1. Introduction

This Cookie Policy explains how CAREBRIDGE VITAL NEXUS LTD. ("we," "us," or "our") uses cookies and similar technologies when you visit our websites or use our mobile applications (the "Platform"). It should be read alongside our Privacy Policy, which describes how we collect, use, and protect your personal information.

What are cookies? Cookies are small text files that websites send to your computer or device to uniquely identify your browser or to store information or settings. When you visit a website, it may store or retrieve information in your browser. The information does not usually directly identify you, but it can give you a more personalized experience.

Why we use cookies. We use cookies and similar technologies for:

Important: Non-essential cookies (functional, analytics, and advertising) are only set after you give explicit consent. Until you consent, only strictly necessary cookies will run. This ensures that tracking and marketing cookies do not run without your permission. We do not use cookie walls — access to the core Platform is never conditioned on accepting non-essential cookies.

Similar technologies. In addition to cookies, we use related technologies such as web beacons (pixels), local storage, session storage, and mobile advertising identifiers. These serve similar purposes and are covered by this policy.

2. Categories of Cookies

We categorize cookies and similar technologies by their function and purpose. The categories align with common industry practice and regulatory expectations.

2.1 Strictly Necessary Cookies

Purpose: These are essential for the website and Platform to function. They cannot be switched off in our systems. They enable core features such as:

• Authenticating users and keeping you logged in
• Preventing fraud and protecting security
• Enabling access to secure areas (e.g., patient dashboard, provider portal)
• Load balancing and session management
• Remembering your cookie consent preferences

Legal basis: Not subject to consent in most jurisdictions because they are strictly necessary for the service you requested.

Can you disable them? No. Disabling these cookies would prevent the Platform from functioning properly.

2.2 Functional Cookies

Purpose: These allow us to provide enhanced functionality and personalization, such as:

• Remembering your language and region preferences
• Storing display preferences such as theme (light/dark mode)
• Remembering search filters and recent selections
• Showing or hiding certain onboarding tooltips

Legal basis: Legitimate interest or consent, depending on your location. Depending on your jurisdiction, we may obtain consent before setting functional cookies.

Can you disable them? Yes, through our cookie preferences centre or your browser settings. Disabling may limit some personalized features.

2.3 Analytics and Performance Cookies

Purpose: These help us understand how visitors interact with our Platform so we can improve it. We collect information such as:

• Pages viewed and time spent
• How you navigated (clicks, scrolls)
• Device and browser type
• General geographic location (e.g., country or city from IP address)
• Error and crash reports

Legal basis: Consent in regions that require it; legitimate interest where permitted. We use aggregated, anonymized data where possible.

Can you disable them? Yes, through our cookie preferences centre. Disabling analytics cookies does not affect core Platform functionality.

Note on Google Analytics and international data transfers: Google Analytics may transfer data to servers outside the jurisdiction in which you access the Platform. We use Google Analytics 4 (GA4) with IP anonymization enabled where feasible.

2.4 Advertising and Marketing Cookies

Purpose: These are used to deliver relevant advertisements, measure ad effectiveness, and limit the number of times you see an ad. We may use them to:

• Show ads relevant to medical travel, treatments, or health services (on our Platform or on partner sites)
• Measure the effectiveness of our marketing campaigns
• Retarget users who have visited our Platform (with your consent where required)

Important: We do not use health or medical data for advertising. Advertising cookies use general interest and usage data only.

Legal basis: Consent. We only set advertising cookies after you have opted in.

Can you disable them? Yes, through our cookie preferences centre or your browser/device settings. You will still see ads, but they may be less relevant.

3. Similar Technologies (Beyond Cookies)

4. First-Party vs. Third-Party Cookies

• First-party cookies are set by us (our domain) when you visit our Platform. We control the data collected.
• Third-party cookies are set by domains other than ours — for example, when we embed analytics or advertising scripts, or when infrastructure providers set operational cookies.

Do we use third-party cookies? Yes. We use third-party infrastructure providers to operate the Platform (e.g., our hosting and CDN providers) and third-party analytics and advertising partners. These providers may set operational, analytics, or advertising cookies, subject (where required) to your consent.

How do third parties collect and use data? Third parties may collect information such as your IP address, device identifiers, pages visited, and browsing behavior. They use this data to provide us with infrastructure, analytics, or ad services, and may also use it for their own purposes (e.g., security, building audience segments, improving their products) in accordance with their privacy policies. We do not control how third parties use data once they collect it.

Key third-party providers and their policies:

We encourage you to review these policies to understand how each partner collects and uses your data. A current technical list of cookies in use on the Platform may be maintained separately and updated more frequently than this policy.

5. How to Manage Your Cookie Preferences

5.1 Our Cookie Preferences Interface

When you first visit our Platform, we show a cookie banner that lets you:

• Accept all — Enable all categories of cookies
• Reject non-essential — Only strictly necessary cookies will be set
• Manage settings — Choose which categories (functional, analytics, advertising) you wish to allow

Our cookie banner is a first-party, in-house implementation built into the Platform. Your preference choice is stored as a first-party cookie and respected on subsequent visits.

You can change your preferences at any time by visiting the "Cookie Preferences" link in our website footer (or Account > Settings > Privacy > Cookie Preferences if logged in).

Accessibility: Our cookie banner and preferences interface are designed with accessibility in mind, including keyboard navigation and screen-reader compatibility, consistent with WCAG and ADA accessibility best practices.

5.2 Browser and Device Settings

Most browsers allow you to:

• Block or delete cookies
• Block third-party cookies only
• View which cookies are stored

Here are links to commonly used browsers:

• Chrome — cookie settings
• Firefox — cookies information
• Safari — manage cookies
• Edge — delete cookies

Mobile devices: On iOS and Android, you can limit or reset advertising identifiers in your device settings (e.g., Settings > Privacy > Advertising).

5.3 Global Privacy Control (GPC)

If your browser or extension supports Global Privacy Control, we will treat a GPC signal as a request to opt out of the "sale" or "sharing" of your personal information where required by law (e.g., CCPA).

5.4 Do Not Track (DNT)

Some browsers offer a "Do Not Track" (DNT) signal. There is currently no universally accepted standard for how websites should respond to DNT signals. We do not currently alter our data collection or cookie practices in response to DNT signals. We recommend using Global Privacy Control (GPC) (see Section 5.3) or our cookie preferences interface (see Section 5.1) instead, as these provide enforceable, well-defined opt-out mechanisms.

5.5 Consequences of Disabling Cookies

Disabling or blocking cookies may impact your experience on the Platform. Here is what to expect:

Blocking all cookies via browser settings: If you block all cookies, you will not be able to use most of the Platform's features, including logging in and making appointments. We recommend using our cookie preferences interface to disable only non-essential cookies while keeping the Platform functional.

6. Retention

• Session cookies — Deleted when you close your browser
• Persistent cookies — Remain for the duration specified in the tables above (e.g., 12 months, 2 years)
• Local storage — Until you clear it or we overwrite it
• Advertising identifiers — As per the provider's policy; you can reset them in your device settings
• Consent records — Logs of your cookie consent choices are securely stored for accountability purposes for up to 12 months. We will ask you to renew your consent every 12 months, or sooner if we significantly change our cookie practices.

7. Regional Considerations

Geographic availability. The Platform is not currently offered to users in the European Economic Area (EEA) or the United Kingdom, and our cookie and consent practices are not designed to comply with the EU ePrivacy Directive, GDPR, or UK PECR. Users attempting to access the Platform from these regions are geo-blocked. If you believe you have accessed the Platform from a blocked region, please contact privacy@kibocare.com.

7.1 United States (including California)

Under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), certain cookie-related data sharing may be considered a "sale" or "sharing" of personal information. In particular, analytics cookies (e.g., Google Analytics) and advertising cookies (e.g., Google Ads, Meta Pixel, LinkedIn Insight) may transmit identifiers and browsing data to third-party partners in a manner that constitutes a "sale" or "sharing" under CCPA/CPRA.

You can opt out by:

• Clicking the "Do Not Sell or Share My Personal Information" link in our website footer or in-app settings
• Disabling non-essential cookies via our cookie preferences interface
• Enabling a Global Privacy Control (GPC) signal in your browser — we recognize and honor GPC signals as a valid opt-out request (see also Section 5.3)

For further details on your CCPA/CPRA rights, including the right to limit use of sensitive personal information, see our Privacy Policy, Section 9.2.

7.2 Taiwan (台灣)

We comply with Taiwan's Personal Data Protection Act (PDPA, 個人資料保護法) when using cookies and similar technologies. Specifically:

• Consent: We obtain consent for non-essential cookies in accordance with PDPA Article 7 requirements, including clear disclosure of the purpose of collection, the categories of data, and the intended use.
• Language: Our cookie banner and preferences interface are available in Traditional Chinese (正體中文) for users in Taiwan.
• Cross-border transfers: Where cookie-related data is transferred outside Taiwan, we comply with PDPA cross-border transfer requirements and any restrictions issued by the central competent authority.
• Contact: For Taiwan-specific inquiries regarding cookies or PDPA compliance, contact privacy-tw@kibocare.com.

For cross-border details, see our Privacy Policy, Section 9.1.

7.3 Canada, Hong Kong, Japan, and Australia

Depending on your jurisdiction, additional cookie consent or notice requirements apply:

• Canada: We comply with PIPEDA requirements regarding consent for tracking technologies.
• Hong Kong: We comply with PDPO guidelines on the use of cookies and tracking technologies, including guidance issued by the Office of the Privacy Commissioner for Personal Data (PCPD).
• Japan: We comply with the Act on the Protection of Personal Information (APPI) regarding the collection and handling of personal information (個人情報) and personally referable information (個人関連情報) via cookies, including the 2022 amendment requirements on third-party provision of personally referable information.
• Australia: We comply with the Privacy Act 1988 regarding the collection of personal information via cookies.

For region-specific questions not addressed above, contact us at privacy@kibocare.com.

8. Updates to This Cookie Policy

We may update this Cookie Policy to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top
• Notify you via a banner on the Platform or by email where appropriate
• Ask you to review and, where required by law, re-consent to non-essential cookies

Where consent is required by law, continued use of the Platform does not by itself constitute consent to non-essential cookies; your existing preferences will remain in effect until you update them or are asked to renew consent. We encourage you to review this policy periodically.

9. Contact Us

For questions about this Cookie Policy or our use of cookies:

• Email: privacy@kibocare.com
• Mail — United States: Attn: Privacy Officer, 17561 Hillside Ave, Suite 202 #1126, Queens, NY 11432, USA
• Mail — Hong Kong: Attn: Privacy Officer, Room A, 19/F, Max Share Centre, 367–373 King's Road, North Point, Hong Kong
• Cookie preferences: the "Cookie Preferences" link in our website footer

For Taiwan-specific inquiries: privacy-tw@kibocare.com

10. Quick Reference

Table of Contents Summary

This Cookie Policy supplements our Privacy Policy. This Cookie Policy governs the technical details of cookies and similar technologies used on the Platform, including their categories, durations, and management options. The Privacy Policy governs broader data processing purposes, legal bases, your rights, data retention, and international transfers. In the event of a conflict between the two documents, the Privacy Policy prevails for matters within its scope.