Compliance isn't a feature. It's the foundation.

Privacy Policy

Effective Date: February 2026

Information We Collect

Rowan Care collects information necessary to provide and improve our platform services. This includes:

• Account information: name, email address, phone number (if provided), company name, and role provided during registration or early access request
• Platform usage data: interactions with the dashboard, analytics preferences, and configuration settings
• Protected health information (PHI): handled in accordance with HIPAA regulations and the terms of your Business Associate Agreement
• Marketing preferences: consent status for email and SMS communications, including timestamps and method of consent
• Payment information: processed by PCI-DSS compliant third-party payment processors; we do not store full payment card details

How We Use Your Information

We use collected information to provide platform services, maintain and improve the platform, communicate about your account, and comply with legal obligations. We do not sell personal information. We do not use PHI for marketing or advertising purposes.

Data Security

We implement administrative, physical, and technical safeguards to protect your information. Patient data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access is controlled through role-based permissions with complete audit logging.

Third-Party Sharing

We share information only as necessary to provide platform services: with licensed providers for clinical consultations, with licensed pharmacies for prescription fulfillment, and with infrastructure partners under signed Business Associate Agreements. Marketing communications may be facilitated through third-party service providers (such as email delivery and SMS platforms) who process data solely on our behalf and under contractual obligations to protect your information. We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

Marketing Communications

Rowan Care may offer optional marketing communications via email and SMS. Both programs are entirely opt-in and are not a condition of using our services or receiving early access.

Email Marketing. If you opt in, we may send product updates, announcements, and marketing emails. Each marketing email will clearly identify Rowan Care as the sender. You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at legal@rowan.care. Unsubscribing is free and requires no information beyond your email address. We will process your unsubscribe request within 10 business days.

SMS/Text Messaging. If you provide express written consent, we may send SMS messages including marketing and sales communications using an autodialer or automated technology to the phone number you provide. Message frequency varies. Message and data rates may apply. You may opt out at any time by replying STOP to any message. Reply HELP for assistance. SMS consent is not a condition of purchasing any goods or services or receiving early access. Your phone number will not be shared with third parties or affiliates for marketing purposes.

Marketing communications do not involve protected health information (PHI). Your email address and phone number collected for marketing purposes are processed and stored in systems that are logically and technically separate from clinical data infrastructure. We maintain records of your consent preferences, including the date, method, and specific terms you agreed to, as required by applicable law.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy or as required by law. Specific retention periods include:

• Account and contact information: retained for the duration of your relationship with Rowan Care, plus 3 years following account closure or last interaction
• Marketing consent records: retained for a minimum of 6 years after the last communication sent under that consent, as required for regulatory compliance and legal defense
• Form submission logs: retained for up to 2 years, then archived or purged
• PHI retention: governed by HIPAA requirements and the terms of your Business Associate Agreement

You may request deletion of your personal information at any time, subject to our legal retention obligations.

Your Rights

You may request access to, correction of, or deletion of your personal information by contacting us at legal@rowan.care. We will respond to verifiable requests within 45 days. For requests related to protected health information, please refer to our HIPAA Notice below.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know what personal information we collect, use, disclose, and sell or share
• Right to delete your personal information, subject to certain exceptions
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information
• Right to limit the use and disclosure of sensitive personal information
• Right to non-discrimination for exercising your privacy rights

We do not sell or share (as defined by the CCPA/CPRA) your personal information for cross-context behavioral advertising or any other purpose. To submit a privacy request, contact us at legal@rowan.care. You may also designate an authorized agent to make a request on your behalf.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a person under 18, we will take steps to delete that information promptly.

Contact

For privacy-related questions: legal@rowan.care

HIPAA Notice of Privacy Practices

Effective Date: February 2026

About This Notice

This notice describes how medical information about patients may be used and disclosed through the Rowan Care platform, and how patients can get access to this information. This notice applies to all protected health information (PHI) maintained by Rowan Care on behalf of brands operating on the platform.

Uses and Disclosures of PHI

PHI may be used or disclosed for the following purposes without additional authorization:

• Treatment: Sharing information with licensed providers for clinical evaluations, prescribing decisions, and follow-up care
• Payment: Processing payments for services rendered through the platform
• Healthcare operations: Quality assessment, compliance monitoring, and platform improvement activities

Patient Rights

Patients have the right to: request restrictions on certain uses and disclosures; receive confidential communications; inspect and copy their PHI; request amendments to their records; receive an accounting of disclosures; and obtain a copy of this notice. Brands operating on the platform are responsible for communicating these rights to their patients and facilitating requests.

Our Responsibilities

We are required to: maintain the privacy of PHI; provide notice of our legal duties and privacy practices; notify affected individuals and the Department of Health and Human Services in the event of a breach of unsecured PHI; and abide by the terms of our Business Associate Agreements.

Safeguards

We implement all safeguards required by the HIPAA Security Rule, including access controls, audit controls, integrity controls, transmission security, and administrative procedures. Our infrastructure undergoes regular third-party security assessments.

Contact

For HIPAA-related inquiries: legal@rowan.care

Terms of Service

Effective Date: February 2026

Eligibility

You must be at least 18 years of age (or the age of majority in your jurisdiction) to use our services, submit forms on this website, or consent to marketing communications. By using our services, you represent and warrant that you meet these age requirements and have the legal capacity to enter into this agreement.

Platform Description

Rowan Care provides a technology platform that enables brands to operate telehealth storefronts. The platform connects brands with licensed provider networks, licensed pharmacy fulfillment partners, and compliance infrastructure. The platform may also include optional marketing communication programs, including email newsletters and SMS/text messaging, as described in our Privacy Policy. Rowan Care is not a healthcare provider, does not practice medicine, and does not operate a pharmacy.

Brand Responsibilities

Brands operating on the platform are responsible for: maintaining appropriate business entity structures; obtaining necessary business licenses and insurance; complying with all applicable marketing and advertising regulations; and working with qualified legal counsel to ensure their business operations comply with applicable laws.

Clinical Services Disclaimer

All clinical services, including patient evaluations, prescribing decisions, and clinical consultations, are provided by independently licensed healthcare providers. The platform facilitates the connection between patients and providers but does not direct, supervise, or influence clinical decision-making. Prescribing decisions are made solely by licensed providers based on independent clinical judgment.

Pharmacy Fulfillment

Prescriptions are fulfilled by independently licensed pharmacies in the platform's network. These pharmacies are regulated entities operating under their own state board licenses. Rowan Care facilitates the fulfillment workflow but does not dispense medications.

Intellectual Property

All content, features, functionality, trademarks, trade names, logos, and intellectual property displayed on or through the platform are the exclusive property of Rowan Care or its licensors and are protected by United States and international copyright, trademark, and other intellectual property laws. You may not copy, reproduce, distribute, modify, create derivative works of, publicly display, or otherwise exploit any platform content without prior written consent from Rowan Care.

Communications and Marketing

Rowan Care may offer optional email and SMS/text marketing communication programs. By providing your contact information and opting in through the designated consent mechanisms on our website, you may elect to receive marketing communications. Key terms of these programs:

• Both email and SMS marketing programs are entirely opt-in. Consent is not a condition of purchasing any goods or services or receiving early access to the platform
• SMS messages may be sent using an autodialer or automated technology to the phone number you provide. Message frequency varies. Message and data rates may apply
• You may opt out of SMS messages at any time by replying STOP. Reply HELP for assistance
• You may opt out of email marketing at any time by clicking the unsubscribe link in any marketing email. Unsubscribe requests are processed within 10 business days
• Marketing communications do not contain or involve protected health information (PHI)

By providing your phone number or email address, you represent that you are the account holder for that number or address and are authorized to provide consent. You agree to promptly notify Rowan Care if you change or relinquish your phone number. Full details of our marketing practices, including data handling and your rights, are described in our Privacy Policy.

Disclaimer of Warranties

The platform and all services, content, and marketing communications are provided on an "AS IS" and "AS AVAILABLE" basis without warranties of any kind, whether express, implied, or statutory. To the maximum extent permitted by law, Rowan Care disclaims all warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement. Rowan Care does not warrant that the platform will be uninterrupted, error-free, secure, or free of viruses or other harmful components.

Limitation of Liability

To the maximum extent permitted by law, Rowan Care's aggregate liability for all claims arising out of or related to these Terms or your use of our services (including marketing communications) shall not exceed the greater of (a) the total fees paid by you or your brand to Rowan Care during the twelve months preceding the event giving rise to the claim, or (b) one hundred dollars ($100). Rowan Care is not liable for clinical outcomes, prescribing decisions, or pharmacy errors, as these are the responsibility of the independently licensed providers and pharmacies on the network.

In no event shall Rowan Care, its officers, directors, employees, agents, or affiliates be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to loss of profits, data, revenue, goodwill, or business opportunity, regardless of the cause of action or theory of liability (including contract, tort, negligence, strict liability, or otherwise), even if Rowan Care has been advised of the possibility of such damages. This limitation applies to all claims in the aggregate, including without limitation claims related to marketing communications.

Indemnification

You agree to indemnify, defend, and hold harmless Rowan Care and its parent companies, subsidiaries, affiliates, officers, directors, employees, agents, licensors, and service providers from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, and expenses (including reasonable attorneys' fees and litigation costs) arising out of or in any way connected with: (a) your use of or access to the platform; (b) your violation of these Terms; (c) your violation of any applicable law, regulation, or third-party right; (d) any content or information you provide through the platform; or (e) any misrepresentation made by you. This indemnification obligation will survive termination of these Terms and your use of the platform.

Dispute Resolution and Arbitration

Please read this section carefully. It affects your legal rights, including your right to file a lawsuit in court.

You and Rowan Care agree that any dispute, claim, or controversy arising out of or relating to these Terms, the platform, or any communications received from Rowan Care (including email and SMS marketing) shall be resolved through binding individual arbitration rather than in court, except that either party may bring individual claims in small claims court if they qualify. Notwithstanding the foregoing, Rowan Care may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or confidential information without the requirement of posting a bond.

Class Action Waiver. You and Rowan Care agree that disputes will be resolved on an individual basis only. Neither party may bring claims as a plaintiff or class member in any class, consolidated, or representative action or proceeding. The arbitrator may not consolidate more than one person's claims and may not preside over any form of class, consolidated, or representative proceeding. You agree that this class action waiver is an essential part of this arbitration agreement and that if it is found to be unenforceable, the entire arbitration agreement shall be void as to the applicable claim.

Jury Trial Waiver. To the fullest extent permitted by law, you and Rowan Care each waive the right to a jury trial for any and all disputes subject to these Terms, whether in arbitration or in any court proceeding.

Arbitration Rules and Venue. Arbitration shall be administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules. The arbitration will be conducted by a single arbitrator selected in accordance with AAA rules. The seat of arbitration shall be in the State of Texas. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction. The arbitrator shall have no authority to award damages in excess of the limitations set forth in the Limitation of Liability section and shall not have the power to award punitive or exemplary damages except as expressly permitted by statute.

Confidentiality. All aspects of the arbitration proceeding, including the award, shall be kept confidential by both parties, except as may be required by law or to enforce the arbitration award.

Informal Resolution. Before initiating arbitration, you agree to first contact us at legal@rowan.care and attempt to resolve the dispute informally for at least 30 days. During this period, the statute of limitations and any filing fee deadlines shall be tolled.

Statute of Limitations. You agree that any claim or cause of action arising out of or related to your use of the platform or these Terms must be filed within one (1) year after the claim or cause of action arose, or be permanently barred. This limitation applies to all claims, regardless of whether based on contract, tort, statute, or any other legal theory.

Opt-Out. You may opt out of this arbitration agreement by sending written notice to legal@rowan.care within 30 days of first accepting these Terms. Your notice must include your name, mailing address, and a clear statement that you wish to opt out of this arbitration provision. If you opt out, all other provisions of these Terms remain in full force and effect.

Severability. If any part of this arbitration section is found to be unenforceable, the remainder shall continue to apply. If the class action waiver is found to be unenforceable with respect to a particular claim, then this entire arbitration section shall be null and void with respect to that claim only, and such claim shall proceed in a court of competent jurisdiction located in the State of Texas.

Governing Law and Venue

These Terms and any disputes arising from them shall be governed by and construed in accordance with the laws of the State of Texas, without regard to conflict of law principles. The Federal Arbitration Act governs the interpretation and enforcement of the arbitration provisions in these Terms. For any claims not subject to arbitration, you consent to the exclusive jurisdiction and venue of the state and federal courts located in the State of Texas, and you waive any objection to such jurisdiction or venue on the grounds of inconvenient forum or otherwise.

Modifications to These Terms

Rowan Care reserves the right to modify these Terms at any time in its sole discretion. We will notify you of material changes by posting the updated Terms on this page with a revised effective date. For material changes to the arbitration or dispute resolution provisions, we will provide at least 30 days' notice and a new opportunity to opt out. Your continued use of the platform or services after the effective date of any changes constitutes your binding acceptance of the updated Terms. If you do not agree to the updated Terms, you must stop using the platform immediately.

Termination

Rowan Care may suspend or terminate your access to the platform at any time, with or without cause, and with or without notice, at its sole discretion. You may terminate your relationship with Rowan Care at any time by ceasing use of the platform and contacting us to close your account. Upon termination for any reason: (a) all rights and licenses granted to you under these Terms immediately cease; (b) you will be removed from all marketing communication programs; (c) you remain liable for any obligations incurred prior to termination. The following sections survive termination: Intellectual Property, Disclaimer of Warranties, Limitation of Liability, Indemnification, Dispute Resolution and Arbitration, Governing Law and Venue, and this Termination section.

General Provisions

Entire Agreement. These Terms, together with the Privacy Policy and any BAA executed between the parties, constitute the entire agreement between you and Rowan Care and supersede all prior agreements, understandings, and communications regarding the subject matter hereof.

Waiver. The failure of Rowan Care to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by Rowan Care.

Assignment. You may not assign or transfer these Terms or any rights hereunder without the prior written consent of Rowan Care. Rowan Care may assign these Terms freely, including in connection with a merger, acquisition, reorganization, or sale of assets, without your consent or notice.

Severability. If any provision of these Terms is found to be invalid or unenforceable, that provision shall be enforced to the maximum extent permissible, and the remaining provisions shall remain in full force and effect.

Force Majeure. Rowan Care shall not be liable for any failure or delay in performance resulting from causes beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, war, terrorism, government actions, network or infrastructure failures, or third-party service provider outages.

Contact

For terms-related questions: legal@rowan.care

Business Associate Agreement (BAA)

Effective Date: February 2026

What Is a BAA?

A Business Associate Agreement is a legally binding contract required by HIPAA whenever a business associate creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity. The BAA establishes the permitted uses and disclosures of PHI and requires appropriate safeguards.

Our BAA Practice

Rowan Care executes a BAA with every brand on the platform as a standard part of onboarding. This is not optional. It is a legal requirement when handling PHI. The BAA covers:

• Permitted uses and disclosures of PHI
• Requirements for safeguarding PHI
• Breach notification obligations and timelines
• Requirements for return or destruction of PHI upon termination
• Provisions for subcontractor agreements

Infrastructure BAAs

In addition to the BAA with each brand, Rowan Care maintains signed BAAs with all infrastructure partners that may access or process PHI, including cloud hosting providers, communication platforms, and analytics services. This ensures HIPAA compliance at every layer of the technology stack.

BAA Execution Timeline

BAAs are executed during the onboarding process before any PHI is processed through the platform. The typical timeline is:

• Draft BAA provided during onboarding kickoff
• Brand's legal counsel reviews and negotiates terms if needed
• Final BAA executed before platform access is granted
• BAA maintained and updated as regulations evolve

Request a BAA

To request a copy of our standard BAA for review: legal@rowan.care