How the Peerbridge Health App Protects Your Health Information

I. Introduction

Peerbridge Health, Inc. provides advanced cardiac monitoring solutions, including the Cor MDx™ wearable cardiac monitor and its companion Peerbridge Health mobile application (the "App"). The App enables patients to pair their Cor MDx™ device via Bluetooth Low Energy (BLE), log cardiac symptoms and activity events, and transmit ECG data and device status securely to the Peerbridge Health clinical backend for physician review.

Because the App is used exclusively in a clinical context by patients who have been prescribed a monitoring study by their physician, all data handled by the App is treated as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state health privacy laws.

II. Information We Collect

A. Clinical Data (Protected Health Information)

Data Type	Description
Continuous ECG Waveforms	ECG waveforms are recorded continuously by the Cor MDx™ device. Upon patient initiated event logging, a 2-minute ECG strip is captured and transmitted securely to our clinical backend for physician review. Up to 10 event strips may be transmitted per day.
Symptom Logs	Patient-reported symptoms: Palpitations, Shortness of Breath, Dizziness, Chest Tightness, or "Other."
Activity Logs	Patient-reported activity: Sitting, Standing, Walking, Exercising, Sleeping, or "Other."
Device Status	Lead attachment status, battery level, and recording offset. Transmitted automatically every 30 minutes.

B. Account & Enrollment Data

Data Type	Description
Patient Identity	Patient name and patient ID, provided by the prescribing healthcare facility upon study enrollment.
Date of Birth	Provided at enrollment to verify patient identity and associate the study record.
Activation Code	The 7-digit code used to activate your Cor MDx™ device and associate it with your study record.
Authentication Token	A session bearer token assigned upon activation to authorize API communications.

C. Location (BLE Scanning Only)

We request Bluetooth-adjacent location permission solely to satisfy Operating System requirements for Bluetooth Low Energy scanning. We do not collect, record, store, or transmit your GPS coordinates or physical location at any time.

III. How We Use Your Data

All data collected through the App is used exclusively for the following clinical and operational purposes:

1. Clinical Analysis & Physician Reporting: ECG waveforms and symptom logs are made available to your prescribing physician for cardiac event analysis.
2. Device Accuracy & Study Integrity: Monitoring device health to identify lead-off periods that may affect data quality.
3. Improving Device Performance: De-identified and aggregated data may be used to improve cardiac detection algorithms, subject to HIPAA de-identification standards.
4. Offline Reliability: Locally queued data ensures no data is lost due to temporary loss of internet connectivity.

IV. Sharing of Information

We do not sell your data. We do not share your data with advertisers, data brokers, or analytics platforms.

Recipient	Basis for Sharing
Your Prescribing Healthcare Provider	Clinical output of the monitoring study for physician analysis.
Peerbridge Health Clinical Backend	Secure storage and processing on our HTTPS API infrastructure.
Authorized Service Providers (Business Associates)	Infrastructure partners processing data under executed Business Associate Agreements (BAAs).

V. HIPAA & Security

HIPAA Data Privacy & Security Committee

Peerbridge Health has established a Data Privacy & Security Committee (the "Committee") to serve as the designated HIPAA Privacy and Security Officer. The Committee has full authority to establish, implement, and enforce all policies and procedures governing the security and privacy of patient PHI.

Peerbridge Health, Inc. operates as a Business Associate and executes BAAs with all Covered Entities prior to any data exchange.

Annual Risk Assessment

The Committee is responsible for conducting an annual HIPAA privacy and security risk assessment. Additional risk assessments are required whenever new software/hardware is acquired or significant changes are made to services or physical layouts.

Security Measures

• Encryption: All communications occur exclusively over HTTPS (TLS). Stored clinical data is encrypted at rest using AES-256 server-side encryption.
• Access Controls: Backend access is restricted to authorized staff on a need-to-know basis.
• No Third-Party SDKs: The App does not include third-party analytics or advertising SDKs.
• Patient Authentication: Application access is granted exclusively through a single-use numeric activation code issued at time of study enrollment. The code is valid for one study session only and cannot be reused once the study has been activated or expired.

VI. Your Privacy Choices

• Right to Access: Request a copy of your health info via info@peerbridgehealth.com.
• Right to Delete: Individual logs can be deleted in-app; full backend deletion is available upon request subject to clinical record retention laws.
• Opt-Out: Opt-out of de-identified data use for algorithm improvement via info@peerbridgehealth.com.