CONFIDENTIALITY AND DISCLOSURE STATEMENT

Heartivia is an application provided by RealWorks Teknoloji Anonim Şirketi (hereinafter referred to as "we", "us" or "our"). RealWorks Teknoloji Anonim Şirketi is the data controller of the Heartivia Platform. We have created this Privacy and Disclosure Statement to make sure you understand how we collect and use your personal information. RealWorks Teknoloji Anonim Şirketi aims to process the personal data of Heartivia users in accordance with international data protection provisions and the provisions of the Personal Data Protection Law No. 6698 ("KVKK") and other legislation. RealWorks Teknoloji Anonim Şirketi, as the "Data Controller" of your personal data that you have provided/will provide and/or obtained externally in any way due to your being a Heartivia user: • For the purpose for which the processing is necessary and in a relevant, limited and proportionate manner, • To maintain the accuracy and most current status of such personal data as provided by you to RealWorks Teknoloji Anonim Şirketi, • And to process your data in compliance with the conditions stipulated in the KVKK and international data protection provisions. In case of any change in the purpose or legal grounds for processing your personal data, this Privacy and Disclosure Statement will be updated and re-published by us. Heartivia allows you to track and analyze your health data to provide you with detailed health services.

This Statement explains the following:

What Personal Data Do We Collect About You?

We will only collect and use your personal data for the purposes set out in this notice. Personal data refers to all information that allows us to identify you as a user. Through this platform, we obtain and maintain information about you in various ways. In this context, we will collect and process the following data:

1.1. Personal profile information:

Account information (such as account identifier, profile picture, username, gender, date of birth, height, weight, email address, phone number, location, zip code and country).

1.2. Health data:

During the use of our application, your health data will be processed by sharing your health data with Apple Health and you within the scope of your explicit consent as described in this "Privacy and Clarification Text". The analysis results and reports of this data will be processed for medications and medication tracking, health measurements, sleep patterns and sleep tracking data, respiratory rate, heart rate data, pulse, body temperature, body fat, body resistance, nutrition, weight, oxygen saturation, blood data, blood oxygen level, blood sugar level, blood pressure level, activity status and levels, and other health data provided for the purpose of providing services. Your health data will be anonymized for training our algorithm and for scientific studies. Data such as Cycle Schedule, Stress test, Arterial Stiffness Detection, vascular data (e.g. pulse wave velocity, pulse waveform diagram, pulse wave conduction velocity, PPG, measurement time and vascular elasticity result and degree), ECG data (e.g. ECG measurement time, result, waveform, average heart rate and symptoms), and Sleep Breath Awareness (sleep time, heartbeat interval and blood oxygen saturation level) will be processed for service provision. None of the Services are medical firmware; the data should be used for reference only, not for medical study, diagnosis or treatment. In the case of a wearable device, the device will synchronize with Heartivia when connected. Data from third-party devices and apps that you choose to connect to Heartivia (such as device manufacturer, model, identifiers, and third-party app identifiers, including social media identifiers, health and fitness-related data, movement and nutrition-related data) will be synced to your Heartivia app. We encourage you to read the privacy and disclosure statements of the third-party applications and devices (especially Apple Health) you choose to connect to Heartivia. If you upload medical results and tests, a reference evaluation service is provided through our service provider OpenAI (located in the USA). Any identifiable information in your uploaded images may also be transferred to OpenAI.

1.3. Device and network information:

Your device information (such as MAC address, device serial number, IMEI or other identifiers, firmware version including mobile advertising identifiers, operating system, device type, and personal settings) will be collected for device management, including Bluetooth connections, managing device configurations, firmware updates, and viewing the source device of data. Your IP address, network type, and network connection will also be collected to improve your network experience. Additionally, permissions such as Physical activity, Phone, Storage, Location, Microphone, Camera, Contacts, Messaging, Calendar, Call logs, and Apple Health access are required to provide the services.

2. How We Use Your Personal Data?

To provide you with Heartivia functionalities and fulfill contractual obligations, we collect and process your data for customer relationship management, maintenance, software and system updates, user identification, and diagnostic, development, and repair purposes by healthcare professionals to whom you have given consent. Your health data will only be processed with your explicit consent for the services provided by RealHealth and may be shared with healthcare professionals with your consent. Your movement and health data will be stored by Heartivia and third-party health professionals you consent to, and will only be processed to make it accessible when you use the application. Heartivia supports sharing your health data with third-party health and movement apps or healthcare professionals based on your prior authorization. We use the information for purposes including: • Identifying and verifying your identity, • Allowing you to interact and connect with third-party healthcare professionals, • Delivering customized content and recommendations, • Providing promotions and offers (with your separate consent), • Protecting against fraud and other liabilities, • Complying with legal requirements and enforcing our policies. With your consent, we may combine your information with data from other sources or services you use. Access to your Apple and Google data may be requested, and explicit consent will be obtained as per their privacy policies. Without such consent, certain features may not be accessible. Rest assured, the data will not be used for marketing and advertising purposes. RealWorks Teknoloji Anonim Şirketi processes your personal information based on: • Your explicit consent for processing health data, • Your consent for receiving commercial electronic messages, • Legal necessity for contract performance and the legitimate interests of the data controller (without violating your rights). These conditions may be updated as needed.

3. How Long Do We Keep Your Personal Data?

We will not store your personal data longer than necessary for the purposes described. The retention period depends on the legal basis for processing your data and is tied to your active use of Heartivia. Data processed for business interests (excluding health data) is retained only as long as needed for its collection purpose, improvements, analytics, or customer service. Your data may also be processed based on your consent.

4. How and with whom do we share your personal data?

Heartivia supports sharing movement and health data from your device with third-party health and movement apps and/or relevant healthcare professionals or organizations based on your prior authorization. You may also authorize Heartivia to receive data from these apps. If cloud data synchronization is enabled for any app, data will be automatically synced to the Heartivia cloud. We recommend reviewing the privacy policies of third-party apps/services with which you share your data. Data may be transferred to third parties in Turkey and/or abroad as specified in Articles 8 and 9 of the KVKK. Based on your consent and service requirements, your data may be disclosed to: • Consultants – third-party healthcare professionals or organizations you connect with Heartivia, • Service providers – such as Google Firebase, our cloud service provider (see: https://bit.ly/realfirebase).

5. What are Your Rights and Options?

Pursuant to Article 11 of the LPPD, you may: a. Learn whether your personal data is being processed. b. Obtain information about the actions taken if your data has been processed. c. Learn the purpose of processing your data. d. Obtain information about third parties to whom your data is transferred. e. Request correction if your data is incomplete or incorrect. f. Request deletion, destruction, or anonymization if processing is no longer justified. g. Object to automated processing that produces a result against you. h. Demand compensation for damages from unlawful data processing. Additionally, you can: • Review the data we collect, • Delete your app-specific data, • Update or delete your Heartivia account information, • Opt out of marketing communications.

6. How can you contact us?

To exercise your rights or for questions and suggestions regarding your personal data processing, please send a written request or email to kvkk@realworkstechnology.com. Data Controller Address: Yıldız Mahallesi, Asariye Cami Çıkmazı, No.5, Beşiktaş / ISTANBUL

7. Updates to be made

This Privacy and Disclosure Statement may be updated to reflect changes in the way we collect and process your information or due to changes in applicable laws. We encourage you to periodically check for the latest version in the app settings.