Notice of Privacy Practices

Endo Health (Glow)

Effective Date: March 13, 2026
Last Updated: March 13, 2026

1. Who We Are

Endo Health, Inc. ("Endo Health," "Glow," "we," "us," or "our") operates Glow, an AI voice-based wellness coaching platform. This Notice of Privacy Practices ("Notice") describes how we may use and disclose your Protected Health Information ("PHI") and your rights regarding that information, as required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH").

Contact Information:

Privacy Officer: Ilhan Ryu, Security & Privacy Officer
Email: support@glowhealthai.com
Address: 548 Market Street, San Francisco, CA 94104

2. Health Information We Collect

In connection with our wellness coaching and prescription weight loss services, we may collect the following types of health information:

Wellness coaching data: AI chat messages, voice coaching session content, and related interactions
Body measurements: Weight, body composition, and related metrics
Medication adherence: Self-reported medication tracking and adherence logs
Health device data: Apple Health synced data (activity, heart rate, sleep)
Wellness preferences: Dietary preferences, health goals, and lifestyle information

What we do NOT collect or store: Clinical medical records, prescription details, lab results, diagnostic information, or communications with your healthcare providers. This information is managed directly by your healthcare providers and partner pharmacies.

3. How We Use and Disclose Your Health Information

Uses and Disclosures for Treatment, Payment, and Health Care Operations (TPO)

We may use and disclose your PHI without your written authorization for the following purposes:

Treatment: We use your health information to provide, coordinate, and manage your wellness coaching services. This includes:

AI-powered coaching conversations about your health goals
Voice coaching sessions for wellness support
Medication adherence tracking and reminders
Integration of health device data to personalize your coaching experience

Payment: We may use your health information as necessary for billing and payment processing related to your subscription and services.

Health Care Operations: We may use your health information for operational purposes, including:

Quality assessment and improvement of our AI coaching services
Care coordination and case management
Training and evaluation of our wellness coaching systems
Business planning and service development (using de-identified data where possible)

Other Uses and Disclosures Without Your Authorization

We may also use or disclose your PHI without authorization in the following circumstances:

As required by law: When federal, state, or local law requires disclosure
Public health activities: To prevent or control disease, injury, or disability as permitted by law
Health oversight: To health oversight agencies for authorized activities (audits, investigations)
Judicial and administrative proceedings: In response to a court order or administrative tribunal order
Law enforcement: For certain law enforcement purposes as required or permitted by law
To avert serious threat: To prevent a serious threat to health or safety
Workers' compensation: As authorized by workers' compensation laws

Uses and Disclosures Requiring Your Authorization

The following uses and disclosures require your written authorization:

Marketing: Using your PHI for marketing purposes (we do not do this)
Sale of PHI: Selling your health information (we do not do this)
Psychotherapy notes: Disclosure of psychotherapy notes (not applicable to our services)
Other uses: Any use or disclosure not described in this Notice

You may revoke any authorization at any time by contacting us in writing. Revocation will not affect actions taken before we received your revocation.

4. Our Business Associates

We work with third-party service providers ("Business Associates") who may receive, maintain, or process PHI on our behalf. Each Business Associate is bound by a Business Associate Agreement (BAA) that requires them to protect your PHI. Categories of Business Associates include:

Category	Purpose
Cloud infrastructure providers	Secure hosting and storage of your data
AI processing services	Powering our AI coaching conversations and voice sessions
Database services	Secure storage of your wellness data
Pharmacy operations partners	Coordinating prescription fulfillment (order status only)

All Business Associates are contractually required to:

Use appropriate safeguards to protect PHI
Report any security incidents or breaches
Return or destroy PHI upon contract termination
Limit use and disclosure to the minimum necessary

5. Your Rights Regarding Your Health Information

Under HIPAA, you have the following rights:

Right to Access (45 CFR § 164.524)

You have the right to inspect and obtain a copy of your PHI that we maintain. To request access, contact us in writing. We will respond within 30 days. We may charge a reasonable fee for copies.

Right to Amend (45 CFR § 164.526)

You have the right to request an amendment to your PHI if you believe it is inaccurate or incomplete. Submit your request in writing with the reason for the amendment. We will respond within 60 days. We may deny the request under certain circumstances and will provide a written explanation if we do.

Right to an Accounting of Disclosures (45 CFR § 164.528)

You have the right to request a list of certain disclosures of your PHI that we have made. This does not include disclosures for TPO, disclosures you authorized, or certain other exceptions. Submit your request in writing. The first accounting in a 12-month period is free; we may charge for additional requests.

Right to Request Restrictions (45 CFR § 164.522)

You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or health care operations. We are not required to agree to your request, but if we do, we will honor it except in emergencies.

Right to Confidential Communications

You have the right to request that we communicate with you about your health information in a particular way or at a particular location. For example, you may request that we contact you only by email. We will accommodate reasonable requests.

Right to Breach Notification (45 CFR § 164.404)

You have the right to receive notification if there is a breach of your unsecured PHI. We will notify you within 60 days of discovering a breach, as described in our Breach Notification Procedure.

Right to a Copy of This Notice

You have the right to obtain a paper or electronic copy of this Notice at any time. Contact us using the information in Section 1.

6. Our Duties

We are required by law to:

Maintain the privacy and security of your PHI
Provide you with this Notice of our legal duties and privacy practices
Abide by the terms of the Notice currently in effect
Notify you if a breach of unsecured PHI occurs

7. Minimum Necessary Standard

We apply the Minimum Necessary standard (45 CFR § 164.502(b)) to all uses and disclosures of PHI. This means we make reasonable efforts to limit the PHI we use, disclose, or request to the minimum necessary to accomplish the intended purpose.

8. Changes to This Notice

We reserve the right to change the terms of this Notice and to make the new provisions effective for all PHI we maintain. If we make material changes, we will:

Post the revised Notice on our app and website
Make the revised Notice available upon request
Note the effective date of the revision

9. Complaints

If you believe your privacy rights have been violated, you may:

File a complaint with Endo Health:

Email: support@glowhealthai.com
Mail: Endo Health, Inc., 548 Market Street, San Francisco, CA 94104

File a complaint with the U.S. Department of Health and Human Services:

Office for Civil Rights (OCR)
Website: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
Phone: 1-800-368-1019
Mail: Centralized Case Management Operations, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201

You will not be retaliated against for filing a complaint.

10. Effective Date

This Notice is effective as of March 13, 2026.