Privacy Policy

---

Last Revised: March 31, 2026

1. Introduction

Carolina Medical Electronics, Inc. ("CME," "we," "us," or "our") provides software and related services for clinical research studies, including firmware for data-collection devices, mobile applications that communicate with those devices and present study questionnaires, and a cloud-based platform used to archive and analyze study data. This Privacy Policy also applies to our public-facing website, which provides general information about our services.

Our software and services are designed to process anonymized study data. We do not design our systems to collect, store, or provide us access to study participants' direct personal identifiers, and we do not have access to Protected Health Information ("PHI") or Personally Identifiable Information ("PII") of study participants within the study data handled by our products. Study data processed through our systems is associated with an anonymous participant ID, code, or token rather than a participant's name, email address, medical record number, or similar direct identifier.

This Privacy Policy describes how we handle information relating to:

1. Visitors to our public      website.
2. Users of our mobile      applications and cloud-based clinical research platform.
3. Anonymized study data      processed through our products.

2. Website Visitors

Information We Collect

When you visit our website, we and our hosting provider may automatically collect limited technical information, such as:

• IP address
• Browser type
• Device type
• Operating system
• Date and time of access
• Referring website or      source
• Pages requested or      viewed
• Basic diagnostic and      security log information

We may also receive aggregate website traffic statistics from our hosting provider, such as page views, traffic volume, and referring sites. These reports are used in summary form and are not intended to identify individual visitors.

We do not ask website visitors to create accounts, and we do not knowingly collect personal information through forms, registrations, or user logins on our website.

How We Use Website Information

We use this limited website information only to:

• Maintain website      functionality
• Monitor site health,      uptime, and performance
• Detect and prevent      malicious activity or unauthorized access
• Review aggregate traffic      trends and improve site operations

We do not use website visitor information for behavioral advertising, profiling, or marketing data enrichment.

Cookies and Similar Technologies

Our website may use only those cookies or similar technologies that are necessary for basic website operation, security, and hosting-related performance. We do not use cookies for targeted advertising.

If our hosting provider uses session cookies or similar technical tools, they are used only to support site delivery, security, or performance. Most web browsers allow you to manage cookie preferences through browser settings. Disabling certain technical cookies may affect site functionality.

3. Software Product Users: Mobile Applications and Cloud Services

Mobile Application Functionality and Data Collection

Our mobile applications are used in connection with clinical research studies. Depending on the study configuration, the mobile application may:

• Connect to a clinical      device to retrieve device usage or study-related data
• Present questionnaires      or prompts to study participants
• Transmit collected data      securely to our cloud-based platform

The information handled by the mobile application is associated with an anonymous participant ID or token and is not tied within our systems to a participant's name, email address, home address, phone number, medical record number, or other direct personal identifier.

Cloud Service Processing and Archiving

Data transmitted from the mobile application to our cloud service may include:

• Device-generated usage      or study data
• Questionnaire responses
• Technical transmission      metadata necessary to support secure system operation

This information is processed and stored solely for purposes related to the applicable clinical study, including archiving, study administration support, and clinical analysis by authorized study personnel. Data stored in our cloud environment remains in an anonymized state as processed within our systems.

Mobile App Permissions

Depending on device type and operating system requirements, our mobile applications may request access to the following device capabilities:

• Bluetooth: to connect with      compatible clinical devices and retrieve study-related data
• Location/GPS services: where required by      the operating system to enable Bluetooth connectivity or related device      communication features
• Network/Internet access: to transmit data      securely between the mobile application and our cloud service

We request only those permissions reasonably necessary for the app's intended operation in connection with a clinical research study.

4. How We Protect Data

We use reasonable administrative, technical, and physical safeguards designed to protect information within our systems.

Data in Transit

Data transmitted between the mobile application, connected systems, and our cloud environment is encrypted using modern transport security measures.

Data at Rest

Data stored in our cloud systems is protected using encryption at rest and secured through access restrictions, authentication controls, and other standard security practices appropriate to the sensitivity of the data and the nature of our services.

Physical and Digital Safeguards

We use secure hosting and cloud environments and maintain safeguards intended to help prevent unauthorized access, alteration, disclosure, or destruction of data. Access to study-related data is limited to authorized personnel and service providers with a legitimate business or operational need.

While no method of transmission or storage can be guaranteed to be completely secure, we take commercially reasonable steps designed to protect the information entrusted to our systems.

5. Third-Party Sharing

Clinical Sponsors and Researchers

Anonymized study data processed through our systems is made available only to authorized persons involved in the specific clinical study, such as study sponsors, researchers, or study administrators, in accordance with their role and permissions.

Service Providers

We may use third-party service providers, such as hosting, cloud infrastructure, security, and technical support vendors, to help operate our website, mobile applications, and cloud services. Where such providers have access to information, they are authorized to use it only as necessary to provide services to us and subject to appropriate confidentiality and security obligations.

No Sale of Data

We do not sell, rent, or trade website visitor information or study-related data to third parties for marketing, advertising, or commercial data brokerage purposes.

6. Data Retention

We retain website logs and technical website information for as long as reasonably necessary to maintain security, integrity, and performance, and as otherwise required for legitimate business or legal purposes.

We retain anonymized study data within our product environment in accordance with applicable study requirements, contractual obligations, operational needs, and legal or regulatory retention requirements.

7. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and revise the "Last Revised" date at the top of the policy. Your continued use of our website or products after an updated policy becomes effective indicates acceptance of the revised policy to the extent permitted by law.

8. Contact Information

If you have questions about this Privacy Policy or our data handling practices, please contact us at:

Carolina Medical Electronics, Inc.
536 W Main St.
East Bend, NC 27018
Email: admin@cmenc.com