MAX MERGE SOFTWARE INC. — Consumer Health Data Privacy Policy

Effective Date: June 11, 2026

This Consumer Health Data Privacy Policy describes how MAX MERGE SOFTWARE INC., doing business as MAXMRJ ("MAX," "we," "us," or "our"), collects, uses, and shares "consumer health data" as defined by the Washington My Health My Data Act, Nevada SB 370, and similar laws — personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.

This policy applies to consumer health data we collect from Consumer Users through the MaxAlly mobile application and consumer-facing check-ins and surveys. It is a supplement to our general Privacy Notice; where this policy conflicts with the general Privacy Notice as to consumer health data, this policy controls.

When this policy does not apply (HIPAA). When MAX creates, receives, maintains, or transmits health information as a HIPAA Business Associate on behalf of a healthcare facility or provider (a HIPAA Covered Entity), that information is Protected Health Information governed by HIPAA and the applicable Business Associate Agreement — not by this policy. See the general Privacy Notice for details on how that boundary works.

1. Consumer Health Data We Collect

  • Check-in and follow-up survey responses (e.g., symptoms, medication adherence, falls, mobility, recovery progress);
  • Care-related information you provide about yourself or a patient you are authorized to assist, including through AI question-and-answer features;
  • Care documents you upload (e.g., discharge instructions, care plans);
  • Information about care services coordinated for a patient (e.g., which provider was finalized);
  • Precise location, only if you separately consent in-app;
  • Inferences drawn from the above to provide the Services (e.g., flagging a survey response for follow-up).

Sources of this data: you; a healthcare facility that enrolls you or your patient (with the consents that facility is required to obtain); and documents you upload.

2. Why We Collect and Use It

We collect and use consumer health data only: (1) to provide the products and services you request — care coordination, check-ins, document features, decision support, and safety escalations; (2) for security, fraud prevention, and legal compliance; and (3) with your separate, affirmative consent, for any other purpose disclosed to you at the time. We do not use consumer health data for advertising.

3. How We Share Consumer Health Data

We share consumer health data only with:

  1. Processors — service providers bound by contract to use it solely to provide services to us (for example, cloud hosting, communications delivery, and AI infrastructure);
  2. Your care coordination circle — recipients that are part of the Service you request (for example, the provider finalized for a patient, or recipients of messages you send);
  3. Recipients you direct us to share with;
  4. Legal and safety recipients — as required by law, legal process, or to protect health and safety.

We do not sell consumer health data, and no sale will occur without the separate, signed authorization required by applicable law (which you may revoke). We do not share consumer health data with Sponsors (organizations such as a facility, health plan, or employer that pay for your access) except with your separate, affirmative consent or as required by law. We do not share consumer health data with third parties for their own marketing or advertising purposes.

The categories of third parties and affiliates with whom we may share consumer health data are the categories listed above. You may request a list of the specific third parties and affiliates with whom we have shared your consumer health data (see Section 4).

4. Your Rights

Subject to applicable law (including the Washington My Health My Data Act for Washington residents and others within its scope), you have the right to:

  • Confirm and access the consumer health data we hold about you, including a list of the third parties and affiliates with whom we have shared it;
  • Withdraw consent to our collection and sharing of your consumer health data;
  • Delete your consumer health data, including from backups (on our backup-cycle timing) and with notice to our processors;
  • Appeal a refusal of any request, and — if your appeal is unsuccessful — contact the Washington Attorney General (or your state's Attorney General).

To exercise these rights, email info@maxmrj.com with the subject "Health Data Request." We will verify your identity and respond within the time required by law. Deleting consumer health data may disable core MaxAlly features; we will tell you before completing the request.

5. Consent

Where required by law, we collect consumer health data only after presenting a separate, affirmative consent that describes the categories collected, the purposes, and the sharing — not bundled with our Terms or general account sign-up — and we obtain separate authorization before any sharing beyond what is necessary to provide the Services you request.

6. Contact Us

MAX MERGE SOFTWARE INC. — Attention: Privacy Compliance
254 Chapman Rd, Ste 208 #21666, Newark, DE 19702
Email: info@maxmrj.com (subject: "Health Data Request")

MAX MERGE SOFTWARE INC. © 2026. Terms and Conditions | Privacy Notice | Consumer Health Data Privacy Policy