Privacy Policy

Introduction

Spotbrands Group, Inc. ("Cottonball," "we," "us," or "our") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. Cottonball provides telemedicine skincare services through its platform (the “Service”), connecting you with independent, board-certified dermatologists and other licensed healthcare professionals (“Providers”) affiliated with independent medical groups (“Medical Groups”), as well as pharmacies (“Pharmacies”) and other third-party service providers.

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit or use our website, mobile applications, or other platforms (collectively, the “Platform”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. It also outlines how we comply with applicable privacy and security laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Telephone Consumer Protection Act (TCPA).

By using the Service or providing information to us, you consent to our collection and use of your information as described in this Privacy Policy and in our Terms and Conditions.

Information We Collect

Personal Information

We may collect personal information that can identify you, such as your name, address, phone number, email address, date of birth, and payment information.

Protected Health Information (PHI)

When you use our telemedicine services, we may collect Protected Health Information (“PHI”) as defined by HIPAA. PHI may include information about your health condition, treatment plans, prescriptions, medical history, and communications with your Provider.

Non-Identifiable and Aggregate Data

We may automatically collect certain information about your device and usage of the Service, such as IP address, browser type, device identifiers, and browsing activity. This information helps us improve and personalize your experience and may be aggregated or de-identified for analytics, research, and development purposes.

How We Use Your Information

We use the information we collect for various purposes, including:

• Healthcare Services: To facilitate telemedicine consultations, coordinate care with Providers, Medical Groups, and Pharmacies, and manage your treatment, including processing prescriptions and follow-up care.
• Communication: To communicate with you about appointments, treatment options, prescription refills, account updates, and Service-related information via email, SMS/text messages, phone calls, or other communications methods in accordance with applicable law (including the TCPA).
• Payment and Administration: To process payments for services and products, manage subscriptions, and handle billing inquiries.
• Compliance and Safety: To comply with applicable laws and regulations, respond to lawful requests and legal processes, enforce our Terms and Conditions, detect and prevent fraud or abuse, and protect the rights, property, or safety of Cottonball, our users, Providers, Medical Groups, Pharmacies, and others.
• Analytics and Improvements: To monitor and analyze usage, trends, and activities in connection with the Service; to improve and personalize your experience; and to develop new products, services, and features.

HIPAA Compliance and PHI Handling

Certain health information we collect may be considered PHI under HIPAA. Where applicable, we maintain appropriate safeguards to ensure the privacy and security of your PHI, and we will only use or disclose it as permitted by law, such as for treatment, payment, healthcare operations, or as authorized by you.

For questions about your PHI or to request access to your health information, please contact our Privacy Officer at:
Spotbrands Group, Inc.
1266 E Main St, Suite 700R
Stamford, CT, 06902
US
Email: support@cottonball.com
Phone: 203.247.3302

We require that any third party who assists us in providing the Service and has access to PHI (such as Providers, Medical Groups, and Pharmacies) agrees to maintain the privacy and security of PHI in accordance with HIPAA and other applicable laws.

TCPA Compliance and Consent to Contact

By providing your phone number, you consent to receive calls and text messages (including SMS/MMS messages) from or on behalf of Cottonball, Providers, or Pharmacies. These communications may be made using an automatic telephone dialing system or pre-recorded voice messages for purposes such as appointment reminders, treatment follow-ups, prescription notifications, and related healthcare messages.

You may opt out of receiving certain communications at any time by following the unsubscribe instructions provided in the message or by contacting us at support@spotbrands.com. Please note that opting out of certain communications may limit your ability to fully utilize the Service.

Disclosure of Your Information

We may share your information, including PHI where applicable, in the following ways:

• With Providers, Medical Groups, and Pharmacies: To facilitate telemedicine consultations, fulfill prescriptions, and manage your treatment.
• With Authorized Parties: Pursuant to your written authorization or as required by law, we may share certain information with individuals, entities, or institutions you have authorized.
• Service Providers: With third-party vendors who perform functions on our behalf, such as payment processing, IT services, analytics, and customer support, provided they agree to protect your information.
• Legal Compliance: To comply with any court order, law, or legal process, including responding to a government or regulatory request.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, we may transfer your information to the successor entity.

Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, use, alteration, and disclosure. These measures may include encryption, access controls, audits, and staff training.

However, no data security measures can guarantee absolute security. While we strive to protect your information, we cannot ensure or warrant its complete security, and any transmission of information is at your own risk.

Your Rights and Choices

If you are a patient receiving healthcare services through the Platform, you may have certain rights regarding your PHI under HIPAA and applicable state laws, including the right to:

• Access and obtain a copy of your PHI
• Request corrections to your PHI
• Receive an accounting of certain disclosures
• Request restrictions on certain uses or disclosures
• Request confidential communications
• Receive breach notifications

To exercise your rights, please contact us at support@cottonball.com. Some requests may be limited by law or subject to verification of your identity.

Children's Privacy

Our Service is not intended for use by individuals under the age of thirteen (13). If you are a parent or guardian who believes your child has provided personal information through our Service without your consent, please contact us and we will work to delete such information.

International Users

Our Service is intended for users located in the United States. If you are accessing our Service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the U.S. where our servers and facilities are located.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. The updated version will be posted on the Platform with a “Last Updated” date. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

Contact Information

If you have questions or concerns about this Privacy Policy or our privacy practices, or wish to exercise your rights, please contact our Privacy Officer at: