Introduction

SemantIQ, Inc. ("SemantIQ", "we", "our", or "us") provides an AI-native web application and agentic workflows that allow authorized users to build healthcare provider and direct to consumer segmentation, generate audience planning briefs, conduct target list profiling, and analyze healthcare claims-derived insights. This Privacy Policy explains how we collect, use, store, and disclose information through the SemantIQ Agent and related platform services ("Platform Services").

‍

SemantIQ does not process Protected Health Information (PHI). All healthcare claims data used within the Platform Services is de-identified pursuant to HIPAA Safe Harbor or Expert Determination. We may process identifiable information about healthcare providers (e.g., NPI, name, specialty) and ZIP+4 level geographic data for DTC audiences.

‍

This Privacy Policy describes how SemantIQ collects, stores, uses and discloses information about users of our Platform Services. Our "Platform Services" means (i) the website located at https://semantiqhealth.com (the "Site"), (ii) any services, features, and content downloadable or accessible from the Site (for example, and without limitation, when you log in to your Account via the Site) and (iii) any other SemantIQ application, software, product, or service licensed, downloaded or otherwise accessed by you, whether through SemantIQ or third party websites or sources.

‍

This Privacy Policy (Users of Platform Services) (this "Privacy Policy") is incorporated into and is subject to our Terms of Use at https://semantiqhealth.com/terms-of-service (the "Terms of Use"). By using the Platform Services, you agree to SemantIQ's collection, storage, use and disclosure of your information as described in this Privacy Policy. If you disagree with anything in this Privacy Policy, please do not use the Platform Services.

‍

1. Who are "YOU"?

We refer to "you" a lot in this Privacy Policy. As used in this Privacy Policy, "you" refer to "SemantIQ Customers", which means direct business users of SemantIQ's Platform Services. It does not apply to consumers or patients. SemantIQ Customers may be users of our free analytics, life science companies, foundations, payers, providers, brands, researchers, advertising platforms and advertising agencies, just to name a few examples. Users of the Site are also SemantIQ Customers.

2. How does SemantIQ work?

SemantIQ provides an AI-native data infrastructure and agentic workflows that enable authorized users to:

‍

• Build and explore healthcare provider segmentations, including outputs that may contain National Provider Identifiers (NPIs) and associated provider-level attributes.
• Design DTC audiences that are restricted to ZIP+4-level geographic granularity built and modeled from de-identified claims data (SemantIQ does not provide more granular location for DTC use, such as individual households).
• Generate agentic audience planning briefs, target list profiling, and analytics derived from de-identified healthcare claims datasets and related reference data.

‍

SemantIQ's underlying data sources include de-identified medical and pharmacy claims, healthcare provider directories, SDOH and other contextual datasets, and customer-provided data (such as NPI lists or target lists). These datasets are either:

‍

• De-identified in accordance with HIPAA (Safe Harbor and/or Expert Determination); or
• Otherwise provided in a form that does not include Protected Health Information ("PHI") as defined under HIPAA.

‍

Using these datasets, SemantIQ provides analytics and actionable insights to SemantIQ Customers, including segment counts, segment compositions, market metrics, and provider-level attributes, all subject to strict privacy, minimum-size, and re-identification safeguards.

3. Information we collect

If you are a SemantIQ Customer or Platform User, we may collect information (a) that you provide directly and (b) that is collected automatically when you use the Platform Services.

‍

3.1 Information You Provide

‍

We collect information that you voluntarily provide when you register for an account, submit a lead-generation form, communicate with us, pay for the Platform Services, request support, or upload Customer Data. This may include:

‍

• Name
• Company name and role/title
• Business email address
• Business phone number
• Mailing address
• Billing and payment information
• Communication and notification preferences
• Customer Data you upload (e.g., NPI lists, target lists, CRM exports, or other datasets) as permitted under SemantIQ's Terms of Service

‍

3.2 Information Collected Automatically

‍

When you access or use the Platform Services, we may automatically collect certain technical and usage information, including:

‍

• Internet Protocol (IP) address
• Browser type and device type
• Operating system
• Referring and exit URLs
• Access times, session timestamps, and general location (city/region level)
• Web log and usage data (e.g., pages viewed, features used, search queries, error logs, interaction events)

‍

We may collect this information through cookies, pixels, and similar technologies. Your device, browser, and operating system settings may allow you to manage or disable these technologies.

‍

3.3 Personally Identifiable Information ("PII")

‍

As used in this Privacy Policy, "Personally Identifiable Information" or "Personal Data" refers to information relating to an identified or identifiable natural person, as defined under U.S. law, the California Consumer Privacy Act (as amended), and the European GDPR.

‍

SemantIQ processes three categories of Personal Data:

‍

(A) Personal Data About Platform Users

‍

We collect and process Personal Data from individuals who create or use SemantIQ accounts ("Platform Users"), including:

‍

• Name, business email address, business phone number
• Employer, title, and role
• Login credentials and account settings
• Billing, invoicing, and administrative information
• Usage and interaction data as described in Section 3.2

‍

We process this information to authenticate users, operate and secure accounts, provide and improve the Platform Services, and manage our customer relationships.

‍

(B) Personal Data About Healthcare Providers ("HCP Data")

‍

SemantIQ also processes certain information about healthcare professionals, such as:

‍

• National Provider Identifier ("NPI")
• Name, specialty, taxonomy, and practice locations
• Professional attributes derived from de-identified claims and reference datasets (e.g., prescribing activity, referral relationships, patient panel characteristics), used only in de-identified or aggregated form where applicable
• Additional provider attributes uploaded by customers (e.g., custom HCP lists)

‍

HCP Data originates from public sources (e.g., NPPES), third-party data partners, and de-identified claims datasets. It does not include Protected Health Information ("PHI") or patient-identifiable data.

‍

SemantIQ does not combine HCP Data with any identifiable patient information and does not attempt to re-identify any patient from de-identified datasets.

‍

(C) Customer Data Provided by Customers

‍

When customers upload their own NPI lists, target lists, CRM records, or other datasets, SemantIQ processes that information solely to provide the Platform Services, in accordance with the applicable contract or Data Protection Agreement.

‍

3.4 Controller vs. Processor Roles

‍

Controller:

‍

SemantIQ acts as an independent controller when processing Personal Data that we determine the purposes and means for—such as Platform User data, publicly available HCP Data, and SemantIQ-created datasets or claims-derived insights.

‍

Processor / Service Provider:

‍

When customers upload their own Customer Data and SemantIQ processes it according to their written instructions, SemantIQ acts as a processor or service provider. We do not use Customer Data for any purpose other than providing the Platform Services.

‍

No PHI Processing:

‍

SemantIQ does not receive, require, or process Protected Health Information ("PHI") as defined under HIPAA and does not attempt to re-identify any individual from de-identified datasets.

4. How we use the information we collect

We use the information described in Section 3 to operate, maintain, secure, and improve the Platform Services and to support our business operations.

‍

4.1 Use of Platform User and Customer Information

‍

We use Personal Data and Customer Data to:

‍

• Operate, maintain, authenticate, and administer user accounts
• Provide, support, and enhance the Platform Services
• Respond to questions, support requests, and technical issues
• Analyze usage patterns to improve workflows, performance, and user experience
• Develop new features, modules, and integrations
• Manage customer relationships, including billing and invoicing
• Secure the Platform Services and prevent fraud, misuse, or unauthorized access
• Send administrative, operational, and service-related communications (e.g., updates, security notices, feature releases)

‍

Users may manage their marketing communication preferences as described in the "Your Choices" section.

‍

4.2 Use of HCP Data

‍

We use HCP Data to:

‍

• Build, enrich, and deliver HCP audience segments and profiling
• Generate insights and agentic audience briefs about provider behaviors and market patterns
• Provide measurement and analytics (e.g., provider-level indicators, script lift, referral-based insights) in aggregated or de-identified form
• Improve the coverage, accuracy, and quality of HCP-related data and models used within the Platform Services

‍

Restrictions: SemantIQ does not use HCP Data to determine employment, credit, insurance, or healthcare service eligibility, and does not use HCP Data to make clinical treatment decisions.

5. Information disclosure

We may disclose personal information collected from SemantIQ Customers under the following circumstances:

‍

5.a To Service Providers.

‍

We work with service providers to provide application development, hosting, maintenance, and other services for us. We may transfer, and these service providers may have access to or process information about you as part of providing those services for us. Generally, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.

‍

5.b To Comply with Laws.

‍

We may disclose information about you if required to do so by law or in the good-faith belief that such action is necessary to comply with laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

‍

5.c To Protect Our Legal Rights.

‍

We also reserve the right to disclose information about you that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third party claims or allegations; (iv) protect the security or integrity of the Platform Services and any facilities or equipment used to make the Platform Services available; or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.

‍

5.d In Corporate Reorganizations.

‍

Information may be disclosed during due diligence or in preparation for or after an acquisition or merger, consolidation, change in control, transfer of substantial assets, financing, reorganization or similar corporate transactions with requirements for the receiving party to maintain the confidentiality of such information, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

‍

5.e To Analytics Providers.

‍

We use analytics services such as Google Analytics to collect and process certain analytics data. You can learn more about Google's practices by visiting https://www.google.com/policies/privacy/partners/. To help us understand how you use our Platform Services and to help us improve them, we automatically receive information about your interactions with our Platform Services, like the pages or other content you view, the searches you conduct, purchases you make, and the dates and times of your visits.

‍

5.f For cross-contextual advertising on other sites across the web.

‍

In certain cases, for example, when you visit SemantIQ's website in a non-logged-in state, we will place a tracker in your browser that allows us to show you SemantIQ content on other websites. California and Virginia users can opt-out of this tracking.

‍

5.g Interest-Based or Targeted Advertising.

‍
SemantIQ may work with third-party partners to support interest-based or targeted advertising. Users may opt out of targeted advertising by contacting SemantIQ at privacy@semantiqhealth.com.

‍

5.h Exercising Your Rights

‍

To request access to your personal information or request deletion or correction or opt out of sale, please submit a verifiable request through one of the following methods:

• Email: privacy@semantiqhealth.com

6. Retention

When we collect Personal Data, we keep it for as long as we need it for the purpose for which it is being processed. For example, we will retain your email information for as long as the Platform Services are active or as needed to provide the Platform Services to you. After that, we will keep the Personal Data for a period which enables us to handle or respond to any complaints, queries or concerns relating to your use of our services. We retain the data we collect directly for targeting purposes for as little time as possible, after which we employ measures to permanently delete or de-identify the data. We will periodically review the Personal Data we hold and delete it securely when there is no longer a legal, business, or consumer need for it to be retained.

7. Your choices

You may, of course, decline to disclose certain information to us, in which case we may not be able to provide to you some of the features and functionality of the Platform Services.

‍

If you wish to access or amend any other PII we hold about you, you may contact us at privacy@semantiqhealth.com. Please note that while any changes you make will be reflected in our databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

‍

If you receive commercial email (e.g., promotions) from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us by sending your request to us at privacy@semantiqhealth.com or by writing to us at the address at the end of this Privacy Policy. Please be aware that it may take up to ten (10) business days for us to process your request, and you may continue to receive commercial email from us during that period. Additionally, even after opting out from receiving commercial email from us, SemantIQ Customers will continue to receive administrative messages from us regarding the Platform Services (such as security notices, outage notifications, or billing-related messages).

‍

Some of our advertising partners are members of the Network Advertising Initiative (https://optout.networkadvertising.org) or the Digital Advertising Alliance (https://optout.aboutads.info). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.

‍

Under California law, California residents who have an established business relationship with us may choose to opt out of the disclosure of PII about them to third parties for such third parties' direct marketing purposes. Our policy is not to disclose PII collected online to any third party for direct marketing purposes without your approval. If you choose to opt-out at any time after granting approval, please email privacy@semantiqhealth.com.

8. Third party services

The Platform Services may be integrated with, or contain features or links to, apps and services provided by third parties. Any information you provide on third party apps and services is provided directly to the operators of such apps and services and is subject to those operators' policies, if any, governing privacy and security. We are not responsible for the content or privacy and security practices and policies of such third parties. We encourage you to learn about third parties' privacy and security policies before providing them with information.

9. Data security

We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of information that we collect and maintain. Please be aware that no security measures are perfect or impenetrable. We cannot and do not guarantee that information about you will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

10. Children's privacy

The Platform Services are not directed to children under the age of 18. We do not knowingly collect any information at all from children under the age of 18. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at privacy@semantiqhealth.com.

11. International transfer

We may transfer information that we collect about you to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Economic Area (EEA) or other regions with laws governing data collection and use that may differ from U.S. laws, please note that you are transferring information, including PII, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. and the use and disclosure of information about you, including PII, as described in this Privacy Policy.

12. European Economic Area and California appendices

If you are located in the European Economic Area (EEA), please further see Appendix A at the end of this Privacy Policy. If you are a California resident, please further see Appendix B at the end of this Privacy Policy.

13. Changes and updates to this privacy policy

We may update this Privacy Policy from time to time. Please revisit this Privacy Policy periodically to stay aware of any changes. If we modify this Privacy Policy, we will make it available through the Platform Services, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address if we have one on file, or generate a pop-up or similar notification when you access the Platform Services for the first time after such material changes are made. Your continued use of the Platform Services after the revised Privacy Policy has become effective indicates that you have read, understood and agreed to the latest version of this Privacy Policy.

14. Dispute resolution

This Privacy Policy shall be governed by the laws of the State of Delaware without regard to conflict of laws provisions. Any dispute, claim or controversy arising out of or relating to this Privacy Policy shall be subject to the dispute resolution provisions in our Terms of Use.

15. How to contact us

Please contact us with any questions or comments about this Privacy Policy, information we have collected or otherwise obtained about you, our use and disclosure practices, or your consent choices by email to privacy@semantiqhealth.com or by physical mail to:

‍

SemantIQ Inc.
2261 Market Street STE 86944
San Francisco, CA 94114

Appendix A: ADDITIONAL NOTICE — EUROPEAN ECONOMIC AREA

Your Rights

‍

We respect your privacy rights and provide you with reasonable access and rights to the Personal Data, as this term is referred to for individuals located in the European Economic Area (EEA), pursuant to the European Directives 95/46/EC and 2002/58/EC (EU General Data Protection Regulations Legislation, also known as GDPR), that you may have provided through your use of the Platform Services. If you live in one of those countries, and wish to access, amend, delete, or transfer any Personal Data we hold about you, you may contact us as set forth in the "How to Contact Us" section in the Privacy Policy.

‍

You may update, correct, or delete your Personal Data and preferences at any time by request to us. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

‍

You may decline to disclose certain Personal Data to us, in which case we may not be able to provide to you some of the features and functionality of the Platform Services.

‍

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us as set forth in the "How to Contact Us" section in the Privacy Policy. You also have a right to lodge a complaint with data protection authorities.

‍

Legal Basis for Processing Personal Data; Retention

‍

SemantIQ will only collect and process Personal Data when we have lawful bases for doing so. These lawful bases include when you provide consent, when we have a contractual obligation to collect or process your Personal Data, and when we have a legitimate interest in processing your Personal Data.

‍

Transfers

‍

Where we transfer your Personal Data outside the EEA, we rely on approved standard EEA Model Clauses so these transfers are conducted in accordance with applicable laws and using adequate and appropriate safeguards.

Appendix B: SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

Introduction; "Personal Information" under the CCPA

‍

This Appendix B supplements the information contained in our Privacy Policy above and applies solely to those of you who reside in the State of California. We adopt this supplemental notice to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020, (the "CCPA"). Any terms defined in the CCPA have the same meaning when used in this Appendix B, unless otherwise noted.

‍

Under the CCPA, "personal information" is information that identifies, relates to, describes, or is capable of being associated with a particular consumer or household. Personal information does not include:

‍

• Publicly available information;
• Deidentified or aggregated consumer information; or
• Information excluded from the CCPA's scope, such as:

• health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 and the California Confidentiality of Medical Information Act or clinical trial data; or
• personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver's Privacy Protection Act of 1994.

‍

Information We Collect

‍

The table below sets forth the categories of personal information that we have collected within the last twelve (12) months since this notice was last updated:

Categories of Sources from Which Personal Information is Collected

‍

We obtain the personal information of SemantIQ Customers listed above from the following categories of sources:

‍

• directly from you (as described in Section 3.a of the Privacy Policy, such as, without limitation, when you register for an account); and
• automatically when you interact with our Platform Services (as described in Section 3.b, such as, without limitation, as enabled by cookies, pixels, or other tools).

‍

Business or Commercial Purpose Which Personal Information Will Be Used

‍

SemantIQ does not disclose personal information to any third parties, unless explicitly permitted in our Privacy Policy or with your consent.

‍

As described in more details in Section 4 of our Privacy Policy:

‍

• We use the information collected for our business, including, without limitation, to operate, maintain, enhance, and provide the features of the Platform Services.
• We may also use your email address or other information to contact you for administrative or customer service purposes, and to send other business communications to you.

‍

Disclosing Personal Information

‍

As described in more details in Section 5 of our Privacy Policy, we may disclose the following categories of personal information to the following categories of third parties:

‍

• Analytics Providers - Categories we disclose: Identifiers, Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), Commercial information, Internet or similar network activity.
• Other Service Providers - Categories we disclose: Identifiers, Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), Commercial information, Internet or similar network activity.

‍

When appropriate, we enter into contracts that describe the purpose of the disclosure and require the recipient to keep that personal information confidential.

‍

Sale and Sharing of Personal Information

‍

We may "sell" or "share" the following categories of personal information with the following categories of third parties. As used here, to "sell" means to disclose personal information to third parties for monetary or other valuable consideration, and "share" means to disclose personal information to third parties for cross-context behavioral advertising. These terms do not include, for example, the transfer of personal information as an asset that is part of a merger or other disposition of all or any portion of our business.

‍

Certain cross-context behavioral advertising vendors - categories we sell or share: Identifiers, Internet or similar network activity.

‍

We do not knowingly sell or share personal information associated with individuals under 18 years of age.

‍

Rights under the CCPA

‍

Access to Specific Information; Deletion; Correction; Opt-out

‍

If you are a California resident, you have the right to:

‍

• Request that we disclose to you the following information covering the 12 months preceding your request:

• the categories of personal information that we have collected about you;
• the categories of sources from which the personal information was collected;
• the business or commercial purpose for collecting personal information about you;
• the categories of third parties to whom we disclosed personal information about you, the categories of personal information that was disclosed, and the purpose for disclosing the personal information about you (if we have made any such disclosures); and
• the specific pieces of personal information we collected about you.

• Request that we delete personal information we collected from you, unless the CCPA recognizes an exception.
• Request that we correct inaccurate personal information that we maintain about you.
• Opt out of the "sale" or "sharing" of your personal information.

‍

Exercising Your Rights

‍

To request access to your personal information or request deletion or correction, please submit a verifiable request through one of the following methods:

‍

• Email: privacy@semantiqhealth.com

‍

Only you or a person authorized to act on your behalf may make a consumer request related to your personal information.

‍

You may only request a copy of your data twice within any 12-month period. The request must:

‍

• Provide sufficient information to allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
• Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.

‍

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

‍

Response Timing and Format

‍

Our goal is to respond to a verifiable request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Any disclosures we provide will cover only the 12-month period preceding the request. If applicable, the response we provide will also explain the reasons we cannot comply with the request. We will provide your personal information in a format that is readily usable and should allow you to transmit the information without hindrance.

‍

We will not charge a fee to process or respond to your request unless it is excessive or repetitive. If we determine that the request warrants a fee, we will provide you with the basis for that decision and a cost estimate before completing your request.

‍

Opt-Out Preference Signals

‍

You may also opt out of the "sale" or "sharing" of your personal information by turning on the Global Privacy Control (GPC) in participating browser systems. You will need to turn the GPC on for each browser you use. To learn more about the GPC, visit the Global Privacy Control website.

‍

Non-Discrimination

‍

We will not discriminate against you for exercising any of your rights under the CCPA, including if you are an employee, applicant, or independent contractor of our business. Unless permitted by the CCPA, we will not, because of your exercise of such rights:

‍

• Deny you goods or services;
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
• Provide you a different level or quality of goods or services; or
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

‍

Changes to Our Privacy Notice

‍

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website.

‍

Contact Information

‍

If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please contact us at:

‍

• Email: privacy@semantiqhealth.com
• Mailing address: SemantIQ Inc., 2261 Market Street STE 86944, San Francisco, CA 94114