Effective Date: May 25, 2026

Last Updated: May 25, 2026

IMPORTANT NOTICE: This Consumer Health Data Privacy Policy is a standalone document required by the Washington My Health MY Data Act (RCW Chapter 19.373). It governs only consumer health data collected through Bridging Care’s website (https://bridging.care). It does not govern protected health information (PHI) collected in connection with Bridging Care’s clinical care coordination services, which is governed by our Notice of Privacy Practices and applicable HIPAA regulations.

1. About This Policy and Who It Covers Bridging Care LLC (“Bridging Care,” “we,” “us,” or “our”) is a Washington State care coordination organization located at 1010 S. 336th Street, Suite 106, Federal Way, WA 98003. This Consumer Health Data Privacy Policy (“CHD Policy”) is published in compliance with the Washington My Health MY Data Act, RCW Chapter 19.373 (“MHMDA” or the “Act”). This CHD Policy applies to: • Any Washington State resident who visits our website at https://bridging.care; and • Any person whose consumer health data is collected in Washington State through the Site, regardless of residency. This CHD Policy covers consumer health data collected through the Site, including through contact and intake forms, appointment scheduling tools, and digital marketing and analytics technologies such as the Meta Pixel, Google Ads, Google Analytics, and Google Tag Manager. It does not apply to data we collect in our capacity as a HIPAA-covered entity or business associate through direct care coordination services. 2. What Is “Consumer Health Data” Under the MHMDA The MHMDA defines “consumer health data” broadly to mean personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. As applied to our Site, this may include: • Information about health conditions, symptoms, or diagnoses you share with us through contact or intake forms; • Data about your use of or interest in health care services, including care coordination, behavioral health counseling, or aging-in-place programs, as inferred from your browsing behavior on the Site; • Appointment scheduling data indicating that you are seeking health care services; • Location data or device identifiers that, in combination with other data, could indicate that you are seeking health care services; and • Any other personal information that identifies or is reasonably linkable to your past, present, or future health status collected through the Site. Importantly, aggregate or de-identified data that cannot reasonably be linked to an individual does not constitute consumer health data under the Act. 3. Categories of Consumer Health Data We Collect The following table identifies the categories of consumer health data we may collect through the Site, the purpose for collection, and the sources from which it is collected, as required by RCW 19.373.030.

4. Categories of Consumer Health Data We Share We may share consumer health data with the following categories of third parties, as required to be disclosed under RCW 19.373.030:

We do not sell consumer health data as defined under the MHMDA without a valid, signed consumer authorization. We do not share consumer health data with third parties for those parties’ own independent commercial purposes beyond what is described in this CHD Policy.

5. How and When We Obtain Your Consent The MHMDA requires that we obtain your consent before collecting or sharing consumer health data in certain circumstances. Bridging Care obtains consent as follows: A. Consent for Tracking Technologies Before deploying tracking technologies on the Site that collect consumer health data (including the Meta Pixel and Google Ads conversion tags), we will present you with a consent notice that discloses: the categories of consumer health data that will be collected; the purposes for which it will be used; the categories of third parties with whom it will be shared; and how you can withdraw consent. You must affirmatively consent before such tracking technologies are activated for your session. B. Consent for Form Submissions When you submit a contact or intake form that includes consumer health data, we will present a clear disclosure at the point of submission identifying how your information will be used and shared, and provide a mechanism for you to consent prior to submission. C. Withdrawal of Consent You may withdraw your consent to the collection or sharing of your consumer health data at any time by contacting us as described in Section 7. Withdrawal of consent does not affect the lawfulness of collection or sharing prior to your withdrawal. We will process withdrawal requests within 15 business days. 6. Your Rights Under the MHMDA Washington State residents and individuals whose consumer health data is collected in Washington have the following rights under RCW 19.373.040: Right to Confirm and Access You have the right to confirm whether Bridging Care is collecting, sharing, or selling consumer health data about you, and to access such data, including a list of all third parties and affiliates with whom we have shared your consumer health data. Right to Withdraw Consent You have the right to withdraw consent for the collection and sharing of your consumer health data at any time. Right to Deletion You have the right to request that we delete your consumer health data and to direct any third parties or affiliates to whom we have provided your data to also delete it, subject to applicable exceptions. Right to Non-Discrimination We will not unlawfully discriminate against you for exercising any of your rights under the MHMDA, including by denying services, charging different prices, or providing a lesser quality of service. Right to Appeal If we deny your request to exercise a right under this section, you have the right to appeal that decision. We will provide a written explanation of the basis for any denial and information about how to contact the Washington State Attorney General’s Office if you believe your rights have been violated. How to Submit a Request To exercise any of the rights described above, please submit a verifiable consumer request using one of the following methods: • Email: info@bridging.care (Subject line: “MHMDA Consumer Rights Request”) • Phone: (844) 224-3578 • Mail: Bridging Care LLC, Attn: Privacy Officer, 1010 S. 336th Street, Suite 106, Federal Way, WA 98003 We will acknowledge your request within 10 business days and provide a substantive response within 45 days of receipt. We may extend the response period by an additional 45 days where reasonably necessary, in which case we will notify you of the extension and the reason for it. We will fulfill verified requests free of charge up to two times per calendar year. To protect your privacy and security, we will take reasonable steps to verify your identity before processing your request. We will not require you to create an account with us as a condition of submitting a request. 7. Contact Information For questions about this CHD Policy, to exercise your MHMDA rights, or to submit a complaint, please contact our Privacy Officer: Bridging Care LLC — Privacy Officer 1010 S. 336th Street, Suite 106 Federal Way, WA 98003 Phone: (844) 224-3578 Email: info@bridging.care If you believe Bridging Care has violated your rights under the MHMDA, you may also file a complaint with the Washington State Attorney General’s Office at: Washington State Office of the Attorney General Consumer Protection Division 800 Fifth Avenue, Suite 2000, Seattle, WA 98104 Telephone: (206) 464-6684 | Toll-free: 1-800-551-4636 Website: https://www.atg.wa.gov/file-complaint 8. Geofencing Prohibition Consistent with RCW 19.373.080, Bridging Care does not implement, and prohibits the use of, geofencing technology that establishes a virtual boundary of 2,000 feet or less around any entity that provides in-person health care services for the purpose of identifying or tracking consumers seeking health care services, collecting consumer health data, or sending targeted notifications, messages, or advertisements related to health care services or consumer health data. Bridging Care’s digital advertising campaigns are reviewed and configured to ensure compliance with this prohibition. If you believe a Bridging Care advertisement reached you through geofencing near a health care facility, please notify us immediately at info@bridging.care. 9. Data Security Bridging Care maintains reasonable administrative, technical, and physical data security practices to protect consumer health data against unauthorized access, acquisition, use, disclosure, or destruction, consistent with the requirements of RCW 19.373.070. Access to consumer health data collected through the Site is restricted to Bridging Care personnel and authorized service providers with a legitimate need to access such data in connection with their job functions or contracted services. In the event of a security breach involving your consumer health data, we will notify you and applicable regulatory authorities as required by Washington State law, including the Washington Data Breach Notification Act (RCW 19.255). 10. Changes to This Policy We will update this CHD Policy to reflect material changes in our consumer health data practices, changes in applicable law, or changes in the third-party platforms and tools we use. When we make material changes, we will update the “Last Updated” date above. Because the MHMDA requires this Policy to be published as a separate and distinct document on our homepage, we will ensure the updated version is prominently linked from https://bridging.care following any material change. The Marketing Director or other marketing personnel are responsible for notifying the Privacy Officer whenever a new tracking technology, advertising platform, scheduling tool, or analytics platform is added to or removed from the Site so that this Policy can be updated accordingly.