ZULU APPLICATION PRIVACY POLICY Version 17 September 2025 I- GENERAL TERMS A- Definitions. “App” means the Zulu mobile application. “Consent” or “permission” means any freely given, specific, informed and unambiguous indication of your wishes by which You, by a statement or by a clear affirmative action, signify agreement to the Processing of Your Personal Data. “we”, “us,” or “our” means Zulu, the owner of the App and the entity responsible for Processing of Personal Data as described herein. “User”, “You” or “Your” means any natural person who installs, accesses, or uses the App. “Personal Data”, or “personal information” means any information relating to an identified or identifiable natural person, in particular by reference to identifiers such as name, identification number, location data, online identifier, or one or more factors specific to the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity. “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure or destruction. B- Introduction. We take Users privacy seriously. This Privacy Policy (“Privacy Policy”) explains our data protection policy and describes the types of information we may collect and process when You install and/or use the App. Our Privacy Policy applies to all Users. We process Your Personal Data only where we have one or more of the following legal bases: Your explicit Consent (e.g. for non-essential features, marketing, profiling, interest-based advertising) Performance of a contract to which You are a party (e.g. delivering healthcare services, scheduling appointments) Compliance with a legal obligation (e.g. retention for legal/regulatory reporting) Our legitimate interests (e.g. improving the App, security, fraud prevention) This Privacy Policy is an integral part of, and must be read in conjunction with Zulu App Terms and Conditions of Use. Please read our Privacy Policy carefully to understand how we collect and use information. When You use the App You acknowledge that You have read, understood, and agree to be bound by the terms of this Privacy Policy. 1
II- PERSONAL DATA COLLECTION & USAGE We collect and process the following categories of Personal Data: A- User provided data : 1- We may collect and store information that You voluntarily provide to us, such as Your name, email address, phone number, or other contact details, when You install and/or use the App, register for Services, or communicate with us directly. 2- We may also collect and store activity information which is directly related to Your use of the App: a) Calendar. We may ask for calendar permission to schedule calls with Healthcare Providers, or to add appointments to your device calendar. b) Camera. We may need technical access to Your camera roll such as for processing Optical Character Recognition (“OCR”) on User’s identification documents, or for the patient to join video conference service with Healthcare Providers. However, we cannot collect, store or use the data contained in Your camera roll. c) Storage. We may ask for storage permission in order to store captured images from the camera and then later access those images for the OCR purpose, and to access image, audio, video and files from Your device to upload on the App. d) Microphone. We may ask for microphone permission to allow the App to access and record microphone audio from the Users’ device to enable calling and chatting feature with the Healthcare Providers, and to enable video conference with them. The first time You try to use any of these features, we will ask for Your Consent within the App and will only allow you to use a feature if You give Consent. You do not have to provide Consent if You do not want to allow the App to interact with Your data as requested. B- Data that is processed automatically: When You use the App, some information about Your device and Your User behavior may be collected and processed automatically. This information is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We process this information on the ground of our legitimate interest in improving the App and giving our Users the best experience. If we do not access such data we may not be able to provide You with all the features of the App. We use third-party automatic data processing technologies to analyze certain information sent by Your device via the App (advertising or analytics tools). Some of them launch automated processing of Your Personal Data, including profiling, which means any form of automated processing of Personal Data used to evaluate certain personal aspects relating to You, in particular to analyze or predict aspects concerning Your personal preferences, interests, behavior, location or movements. Processing information through automatic data processing technologies starts automatically when You first time launch the App. Below are some examples: 2
a. Device Details: When You use a mobile device (tablet / phone / smartwatch) to access the App, some details about Your device are reported, including “device identifiers”. Device identifiers are small data files or codes stored on or linked to Your mobile device, which uniquely identify Your mobile device but do not reveal Your name, identity, or personality. Device identifier enables generalized reporting or personalized content and ads by the third parties. The Personal Data that can be processed is as follows: Information about the device itself : type of Your device, the unique Internet Protocol (IP) address, type of operating system and its version, model and manufacturer, screen size, screen density, orientation, audio volume and battery, device memory usage. Information about the internet connection : mobile carrier, network provider, network type, IP address, timestamp and duration of sessions, speed, browser. Location-related information : IP address, the country code / region / state / city associated with Your SIM card or Your device, language setting, time zone, neighboring commercial points of interest such as coffee shops etc. Device identifiers : Identify for advertisers for iOs devices/advertising ID or player identifiers (if they are set up by the App’s developer). b- Data about the applications We may collect and process certain technical data related to the App name, version, properties, configuration details, API key (a unique identifier used to authenticate the App with third party services), This information may be used for automated processing, analytics, or to improve the App's performance and security. Additionally, some third-party services integrated into the App may access a list of other applications or processes installed or running on Your device, depending on their own data collection practices. c- Cookies and similar technologies When You use the App, cookies and similar technologies may be used. A cookie is a text file containing small amounts of information which is downloaded to Your device when you access the App. The text file is then sent back to the server each time You use the App. This enables us to operate the App more effectively. For example, we will know how many Users access specific areas or features within the App and which links or ads they clicked on. We use this aggregated information to understand and optimize how the App is used, improve our marketing efforts, and provide content and features that are of interest to You. We may ask advertisers or other partners to serve ads or services to the App, which may use cookies or similar technologies. Refusal or removing cookies may obstruct Your User experience on the App. d- Log file Data: Log file Data is automatically reported each time You make a request to access the App. It can also be provided when the App is installed on Your device. When You use the App, analytics tools automatically record certain log file information, including time and date when You start and stop using the App, and how You interact with the App. e- In-App Purchases When You use the App, certain events such as in-App purchases, custom events may be automatically tracked through analytics and advertising tools integrated into the App. 3
Data provided automatically to advertising or analytics tools is often outside our control, therefore we cannot be responsible for processing such information. Some services are engaged in Personal Data profiling and may obtain information related to Your personality and/or Your device by using technologies that do not belong to our scope of responsibility and as such, we are not responsible for how these third parties collect, use, or process such information. f- Payment Data: All payments made through the App are processed by third-party payment processors (such as the relevant app store or payment gateway), which are solely responsible for handling Your billing information, including processing payments, managing refunds, and maintaining the security of Your payment data. We do not collect, store, or have access to Your credit card, debit card, or other payment information. Any Personal Data You provide during the payment process is subject to the privacy policies of the respective payment provider or app store. You may review the applicable in-app purchase terms, billing rules, and refund policies directly within the app store from which You downloaded the App. Access to limited payment-related data (such as transaction ID or purchase history) may be used solely for customer support, refund requests, and verifying transactions. III- THE PURPOSES OF PROCESSING YOUR PERSONAL DATA We process Your Personal Data for the following purposes: 1- To make the Services available . We use User provided data and data that is processed automatically to enable You to access and use all core features of the App and provide You with all requested Services (authenticate and verify your identity, schedule and manage appointments including integration with calendars, enable video or voice communications with Healthcare Providers etc.). 2- To improve, test and monitor the effectiveness and reliability of the App . We use data that is processed automatically to better understand User behavior and trends, detect potential outages and technical issues, to operate, protect, improve, and optimize the App. 3- To provide You with interest-based (behavioral) advertising or other targeted content . We may use data that is processed automatically for marketing purposes (to show ads that may be of interest to You based on Your preferences). We provide personalized content and information to You, which can include online ads or other forms of marketing. 4- To communicate with You . We use the contact information You submitted to communicate with You through newsletters, i.e. to send You marketing notifications, receive Your feedback about the App experience, and let You know about our policies and terms. We also use Your contact information to respond to You when You contact us. 5- To prevent fraud and spam, to enforce the law . We want the App to be free of spam and fraudulent content. We may use Your Personal Data to prevent, detect, and investigate fraud, security breaches, potentially prohibited or illegal activities, protect our trademarks and enforce our Terms and Conditions of use and comply with all legal obligations. 4
6- To collect statistics: We use the Personal Data to collect internal statistics that help us serve the Users in a better way. IV. PERSONAL DATA SHARING Except as specified below, we will not disclose your Personal Data without your permission. We may share Your Personal Data with selected third parties when necessary to provide our Services, comply with legal obligations, or improve user experience. These third parties may include: Service providers or sub-processors that support the functionality of the App and provide automatic data processing technologies for the App (e.g., cloud hosting, analytics, payment gateways) under appropriate data processing agreements which require them to protect Your data in accordance with applicable law. Healthcare Providers if required by the Services You requested (e.g. video consultations). Personal Data entered on the App or retrieved from the App, such as information about Your medical history, doctors and prescriptions is used to provide You with tailored Services in conjunction with Your engagement with Your Healthcare Providers. Advertising and marketing partners, for delivering personalized content and advertisements (subject to Your Consent, where required by applicable law). Legal authorities, if required to do so by law, regulation, court order, government request, or to protect legal rights or public safety. Affiliated companies, subsidiaries, or successors in interest, in the event of merger, acquisition, sale of all or a portion of our assets or reorganization of Zulu with notice to You. We ensure that any third parties with whom we share Your Personal Data are bound by appropriate confidentiality and data protection obligations. However, we cannot guarantee the security of any information transmitted from us to any such third parties. We are not responsible for any accidental loss or unauthorized access to Your Personal Data through a fault of third parties. We do not rent or sell your personally identifiable information to third parties. However, circumstances may arise where we may decide to reorganize or divest part or all of our business or of a line of our business, including our information databases and websites, through a sale, divestiture, merger, acquisition, or other means of transfer. In any such circumstance, personally identifiable information may be shared with, sold, transferred, rented, licensed or otherwise provided or made available by us or on our behalf to actual or potential parties to, and in connection with, the contemplated transaction (without Your Consent or any further notice to You). In such circumstances, we will seek written assurances that personally identifiable information submitted through the App will be protected appropriately. In addition, the App may contain links to third-party websites/services or You may access the App from a third-party site. We are not responsible for the privacy practices of these third-party websites or services linked to or from the App, including the information or content contained within them. Users are encouraged to read the third party privacy policies prior to providing any Personal Data to third-party websites. V- INTERNATIONAL DATA TRANSFERS We and third-party organizations that provide automatic data processing technologies for the App may transfer the automatically processed information across borders and from Your country or jurisdiction to other countries or jurisdictions around the world, which may or may not have the same data protection laws as in Your jurisdiction. 5
This means that Your Personal Data can be transferred to a third country or to the international organizations where data protection and confidentiality regulations may not provide the same level of protection of a Personal Data as Your country does. These transfers are necessary for the purposes described in this Privacy Policy, including the operation of our Services, data storage, analytics, and other processing by third-party service providers. We ensure that such international data transfers are subject to appropriate safeguards, including standard contractual data protection clauses. By using the App, You acknowledge and Consent to the transfer of Your Personal Data to countries outside Your country of residence or to the international organizations that provide automatic data processing technologies for the App. VI- PERSONAL DATA RETENTION We generally retain Your Personal Data for as long as is necessary for performing the functional service of the App and to comply with our legal obligations. If You no longer want us to use Your information that we physically access and store, You can request that we erase Your Personal Data and close Your account. However, some Data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit etc.) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts. After expiration of the retention period, data will be securely deleted, destroyed or anonymized, unless otherwise required by law. VII. YOUR RIGHTS AND OBLIGATIONS A- Your rights regarding Personal Data 1- Applicable data protection laws give You certain rights regarding Your Personal Data. You have the following options in relation to Your Personal Data that was collected: a. Right to Access. You have the right to request access to the Personal Data we hold about You. b. Right to Rectification. Where You cannot update data by yourself through Your account, You have the right to ask to correct, change, update or rectify Your Personal Data. c. Right to Erasure. Your Personal Data is generally retained for as long as Your User profile is in existence or as it is needed to provide the relevant Services. However, specific retention times can vary based on context of the processing performed. You have the right to request to delete all or some of the Personal Data that is held about You subject to legal or contractual obligations. d. Right to Restrict Processing. You have the right to request that we restrict the processing of Your Personal Data in certain situations. 6
e. Right to Object. You can object to the processing of Your Personal Data where it is based on our legitimate interests (improving our Services, preventing fraud etc.) or used for direct marketing (promotional emails, ads, push notifications etc.). f. Right to Data Portability. You may request a copy of Your Personal Data in a structured, commonly used, and machine-readable format. g. Right to Withdraw Consent. If we rely on Your Consent to process Your Personal Data, You have the right to withdraw it at any time. This does not affect any processing done before Your withdrawal. 2- To exercise any of the rights described above, You can contact us. We may ask you to verify your identity before processing your request. We will respond within the time frame required by applicable law. We only ensure the above mentioned rights with respect to the Personal Data that we physically access and store. B- Your obligations regarding Personal Data 1- By installing and using this App, You have agreed to receive e-mail notifications, text messages, or any other messaging platform and mobile push notifications that are necessary for us to communicate important information to You such as your upcoming appointments or status updates against Your Service requests. These messages will not include the substance of those communications unless we have received a standing instruction from You to the contrary. If no standing instruction is on file from You to include the substance of the notifications, the messages will be for notification purposes only. You will have to login to Your account through the App to review these messages. 2- You are solely responsible to maintain the secrecy of Your passwords and/or account information. Please be aware that the App is providing you the ability to store any relevant data, including sensitive information, on the App, and has adopted many levels of security to protect this data. However, any individual with Your account information and password can access this data. Please be careful and responsible whenever You are online and change Your password frequently. VIII. OPT OUT & PERMISSIONS A- Opt-Out Of Marketing Tracking If You don’t want third-party service providers to use to personalize ads on the basis of Your interests please follow the instructions on the following links: For iOs: ……….. For Android: …….. When You opt out of certain interest based advertising, You may still continue to receive contextual ads based on other non-personal information, such as ads related to the content of other digital products You are using. B- Opt-Out Location Data Processing If You don't want third-party service providers to use Your precise location data please follow the instructions on the following links: For iOs: ……….. For Android: …….. 7
C- Opt-Out of Consent Depending on the User’s specific device, we may request certain permissions that allow the App to access the User’s device. By default, these permissions must be granted by the User before the respective information can be accessed. If User grants the permissions requested, the respective Personal Data can be processed (i.e accessed) by the App. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact Zulu for support. The exact procedure for controlling the App permissions may be dependent on the User’s device and software. Please note that the revoking of such permissions might impact functioning of certain features and Services of the App. IX. SECURITY MEASURES We implemented reasonable and appropriate technical measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. We implement appropriate encryption methods are used to protect information which is deemed sensitive or any other information that should remain secure under applicable Law. Zulu web servers are secured with 256-bit Secure Socket Layer ("SSL") encryption technology. SSL encryption is an industry standard technology and is used to protect Your Personal Data. Any employee or contractor requiring access to technology relating to Your information may be given password access by Zulu to carry out service and maintenance related functions. This access is reviewed on a regular basis, and parties granted such access are bound by confidentiality obligations. To prevent loss of information, all Personal Data is backed up regularly. Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect Your personal data, nevertheless, we cannot guarantee its absolute security. In the event that Your Personal Data is compromised as a breach of security, we will promptly notify You in compliance with applicable law. X. CHILDREN'S PRIVACY We do not knowingly collect or solicit any Personal Data from children under the age of 18 without verification of parental or guardian Consent. If You are under the age of 18, do not use or provide any information on this App or through any of its features without parental or guardian Consent. XIl. PRIVACY POLICY MODIFICATIONS We may amend this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or new features as referred to in the Zulu App Terms and Conditions of Use. 8