‌Privacy Policy

Effective Date: September 23, 2024

‌This privacy policy (“Privacy Policy”) describes how and when Allurion Technologies, Inc. and/or its affiliates (“Allurion”, “we”, “us” and/or “our”) collects, uses and shares your personal information when you use the website https://allurionmeds.com and/or communicate with Allurion through another contact channel in connection with AllurionMeds (the “Program”) (collectively, the “Services”). Please note, however, that this Privacy Policy does not cover how we process your personal information collected via the Allurion mobile application (the “App”), which is governed by the App Privacy Policy, available in the App.

‌When you use our Services, you agree to the collection, transfer, retention, organization, consultation, processing, modification, selection, recovery, comparison, use, interconnection, blocking, communication, dissemination, deletion and other uses of your information as described in this Privacy Policy – therefore, we recommend that you read it carefully.

‌Personal Information We Collect

Information you provide to us

We collect a variety of information that you provide directly to us. For example, we collect information from you through:

• Account and product registration and administration of your account;
• Processing your orders and requests for treatment, including orders and requests made by your health care provider in connection with your care;
• Questions, communications or feedback you submit to us via forms, online chats, calls, text messages/SMS, other third-party messaging platforms, or email;
• Requests for customer support and technical assistance, including through online chat functionalities; and
• Uploads or posts to the Services.

The specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you includes:

• Name and contact information, such as your first and last name, email address and phone number.
• Demographic information, such as your date of birth and gender and mailing address.
• Content and files, such as photographs, videos, documents and other files you upload to the Services. This includes email messages and other communications you send us through the Services, social media or otherwise.
• Account access information, such as the username and account number in combination with a password, security or access code or other credential that allows access to an account.
• Marketing data, such as your preferences for receiving marketing communications and details about your engagement with such marketing initiatives.
• Health data, such as your height, weight, body mass index (BMI), medications, pregnancy and breastfeeding status, and certain surgical procedures.
• Payment related data, in order to make purchases through our Services. This information is collected and stored by our third party payment processors. We may collect some limited information, such as your postal code, mobile number, and details of your transaction history in connection with your purchases. In addition, our payment processors generally provide us with some limited information related to you, such as a unique token that enables you to make additional purchases using the information they have stored, including recurring payments, and your card’s type, expiration date, and certain digits of your card number.
• Other data, such as any other information you choose to directly provide to us in connection with your use of the Services.

Third-party sources

We may combine personal information we receive from you with personal information falling within one of the categories identified above that we obtain from other sources, such as:

• Our partners, such as our business customers, including those who may make the Program available to you, and our marketing partners.
• Third party intermediaries, such as health care providers and pharmacies in connection with the use of the Services and your participation in the Program.
• Service providers that provide services on our behalf to help us operate the Services of our business.
• Business transaction partners, in connection with an actual or prospective business transaction. For example, we may receive your personal information from an entity we acquire or are acquired by, a successor or assignee or any party involved in a business transaction, such as a merger, acquisition, sale of assets or similar transaction, and/or in the context of an insolvency, bankruptcy or receivership.
• Public sources, such as public records, social media platforms and other publicly available sources.

Automatic data collection

We, our service providers and our business partners may collect personal information about you automatically when you use our Services. This information does not directly identify you (like your name or contact information), but may include the following information:

• “Device data” such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, device type (e.g., phone or tablet), IP address, geolocation and unique identifiers; and
• “Online activity data”, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before coming to our website, information about your activity on a page or screen, access times, and duration of access.

‍
Like many businesses, we collect this information through cookies and similar online tracking technologies (e.g., web beacons and local storage technologies) to collect such information. Allurion may use this information to understand the manner in which pages of the website have been visited in order to monitor and improve the website. Allurion may also use this information to deliver targeted messages to you. For further details, please read our Cookie Policy. For information concerning your choices with respect to the use of online tracking technologies, see the “Your Choices” section, below.

Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third party purposes, and that is why we provide the variety of opt-out mechanisms, as described in the Cookie Policy and in the “Your Choices” section below. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here. Please note that “Do Not Track” is a distinct privacy mechanism from the browser-based opt out signals referenced below in the “Your Choices” section, which Allurion does honor in accordance with applicable law.

‌Use of Your Personal Information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

• Service delivery and operations. We may use your personal information to:
  • ‌Provide the Services;
  • ‌Enable security features of the Services;
  • ‌Communicate with you about the Services, including by sending Services-related announcements and support and administrative messages;
  • ‌Provide support for the Service and respond to your requests, questions and feedback;
  • ‌Facilitate the provision of health care services to you by health care providers and ensure that such providers have the services and support necessary for their operations (including, for example, to schedule and fulfill appointments and for other treatment, payment or healthcare operations purposes, including pharmacy services);
  • ‌Assist with your registration in the Program and send you Program products; and
    ‌Train our personnel who support the Program and Services and for monitoring purposes.
• ‌Service personalization. We may use your personal information to:
  • ‌Understand your needs and interests;
  • ‌Personalize your experience with the Services and our Services-related communications; and
  • ‌Remember your selections and preferences.
• ‌Service improvement and analytics. We may use your personal information to analyze your usage of the Services, improve the Services, improve the rest of our business, help us understand user activity on the Services, including which pages are most and least visited and how visitors move around the Services, as well as user interactions with our communications, and to develop new products and services.
• ‌Marketing. We, our service providers and our third-party advertising partners may collect and use your personal information to send you communications about our products and services that may be of interest to you, including by email, phone, online chat, text message/SMS, and other third-party messaging platforms. Where required under applicable laws, we will rely on your consent to send you marketing communications. Please refer to our Cookie Policy for more information on how we use technologies for advertising and marketing purposes as well as information about the third-party cookies we use.
• Compliance and protection. We may use your personal information to:
  • ‌Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities, and protect and defend our legal rights;
  • ‌Process requests or inquiries you make in connection with our Services, including the Program;
  • ‌Perform our contractual obligations;
  • ‌Audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • ‌Enforce our agreements, including the Terms of Use that govern the Services;
  • ‌Protect the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems;
  • ‌Prevent and detect security threats, fraud or other criminal or malicious activities; and
  • ‌Where otherwise necessary for our legitimate interests and where consistent with applicable laws.
• ‌Combined information. For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with the information that we receive from other sources, both online and offline, and use and disclose such combined information in accordance with this Privacy Policy.
• ‌Creation of aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We may do so by removing information that makes the data identifiable to you, and we will not attempt to reidentify any such data. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including, without limitation, to analyze and improve the Services and promote our business.
• Scientific Research and Studies. We may also use aggregated, de-identified and/or anonymized data for scientific research and studies relating to the Program and Services, and publish the results of any such research or studies.
• Facilitate corporate acquisitions, mergers or transactions. We may use your personal information, when it is in our legitimate business interests, when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• ‌No sale of personal information. We will not sell, rent or lease your personal information.
• ‌Further uses. In some cases, we may use your personal information for further uses, in which case we will ask for your consent to use your personal information for those further purposes if they are not compatible with the initial purpose for which the information was collected.

Where required by applicable laws, when we process your sensitive data (such as health data), we will ask for your explicit consent. You can withdraw your consent at any time by contacting us at: privacy@allurion.com. If Allurion intends on using any personal information in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the personal information is collected.

‌Our Disclosure of Your Personal Information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy and in other applicable notices:

• Affiliates and subsidiaries. We may share your personal information within any Allurion member or group, including our corporate parent, subsidiaries and affiliates.
• Health care providers and services. We share your personal information with health care providers (including without limitation physicians, dieticians and nutritionists) and pharmacies involved in your care through the Program.
• Service providers. Third parties that provide services on our behalf for any of the purposes listed in this Privacy Policy and in accordance with our instructions, such as IT support, hosting, analytics, customer care management, legal services, marketing campaigns, and auditing.
• Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so.
• Our partners. We may share your personal information with our business partners, such as those who make the Program available to you.
• Prospective sellers or buyers. We may share your information to a prospective seller or buyer of any business, stock, or assets to which we might assign or novate any of our rights and obligations.
• Authorities and others. We may share your personal information to law enforcement, government authorities and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
• Other entities in aggregate form. We may also share your information with third parties in aggregate or non-personally identifiable form.

‌Security Measures

We implement reasonable physical, technical and administrative measures to safeguard the information in our possession against loss, theft and unauthorized use, disclosure, communication or modification of personal information. Please pay attention to the fact that, in any case, no transmission or storage of personal information can be guaranteed as 100% secure. Consequently, while committing ourselves to protect the information in our possession, we cannot guarantee or ensure the total security of any information that you send us, including your health data.

‌Policy for the Processing of Personal Information Relating to Minors

Our Services are not aimed at individuals under 18. If you are aware of the fact that a minor under 18 has given us your personal information, please contact us at privacy@allurion.com. We do not intentionally collect personal information from children under 18. If we are aware of the fact that a minor under 18 has given us his/her personal information, we will take the necessary measures to remove such information.

Direct Marketing and Non-Traceability Signals

‌Allurion does not share your personal information with third parties for direct marketing purposes, provided we may share such information with a third-party that assists with marketing Allurion’s products and services. Some browsers may transmit the “non-traceability” signal to the website with which the user communicates. We do not take initiatives to deal with these signals.

‌Amendments to this Privacy Policy

We may revise this Privacy Policy at any time. The most recent version of the Privacy Policy will govern Allurion’s use of your personal information and will be available on the website: https://allurionmeds.com. We may make changes to this Privacy Policy in our sole discretion. By continuing to access or use our Services after any changes have become effective, you accept the terms of the Privacy Policy as revised.

‌Data Retention

We keep personal information for as long as is reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law, whichever is longer. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

‌Transfer of Your Personal Information

When you use the Services, you provide your personal information directly to us. Your personal information may be stored and processed in any country where we have servers, facilities or service providers, for the purposes set forth in this Privacy Policy. By using the Services, or by providing consent (where required by law), you agree to the transfer of your information to countries outside of your country of residence, where data protection laws may differ from those in your country.

‌Links to Other Websites

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by Allurion or our affiliates (the “Third Party Sites”). The policies and practices described herein do not apply to the Third Party Sites. The links from the Services do not imply that Allurion endorses or has reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.

‌Other Terms and Conditions

‌Your access to and use of the website is subject to the Terms of Use found here: Terms of Use

‌Your Choices

• Update your information: If you become aware that the personal information we maintain about you is inaccurate, incomplete, misleading, irrelevant or out of date, you may contact us using the contact information at the bottom of this Privacy Policy.
• Marketing communications: You may opt out of marketing-related communications (including emails, SMS/text messages and other third party messaging platforms) by clicking the “Unsubscribe” link included in such communication, or by sending an email with the subject line “Unsubscribe” to privacy@allurion.com. You may continue to receive service-related and other non-marketing emails.
• Online tracking technologies. You can opt out of third-party cookies as described in our Cookie Policy.
• Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
• Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.
• Withdraw consent. Where you have been asked to consent to the processing of your personal information, you can withdraw consent by contacting us using our contact details below. Any withdrawal of consent will not affect the lawfulness of the processing based on your consent before the withdrawal. Please also note that where you withdraw consent, we will only stop processing your personal information that relates to the specific subject matter of the withdrawal.

‌Your Rights

Depending on your location and the nature of your interactions with our Services, you may have certain rights related to your personal information, which you may exercise, as applicable, by contacting us.

• Right of access. You may have the right to obtain from us confirmation as to whether or not personal information concerning you is processed, and, to request access to, or a copy of, the personal information.
• Right to rectification. You may have the right to obtain from us the rectification of inaccurate personal information about you.
• Right to erasure. Under certain circumstances, you may have the right to request the erasure of your personal information, and we may be obligated to erase that personal information, as long as it is not required for legal or regulatory purposes.
• Right to restriction of processing. Under certain circumstances, you may have the right to request the restriction of processing your personal information. In that case, your data will be marked and may only be processed by us for certain limited purposes.
• Right to data portability. Under certain circumstances, you may have the right to receive your personal information that you have provided to us, in a structured, commonly used and machine-readable format, and you may have the right to transmit that data to another entity without hindrance from us.
• Right to object. Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal information by us, and we may be required to no longer process your personal information.

‌Contact Us

If you have any questions regarding this Privacy Policy or about your privacy when using our Services, please contact us at privacy@allurion.com.

‍