PRIVACY POLICY

[Last Updated December 11, 2023]

This Privacy Policy describes the information privacy practices relating to this website or mobile app, (also hereinafter the "Site"), for which TwentyAI Employ LLC ("TwentyAI"), or its subsidiary or affiliate, is operating on behalf of and in partnership with a broker or agent (and, together with TwentyAI, hereinafter collectively "we," "us" or "our"). This Privacy Policy applies to your use of our benefits administration, HR management, payroll, and other services (the "Service"), which are provided through the Site, and covers only information collected in connection with your access to and use of the Services. Please read this Privacy Policy carefully. By continuing to interact with our Services, you are consenting to the privacy practices described in this Privacy Policy.

WHAT INFORMATION DO WE COLLECT?

Personal Information

We collect "Personal Information," which is information that identifies you as a specific individual. Personal Information may include things like your name, address, phone number, email address, Social Security Number, credit card number or other financial account information, driver's license number, taxpayer Identification number and information involving your health or medical history that can be personally linked to you.

We collect Personal Information primarily in the following situations:

When You Register or Apply for Coverage. We collect Personal Information directly from you when you register with us and when you apply for coverage with health plans and insurers with which we do business. This information is collected through your use of our website, on website forms, via emails we send to you, and possibly over the phone. It might also be stored in cookies or using other technologies.

When You Provide It to Us. We collect Personal Information when you contact us or otherwise provide it to us. We also collect your Personal Information when you register to use the Site, provide information when using the Site or Service, update your account information, submit information to verify your identity, or otherwise communicate with us.

Information from Third Parties. We may collect and receive information about you, including personal information and financial account information, from third parties, such as financial institutions and our service providers, for identity verification, fraud protection, risk assessment, providing the Service, and other purposes.

Information collected automatically. Following information can be collected automatically when you access the Site or use the Services.

Electronic & Online Identifiers (IDs), such as mobile carrier, device IDs, and mobile advertising IDs, operating system, browser type, and Internet Protocol (IP) address.

Geolocation Information, such as approximate location derived from IP address (if using a browser).

Internet Activity Information, such as your log-in and log-out information, the pages that you visit before, after, and while using our Services, pages you visit, links you click, and the content you view on the Site.

Single Sign-On Information (SSO) that allows us to verify your authorized access to the Site from another service you use and with which we collaborate, such as your email.

Other Information

We collect other information that does not identify you directly. This information includes certain demographic, generic health information and technical information.

We collect this information primarily when you use our Site, register, apply for coverage, or otherwise provide it to us. See also "Some of the Technologies We May Use," below.

HOW IS MY PERSONAL INFORMATION USED?

We are committed to using and disclosing your Personal Information and other information in compliance with all applicable laws and regulations, which may include the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended, and its implementing regulations; the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH Act"); and state laws. We will also comply with any contracts with health plans or others that contain special privacy and security requirements. We may use your Personal Information and other information as follows:

Providing you with our Service or processing your application.

To get in touch with you when necessary to provide you with our Service. For example, emails may be sent to you throughout the registration process to inform you of the status of your onboarding to use our Service and to seek additional information that is requested as part of that process.

To process, manage, Service, and complete payroll transactions;

To refer you to health plans;

To enable you to participate in surveys and other research efforts;

As described in the privacy practices of the plans we serve; and

To provide services you request and in order to provide the service on our website.

Operating our business.

To operate our business, which includes, without limitation, using your information to process payroll and payroll payment transactions;

To comply with applicable legal and regulatory requirements, industry standards or guidelines, and our internal policies and procedures;

To monitor and enforce compliance with applicable contractual obligations;

To detect and prevent fraud or detect criminal activity, unauthorized claims, or other liabilities;

To operate, evaluate and improve our business and the Service we offer, including developing new services, managing our communications, and for auditing purposes;

For any other purpose for which you expressly authorize us to use your information.

To perform data analysis including marketing, financial analyses, and measuring the effectiveness of our Site;

To contact you regarding your satisfaction with our Service or to inform you of additional services that may be of interest to you. You may opt out of receiving these additional communications from us by following the opt-out procedures described below; and

To administer the Site, protect the Site and its contents from inappropriate use, analyze how the Site is used, and improve our visitors' experience.

SOME OF THE TECHNOLOGIES WE MAY USE

The following is a list of some of the technologies that may be used on our Site to support features, services, or analysis of data. We may also use similar technologies not expressly listed below.

Browser cookies are small pieces of data placed on your computer as you navigate websites with your browser. Browser cookies allow websites and various third-parties to distinguish your device from others by having the cookie consist of a unique identifier or other data. Cookies can have many uses, such as to target advertising, to enable website functionality, and for security. We may use both session cookies (which expire when you log off or after session time out) and persistent cookies (which stay on your computer until you delete them). Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of our website may not work properly and you may experience some inconvenience in your use of our offerings.

Local shared objects (such as "Flash" cookies) are associated with non-browser software like Flash Player. Local shared objects can be used like cookies to distinguish your device from others, but will not be deleted or blocked using browser cookie controls.

HTML5 local storage is another way that browsers can distinguish your device from others as well as remember data that may be important for the functioning of the website. Typically HTML5 local storage is only deleted if all Internet history, cache, and cookies are deleted. You should check your browser software on how to delete HTML5 local storage in your particular case.

Web beacons are image files that are used by third-party advertisers, analytics companies, and others. Web beacons are embedded in web pages you visit and cause your browser to share its IP address with the third-party source of the beacon, together with any cookies associated with that third-party. Web beacons can be used with or without cookies. Blocking cookies will not stop your IP address from being shared through the use of beacons.

E-tags are used to prevent duplicative downloading of content to your browser, which can enhance browser performance. E-tags use unique identifiers for content that can also be used to distinguish your browser in certain instances from others. Typically, e-tags are only deleted if all Internet history, cache, and cookies are deleted. You should check your browser software on how to delete e-tags in your particular case.

"Stat IDs" are generated based on certain enduring characteristics of your device (or browser), such as operating system version, installed fonts, display resolution, chipset, device ID, how your browser draws certain images, and other technical information or responses.

HOW IS MY INFORMATION SHARED?

To Provide You With Services. We may disclose your Personal Information and other information to third parties such as insurance companies, brokers, banking and financial institutions, licensed agents, Internal Revenue Service, state and local tax agencies, authorized Health Savings Account ("HSA") Trustees, or administrators, auditors, legal and financial advisors. If you submit an application for an insurance product to us, we may disclose your Personal Information to your chosen insurance company or broker to process your application. If you submit an application for an insurance product offered through an insurance agent or agency we work with, we may disclose your Personal Information to that agent or agency to process your requested quote or application. We may disclose your information in other instances in order to provide you the services that you have requested. To learn about the privacy practices of the particular insurance company or other entity you have chosen to do business with, please visit their websites or contact them directly.

To Vendors, Service Providers, and Affiliates. We may disclose your Personal Information and other information to other companies that help us process or service your applications, correspond with you, operate our business, or help us with the uses of your Personal Information and other information that are explained in this Privacy Policy. These companies may or may not be affiliated with us. When we use third-party business associates to help us operate our business, we have contracts with them that require them to keep your Personal Information confidential.

We may use third party analytics and payment processor services. For example, we may use the analytics services of Microsoft or Google, and the payment processing services of NatPay. Google's analytics services would allow us to learn how you use our Site by giving us the ability to collect information based on your interaction with the Site.

Legal Obligations. We may disclose or report your Personal Information and other information as required or permitted under law. For example, we may disclose your Personal Information to cooperate with regulators or law enforcement authorities, to comply with subpoenas and court orders, to prevent harm to persons or property, or to resolve consumer disputes.

Acquisition, Sale, or Reorganization. We may also use and disclose Personal Information and other information in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction. If the sale occurs, the purchaser will be entitled to use and disclose the Personal Information and other information collected by us, and the purchaser will assume the rights and obligations regarding your Personal Information as described in this Privacy Policy.

Aggregate Information. We may collect statistical information about registered users that use our Services on the Site ("Aggregate Information"). This statistical information is not Personal Information and cannot be tied back to you, your Account or your web browser. We may share Aggregate Information with prospective clients, partners, service providers and other persons with whom we conduct business.

HOW CAN I CORRECT THE INFORMATION YOU HOLD ABOUT ME?

If you want to correct or update your information, please contact us directly at support@twentyai.com. Additionally, you may update your name, email address, and password by signing in using your login credentials and changing such account information.

Please note that once your application has been submitted, you may need to contact the third party (e.g., insurance company or plan) directly to update your information.

WHEN DOES THIS PRIVACY POLICY NOT APPLY?

This Privacy Policy applies to this website and does not apply to other websites that are owned and/or operated by a third party. It does not apply to the health plans you may select. It does not apply to other websites operated by brokers, an insurance company, or a partner. For example, once you choose a particular plan from among the several plans offered on this website, the insurance company offering that particular plan may require that you give us additional information relating to your application such as your particular financial information so that the insurance company can process your initial premium payment (or, if you should also choose, your recurring automated premium payments). Once we share with that particular insurance company the financial and other information you have given us here on this website, that insurance company's privacy policy will govern their information privacy practices. As another example, if you initiated your application on another website that is owned or operated by another third party, the privacy policies of those third-parties apply to the information you provided them. Please review the privacy policy of the website on which you initiated your application to learn about their information privacy practices.

HOW DO YOU PROTECT MY INFORMATION?

We maintain administrative, physical, and technical safeguards to protect your Personal Information. We take privacy and security very seriously, but it is impossible for us or others to guarantee the safety and security of information under all circumstances. We also depend on you to protect your information. If you become aware of any incident of security or privacy, or if you receive/share any information in error please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

How long we retain your Personal Information

We retain your information for as long as is necessary to fulfill the purpose for which it was collected. We may retain your information for longer if necessary and relevant to our legitimate interests, in accordance with applicable legal obligations. This may include retention necessary to meet any regulatory or reporting requirements as well as time required to enforce the relevant terms of agreement or to identify, issue or resolve legal proceedings.

Your Password and Other Security Issues

We will ask you to set up a password so you can access your application on our website later. You should never share your password with anyone. If you forget it, we can assist you with retrieving your password through email (provided that you gave us your email address as your user ID when you created an account on our website), or we can help you retrieve your password by other means.

Links to Other Websites

Our website may contain links that allow you to visit other websites. We have no control over those websites, and this policy does not apply to them. We encourage you to read the privacy policies of these linked websites to learn about their information privacy practices.

INTERNATIONAL DATA TRANSFERS

We operate at a multi-national level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected.

When we transfer Personal Data outside the EEA or UK, we will ensure that this transfer complies with GDPR, UK GDPR and applicable laws.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you may ask us to refrain from sharing Personal Information with third parties for their own direct marketing purposes. Please contact us as described above to indicate your preference. Please also note that it may take us thirty (30) days to fully process your request.

PRIVACY OF MINORS

We do not knowingly collect any Personal Data from persons under the age of 18. If you are under the age of 18, please do not submit any Personal Data through our Site.

If you have reasons to believe that an individual under the age of 18 has provided Personal Data to us through our Site, please contact us via support@twentyai.com.

HOW CAN I OPT OUT OF RECEIVING COMMUNICATIONS?

If you want to opt out of any email communications or marketing, you may contact us at support@twentyai.com.

Please note that you will still receive communications from us regarding payroll, benefits, or insurance applications, even if you opt out.

WILL THIS POLICY CHANGE?

We may update this policy from time to time. We will provide notice of changes in our information privacy practices by posting revised versions on the website. Any changes we make to this policy will apply to the Personal Information we already hold about you, as well as any additional information we may collect. By your continued visits to the Site, you agree to the Privacy Policy as updated.

WHAT IF I HAVE QUESTIONS?

We are available to answer any questions you may have about our Privacy Policy or our information privacy practices. You may contact us at support@twentyai.com.