not select or recommend any specific healthcare provider or other provider or service, nor do we make any representations or warranties regarding the qualifications, quality, or suitability of any of the foregoing. In each case, the choice of whether and how to proceed is entirely yours, and you are solely responsible for all costs, fees, and expenses associated with any appointments, consultations, treatments, prescriptions, or other services that you may arrange through or as a result of your use of the services.

Ostro is not an insurer. Neither Ostro nor its customers guarantee insurance coverage or reimbursement for any such costs, nor are we or they responsible for any billing or payment disputes between you and any healthcare provider or other party.

The services, including the Navigator Service, are not an emergency service and cannot assist you in an emergency. In the event of an emergency please seek emergency medical assistance immediately.

10. Not intended for children.

Our services are intended for general audiences and are not directed at children. If we become aware that we have collected data without legally valid parental consent from children under an age where such consent is required, we will take reasonable steps to delete it as soon as possible. If you believe we might have any information from a child for which legally required parental consent was not provided, please contact us immediately at privacy@ostrohealth.com.

Certain products or services that may be presented or discussed as part of the services may be appropriate for minors and/or individuals who are not able and/or are not authorized to use the services themselves, including because they lack the ability to provide appropriate and informed consent to the use thereof. If you are accessing the services in such as case and on the behalf of such an individual, by using the services you represent and confirm that (a) you are using the services on behalf of or for the benefit of an individual who is not authorized or capable of using the services for themselves (a “Caregiver Subject”), (b) you are such Caregiver Subject’s parent, legal guardian or other duly authorized caregiver (a “Caregiver”), and (c) you will use the services only in a lawful manner and for the benefit of such Caregiver Subject. When using the services as a Caregiver, certain references in this Privacy Policy, as well as elsewhere in the services, may refer to “you” (e.g., “your healthcare provider”) and should be appropriately read and understood as referring to your Caregiver Subject.

11. Changes to this Privacy Policy.

This Privacy Policy may change from time to time. It is our policy to post any changes we make to our Privacy Policy on this page, and to clearly indicate the date on which this Privacy Policy was last updated. Your continued use of our services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

12. Ethical conduct.

We pride ourselves on ethically empowering people like you to navigate their health. If you see or suspect any unethical or illegal activity of any kind in connection with our services we would appreciate it if you would report it to us immediately so that we may promptly investigate. Please contact us at compliance@ostrohealth.com.

13. Contact us.

If you have any questions, concerns, complaints or suggestions regarding this Privacy Policy or otherwise need to contact us, you may contact us at the contact information below:

‍How to Contact Us:

Ostro

382 NE 191st St
# 71935
Miami, Florida 33179-3899

(786) 550-8082

E-mail: privacy@ostrohealth.com

‍