Consumer Health Data Privacy Policy

Effective Date: November 24th 2025

Even Realities GmbH, including all direct and indirect subsidiaries (collectively, “Even Realities”, “we”, “us” or “our”), respects the privacy of your “consumer health data” as defined by applicable law. This Consumer Health Personal Data Privacy Policy (the “Policy”) describes our existing privacy principles and protections for Even health features. It also describes our privacy practices for “consumer health personal data” as defined under the Washington State My Health My Data Act (MHMDA), the Nevada Health Data Privacy Act (NHPA), or other applicable U.S. state laws. This Policy supplements the Privacy Policy which is available on our website and Even Realities App, and any other privacy notice that refers to this Policy. It applies to our collection and processing of consumer health data (defined below).

1. Categories of Consumer Health Data We Collect and Why We Collect and Use Such Data

The limited categories of personal data that we may collect when you use our products or services or contact us, which may constitute consumer health personal data, include those below. These are only collected in very limited cases, with example scenarios as noted:

• Eye Exam: When you register products with us, you may provide us with the dates and outcomes of your previous eye exams.
• Prescription Information: If you are looking to purchase prescription products, you will provide us with your eye prescription information. We collect prescription information to provide and facilitate the services with you so that you could use the functions of Even Realities Devices.
• Measurements of bodily functions, vital signs, and other related information: including your heart rate, heart rate variability, temperature, SpO2, steps, Calories, and sleep patterns. When you use our Devices and Platforms, we may collect such information to provide services to you.
• Surveys: We may collect information you provide when responding to our surveys including any of the above categories about physical or mental health, medical history or other health-related information, to administer surveys and market research in which you choose to participate and improve our products and services.

In addition, several of the categories of personal data we collect may be considered consumer health data depending on the context and extent of information you provide to us. To view the full list of categories of personal data we may collect, please see the “Personal Data We Collect” section of our Privacy Policy. For the personal data we collect to be considered consumer health data, it must alone or with other data, identify you and allow an inference about your health. We do not currently make inferences regarding your health with these other categories of personal data.

In addition to the purposes stated above, we may process consumer health data for purposes allowed under applicable law, such as to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any activity that is illegal under applicable law; preserve the integrity or security of our systems; or investigate, report, or prosecute those responsible for any such action that is illegal under applicable law.

2. Sources of Consumer Health Data

We may collect consumer health data about you from:

• you or your devices (for example, through your use of our products, services and apps, such as Even Health)
• third-party devices and apps you choose to connect to our services;
• our affiliates and subsidiaries; and
• vendors who provide services on our behalf.

3. Sharing of Consumer Health Data

We may share the categories of consumer health data described in this Statement with the parties as described in the privacy notice or policy that refers to this Statement. Where required by applicable law, we will obtain your consent to share your consumer health data.

We does not sell or rent your health data, and only shares your data with certain trusted service providers and partners so that we can provide and improve our services, to provide partner services and other offerings, and to operate our business. Whenever we share data with third-party service providers, we require that they use your information only for the purposes we've authorized, and for the limited reasons explained in this Policy. We also require these service providers to protect your health data to at least the same standards that we do.

As necessary for the purposes described above, we share consumer health data with the following categories of third parties:

• Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we’ve hired to provide customer service support, produce eyeglass lenses or assist in protecting and securing our systems and services may need access to data to provide those functions.
• Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our services and operate our business.
• Parties to a corporate transaction. As with any business, it is possible that as ours develops, we might go through a business transition, such as a merger, acquisition by another company, or the sale of all or a portion of our assets, or buying online stores or other assets, including at bankruptcy. In such transactions, information about customers will likely be transferred.
• Government agencies. As described in our privacy statement, we disclose data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.
• Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.
• Other users and individuals. If you use our services to interact with other users of the service or other recipients of communications, we will share data, including consumer health data, as directed by you and your interactions.

4. Your Privacy Rights

Under applicable law, you may have certain privacy rights regarding your consumer health data, including the right to:

• Confirm whether we are collecting, sharing, or selling your consumer health data;

• Access your consumer health data, including a list of all third parties and affiliates with whom we shared or sold your consumer health data and an active email address or other online mechanism that you may use to contact any third parties;

• Withdraw your consent from our collection and sharing of your consumer health data; and

• Delete your consumer health data.

To exercise your rights, please submit a request through our interactive service or by emailing us at support@evenrealities.com. If legally required, we will comply with your request upon verification of your identity. To do so, we will ask you to verify data points based on information we have in our records.

We will authenticate your requests and process it as required by law. Please allow up to 45 days for a response. If we deny your request, you may appeal that denial by emailing privacy@evenrealities.com. If your appeal is unsuccessful, you can file a complaint with the relevant government body in your state, including:

• Washington State Attorney General at www.atg.wa.gov/file-complaint.
• Nevada State Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.

5. How to contact us?

For more information about your data subject rights or how we process your personal data, please contact us by using the information below.

Controller: Even Realities GmbH

Contact Details: Friedrichstraße 79, 10117 Berlin, Germany

Website: evenrealities.com

Email: support@evenrealities.com

Phone: +49 30 837 90777