Aether, Inc. — Privacy Policy

Version: 1.0 Last updated: April 22, 2026 Effective date: April 22, 2026

1. Introduction

1.1 Who We Are

Aether, Inc. ("Yellowstone," "we," "our," or "us"), a professional corporation organized under the laws of the State of Delaware, operates yellowstonescreening.com (the "Website") and provides a limited telehealth service that facilitates clinical review and, when appropriate, the issuance of a low-dose computed tomography ("LDCT") chest screening order (the "Service"). Yellowstone is a covered entity as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act and implementing regulations at 45 C.F.R. Parts 160 and 164 (collectively, "HIPAA").

1.2 Scope of This Policy

This Privacy Policy ("Policy") describes how we collect, use, disclose, retain, and protect information we obtain from and about you when you visit the Website, create an account, submit an intake form, or otherwise interact with the Service. This Policy should be read together with our Notice of Privacy Practices ("NPP"), which describes in further detail your rights and our obligations with respect to protected health information ("PHI") under HIPAA, and our Terms of Service.

1.3 How This Policy Interacts with HIPAA

Where information we collect constitutes PHI (as defined at 45 C.F.R. § 160.103), our handling of that information is governed by HIPAA and by our NPP. To the extent that any provision of this Policy is inconsistent with HIPAA or the NPP with respect to PHI, HIPAA and the NPP control as to PHI.

1.4 Consent

By using the Service, you acknowledge that you have read and understood this Policy. You are not required to consent to non-HIPAA uses of your information in order to receive treatment, and where your HIPAA authorization is required, we will request it separately and in a form that complies with 45 C.F.R. § 164.508.

2. Categories of Information We Collect

We collect information in two primary categories: (a) information you provide directly, and (b) information collected automatically through your use of the Website.

2.1 Information You Provide (Includes PHI)

When you create an account, complete the intake form, communicate with us, or otherwise engage with the Service, we collect:

(a) Identifiers and contact information. Full legal name; date of birth; sex assigned at birth; mailing address (street, city, state, ZIP Code); mobile telephone number; and email address. (b) Clinical intake information. Smoking history (pack-years, current/former status, quit date); other information material to the assessment of eligibility for LDCT screening under applicable guidelines; and any other clinical information you choose to provide. (c) Consent and acknowledgment records. Records of your acceptance of the Terms of Service, Informed Consent to Telehealth, and this Policy, including timestamps and, where applicable, IP address at time of consent. (d) Communications with us. Content of emails, secure messages, or other communications to or from our clinical, billing, or support personnel. (e) Payment information. Card brand, last four digits, billing ZIP, and transaction identifiers. Full card numbers and CVV codes are processed directly by our third-party payment processor and are not stored by Yellowstone.

Most of the foregoing constitutes PHI because it is individually identifiable health information created or received by us in connection with the provision of healthcare.

2.2 Information Collected Automatically (Generally Not PHI)

When you visit the Website, we and certain third-party service providers may automatically collect:

(a) Device and connection data. IP address, browser type and version, operating system, device type, screen resolution, language settings, and approximate geolocation derived from IP. (b) Usage data. Pages visited, time and date of visits, referring and exit URLs, clicks, form-interaction events (excluding the content of clinical submissions), and diagnostic logs. (c) Cookies and similar technologies. As described in Section 10.

We treat automatically collected data as confidential and apply technical and organizational safeguards. Where automatically collected data is combined with, or otherwise reasonably linkable to, PHI, we treat the combined data as PHI.

2.3 Information from Third Parties

We may receive limited information from third parties, such as payment processors (transaction confirmations), email-delivery providers (bounce and deliverability events), and fraud- or abuse-prevention services. We do not currently purchase or license PHI from data brokers.

2.4 Sensitive Information

Some of the information we collect—such as health information and, if applicable, precise geolocation—may constitute "sensitive personal information" under state consumer privacy laws. We use such information only for permitted purposes and in accordance with applicable law.

3. How We Use Information

We use the information described above for the following purposes.

3.1 Treatment, Payment, and Healthcare Operations

As a HIPAA-covered entity, we use and disclose PHI for treatment, payment, and healthcare operations ("TPO") as permitted under 45 C.F.R. § 164.506, including:

(a) Treatment. Clinical review of your intake, determination of eligibility for LDCT screening, issuance of the screening order, and provision of an ACR-accredited imaging-facility list. (b) Payment. Processing your payment for the clinical-review fee, reconciling transactions, and addressing disputes and chargebacks. (c) Healthcare operations. Quality assessment and improvement; provider credentialing and peer review; care-coordination activities consistent with the limited scope of the Service; business planning and management; legal and compliance activities, including conduct of an annual risk analysis and risk management required under 45 C.F.R. § 164.308(a)(1)(ii)(A) and (B); and auditing functions.

3.2 Service Provision and Account Management

To create and maintain your account; authenticate you; deliver the signed order PDF and imaging-facility list; respond to your inquiries; and communicate about your account or the Service.

3.3 Service Improvement and Analytics

To analyze usage patterns, troubleshoot errors, and improve the Website and Service. Where technically feasible, we use de-identified data (as provided under 45 C.F.R. § 164.514) or aggregated data for these purposes.

3.4 Security and Fraud Prevention

To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity; to protect the rights, property, and safety of Yellowstone, our patients, and the public; and to maintain the integrity of the Service.

3.5 Legal Compliance and Obligations

To comply with applicable law, regulation, legal process, or governmental request; to respond to subpoenas and court orders; to cooperate with public-health authorities; and to enforce our Terms of Service and other agreements.

3.6 De-Identified and Aggregate Data

We may create de-identified information in accordance with 45 C.F.R. § 164.514(b), which removes or obscures identifiers such that the information does not identify, and cannot reasonably be used to identify, any individual. De-identified data is not PHI and may be used and disclosed without restriction under HIPAA.

3.7 We Do Not Sell PHI or Sensitive Personal Information

We do not sell your PHI. We do not engage in "sales" of personal information in exchange for monetary consideration. See Section 8 for disclosures related to state consumer privacy laws, including regarding "sharing" for cross-context behavioral advertising.

4. HIPAA Permitted Uses and Disclosures

In addition to TPO, HIPAA permits or requires us to use or disclose PHI in certain circumstances. We may disclose your PHI:

(a) To you or your personal representative. As required by 45 C.F.R. § 164.502(g) and § 164.524. (b) With your written authorization. For any purpose not otherwise permitted by HIPAA, in accordance with 45 C.F.R. § 164.508. You may revoke an authorization in writing at any time, except to the extent we have already taken action in reliance on it. (c) For public health activities. Such as reporting to public-health authorities authorized to receive such reports, including the Centers for Disease Control and Prevention and state departments of health, pursuant to 45 C.F.R. § 164.512(b). (d) To report abuse, neglect, or domestic violence. To the extent authorized by 45 C.F.R. § 164.512(c). (e) For health oversight activities. Such as audits, investigations, or inspections by governmental agencies authorized by law, pursuant to 45 C.F.R. § 164.512(d). (f) For judicial and administrative proceedings. In response to a court order, subpoena, discovery request, or other lawful process, subject to the requirements of 45 C.F.R. § 164.512(e). (g) For law enforcement purposes. As permitted by 45 C.F.R. § 164.512(f), including in response to a grand jury subpoena, court order, or administrative request; to identify or locate a suspect, fugitive, material witness, or missing person; and to report crimes on our premises. (h) To coroners, medical examiners, and funeral directors. As permitted by 45 C.F.R. § 164.512(g). (i) For research purposes. Only with an Institutional Review Board or Privacy Board waiver of authorization, with your authorization, or pursuant to the limited-data-set provisions of 45 C.F.R. § 164.514(e). We do not currently use PHI for research without your authorization. (j) To avert a serious threat to health or safety. As permitted by 45 C.F.R. § 164.512(j). (k) For specialized government functions. Such as military and veterans' activities, national security, and protective services for the President, pursuant to 45 C.F.R. § 164.512(k). (l) For workers' compensation. To the extent authorized by and necessary to comply with workers' compensation or similar programs established by law, pursuant to 45 C.F.R. § 164.512(l). (m) As required by law. Where disclosure is required by federal, state, or local law, pursuant to 45 C.F.R. § 164.512(a).

For uses and disclosures that require your authorization (including most marketing, most sales of PHI, and most uses of psychotherapy notes), we will obtain your written authorization in advance, and you may revoke it at any time in writing.

5. Third Parties With Whom We Share Information

We do not sell your PHI. We share information only as necessary to operate the Service, comply with law, or with your authorization.

5.1 Business Associates

We share PHI with "business associates," as that term is defined at 45 C.F.R. § 160.103, under written agreements that require them to protect PHI consistent with 45 C.F.R. § 164.504(e). Our principal business associates include:

(a) Cloud infrastructure providers. Amazon Web Services, Inc. ("AWS") provides cloud hosting, storage, compute, and related infrastructure under a signed business associate agreement ("BAA") and using only HIPAA-eligible AWS services. (b) Transactional email providers. Twilio SendGrid, Inc. ("SendGrid") provides transactional email delivery (e.g., order PDFs, receipts, account messages) under a signed BAA. (c) Payment processors. To the extent a payment processor receives PHI beyond payment card data, it acts under a BAA. Processors that act only as "conduits" for payment card networks are not treated as business associates. (d) Security, logging, and monitoring providers. Providers that receive PHI in the course of supporting secure operations, audit logging, and incident response, each under a BAA. (e) Professional advisors. Accountants, auditors, and attorneys who receive PHI in the course of providing professional services, each under appropriate confidentiality and, where applicable, BAA arrangements.

5.2 Imaging Facilities

When the reviewing physician issues an LDCT screening order, the signed order PDF contains the information necessary for the imaging facility to perform the scan, including your name, date of birth, sex assigned at birth, relevant smoking-history data sufficient to support medical necessity, the ordering physician's name and credentials, and the clinical indication. The PDF is provided to you; you are responsible for delivering it to the imaging facility you select. When we transmit the order directly to an imaging facility at your direction, we do so for treatment purposes, which does not require your authorization under 45 C.F.R. § 164.506(c)(2). Imaging facilities are independent covered entities responsible for their own privacy practices.

5.3 Follow-On Clinicians

At your direction, we may transmit the order or related information to your primary care physician or another treating clinician to support treatment, payment, or healthcare operations.

5.4 Law Enforcement and Legal Process

As described in Section 4, we may disclose PHI in response to lawful process or governmental request. We review each request to confirm its legal validity and scope, and, where permitted, we notify affected individuals.

5.5 Corporate Transactions

In the event of a merger, acquisition, reorganization, dissolution, or sale of all or a portion of our assets, PHI may be transferred to the acquiring or successor entity, subject to HIPAA, applicable state law, and appropriate safeguards, including notice to affected patients where required.

5.6 Service Providers Not Handling PHI

We may share non-PHI data (e.g., aggregated analytics or account information) with service providers that support our general business operations, such as website analytics, customer support tooling, and error monitoring. These providers are contractually restricted from using data for their own purposes.

5.7 Directory and Marketing

We do not maintain a patient directory and do not use your PHI for marketing communications to third parties or to you without your written authorization where HIPAA requires one. Non-PHI contact information (such as your email address used for account signup) may be used to send you transactional messages related to the Service.

6. Data Retention

6.1 Minimum Retention Under HIPAA

We retain HIPAA-required records—including the records described at 45 C.F.R. § 164.316, such as policies, procedures, and documentation of privacy and security actions—for at least six (6) years from the date of creation or the date last in effect, whichever is later.

6.2 Medical Records and Orders

We retain clinical records and signed LDCT orders for the longer of (a) the period required by the state in which the ordering physician is licensed (which may range from approximately seven to ten years or more, and in some states longer for adult records); (b) any period required by federal law, including HIPAA; and (c) ten (10) years from the date of the clinical encounter, except where a longer period applies. Where required, we retain pediatric records until the minor reaches the age of majority plus the state-law retention period; because the Service is limited to adults, this provision is not expected to apply.

6.3 Account and Non-Clinical Records

We retain account and non-clinical records for as long as your account is active and for a commercially reasonable period thereafter for legitimate business purposes, including dispute resolution, fraud prevention, and enforcement of our agreements, unless a longer retention period is required or permitted by law.

6.4 Backups and Log Data

Backups and security logs are retained on defined schedules consistent with our information security program and applicable law, and are purged on rolling cycles.

6.5 Deletion and De-Identification

When retention periods expire and no legal hold applies, we securely delete or de-identify the information in accordance with industry standards and 45 C.F.R. § 164.514, where applicable.

7. Security Measures

7.1 Administrative, Physical, and Technical Safeguards

We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI and other personal information, consistent with the HIPAA Security Rule (45 C.F.R. §§ 164.302–164.318). Our safeguards include:

(a) Encryption. PHI is encrypted in transit using Transport Layer Security (TLS 1.2 or higher) and at rest using AES-256 or equivalent industry-standard encryption. (b) Access controls. Role-based access controls, least-privilege provisioning, multi-factor authentication for personnel with access to PHI, unique user identification, automatic session termination, and emergency access procedures. (c) Audit logging. Detailed, tamper-evident audit logs of access to and actions taken with respect to PHI, retained and reviewed in accordance with 45 C.F.R. § 164.312(b). (d) Workforce training and sanctions. Mandatory HIPAA privacy and security training for all workforce members, with documented sanctions for violations. (e) Risk analysis and management. At least an annual risk analysis consistent with 45 C.F.R. § 164.308(a)(1)(ii)(A), with risk management activities consistent with 45 C.F.R. § 164.308(a)(1)(ii)(B). (f) Incident response. A documented incident-response plan with defined roles, response timelines, forensic capabilities, and breach-notification procedures. (g) Contingency planning. Data backup, disaster recovery, and emergency-mode operation plans, consistent with 45 C.F.R. § 164.308(a)(7). (h) Vendor management. Due-diligence review of business associates, executed BAAs, and ongoing monitoring.

7.2 No Absolute Security

Despite these safeguards, no method of transmission or storage over the internet is completely secure. You are responsible for safeguarding your account credentials and promptly notifying us of any suspected compromise.

7.3 Reporting Suspected Incidents

If you believe your PHI or account has been compromised, contact us immediately at care@yellowstonescreening.com or at the Privacy Officer address in Section 17.

8. Your Rights Under HIPAA and State Law

8.1 HIPAA Individual Rights

Subject to limited exceptions, you have the following rights under HIPAA with respect to your PHI:

(a) Right of access. You have the right to inspect and obtain a copy of your PHI in the designated record set, in the form and format you request (including electronic form where readily producible), pursuant to 45 C.F.R. § 164.524. We will act on your request within thirty (30) days, with a single 30-day extension if we provide written notice of the reason for the delay. Fees, if any, for copies will be limited to a reasonable, cost-based fee consistent with HHS guidance. (b) Right to amend. You have the right to request that we amend PHI that you believe is inaccurate or incomplete, pursuant to 45 C.F.R. § 164.526. We will act on your request within sixty (60) days, with a single 30-day extension if we provide written notice. We may deny a request where permitted by HIPAA, and you may submit a statement of disagreement. (c) Right to an accounting of disclosures. You have the right to request an accounting of certain disclosures of your PHI made in the six years preceding your request, pursuant to 45 C.F.R. § 164.528. (d) Right to request restrictions. You have the right to request a restriction on uses and disclosures of your PHI for TPO, pursuant to 45 C.F.R. § 164.522(a). We are generally not required to agree, except that we must agree to a restriction on disclosures to a health plan where the disclosure is for payment or healthcare operations, the disclosure is not otherwise required by law, and the PHI pertains solely to a healthcare item or service for which you have paid out-of-pocket in full. (e) Right to confidential communications. You have the right to request that we communicate with you about PHI by alternative means or at alternative locations, pursuant to 45 C.F.R. § 164.522(b). We will accommodate reasonable requests. (f) Right to a paper copy of the NPP. Even if you have agreed to receive the NPP electronically, you have the right to request a paper copy at any time. (g) Right to be notified of a breach. You have the right to be notified of a breach of your unsecured PHI, as described in Section 12. (h) Right to complain. You have the right to complain to us or to the U.S. Department of Health and Human Services, Office for Civil Rights ("OCR"), without fear of retaliation. See Section 17 for contact information.

To exercise these rights, submit a written request to our Privacy Officer as described in Section 17.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"). Please note that PHI governed by HIPAA and medical information governed by the California Confidentiality of Medical Information Act ("CMIA") are generally exempt from CCPA/CPRA. For personal information that is not exempt, you have the right to:

(a) Know the categories and specific pieces of personal information we collect, the sources, purposes, and categories of third parties with whom we share or disclose it; (b) Delete personal information we collect from you, subject to exceptions; (c) Correct inaccurate personal information; (d) Opt out of sale or sharing. We do not sell personal information and do not share it for cross-context behavioral advertising; accordingly, there is nothing to opt out of, but we will honor Global Privacy Control signals where applicable; (e) Limit use of sensitive personal information. We use sensitive personal information only for purposes permitted under Cal. Civ. Code § 1798.121, and you may nonetheless submit a limitation request; (f) Non-discrimination. We will not discriminate against you for exercising your rights.

To exercise California rights, submit a verifiable request to privacy@yellowstonescreening.com or at the mailing address in Section 17. We will acknowledge receipt within ten (10) business days and respond within forty-five (45) days, with a single 45-day extension where reasonably necessary. Authorized agents may submit requests on your behalf with proof of authorization.

8.3 Other State Privacy Laws

Residents of other U.S. states with applicable consumer privacy laws—including, but not limited to, Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and Delaware (DPDPA)—may have rights similar to those above, including rights to access, delete, correct, and obtain a portable copy of personal data, and rights to opt out of targeted advertising, sale, or certain profiling. As with CCPA/CPRA, most PHI is exempt from these laws under HIPAA/HITECH exemptions, but we will respond to verifiable requests regarding non-exempt personal information in accordance with applicable law. We will respond to such requests within the period required by applicable state law (generally forty-five (45) days, with extensions where permitted). You may appeal a denial of a request in accordance with the applicable state statute and the instructions we provide with our response.

8.4 Exercising Your Rights

To exercise any right described in this Section, or to ask questions about it, contact us at privacy@yellowstonescreening.com or at the Privacy Officer address in Section 17. We will verify your identity before responding to substantive requests, which may require you to confirm account information or provide additional identification. We will not retaliate against you for exercising your rights.

9. Children's Privacy

The Service is intended for adults aged eighteen (18) and older. We do not knowingly collect personal information from, or direct the Service to, any individual under the age of eighteen. We do not knowingly collect personal information from children under the age of thirteen (13) in violation of the Children's Online Privacy Protection Act ("COPPA"). If we become aware that we have inadvertently collected personal information from a minor, we will take reasonable steps to delete that information. A parent or legal guardian who believes their child has provided us information may contact us at privacy@yellowstonescreening.com.

10. Cookies and Tracking Technologies

10.1 What We Use

We and our service providers use cookies, web beacons, pixel tags, local storage, and similar technologies (collectively, "cookies") for the following purposes:

(a) Strictly necessary. To operate the Website, enable core features (authentication, security, form integrity), and maintain session state. (b) Functional. To remember your preferences, such as language or display settings. (c) Analytics. To understand how users navigate and interact with the Website so we can improve it. Analytics are configured with privacy-protective settings and, where technically feasible, do not have access to PHI. (d) Fraud and security. To detect bots, credential-stuffing, and other abuse.

10.2 No Third-Party Advertising Cookies

We do not currently use third-party advertising, targeted-advertising, or cross-context behavioral-advertising cookies on authenticated pages that contain PHI. Where we use any non-essential cookies on marketing pages, we will provide a compliant consent interface and honor Global Privacy Control ("GPC") signals and similar universal opt-out mechanisms as required by applicable state law.

10.3 Managing Cookies

You may manage cookies through your browser settings, by using our cookie-preference interface (where available), or by sending a GPC signal. Disabling strictly necessary cookies may impair Website functionality.

10.4 Do Not Track

Because there is no industry-accepted standard for responding to "Do Not Track" browser signals, we do not currently respond to them, but we do honor GPC signals where required by applicable law.

11. International Users and Data Residency

The Service is offered only to U.S. residents physically located in the United States at the time of use, and your information is stored and processed in the United States. We do not intend the Service to be used by individuals located outside the United States, and we do not offer the Service outside the United States. If you are accessing the Website from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where privacy laws may differ from those in your country.

12. Breach Notification

In the event of a breach of unsecured PHI, we will comply with the HIPAA Breach Notification Rule at 45 C.F.R. §§ 164.400–164.414 and applicable state breach-notification statutes. Specifically, we will:

(a) Notify affected individuals without unreasonable delay, and in no event later than sixty (60) calendar days after discovery of the breach; (b) Provide the information required by 45 C.F.R. § 164.404(c), including a description of the breach, the types of PHI involved, steps individuals should take to protect themselves, what we are doing to investigate and mitigate, and contact information; (c) Notify the Secretary of Health and Human Services in accordance with 45 C.F.R. § 164.408 (annually for breaches involving fewer than 500 individuals, and without unreasonable delay and no later than sixty (60) days for breaches involving 500 or more individuals); and (d) Where a breach involves 500 or more residents of a state or jurisdiction, notify prominent media outlets serving that state or jurisdiction, as required by 45 C.F.R. § 164.406.

We will also comply with applicable state breach-notification statutes, which may require notice to state attorneys general, consumer-reporting agencies, or other authorities on different timelines.

13. Notice of Privacy Practices

This Policy is provided in addition to, and does not replace, our Notice of Privacy Practices, which is required by 45 C.F.R. § 164.520 and describes in detail how we may use and disclose your PHI, your rights with respect to your PHI, and our legal duties. The NPP is available at https://yellowstonescreening.com/notice-of-privacy-practices and in paper form upon request. In the event of any conflict between this Policy and the NPP with respect to PHI, the NPP controls.

14. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email to the address associated with your account, by in-Service notice, or by posting the updated Policy on the Website with an updated "Last updated" date. Material changes become effective no sooner than thirty (30) days after notice, except where an earlier effective date is required by law. Changes to the NPP that materially affect uses and disclosures of PHI will be made in accordance with 45 C.F.R. § 164.520(b)(3) and communicated as required by that provision. Continued use of the Service after the effective date of a change constitutes acceptance of the changes; changes do not, however, retroactively authorize uses or disclosures of PHI that required an authorization at the time of collection.

15. Automated Decision-Making and Profiling

We do not use fully automated decision-making to determine whether to issue you an LDCT screening order. The decision to issue or decline an order is made by a U.S.-licensed physician exercising independent clinical judgment, based on information you provide and applicable clinical guidelines. We may use software tools to support the physician's review (e.g., to flag out-of-range values), but those tools do not replace physician decision-making.

16. Accessibility

We strive to make this Policy, the NPP, and the Service accessible to individuals with disabilities in accordance with Section 1557 of the Affordable Care Act and the Americans with Disabilities Act. If you need this Policy in an alternative format or need assistance exercising your rights, please contact us at care@yellowstonescreening.com.

17. Contact and Privacy Officer

Privacy Officer / HIPAA Contact Person: [Privacy Officer Name]

Aether, Inc. Attn: Privacy Officer [Physical Mailing Address — Street, City, State, ZIP]

Privacy inquiries: privacy@yellowstonescreening.com General and clinical inquiries: care@yellowstonescreening.com Website: https://yellowstonescreening.com

17.1 Filing a HIPAA Complaint

If you believe your privacy rights have been violated, you may file a complaint with us at privacy@yellowstonescreening.com or with the U.S. Department of Health and Human Services, Office for Civil Rights, by any of the following means:

• Online: https://www.hhs.gov/ocr/complaints/
• Mail: U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201
• Phone: 1-877-696-6775

We will not retaliate against you for filing a complaint.

17.2 Filing a State Privacy Complaint

You may also file a complaint with your state attorney general or applicable state privacy authority. California residents may contact the California Privacy Protection Agency at https://cppa.ca.gov.

18. Entire Privacy Statement; Severability

This Policy, together with the NPP and the Terms of Service, constitutes the entire statement of our privacy practices. If any provision of this Policy is found to be unenforceable, the remaining provisions shall remain in full force and effect.

End of Privacy Policy.