1. Roles and Responsibilities

OS reboot is operated by Ambiguous Inc., a California corporation with its principal place of business at 1804 Union Street, San Francisco, CA 94123. The Medical Track is operated by an independent licensed medical services organization (the "Medical Entity" or "MSO") that contracts with the prescribing physicians and a state-licensed 503A compounding pharmacy. The MSO, the medical group, and the pharmacy are independent third parties.

Ambiguous Inc. and OS reboot are not HIPAA covered entities. The Medical Entity is the covered entity (or business associate) that maintains your Protected Health Information under its own Notice of Privacy Practices. To the extent OS reboot's systems route intake form submissions to the Medical Entity, we do so under contractual obligations to protect the confidentiality and security of that information consistent with applicable law. We do not store PHI longer than necessary to route it to the Medical Entity.

The MSO and its affiliated medical group each maintain their own Notice of Privacy Practices, which apply to PHI in their custody. You will receive that Notice from the medical group as part of the Medical Track intake process.

2. What Information Is Covered

Protected Health Information (PHI) includes individually identifiable health information that relates to your past, present, or future physical or mental health; the provision of health care to you; or payment for health care. PHI collected through the Medical Track may include:

3. How PHI Is Used and Disclosed

The medical group and pharmacy may use and disclose your PHI without your specific authorization for the following purposes:

Other uses or disclosures (e.g., for marketing or research) require your written authorization, except where HIPAA specifically permits such uses without authorization.

4. Your Rights Regarding PHI

You have the right to:

To exercise these rights, contact the medical group directly using the channels provided during your intake, or contact OS reboot at hello@osreboot.com (with subject: Privacy Request) and we will help route your request.

5. Our Privacy Obligations

The Medical Entity and its affiliated medical group are committed to:

OS reboot supports these obligations by using encrypted transmission for any data routing it facilitates and by minimizing the amount of PHI it processes.

6. Breach Notification

In the event of a breach of unsecured PHI, you will be notified in accordance with the federal HIPAA Breach Notification Rule and any applicable state law. Notification will be provided without unreasonable delay and in any case no later than 60 days after discovery of the breach.

7. Authorization for Other Uses

Uses and disclosures of PHI not described in this Notice will be made only with your written authorization. You may revoke an authorization at any time in writing, except to the extent that we have already acted in reliance on it.

8. Marketing and Sale of PHI

We will not use or disclose your PHI for marketing purposes or sell your PHI without your written authorization, except as permitted by HIPAA (such as for face-to-face communications or promotional gifts of nominal value).

9. Psychotherapy Notes

The Medical Track does not provide mental health treatment or generate psychotherapy notes. If you have mental health concerns, please consult with an in-person provider.

10. Changes to This Notice

We may revise this Notice from time to time. Revised Notices will be effective for PHI we maintain at the time of the revision. The current version will always be available at this URL, and we will post a notice on the Site or send an email when material changes are made.

11. Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

No retaliatory action will be taken against you for filing a complaint.

12. Contact

For questions about this Notice or to exercise your rights:

OS Reboot
Operated by Ambiguous Inc.
1804 Union Street, San Francisco, CA 94123
Email: hello@osreboot.com — use subject "Privacy Request" to route

For PHI in the custody of the medical group, contact the medical group directly using the channels provided during your intake.