Last updated: November 9, 2025

NOTICE: THIS WEBSITE MAY COLLECT SENSITIVE PERSONAL INFORMATION, INCLUDING BIOMETRIC DATA (SUCH AS FACIAL MAPPING, VOICEPRINTS, OR BEHAVIORAL IDENTIFIERS), STRICTLY IN ACCORDANCE WITH APPLICABLE U.S. PRIVACY LAWS.

JinIX Cosmos Inc., a Delaware corporation (the "Company", "we", "our", or "us") respect your privacy and are committed to protecting it through our compliance with this policy (the “Privacy Policy”). This Privacy Policy describes how we collect, process, retain, and disclose personal data about you when providing services to you through our websites, applications, products, and services that link to this policy (our "Services") and our practices for using, maintaining, protecting, and disclosing that information.

WE DO NOT SELL IDENTIFIABLE BIOMETRIC OR SENSITIVE PERSONAL DATA WITHOUT YOUR EXPLICIT CONSENT. WE DO NOT USE OR DISCLOSE SENSITIVE PERSONAL INFORMATION FOR PURPOSES REQUIRING A ‘RIGHT TO LIMIT’ UNDER CALIFORNIA LAW. WE MAY SHARE OR SELL DEIDENTIFIED DATA THAT CANNOT REASONABLY BE USED TO IDENTIFY ANY INDIVIDUAL AND IS PROCESSED IN COMPLIANCE WITH APPLICABLE DEIDENTIFICATION STANDARDS (E.G., CCPA §1798.140). THIS WEBSITE IMPLEMENTS AND MAINTAINS TECHNICAL AND ORGANIZATIONAL SAFEGUARDS TO ENSURE THAT ANY DEIDENTIFIED DATA WE COLLECT CANNOT BE RE-ASSOCIATED WITH ANY INDIVIDUAL UNLESS SUCH INDIVIDUAL VOLUNTARILY RE-ASSOCIATES IT THROUGH THEIR USAGE OF THE SERVICES. WE DO NOT ATTEMPT TO RE-IDENTIFY SUCH DATA, UNLESS IT IS VOLUNTARILY RE-IDENTIFIED BY THE USER THROUGH THEIR USAGE OF THE SERVICES, AND PROHIBIT DOWNSTREAM RECIPIENTS FROM DOING SO.

This Privacy Policy applies only to information we collect:

1. through the Services;

2. in communications, including email, text, chat, and other electronic messages, between you and the Services; and

3. when you interact with our advertising and applications (including mobile apps) on third-party websites and services, if those applications or advertising include links to this policy.

This Privacy Policy does not apply to information collected by:

1. us through any other means, including on any other website operated by Company or any third party (including our affiliates and subsidiaries) that does not link to this policy; or 

2. any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or through the Services.

We may provide additional or different privacy policies that are specific to certain features, services, or activities.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Services after we make changes as described here is deemed to be acceptance of those changes, so please check the policy periodically for updates. 

Eligibility

Our Services are intended solely for individuals aged 18 or older who reside in the United States. By using the Services, you represent and warrant that you are at least 18 years of age and a U.S. resident. We do not knowingly collect or process personal data from anyone under 18 years of age or anyone who is not a U.S. resident. If we learn that we have inadvertently collected Personal Data from an individual under 18 years of age, we will delete such information promptly.

No International Users. The Services are hosted and operated in the United States and are not intended for use by individuals located outside the United States. If you access the Services from outside the U.S., you do so at your own risk and are responsible for compliance with local laws. We do not intentionally collect or process personal data subject to the EU General Data Protection Regulation (GDPR) or other non-U.S. privacy regimes.

The Personal Data That We Collect or Process

"Personal Data" means information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with you as an individual.

Some categories of Personal Data that we collect — including health, biometric, and precise geolocation information — may qualify as Sensitive Personal Information under applicable U.S. state privacy laws.

“Sensitive Personal Information” means information that reveals or concerns aspects of an individual’s identity or private life that are afforded heightened protection under applicable law, including but not limited to medical or health data, biometric identifiers, financial account credentials, or precise geolocation.

For purposes of this policy, “Sensitive Personal Information” does not include data that have been deidentified or encrypted in a manner that the Company cannot reasonably re-associate with an individual.

The types and categories of Personal Data we collect or process include:

1. Medical records and health data (see Medical and Health Data).

2. Account and contact information, including name, address, email address, phone number, username, and other contact information you provide us.

3. Payment information, including crypto wallet information, credit card or debit card information and information about the payment methods and services (such as PayPal or Venmo) you use in connection with the Services.

4. Account history, including information about your subscription, account, transactions, purchases, order history, or discounts.

5. Demographic information, including your age, gender, income level, education, or family or marital status.

6. Location information, including general geographic location such as country, state or province, or city and precise geolocation.

7. Device information, including your IP address, device identifiers, operating system and version, preferred language, hardware identifiers, browser type and settings, and other device information.

8. Content and information you elect to provide as part of your profile or in any reviews you make through the Services or emails, chats, or other communications sent to us.

9. Images, voice recordings, and videos collected or stored in connection with the Services.

10. Identity document information, such as Social Security and driver's license numbers, if you have consented to such information collection.

11. Biometric information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

If you are a California resident, to access our supplemental California Privacy Statement.

If you are a resident of another U.S. state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or Delaware), please refer to our Supplemental State Privacy Rights Notice for information about your state-specific privacy rights and choices.

Some of the information identified above, including medical records and health data, identification document information, precise geolocation information, and biometric information, may be considered Sensitive Personal Information under certain laws. If required under applicable law, we will collect and process sensitive personal data only with your consent. If you choose not to provide or allow us to collect some information, we may not be able to provide you with requested features, services, or information.

We also collect:

1. Statistics or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Services feature.

2. Technical information. Technical information includes information about your internet connection and usage details about your interactions with the Services, such as clickstream information to, through, and from our Services (including date and time), products that you view or search for; page response times, download errors, length of your visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from a page.

If we combine or connect non-personal statistical or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal information.

Medical and Health Data

When you use the Services and when you authorize us to connect to your medical records or health data from other healthcare systems, we may collect and process:

1. Information contained in your electronic health records (diagnoses, medications, test results, imaging results, and physician notes);

2. Health-related information you submit directly through our Services or AI tools (symptoms, conditions, treatment goals, or medical history); and

3. Any additional information that you voluntarily provide to assist with diagnosis, research, or community support.

Dual Key Encryption. Upon retrieval, all medical information is immediately encrypted using a dual-key encryption system: one key is securely retained by the Company for encrypted storage integrity; and the second key is transmitted to you and your designated third-party custodian and is then permanently deleted from our systems. Any third-party custodian is an independent service provider; we require reasonable security commitments and prohibit any reidentification or unauthorized access to encrypted data.

Deidentification Upon Encryption. Once medical or health data are encrypted, they are no longer associated with your name, contact details, or identity. The Company does not retain the ability to re-identify you, and our systems cannot determine which individual the encrypted data belongs to.

Encrypted and deidentified medical data are processed solely under your direction — for example, to facilitate AI-assisted diagnostics, enable opt-in peer interaction, or contribute to aggregated, deidentified analytics that support research or public health purposes.

Voluntary Re-identification by Users. If, after encryption, you voluntarily provide or re-enter personally identifiable information through the Services (such as by updating your profile, communicating in user communities, or otherwise linking your identity to your account) you understand that you are voluntarily re-identifying yourself in connection with data that were previously deidentified. The Company processes such re-identified information solely at your direction and in accordance with this Privacy Policy.

We do not sell identifiable medical data without your explicit consent.
However, we may create and sell or license aggregated, deidentified information that cannot reasonably identify any individual, in compliance with applicable law (including CCPA §1798.140).

How We Collect Your Personal and Other Data

Information You Provide Directly. We collect information about you when you interact with our Services, such as when you create or update an account; authorize us to connect to your health records or other external systems; place an order, subscribe, or make a purchase, reservation, or request; participate in surveys, sweepstakes, contests, or promotions; or create, upload, or post content to the Services (including text, photos, videos, or audio recordings). You may also provide information when you communicate with us, contact support, or engage with our community or AI-assisted features.

Information Collected Automatically Through Our Services. As you navigate through and interact with our Services, we and our service providers may use automatic data-collection technologies to gather information that may include Personal Data. Information collected automatically may include usage details, IP addresses, operating system, browser type, and information collected through cookies, web beacons, and other tracking technologies, including details of your interactions with the Services (such as traffic data, logs, and communications data, and which resources or features you access or use). We may also use these automatic technologies to collect information about your activities over time and across third-party sites or services (known as “behavioral tracking”), where permitted by law. Using these technologies helps us improve our Services, maintain system security, and deliver a better and more personalized experience.

Information Retrieved from Authorized Third-Party Sources. When you explicitly authorize us to do so, we may securely retrieve medical or health-related information from external systems or third-party custodians on your behalf. Such information is immediately encrypted using our dual-key encryption system, where: one encryption key is securely retained by the Company for encrypted storage integrity, and a second encryption key is transmitted to you and your designated custodian and permanently deleted from our systems. Once encryption and key deletion occur, the retrieved data are deidentified within our systems and are not connected to your name, account, or identity. We cannot view, decrypt, or re-associate these data with you. If you later provide or re-enter personally identifiable information through your account, you may voluntarily re-identify yourself in connection with those deidentified data, and such re-identification will occur only under your control and direction.

Technologies We Use. We use the following technologies to collect and process data automatically:

1. Cookies. A cookie is a small text file placed on your device when you interact with the Services. Cookies help us recognize you, understand your preferences, and improve functionality. You may refuse to accept or disable cookies by activating the appropriate setting on your browser or device. If you do so, some features of the Services may not be available.

2. Web Beacons. Certain parts of the Services and our emails may contain small electronic files known as web beacons (also called clear gifs, pixel tags, or single-pixel gifs).
   These help us, for example, count users who visit particular pages or open emails, measure engagement, and verify system and server integrity.

3. Other Technologies.  We may use other tracking or analytic tools (including local storage, SDKs, or API-based analytics) for purposes consistent with this Privacy Policy.

To the extent that any of these automated technologies constitute a “sale,” “share,” targeted advertising, or profiling under applicable privacy laws, depending on where you reside, you may opt out of such processing by email. Please note that some features may not function properly after opting out.

Information Collected by Third Parties. When you interact with our Services, third parties may use automatic collection technologies to gather information about you or your device.
These third parties may include:

1. Advertisers, ad networks, and ad servers;

2. Analytics providers;

3. Device manufacturers;

4. Internet or mobile service providers; and

5. Other categories of partners that support or enhance our Services.

These parties may collect information over time and across different websites, apps, or online services, including through cookies or other identifiers. They may use this information to provide you with interest-based advertising or other targeted content. We do not control these third parties’ tracking technologies or their privacy practices. If you have questions about advertisements or targeted content, you should contact the responsible provider directly.

Information Received from Business Partners and Service Providers. We may receive Personal Data about you from other sources and combine it with information we collect directly from you. For example, we may obtain data from service providers that assist us in performing functions on our behalf, such as email platforms, content-delivery networks, payment processors, promotions and gift-card programs, analytics, security and anti-fraud providers, and data-hosting vendors. We also may receive Personal Data from business partners that share consumer information with us (such as your preferences or demographic information like age, gender, or general location) so we can provide a more tailored user experience. Any medical or health data we receive from third parties are immediately encrypted and deidentified upon retrieval in accordance with our Dual-Key Encryption process.

How We Use Your Information. 

We use information that we collect about you or that you provide to us, including any Personal Data, to:

1. Provide you with the Services and any contents, features, or information made available through them, including access to your encrypted medical data, AI-powered tools, and community functions that help you explore, understand, and manage rare diseases.

2. Fulfill and manage your account settings, authorizations, and any related transactions (for example, consent to connect external health systems or the transmission of encryption keys to your designated custodian).

3. Fulfill any other purpose for which you provide information, including facilitating communications between you and your chosen healthcare providers, AI tools, or other users, when you direct us to do so.

4. Provide you with notices about your account, including confirmations of encryption-key generation, consent changes, or updates to this Privacy Policy.

5. Improve, maintain, and secure our Services by analyzing aggregated and deidentified usage data to develop, optimize, and measure the performance of our features.
   Our analysis may include limited use of machine-learning technologies for quality improvement; however, we do not use identifiable medical data to train third-party AI models without your explicit consent.

6. Enhance the reliability and functionality of AI and community-based features by analyzing deidentified, encrypted data to improve pattern recognition and diagnostic assistance while maintaining privacy safeguards. We do not make automated decisions that produce legal or similarly significant effects about you. AI-powered outputs are informational only and are not used for eligibility, employment, credit, or health-care determinations.

7. Carry out our contractual obligations and enforce our rights arising from any agreements between you and us, including for billing, compliance, and record-keeping.

8. Notify you when updates to the Services are available and inform you of new or improved features related to encryption, consent management, or AI interactions.

9. Conduct research and produce aggregated, deidentified data to advance understanding of rare diseases, treatment outcomes, or user engagement trends. Aggregated data cannot reasonably be used to identify you.

10. In any other way we may describe when you provide the information.

11. For any other purpose with your consent.

Usage Information and Service Improvement. The usage information we collect, whether connected to your Personal Data or not, helps us improve and personalize the Services by enabling us to:

1. Estimate audience size, performance, and usage patterns.

2. Store preferences and personalize your user experience.

3. Improve search speed and responsiveness.

4. Recognize you when you return to the Services (if you have chosen to maintain an active account).

We may also use your information to communicate with you about new features, Service updates, or data-security practices.

If you prefer not to receive such communications, you may adjust your preferences in your account settings or contact us at contact@jinix.io.

We use location information, when collected, only to tailor your experience to your region, comply with applicable laws, and ensure accurate regulatory and privacy notices.

Deidentified and Reidentification Limits. Once your medical data are encrypted, they are deidentified within our systems and cannot be linked to your identity. If you later choose to provide or re-enter identifiable information through your account or in community interactions, you are voluntarily re-identifying yourself in connection with those data. Such re-identification occurs only under your direction and remains governed by this Privacy Policy.  The Company prohibits any reidentification of deidentified or encrypted data by any person or system, consistent with our Terms of Use and applicable law.

No Medical Advice 

The Services, including any AI-generated outputs, are provided for informational and educational purposes only and are not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions regarding a medical condition. Do not disregard professional medical advice or delay seeking it because of information you obtain through the Services.

Who We Disclose Your Information To

We may disclose aggregated or deidentified information about our users (that is, information that does not identify and cannot reasonably be used to identify any individual) without restriction. This includes encrypted medical data that have been permanently deidentified through our dual-key encryption system. We may also disclose Personal Data that we collect or that you provide as described in this Privacy Policy, but only as follows:

1. To our subsidiaries and affiliates, for internal business operations that are consistent with this Privacy Policy and subject to equivalent confidentiality and security safeguards.

2. To contractors, service providers, and third-party partners who perform functions on our behalf (such as data-hosting, encryption-custodian services, analytics, or security).
   All such third parties are bound by contractual obligations to keep Personal Data confidential, maintain industry-standard security, and use it only for the purposes for which we disclose it.

3. To a buyer or other successor in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceedings, in which Personal Data held by the Company is among the assets transferred. Any successor entity will be bound to respect the terms of this Privacy Policy or provide you with notice of material changes and an opportunity to withdraw consent.

4. To third parties for marketing or joint research only with your explicit consent.
   We do not disclose identifiable medical or health data for marketing or advertising purposes. If we engage in collaborative medical or scientific research, we may disclose aggregated, deidentified datasets that cannot reasonably be linked to you, consistent with Cal. Civ. Code §1798.140 and HIPAA’s deidentification standards.

5. To fulfill the purpose for which you provide it. For example, if you authorize us to share an encrypted file or report with a third-party custodian, clinician, or research partner, we will transmit that data under your instruction and only in encrypted or deidentified form.

6. For any other purpose disclosed by us when you provide the information.
   We will identify any additional disclosure purposes at the point of collection.

7. With your consent. You may withdraw consent at any time; however, certain functions (such as linked health-record access) may no longer operate without it.

Disclosures Required or Permitted by Law. We may also disclose your Personal Data:

1. To comply with any court order, law, or legal process, including to respond to any government, law enforcement, or regulatory request. If legally permitted, we will attempt to notify you before disclosing any data in response to such requests.

2. To enforce or apply our Terms of Use and other agreements, including for billing, collection, or dispute resolution purposes.

3. If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our Company, our users, or others. This may include exchanging information with other organizations for fraud prevention, security, or risk-reduction purposes.

The Company will only disclose Personal Data to law enforcement or government authorities when required by applicable law, regulation, or valid legal process, and only to the extent necessary to comply.

Exception for Imminent Harm or Threats to Life. If we, in good faith, believe that disclosure of information (including limited identifiable data) is necessary to prevent an imminent risk of death, serious physical injury, or other grave harm (such as threats of suicide, violence, or criminal activity) we may disclose such information to appropriate authorities or emergency responders. We will limit any disclosure to the minimum amount of information reasonably necessary to address the emergency and, where feasible, notify the affected user afterward, unless prohibited by law.

Categories of Personal Data We May Disclose. Depending on your use of the Services, the categories of Personal Data we may disclose include:

1. Account and contact information.

2. Payment and transaction information.

3. Account history, including subscription, authorization, or consent records.

4. Demographic information (such as age range or general location).

5. Location information (general geographic region only, unless otherwise consented to by you; we do not share precise geolocation without your consent).

6. Device information and technical identifiers.

7. Content and information you elect to provide through the Services, including communications, posts, or uploads.

8. Images, voice recordings, or videos collected or stored in connection with the Services (only if you have consented).

9. Biometric information (only if expressly authorized and subject to deletion or deidentification after use).

10. Medical and health data — only in encrypted or deidentified form and never in a manner that identifies you personally.

11. Aggregated, statistical, or deidentified information derived from the categories above.

Clarification on Encrypted and Deidentified Medical Data. All medical data retrieved through the Services are encrypted using our dual-key encryption system and deidentified upon encryption. The Company does not retain identifiers or encryption keys that could re-associate the data with your identity. If you later provide or enter personally identifiable information through the Services (such as updating your profile, posting in the community, or linking your account with your name), you are voluntarily re-identifying your data. Such re-identification occurs solely under your control and is governed by this Privacy Policy.  

Prohibition on Reidentification. Any attempt by a user, third party, or recipient to reidentify deidentified or encrypted data is strictly prohibited and constitutes a violation of the Company’s Terms of Use. We enforce technical and contractual safeguards to prevent such activity.

No Sale of Identifiable Medical Information. We do not sell, rent, or share identifiable medical or health information under any circumstance. Any sale, license, or disclosure applies only to aggregated or deidentified datasets that cannot reasonably identify you, consistent with applicable U.S. privacy laws.

Your Rights and Choices About Your Information

This section describes the mechanisms you can use to control certain uses and disclosures of your information, as well as privacy rights you may have under applicable state law, depending on where you live.

Advertising, Marketing, Cookies, and Tracking Technologies.

1. Cookies and Other Tracking Technologies. You can set your browser to refuse all or some browser cookies or other tracking files, or to alert you when these are active.
   You can also choose whether the Services may collect information through other tracking technologies by following our cookie preference settings or by contacting us at contact@jinix.io. If you disable or refuse cookies, some features of the Services may be inaccessible or not function properly. Some browsers include a “Do Not Track” (DNT) or “Global Privacy Control” (GPC) setting that can signal to websites your preference not to be tracked. Where technically feasible and legally required, we honor GPC signals as opt-out requests under applicable state privacy laws. We do not use cookies or tracking technologies to target or advertise based on identifiable medical information.

2. Promotions by the Company. We may use your contact information (such as your email address) to send you updates about our Services, new features, or educational content related to rare-disease research. We do not use identifiable medical or health data for promotional or marketing purposes.  If you prefer not to receive such communications, you may opt out by:

   
   

   • Clicking “unsubscribe” in any promotional email;

   • Logging into your account and adjusting your notification preferences; or

   • Emailing us at contact@jinix.io with the subject line “Opt Out of Marketing.”

1. Targeted Advertising. We do not engage in targeted advertising based on identifiable user health information. If we use aggregated or deidentified data for broad awareness campaigns (for example, to promote rare-disease research participation), such use cannot reasonably identify any individual.  If you wish to opt out of any form of personalized content delivery or cross-context behavioral advertising permitted under applicable law, you may activate a recognized GPC signal in your browser.

1. Disclosure of Your Information for Third-Party Advertising.  We do not sell or share identifiable Personal Data, including identifiable medical data, with unaffiliated third parties for advertising or marketing. If we ever engage in third-party marketing collaborations (for example, co-branded outreach or aggregated research), those activities will involve only aggregated or deidentified data. You may opt out of such collaborations at any time by emailing contact@jinix.io.

To learn more about opting out of general online behavioral advertising, you can visit the Network Advertising Initiative’s opt-out portal at https://optout.networkadvertising.org.
These industry tools allow you to manage advertising preferences across multiple websites, though they do not apply to our deidentified datasets or research analytics.

Location Data Choices. You can control whether the Services collect and use real-time information about your device’s location by adjusting your device’s privacy settings.
If you block location access, certain features (such as localized regulatory notices, region-specific medical data access, or insights that depend on environmental or regional health factors) may not function properly or may be less accurate. Location information may be used to improve AI-assisted analyses or contextual understanding of potential diagnoses or treatments, but we do not share precise location data with advertisers or unrelated third parties.

Your State Privacy Rights. 

Depending on your state of residence, you may have certain privacy rights under applicable U.S. state laws. These laws generally grant residents of certain states rights related to access, correction, deletion, and opting out of certain processing activities. The rights described below apply to residents of states that have enacted comprehensive privacy legislation (such as California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, Montana, and Tennessee). These rights generally apply to identifiable information that we maintain about you. Because all medical and health data are encrypted and deidentified within our systems, such data are not subject to these consumer rights once deidentified.

Access and Data Portability. You may request confirmation of whether we process your Personal Data and obtain a copy of such information. Where technically feasible and required by law, we will provide this information in a portable and readily usable format. Depending on your state, you may also have the right to receive additional disclosures about our data-handling practices, which will be included in our response.

Correction. You may request that we correct inaccuracies in your Personal Data that we maintain, taking into account the nature of the data and the purpose for which we process it. For example, you may update your contact details, communication preferences, or account information directly in your profile settings.

Deletion. You may request that we delete Personal Data about you that we maintain, subject to certain exceptions under applicable law (such as where retention is necessary to complete transactions you have requested, detect or prevent fraud, comply with a legal obligation, or preserve data integrity for security or research purposes). Encrypted and deidentified medical data are not subject to deletion requests, as we do not retain any information that could re-identify you once encryption is complete.

Opt-Out of Targeted Advertising, Profiling, or Sale. You may request that we do not use or disclose your Personal Data for targeted advertising, profiling in furtherance of decisions producing legal or similarly significant effects, or the sale of Personal Data.
We do not sell identifiable medical or health data, but you may still opt out of any permitted use of your Personal Data for analytics or marketing by submitting a request as described below.

How to Exercise Your Rights

We are an online-only business. To exercise any of these rights, you may email us at contact@jinix.io with the subject line “Exercising My Rights”.  We will verify and respond to your request within the timeframe required by the privacy laws of your state. If we deny your request, you have the right to appeal by replying to our decision email or contacting us with “Appeal Request” in the subject line.
We will review and respond in accordance with applicable law.  We will not discriminate against you for exercising any of your privacy rights, as prohibited by applicable law.

Global Privacy Control (GPC). Some browsers and extensions support Global Privacy Control (GPC) signals that communicate a user’s choice to opt out of certain data-processing activities, including data “sales” as defined under state law. When we detect a GPC signal, we will make reasonable efforts to honor it as an opt-out request to the extent required by applicable law.

Nevada Residents. Nevada law provides residents with a limited right to opt out of certain sales of Personal Data. Residents who wish to exercise this right may submit a request to contact@jinix.io. Please note that we do not currently sell data in a manner that triggers Nevada’s opt-out requirements.

State-Specific Supplements. If you are a resident of:

1. California, please see our California Privacy Statement for additional rights and disclosures required under the California Consumer Privacy Act (CCPA/CPRA).

2. Another U.S. State with comprehensive privacy law (such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, Montana, and Tennessee), please see our Supplemental State Privacy Rights Notice.

These supplemental notices provide detailed information about your state-specific rights and how to exercise them.

Important Clarification Regarding State-Specific Supplements.

Your rights under state privacy laws generally apply to identifiable information.
Once your medical data are encrypted and deidentified under our dual-key encryption system, we do not retain the means to associate those data with you. Accordingly, state privacy rights (such as access, correction, and deletion) do not extend to deidentified or aggregated data.

How We Protect Your Personal Data

We use administrative, physical, and technical safeguards designed to protect your Personal Data from accidental loss, unauthorized access, disclosure, alteration, or destruction.
These measures include, where appropriate, encryption, access controls, data minimization, and secure transmission protocols.

All medical and health data retrieved through the Services are immediately encrypted using our dual-key encryption system, under which: one key is securely retained by the Company to maintain encrypted storage integrity, and a second key is transmitted to you and your designated third-party custodian, then permanently deleted from our systems. Once encrypted, these data are deidentified and no longer linked to your identity. We do not retain any mechanism to re-identify encrypted medical data, and such information cannot be accessed without the key in your possession. However, no system or online service is completely secure, and we cannot guarantee absolute security of your Personal Data transmitted to or through the Services. Email, chat, and text communications may not be encrypted, and you should use discretion when choosing how to communicate with us. Any transmission of Personal Data is at your own risk. The safety and security of your information also depend on you. You are responsible for maintaining the confidentiality of your account credentials and taking reasonable steps to protect your Personal Data from unauthorized use or disclosure.

Data Breach Notification. In the event of a data breach involving your Personal Data, we will provide notice in compliance with applicable U.S. law. Because medical and health data retrieved through the Services are encrypted and deidentified under our dual-key encryption system, such information would not ordinarily be affected by or included in any breach notification. We will provide such notice to affected individuals and, if applicable, to regulatory authorities, consistent with the timelines and content requirements of applicable U.S. law.

Limitation of Liability. Your use of the Services is also subject to the limitations of liability described in our Terms of Use, which apply to this Privacy Policy to the fullest extent permitted by law.

How We Retain Your Personal Data

We retain the categories of Personal Data described in this Privacy Policy only for as long as reasonably necessary to fulfill the purposes for which they were collected, or as otherwise legally permitted or required. This includes maintaining the Services, complying with legal obligations, resolving disputes, preventing fraud, ensuring security, and supporting research or system integrity. When determining retention periods, we consider:

1. the sensitivity and purpose of the information,

2. legal and regulatory requirements,

3. our contractual obligations,

4. user consent or account status, and

5. the potential risks of harm from unauthorized use or disclosure.

Once Personal Data are no longer needed for the purposes above, we will delete, destroy, or deidentify them in accordance with our data-retention and disposal procedures. Encrypted medical data that have been deidentified under our dual-key encryption system are not subject to further retention limits, as we no longer possess identifiers that would allow re-association with an individual.

If you are a California resident, visit our California Privacy Statement for more information about retention periods that apply to specific Personal Data categories.

If you are a resident of another U.S. state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or Delaware), please refer to our Supplemental State Privacy Rights Notice for information about your state-specific privacy rights and choices.

Changes to Our Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version on our Services with a new “Last Updated” date at the top of the page.
If we make material changes affecting your rights or the way we process Personal Data, we will provide additional notice as required by applicable law, such as through an email notification, in-app alert, or website banner. We encourage you to review this Privacy Policy periodically to stay informed about how we protect and use your information. Your continued use of the Services after the posting of changes constitutes your acknowledgment of those updates, unless otherwise required by law.

Contact Information

If you have any questions, comments, or requests regarding this Privacy Policy or our privacy practices, or to exercise your rights described herein, you may contact us at contact@jinix.io.  If you have a privacy complaint that we cannot resolve directly, you may also contact your state privacy regulator or file a complaint with the U.S. Federal Trade Commission (FTC).

Governing Law

This Privacy Policy (and any related state privacy notices) is governed by the same Governing Law and Dispute Resolution provisions contained in our Terms of Use, which are incorporated by reference herein.

Incorporation into Terms of Use 

This Privacy Policy forms part of and is incorporated into our Terms of Use.