HEALTH INFORMATION PRIVACY NOTICE

Tigerless AI Holdings, Inc. ("Tigerless AI," "we," "us," or "our") operates an AI-powered informational platform, Lara, available at lara.tigerless.ai. In the course of providing this service, users may voluntarily submit information that may include information that would be considered Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

Tigerless AI is not a healthcare provider, health plan, or healthcare clearinghouse, and is generally not a "covered entity" under HIPAA. Tigerless AI is not subject to HIPAA in most circumstances. How we handle PHI depends on the context in which it is received. Regardless, when we receive or come into contact with health-related information, we are committed to handling it with appropriate care and in accordance with applicable privacy standards.

This Notice describes how we may use and disclose health information submitted through our platform and outlines our privacy practices.

1. What is Protected Health Information (PHI)?

PHI refers to any individually identifiable health information relating to your past, present, or future physical or mental health condition, the provision of health care to you, or payment for such care. When using Lara, PHI may include information you voluntarily submit, such as:

• Medical conditions, diagnoses, or symptoms mentioned in your queries
• Medications or treatment history included in uploaded documents or questions
• Questions about coverage for specific health conditions or procedures
• Health-related details contained in documents or files you upload
• Any other health-related information shared incidentally during your interactions with Lara

We recognize that health information may be shared intentionally or incidentally, and we treat all such information with appropriate care.

2. How We Use Your Health Information

We do not use your health information to make medical decisions or provide medical advice. We use health information only as reasonably necessary to:

• Process your queries and generate responses through the Lara platform
• Operate, maintain, and improve the platform
• Comply with applicable legal and regulatory obligations

We do not use your personally identifiable health information to train our AI models without your explicit consent.

3. How We Disclose Your Health Information

We do not sell, rent, or trade your health information. We may disclose health information only in limited circumstances, including:

• To third-party technology providers who support the operation of our platform, subject to appropriate contractual safeguards
• As required by law, regulation, legal process, or governmental authority
• To prevent or address fraud or unlawful activity, as permitted by law

In all cases, we disclose only the minimum necessary information required for the intended purpose.

4. Uses and Disclosures Requiring Authorization

We will obtain your authorization where required by applicable law before using or disclosing your health information for purposes outside of operating and providing the Lara platform. You may revoke your authorization at any time in writing, subject to applicable legal limitations.

5. How We Protect Your Health Information

We implement reasonable administrative, technical, and physical safeguards to protect health information from unauthorized access, use, or disclosure, including:

• Limiting access to authorized personnel with a business need
• Using industry-standard security measures, including encryption where appropriate
• Providing training to personnel on privacy and data protection responsibilities
• Maintaining secure systems and processes for handling sensitive information

While we take reasonable steps to protect your information, no system can be guaranteed to be completely secure.

6. Your Rights Regarding Your Health Information

Depending on applicable law, you may have certain rights regarding health information you have submitted, including:

• Right to Access — Request a copy of the health information we maintain about you
• Right to Request Amendment — Request that we amend inaccurate or incomplete information
• Right to Request Restrictions — Request limits on how your information is used or disclosed
• Right to Withdraw Authorization — Revoke previously provided authorization for certain uses or disclosures

Please note that we may be required to retain certain information as required by law. We may deny certain requests where permitted by applicable law. To exercise these rights, please contact us using the information below.

7. Breach Notification

In the event of a breach of unsecured health-related information, we will provide notification as required by applicable law.

8. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us using the contact information below. You may also file a complaint with the U.S. Department of Health and Human Services:

U.S. Department of Health and Human Services
Office for Civil Rights
https://www.hhs.gov/ocr/privacy/hipaa/complaints/

We will not retaliate against you for filing a complaint.

9. Contact Us

If you have questions about this Notice or wish to exercise your rights, please contact us:

Tigerless AI Holdings, Inc.
Website: www.tigerless.ai
Email: info@tigerless.ai

10. Changes to This Notice

We may update this Notice from time to time. Any changes will be reflected by updating the effective date above. We encourage you to review this Notice periodically.