Security & Trust at LERA

LERA operates an organized healthcare arrangement designed to deliver whole-body care through a coordinated structure.

Clinical services are provided exclusively by LERA Medical Informatics LLC ("LMI"), a healthcare services entity. Your clinical relationship as a member is with LMI.

LMI delivers health and wellness services through a team of licensed medical practitioners, whole-body health coaches, and mindful resilience coaches, all of whom are independent contractors of LMI.

LERA Health LLC ("LERA Health") provides the technology platform, administrative services, and operational support that enable care delivery.

LERA Nutraceuticals LLC ("LN") provides LERA's proprietary professional-grade supplements.

LMI, LERA Health and LN may be referred to collectively as "LERA" where appropriate; however, clinical services and medical decision-making are provided solely by LMI.

Your health information is personal.

We treat it that way.

At LERA, security, privacy, and trust aren't add-ons — they're part of care.

Built for Healthcare, Not Just “Wellness”

LERA operates in a regulated healthcare environment.

That means we design our systems, processes, and policies to meet the standards required for handling sensitive health information, including compliance with HIPAA and applicable state privacy laws.

We don't take shortcuts — and we don't treat health data like typical consumer data.

How We Protect Your Information

We use a combination of administrative, technical, and physical safeguards designed to protect your information from unauthorized access, misuse, or disclosure.

These safeguards include, where appropriate:

• access controls and role-based permissions
• encryption of data in transit and at rest
• secure cloud infrastructure
• audit logs and monitoring
• vendor security review and contractual safeguards
• internal policies and staff training

No system is perfect, but we take reasonable, industry-aligned measures to protect your data.

HIPAA Compliance

When we provide clinical services, LERA complies with the Health Insurance Portability and Accountability Act (HIPAA).

This means:

• your protected health information (PHI) is handled according to strict legal standards
• access is limited to authorized personnel
• you have rights over your health information

Details about how PHI is used and protected are available in our Notice of Privacy Practices.

Data Minimization & Purpose Limitation

We collect information because it serves your care.

Your data is used to:

• deliver clinical care
• personalize your program
• support longitudinal health monitoring
• maintain platform operations and quality

We do not collect data for resale or advertising by third parties.

Our Approach to AI and Technology

LERA uses a rules-based approach grounded in functional medicine research and decades of clinical experience.

What that means in practice:

• insights are traceable and explainable
• recommendations follow defined clinical logic
• technology supports clinicians — it does not replace them

We may use one or more systems/tools that use artificial intelligence (AI). We do not use AI applications that use your information in public-facing learning libraries, and your information will not be used by such AI applications to produce results for others. We do not use black-box AI for diagnosis.

Technology helps us personalize care, not obscure it.

We Don't Sell Your Data

Let's be clear:

• We do not sell your data
• We do not monetize personal health information
• We do not allow third parties to use your data for advertising, except for ordinary course uses by us and those we contract with to provide LERA products and services to you

Your information exists to support your health, nothing else.

Employers & Partner Programs

If LERA is offered through an employer or partner organization:

• individual health information is never shared
• reporting is aggregated and de-identified
• data cannot be used for employment decisions

Your health remains private, even when access is sponsored.

Responsible Use of Partners & Vendors

We work with trusted partners (such as laboratories, technology providers, and service vendors) only when necessary to deliver care and operate our platform.

When we do:

• partners are vetted
• contracts require confidentiality and security safeguards
• access is limited to what's needed

Transparency & Your Rights

We believe trust is built through clarity.

You have the right to:

• understand how your data is used
• access your health information
• ask questions about privacy or security
• raise concerns without fear of retaliation

If something isn't clear, we want to hear from you.

Questions or Concerns?

If you have questions about security, privacy, or trust at LERA, you can contact us at:

support@lerahealth.com

We take every inquiry seriously.