U.S. STATE PRIVACY LAW SUPPLEMENT 

Version 1.0 (Current) 

Effective Date:  September 3, 2025 

1.0 Introductions

This U.S. State Privacy Law Supplement (“Supplement”) supplements Sightview Software, LLC’s Privacy Policy for Sightview’s products and services such as Sightview’s websites (“Sites”), electronic healthcare records systems including associated systems such as practice management systems (“Systems”), messaging and communication services (collectively, “Communication Services”), self-service user portals, patient portals (collectively, “Portals”), and any and all other Sightview owned properties (all of the foregoing hereinafter referred collectively or singularly to as the “Software[s]” and / or “Service[s]”). Sightview operates the sightview.com website, Sites, Systems, Communication Services, Portals, and any and all other Sightview Software and Services.   

When Sightview uses terms like “Sightview”, “we”, “our”, or “us”, Sightview means Sightview Software, LLC and its affiliates (including, but not limited to, iMedicWare, LLC, My Vision Express, LLC, Medflow EHR, LLC, Management Plus EHR, LLC, MD Office, LLC, Sightview MIPS Services, LLC, Sightview RCM, LLC, Sightview EHR Holdings, LLC, and LensOnDemand). 

This Supplement describes the types of information Sightview may collect about you when you use all of our products and services, including the www.Sightview.com website, Sites, Systems, Communication Services, Portals, and any and all other Sightview Software and Services.   

Sightview respects and is committed to protecting your privacy.  If you are a resident of California, Colorado, Delaware, New Jersey, or Oregon, then the Supplement may apply to you. Please read the Supplement in conjunction with our Privacy Policy.  Capitalized words not defined in this Supplement will have the definition provided to them in the Privacy Policy.

1.1 Scope 

  1. This Supplement is intended to describe our practices and your rights under the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) (Civil Code Section 1798.100, et seq.) (collectively, “California Privacy Law”), as well as the Colorado Privacy Act, the Delaware Personal Data Privacy Act, the New Jersey Data Privacy Act, and the Oregon Consumer Privacy Act (collectively “Applicable U.S. State Privacy Law”). This Supplement provides rights and other terms relating to your Personal Information (defined below) that are in addition to those provided in our Privacy Policy. These additional rights and other terms are only available to eligible state residents about whom we collect Personal Information. This Supplement takes precedence over the Privacy Policy with respect to your Personal Information for eligible residents if there is a conflict between the two.
  2. In this Supplement, when we talk about “Personal Information,” also known as “personal data,” we mean information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
  3. You should be aware that your Personal Information does not include:
    1. Publicly available information from government records;
    2. De-identified or aggregated consumer information; and,
    3. Information excluded from the scope of Applicable U.S. State Privacy Law, including but not limited to:
      1. Protected Health Information under HIPAA (with Protected Health Information being more fully defined in the Privacy Policy. Please submit all requests related to your Protected Health Information directly to your Healthcare Provider.
      2. Information subject to the California Confidentiality of Medical Information Act; and, 
      3. Clinical trial and human subject research data.
  4. For more information on our practices related to your Personal Information more generally, please refer to our Privacy Policy.

1.2 What Personal Information We Collect 

We have collected the following categories of Personal Information from consumers within the last 12 months: 

Category 

Examples 

Identifiers 

This category may include your name, alias, postal address, IP address, email address, account name, unique personal identifier, and other similar identifiers. Under Applicable U.S. State Privacy Law, “unique identifiers” or “unique personal identifier” means a persistent identifier that can be used to recognize a consumer, a family, or a device that is linked to a consumer or family, over time and across different services, including, but not limited to a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym or user alias; telephone numbers or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device. 

Personal Information Categories Listed in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)) 

This category may include your name, address, telephone number, and financial account numbers (such as your banking information and payment card information). Some Personal Information included in this category may overlap with other categories. 

Internet or other similar network activity 

This category may include browsing history, search history, or information on a consumer’s interaction with a website, application, or advertisement. 

Commercial Information 

This category may include credit or debit card number or other financial information, information about products or equipment 

 

1.3 How We Collect Your Personal Information 

  1. We collect each of the categories of your Personal Information listed above in one or more of the following ways:
    1. When you contact us (e.g., from forms you complete on our Sites or Apps or information you provide to us when you visit our offices) or otherwise provide information directly to us.
    2. Automatically when you use the Services, we receive and store Personal Information about you (such as usage data) and information about your electronic devices using technologies that automatically collect such information, including through the use of standard Internet technologies, such as cookies, web beacons, and local stored objects. You may opt out of the use of the use of cookies on our Sites by using the “Cookie Settings” link provided at the bottom of our Sites homepage. You can also typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings. You may also learn more about cookies, how to see what cookies have been set on your device, and how to manage and delete them by visiting https://optout.networkadvertising.org/. If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. Please note that the collection of information through cookies by third parties, such as third-party advertisers and advertising networks, will be governed in accordance with the privacy policies of such third parties. WE DO NOT CONTROL THE USE OF COOKIES OR OTHER AUTOMATED TECHNOLOGIES BY THIRD PARTIES AND ARE NOT RESPONSIBLE FOR ANY ACTIONS OR POLICIES OF SUCH THIRD PARTIES.
    3. From other sources, including the Internet and other publicly-available sources and databases, data aggregators, marketing companies, and other third parties in accordance with applicable law. For example, if you are on a third-party website and request information from us, that website will send us your contact information. WE DO NOT CONTROL THE USE OF THESE TECHNOLOGIES OR THE RESULTING INFORMATION AND ARE NOT RESPONSIBLE FOR ANY ACTIONS OR POLICIES OF SUCH THIRD PARTIES.

1.4 How We Use Your Personal Information 

  1. We may use each of the categories of Personal Information described above for one or more of the following business or commercial purposes:
    1. Provide You with Information and Fulfill Your Requests: We may use your Personal Information to verify your identity or provide you the information, products, and services that you request. For example, we provide information or respond to your questions when you contact us, provide demos of the Services to those who request them, or, if you visit our offices, we collect your Personal Information for purposes of security and visitor management.
    2. Enhance Your Experience: We use your Personal Information to personalize and enhance your experience when you visit our Sites or use our Services, such as tailoring content through targeted advertising and remembering your preferences.
    3. Improve the Services: Your Personal Information helps us improve the content and functionality of the Services.
    4. In the Event of a Business Transaction: If we are exploring or go through a business transition or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may use or sell your Personal Information in connection with exploring or concluding such transaction.
    5. For Legal Purposes: We will use your Personal Information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury, or damage to us or others; when otherwise required by law, regulation, subpoena, court order, warrant, or similar legal process; or if necessary to assert or protect our rights or assets.
    6. As Described when Collected: As described to you when we collect your Personal Information or as otherwise set forth under Applicable U.S. State Privacy Law.

1.5 How We Disclose, Share, or Sell Your Personal Information 

  1. We may disclose your Personal Information to third parties for a business or commercial purpose. In the past 12 months, we have disclosed the Personal Information categories identified in “What Personal Information We Collect” section to the following categories of third parties for a business or commercial purpose:
    1. Internally: We may disclose your Personal Information to our affiliates, business partners, employees, and other parties who require such information to assist us with establishing, maintaining, and managing our business relationship with you.
    2. With Our Service Providers or Contractors: We may disclose your Personal Information to our service providers or contractors (including third-party hosting providers) that provide services on our behalf, such as for email marketing, data analytics, promotions, newsletters, notices, and other communications, or that assist us in monitoring, improving, and hosting the Services.
    3. Advertisers and Advertising Networks: Our website may include social media plug-ins (such as the Facebook like button), widgets (such as the “Share” button), cookies or other tools made available by third parties, such as social media companies, that may result in information being collected or shared between us and the third parties for various purposes, including to select and serve personalized advertisements to you and others. These third parties may set and access their own cookies, web beacons, and embedded scripts on your device, and they may otherwise collect or have access to information about you, including unique personal identifiers such as an IP address, and they may share that information with us. Your interactions with these third parties are governed by the third parties’ privacy policies.
    4. In the Event of a Business Transaction: If we are exploring or go through a business transition or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may disclose your Personal Information to a party or parties in connection with exploring or concluding such transaction.
    5. For Legal Purposes: We will disclose your Personal Information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others; when otherwise required by law, regulation, subpoena, court order, warrant or similar legal process; or if necessary to assert or protect our rights or assets.
    6. With Your Consent or Authorization: To anyone for whom you have authorized disclosure of information in this Supplement.
    7. Other: We may disclose your Personal Information for any other purpose disclosed by us when you provide the information.
  2. We do not sell your Personal Information for profit. However, we do engage in certain information disclosure activities that may be considered “sales” or “sharing” (which includes targeted advertising) under Applicable U.S. State Privacy Law. In the last 12 months, we have sold or shared the following Personal Information:

    • Category 

      Business or Commercial Purpose 

      Categories of Third Parties to Whom Personal Information was Disclosed That May be Considered a “Sale/Sharing” or Targeted Advertising Under Applicable U.S. State Privacy Law 

      Identifiers 
      • To provide you with personal advertising and content 
      • Advertisers and advertising networks (as described above) 

      Internet or other similar network activity 
      • To provide you with personal advertising and content 
      • Advertisers and advertising networks (as described above) 
  3.  We do not knowingly sell or share the Personal Information of consumers under 16 years of age.

2.0 YOUR RIGHTS AND CHOICES UNDER APPLICABLE U.S. STATE PRIVACY LAW 

2.1 California Residents 

Below please find a description of key rights California consumers have under California Privacy Law and an explanation of how to exercise those rights with us. As a reminder, Personal Information does not include Protected Health Information. 

  1. Right to Know. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information. Once we receive and verify your request, we will disclose to you:
    1. The categories of Personal Information we collected about you.
    2. The categories of sources for the Personal Information we collected about you.
    3. Our business or commercial purpose for collecting, selling, or sharing that Personal Information.
    4. The categories of third parties with whom we disclose that Personal Information.
    5. The specific pieces of Personal Information we collected about you (also called a data portability request).
  2. Right to Delete
    1. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and, where required, direct our service providers, contractors, and third parties to whom we have sold or shared your Personal Information to delete) your Personal Information from our records, unless an exception under California Privacy Law applies.
    2. We may deny your deletion request for reasons permitted by California Privacy Law. For example, the information may be excluded or not constitute Personal Information under California Privacy Law, such as Protected Health Information held on behalf of a Provider who uses our Systems or Services. Please submit all requests related to your Protected Health Information directly to your Healthcare Provider. We may also deny your deletion request if the Personal Information is required to complete the transaction for which the information was collected or to provide you with requested goods or services.
    3. Special Note on Restriction Requests on Types of Health Information in Health Summary Document by Patient or Authorized Patient Representative:  Your physician reserves the right to decide whether to honor or decline a restriction request.  Requests for restrictions that do not comply with HIPAA regulations will not be processed.  Additionally, certain data elements are necessary to meet the technical and regulatory requirements of the health care summary.  Restriction requests that include these necessary data elements may be declined in the interest of standard compliance and/or safe data exchange.
  3. Right to Correct Inaccurate Personal Information. You have the right to request that we correct any of your Personal Information that we maintain about you.
  4. Right to Opt Out of the Sale or Sharing of Personal Information. If Sightview sells or shares Personal Information about you to third parties as those terms are defined under California Privacy Law, you may have the right to opt out and request that Sightview not sell or share your such information. To exercise the right to opt out, you (or your authorized agent) may submit a request to us by contacting us utilizing the contact information in Section 4 below.
    1.  Reauthorization. Once you make a verified opt-out request, we will wait at least 12 months before asking you to reauthorize Personal Information sales or sharing. However, if at a later time, you wish to allow us to sell or share your Personal Information to third parties, you must opt in to such sales or sharing and may do so by contacting us at the contact information in Section 4 below.  If a transaction requires the sale or sharing transmission of your Personal Information in order to complete the transaction, we will notify you and provide instructions on how you can opt in.
  5. Right to Non-Discrimination. We will not discriminate against you for choosing to exercise any of your rights. If you exercise certain rights, understand that you may be unable to use or access certain features of the Services. Unless permitted by applicable law, we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  6. Exercising Your California Privacy Law Privacy Rights
    1. You do not need to create an account with us to exercise your California Privacy Law privacy rights. To exercise the rights described above, please submit a request to us by contacting us at the contact information in Section 4 below.
    2. To exercise your right to know, delete, or correct your Personal Information as described above, we need to verify your identity or authority to make the request and confirm the Personal Information relates to you. We may deny your request if we are unable to verify your identity. These requests may be made only by you, your parent, guardian (if you are under 18 years or age), conservator, a person to whom you have given power of attorney pursuant to California Probate Code sections 4000 to 4465, or an authorized agent. As permitted under California Privacy Law, we may request that an individual submitting a request on behalf of a consumer submit proof that they are an authorized agent of the subject consumer, as well as verify the consumer’s identity. To initiate a request as an authorized agent, please indicate you are an authorized agent by contacting us at the contact information in Section 4 below.  To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit adequate proof that you authorized them to act for you.
    3. You may only make a Right to Know request twice within a 12-month period.
  7. Response Timing and Format. Once we have verified a request from a California consumer, where required, we will confirm receipt of the request within 10 days and explain how we will process the request. We will then respond to the request within 45 days. We may require an additional 45 days (for a total of 90 days) to process your request, but in those situations, we will provide you a response and explanation for the reason it will take more than 45 days to respond to the request. Our responses will include required information under California Privacy Law.
  8. Shine the Light. California Civil Code Section 1798.83 gives you the right, if a California resident, to request the names and addresses of third parties who have received Personal Information and the categories of Personal Information revealed regarding our disclosure of your Personal Information to third parties for those third parties’ direct marketing purposes. We may share your Personal Information with affiliated third parties, some of which do not share the name of Modernizing Medicine, for their own direct marketing purposes (the use of Personal Information to solicit or induce a purchase, rental, lease, or exchange of products, goods, property, or services directly to individuals by means of the mail, telephone, or electronic mail for their personal, family, or household purposes). You may request information regarding the disclosure of your Personal Information to third parties for those third parties’ direct marketing purposes through the methods described in Section 4 below.

2.2 Additional Information for Residents of Other States 

For eligible residents of Colorado, Delaware, New Jersey, or Oregon, you also have rights with respect to the Personal Information, also known as personal data, that we collect about you. As a reminder, Personal Information does not include Protected Health Information. This Section 2.2 applies solely to eligible residents of Colorado, Delaware, New Jersey, or Oregon. Any terms not defined in this section have the same meaning as defined under applicable Colorado, Delaware, New Jersey, or Oregon privacy law, including the Colorado Privacy Act, the Delaware Personal Data Privacy Act, the New Jersey Data Privacy Act, or the Oregon Consumer Privacy Act. Subject to certain exceptions, if you are an eligible resident of one of these states, you have certain privacy rights which may include, depending on your state of residency: 

  1. Right to Know Access. You have the right to confirm whether we process your Personal Information and access such Personal Information. You also have the right to obtain your Personal Information in a portable, and to the extent reasonably feasible, readily usable format that you can transmit without hinderance. In addition, eligible Oregon residents have the right to confirm the categories of Personal Information we process or have processed, as well as a list of specific third parties to which we have disclosed any Personal Information.
  2. Right to Delete. You have the right to request that Sightview delete the Personal Information you have provided to us or that Sightview has otherwise obtained about you.
    1. Special Note on Restriction Requests on Types of Health Information in Health Summary Document by Patient or Authorized Patient Representative:  Your physician reserves the right to decide whether to honor or decline a restriction request.  Requests for restrictions that do not comply with HIPAA regulations will not be processed.  Additionally, certain data elements are necessary to meet the technical and regulatory requirements of the health care summary.  Restriction requests that include these necessary data elements may be declined in the interest of standard compliance and/or safe data exchange
  3. Right to Correct. You have the right to request that Sightview correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information.
  4. Right to Opt Out. If applicable, you have the right to opt out of the processing of your Personal Information for the purposes of (i) targeted advertising, (ii) the sale of your Personal Information and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.
  5. Right to Appeal. You have the right to appeal Sightview’s decision with regard to your request to exercise any rights described herein.
  6. Exercising Your Privacy Rights. You do not need to create an account with us to exercise your privacy rights. To exercise the rights described above, please submit a request to us by contacting us utilizing the contact information in Section 4 below.

2.3 Data Retention 

We may retain all categories of your Personal Information described above for as long as needed to carry out the purposes described herein or as otherwise required by applicable law. Unless we are required or permitted by law to keep your Personal Information for a longer period of time, when your Personal Information is no longer necessary to carry out the purposes for which we process it, we will delete your Personal Information or keep it in a form that does not permit identifying you. When determining the retention period, we take into account various criteria, such as the nature of the use of our Services, your general relationship with us, the impact on our ability to provide you Services if we delete your Personal Information, mandatory retention periods provided by law and the statute of limitations, and our use of your Personal Information for aggregated market research. 

3.0 CHANGES TO OUR PRIVACY NOTICE OR THIS SUPPLEMENT

We may change this Supplement at any time. Unless we say otherwise, changes will be effective upon the last updated date at the top of this Supplement. Please check this Supplement regularly to ensure that you are aware of any changes. We may try to notify you of material changes to this Supplement, which if we do so may be by means such as by posting a notice directly on the Services, by sending an email notification (if you have provided your email address to us), or by other reasonable methods. In any event, your use of the site after changes to this Supplement means you have accepted the changes. If you do not agree with the changes, immediately stop using the Services. 

4.0 CONTACT US

If you have any questions or comments about this Supplement and / or Sightview’s Privacy Policy, please contact by either: 

Calling:  (919) 205-5907 

Emailing:  SightviewMatters@Sightview.com  

Writing: 555 South Mangum Street, STE 100, Durham, NC  27701