The Formulary AI, Corp Privacy Policy

The Formulary AI, Corp Privacy Policy

The Formulary AI, Corp operates SaaS beauty API, APP and AR services and related platform features
available for through mobile devices, in-store consultations, tablets and computers and through other consumer
electronic devices ("Service(s)"). As used in this policy, "Formulary" refers to The Formulary AI Corp. and its
subsidiaries and affiliates. This policy applies to all Formulary authorized operations of the Service available
through Formulary.ai. Please note the mobile apps listed are governed by Formulary Privacy Policy. We may
refer to Formulary as "we", "us", or "our". We may refer to you as "customer", "end user", "you", or "your".
The purpose of this policy is to inform you about the personal information we collect, how we use and share
that information, and the ways in which you can control how we use and share that information. By using our
Service, you agree to the terms of this policy and you expressly consent to the collection, use, and disclosure of
your personal information in accordance with this policy.

1. INFORMATION WE RECEIVE OR COLLECT FROM YOU
a. Information You Choose to Provide to Formulary
When you interact with us to enquire about our Services such as name, address, phone numbers
and email address. Formulary or third parties acting on our behalf receive data from you
whenever you provide us with information.
b. Technical Information
Formulary may collect certain technical information through the use of log files and servers. Web
and application servers create log files automatically as part of their setup and configuration.
Information in a log file may include IP address, browser type, Internet service provider,
date/time stamps, MAC address, file requested, and other usage information and statistics. Usage
information and statistics and stamps and MAC address file requested and other usage
information and statistic.
c. Device and location Information
If you access and use the Service from a computer, mobile phone, tablet, automobile, or other
electronic device, we may collect information about those devices. For example, our servers
receive and store information about your computer and browser, including your Internet Protocol
(IP) address, browser type, and other related software or hardware information. If you access the
Service from a mobile phone, tablet, automobile, or other electronic device, we may collect and

store information such as device type, operating system version and type, unique identifiers (such
as mobile advertising ID and MAC address), carrier, and other related information for that device.
You can disable this access at any time in your system settings.
d. Biometric information
Formulary and/or a third party utilizing or offering the Services to you or acting on our behalf or
at our direction may collect, capture, store, use, receive or otherwise obtain a scan of your face or
any data or information based on the scan of your face which may include your face geometry
("biometric information") for the purpose of providing personalized Services. Formulary and/or
any such third parties do not and will not use facial recognition or identification technology in
providing the Services. Formulary and/or any such third parties do not and will not store, use,
possess, retain or have access to your biometric information after your use of the Services has
completed, at which time the initial purpose for collecting, capturing, storing, using, receiving or
otherwise obtaining the biometric information has been satisfied. At no time, during or after your
use of the Services, will any of your biometric information be stored on or received, possessed or
otherwise obtained by any server, system or location outside of the device you use to access the
Services.
e. Service-based data management (see below)
Formulary provides for various subscriptions-based Services on our platform, data will be
processed, managed and retained depending on the type of Service you subscribed. You may refer
to Service-based data management details below to find out more on how data is managed when
using the Service.
f. Membership Account Data
On our Sites, you can register for an account with your e-mail address, your customer ID, your
ePF account name and your ePF account password you create which you will automatically create
an account for yourself, with this account, you can use to manage and updates to your Personal
Data.
g. Transaction Data
If you make any purchases on our Sites, we will process your contact and billing information,
such as your name, address, and credit card information. You can view the exact information
required in the form provided at point of purchase. We will only use this data to complete your
order, for billing purposes, and for internal accounting.

h. Customer Support Data
You can communicate with us by using the specified email address of our customer support team
for requests on technical assistance, request information on the status of your order, or otherwise
reach out to our customer support team. In order to respond to your request, we will process your
contact data as well as the contents of your request. Once your request has been complied, we will
delete this data pursuant to our data retention period described below.
i. Email/Direct Mail Data
unless you opt in for this feature in our Sites, from time to time, we may interact with you directly
by mail, email, or telephone to inform you about new services, features, products, or special
offers that you told us you were interested in receiving (including our newsletters). However, we
will not contact you with any commercial communications that are unrelated to our Sites unless
you have given us your prior consent to receiving such information. When responding to one of
these campaigns, you may have the option to provide us with personal information, which we will
use for the purpose indicated.
j. Business contact or sales prospect data (on Sites)
If you are a business contact or sales prospect that has provided us your Personal Data, we will
store your data in our database so that we can follow up on previous business conversations we've
had with you, provide you additional information about our services and features which you are
interested in. We may also share your Personal Data with sales representatives employed with our
local affiliates to connect with you with respect to any potential prospect of business opportunity
we will have with you.

2. INFORMATION WE RECEIVE OR COLLECT FROM THIRD PARTIES
We may receive or collect information about you from third parties, and combine and store it on our
servers with other information we may have already received or collected from you.
These third parties include:
 Service partners that provide or make available features and functionality, and content on
or through the Service.
 Governmental or quasi-governmental agencies or organizations that provide or make
available, to the public, census and demographic data.

Formulary is not responsible for, and will assume no liability, if a business partner or other entity
collects, uses, or shares any information about you in violation of its own privacy policy or any
applicable laws, rules, or agreements.

3. COOKIES
When you use our Services, we automatically collect some information. We may collect information
about your usage of and activity on our Services. When you visit our websites, information we may
automatically log includes, for example, your operating system, cookies, Internet protocol (IP) address,
access times, browser type and language and the website that you visited before visiting our website.
This information includes:
 Device information. We collect device-specific information (such as your hardware model,
operating system version, unique device identifiers and mobile network information).
Formulary may associate your device identifiers with your Formulary Account.
 Log information. When you use our Services provided by Formulary, we automatically
collect and store certain information in servers. Information we collects includes:
o Internet protocol (IP) address.
o device event information such as crashes, system activity, hardware settings, browser
type, language, the date and time of your visit to our website, mobile app and/or
computer software.
o cookies that may uniquely identify your device or your account registered with us.
 Location information. When you use the Service on our website, mobile app and/or
computer software, we may collect and process information about your location, via various
technologies including Internet protocol (IP) address.
 Cookies and similar technologies. Cookies are small data files stored on your hard drive by
a web browser. Formulary uses cookies and similar technologies, for example, web beacons,
to provide our websites and online services and to help collect data. Web beacons are
electronic images we may use on our websites or in our emails to deliver cookies, count visits
and understand usage and campaign effectiveness, such as whether you open and act on an
email that we send you.
Please be informed that any information we collect from your input, feedback, information about you or
information obtained from your parents will be treated as personal information.

1. You may also set your browser to block all cookies, including cookies associated with our
Services, or to indicate when a cookie is being set by us. However, it’s important to
remember that many of our Services may not function properly if your cookies are disabled.
For example, we may not remember your language preferences. Most web browsers
automatically accept cookies but provide controls that allow you to turn off, block or delete
them. Learn more at
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=e
n
2. Please be aware that if you choose to delete cookies, settings and preferences controlled by
those cookies, including advertising preferences, will be deleted and may need to be
recreated.
We provide you with the ability to access, rectify, update and erase your data on our Service by
contacting us at info@formulary.ai for any other enquiries relating to your account information.
4. HOW WE USE INFORMATION WE RECEIVE OR COLLECT
Formulary may use your registration data and other information or data we receive or collect, other than
biometric information, as well as data we derive or infer from combinations of the foregoing, for a
variety of purposes, such as:
 To provide and improve the Service, and to develop new products and services.
 To measure and analyze Service usage and enhance the Customer experience on our
Service.
 To continue and provide better Service for you or similar purposes.
Formulary and/or a third party utilizing or offering the Services to you or acting on our behalf or
at our direction may use any biometric information that we or such third party collect, capture,
receive or otherwise obtain only to provide personalized Services and not for identification, facial
recognition or any other purpose. Formulary and such third parties will not sell, lease, trade or
otherwise profit from your biometric information.
5. HOW WE SHARE INFORMATION WE RECEIVE OR COLLECT
We treat your Personal Data with care and confidentially and will only pass it on to third parties to the
extent described below and not beyond. We do not share, sell, rent, or trade Personally Identifiable Data
with third parties for any promotional purposes. Where our affiliates, resellers, or service providers
process Personal Data, they will do so solely on our instructions and have undertaken to comply with
strict contractual requirements for the security of your data (including, but not limited to, complying

with this privacy statement). Formulary may share the data, other than biometric information, collected
from you including email address you submitted to us in the following manner:
a. Third Party Service Provider
Formulary transmits data to service providers that enable us to provide our Site and market, sell,
payment process and delivery. This includes the parties providing our third-party cookies and
tracking tools, as well as parties providing us with services to assist us in processing transactions,
including credit card transactions, handling shipping and processing of orders, providing
customer support, managing customer relationships, hosting the Sites, collecting, storing, or
removing your information, or performing statistical analysis, providing marketing assistance,
investigating fraudulent activity, conducting customer surveys, technical and customer support,
perform tracking and reporting functions, conduct quality assurance testing providing customer
service, customer surveys and other services in connection with the Site or Apps. We sometimes
need to share your information with these companies in order for them to provide the applicable
services.
b. Third Party Service Provider for Formulary Server
Formulary server is established on Amazon Web Services (AWS), your information may be
transferred to AWS in order to provide the Service to you or for such other purposes as set forth
in this policy. Your data transferred to AWS will be processed, managed and retained depending
on the type of Service listed in the Service-based data management details below.
c. Related Companies
We share information we collect with our parent corporation and affiliates, The Formulary AI
Corp and its subsidiaries for the purposes described in our respective privacy policies, and to
offer, provide, and improve services and products offered both individually and jointly with other
The Formulary AI Corp companies. Additionally, we may share your personal information, with
our successor in interest in the event of a corporate reorganization, merger, or sale of all or
substantially all of our assets.
d. Legal and Security Purposes
We may share your information in order to (i) protect or defend the legal rights or property of
Formulary, or the legal rights of our business partners, employees, agents, and contractors
(including enforcement of our agreements); (ii) protect the safety and security of Formulary users
or members of the public including acting in urgent circumstances; (iii) protect against fraud or to

conduct risk management; or (iv) comply with the law, legal process, or legal and government
requests.
e. Sharing of De-identified, Aggregated, or Anonymized Information
Formulary may share with corporate affiliates and/or business partners de-identified, aggregated,
or anonymized information we receive or collect, such as demographic information, location
information, information about the computer or device from which you access the Service, or
information about your interactions with the Service.
Formulary and/or a third party utilizing or offering the Services to you or acting on our behalf or
at our direction who possesses any of your biometric information will not disclose, redisclose or
otherwise disseminate your biometric information without first obtaining your consent unless the
disclosure, redisclosure or dissemination completes a financial transaction that you or your legally
authorized representative requested or authorized; the disclosure, redisclosure or dissemination is
required by state or federal law or municipal ordinance; or the disclosure, redisclosure or
dissemination is required pursuant to a valid warrant or subpoena issued by a court of competent
jurisdiction.
6. DATA INTEGRITY.
We use the information we collect in ways that are relevant and compatible with the purpose for which
that information was collected or provided to us as disclosed in this policy. We will take steps to ensure
that all information collected, processed, and/or stored is protected from destruction, corruption, or use
in a manner inconsistent with our policies or the purpose for which we received it. We have implemented
security measures designed to protect against the loss, misuse, and alteration of the information we
collect or receive from you. For example, when you enter personal information on our subscription
forms, we encrypt the transmission of that information using secure socket layer technology (SSL).
Formulary and/or a third party utilizing or offering the Services to you or acting on our behalf or at our
direction who possesses any of your biometric information will takes steps to protect all such biometric
information using a reasonable standard of care within our industry and in a manner that is the same as
or more protective than the manner in which Formulary and/or such third parties transmits and protects
other confidential and sensitive information.
7. DATA SUBJECT RIGHTS
a. GDPR

Pursuant to the European General Data Protection Regulation (GDPR) and other relevant data
protection laws, you have right to request access to and rectification or erasure of your personal
data, data portability, restriction of processing of your personal data, and the right to lodge a
complaint with a supervisory authority and if you wish to exercise any of these rights, you can
write to info@formulary.ai.
b. Your Privacy Rights Californian State Laws
If you are a resident of California, the following sections are intended to provide certain
information to you as required by the California Consumer Privacy Act of 2018 ("CCPA") and the
California Privacy Right Act of 2020 ("CPRA"). These sections apply to any personal
information that identifies, relates to, describes, is capable of being associated with, or could
reasonably be linked, directly or indirectly, with you or your household such as your real name,
alias, postal address, unique personal identifier, online identifier Internet Protocol address, email
address, account name, social security number, driver’s license number, passport number, or other
similar identifiers. Personal information does not include publicly-available information and
certain other information that is regulated by other applicable laws. We do not sell, rent, or
otherwise share your data to any third-party for a business or commercial purpose under any
circumstances. However, we are required to let you know that you have the right to opt-out of the
sale or share of your personal information if we ever notify you that we engage in such activity.
You may exercise your rights under the CCPA and CPRA by contacting us at info@formulary.ai.
Depending on the nature of your request, we may have to verify your identity when you contact
us by asking you to provide us with certain personal information strictly for verification purposes
only. We endeavor to respond to your request as soon as we can. If we are not able to respond to
your request within 45 days, we will let you know that we may require additional time (up to 90
total days).
Your rights under the CCPA and CPRA:
- Right to know and right to access. We will provide following information upon your request,
where relevant and required by the CCPA and CPRA, types of data we may collect, sources from
which data may be collected, the purposes to collect data, the third parties that may receive your
personal information, and your personal information if we ever collect it.
- Right to deletion. We may keep personal information for legal reasons approved by the CCPA
and CPRA but will accommodate your deletion request when required.
- Right to correct inaccurate personal information. If you believe your personal information is not
correct you may contact us and provide personal information to replace erroneous data.
c. California's "Shine the Light" Law

Under California's "Shine the Light" law, California residents are entitled to ask us for a notice
describing what categories of personal customer information The Formulary AI Corp. shares with
third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing
purposes. That notice will identify the categories of information shared and will include a list of
the third parties and affiliates with which it was shared, along with their names and addresses. If
you are a California resident, and would like a copy of this notice, please submit a written request
to info@formulary.ai.
d. Nevada Residents
If you are a resident of Nevada, you may apply limits to the sale of certain personal information
to third parties for resale or licensing purposes, subject to applicable law. Formulary does not sell
your personal information for such use. You are entitled to register your preference for limits on
such sales in the future by sending an email to info@formulary.ai, with the subject line, "Nevada
Do Not Sell Request" along with your first and last name, zip code, and whether you are a former
or current Formulary Customer. If you are a former or current Formulary Customer, in order to
process your request, your email address must match the email address on your account.

8. TERMS RELATING TO BIOMETRIC INFORMATION LAWS
We may collect and process your biometric information for the purpose of providing personalized
Services. We do not and will not use facial recognition or identification technology in providing our
Services. Under certain biometric information protection law, including but not limited to Illinois
Biometric Information Privacy Act ("BIPA"), we must inform you of how we collect and process
Biometric Information (as defined under BIPA) as a result of the Services we provide to you, namely the
assessing of skin issues.
a. Biometric Information Defined.
As used in this policy, "Biometric Information" includes both "biometric identifiers" and
"biometric information" as defined in the Illinois Biometric Information Privacy Act, 740 ILCS §
14/1, et seq. "Biometric identifier" means a retina or iris scan, fingerprint, voiceprint, or scan of
hand or face geometry. "Biometric information" means any information, regardless of how it is
captured, converted, stored, or shared, based on an individual's biometric identifier used to
identify an individual.
b. Purpose for Collection of Biometric Information.

Formulary collects, processes, and stores your Biometric Information through our Services,
allowing you in real-time to engage our Services such as, but not limited to, creating and sharing
beautiful photos and selfies; trying virtual makeup, hair color, hair style, eyewear, skincare, beard
style, sunglasses and/or accessories looks with your favorite products; experiencing virtual aging
progression simulations; performing virtual skincare functions; experiencing AI photo
enhancement functions; and editing videos. For example, our Service allows users to undergo a
true-to-life virtual makeover using our world-class facial mapping technology. Specifically, for
the processing of facial characteristics information, we will only detect your facial feature vectors
in order to apply real-time virtual try-on effects thereon, upon your usage of our Services.
c. Authorization.
By using our Services, you acknowledge that you have read Formulary's Privacy Policy. You
further acknowledge and voluntarily consent to Formulary, its affiliates, and service providers
collecting, processing, and storing your Biometric Information as outlined in this Privacy Policy.
You further acknowledge and confirm that you are legally able to enter into this agreement
allowing Formulary, our affiliates, and service providers to collect, process, and store your
Biometric Information, or you are the legally authorized representative of the user(s) who will be
using Formulary's Services. You further acknowledge and consent to Formulary disclosing your
Biometric Information to our affiliates and service providers in providing the Services to you and
as required by our ordinary business purposes.
You further acknowledge and agree that consenting to the collecting, storing, and processing of
your Biometric Information is a condition to you using our Services, including our mobile apps. If
you do not consent to Formulary, our affiliates, and service providers collecting, storing, and/or
processing your Biometric Information, or cannot legally consent, you should not use our
Services.
d. Disclosure.
We treat your Biometric Information with care and confidentially. We do not share, sell, rent, or
trade Biometric Information with third parties for any promotional purposes. Where our affiliates
or service providers process your Biometric Information, they will do so solely on our
instructions and comply with strict contractual requirements for the security of your Biometric
Information.
Although we make every effort to preserve user privacy, we may need to disclose your Biometric
Information when required by law, such as when we have a good-faith belief that such action is
necessary to comply with a current judicial proceeding, a court order, or litigation or other legal
process or action (whether or not initiated by Formulary) to protect Formulary's, our users' or

third parties' rights, property or safety. We will transmit data to public authorities such as law
enforcement or tax authorities only in the case of a legal obligation to do so based on a request for
information from the respective authority.
e. Retention Schedule.
For most of our Services, neither your facial photo/video nor your facial feature vectors will be
stored in our database in any form whatsoever, whether or not you use our Services. We do not
and will not store, use, possess, retain or have access to your Biometric Information after your use
of the Services our products and services has completed, at which time the initial purpose for
collecting, capturing, storing, using, receiving or otherwise obtaining the Biometric Information
has been satisfied. At no time, during or after your use of the Services, will any of your Biometric
Information be stored on or received, possessed or otherwise obtained by any server, system or
location outside of the device you use to access the Services. However, if you choose to opt-in to
our services or submit a request for "get photo" / "save and share" via email, we will temporarily
store your photos used to extract facial features in our email server, for no longer than 2 years, in
order to send to you as instructed by you. After such time, we permanently destroy all copies of
your Biometric Information in our possession and ensure that our service providers do the same.
Or, if you choose to try the function that requires cloud computing including but not limited to
virtual beard style try-on and AI photo enhancement functions, you will be asked to upload your
photo to our server for processing, and your photo will be permanently deleted from our server
after your use of such service has completed.
If you choose to delete your account, we delete things you have posted, such as your photos and
status updates, unless subjected to a valid warrant, subpoena issued by a court of competent
jurisdiction, or other legal or regulatory proceeding, we will comply with this retention schedule
and destruction guidelines.
In some instances, Formulary is a vendor for other businesses through our "Formulary Skin Scan
for Web" platform. In this case users submit their email address and photos and are able to
download their photos within 24 hours after it is captured, and upon lapse of this time frame, the
photo will be permanently deleted from Formulary's server.
f. Data Storage.
Formulary uses a reasonable standard of care to store, transmit, and protect the Biometric
Information collected from unwarranted disclosure. We store, transmit, and protect your
Biometric Information in a manner that is the same as or more protective than the manner in
which we protect and handle our Company's confidential and sensitive information.

9. OUR POLICIES CONCERNING CHILDREN
The Service is available for all users. In the event we obtain actual knowledge that we have collected
information from children under the age of 16, we will take measures to remove such information from
our servers. If you believe that we might have any personal information from a child under 16, please
contact our customer support team at info@formulary.ai.
10. TRANSFER OF INFORMATION OF INTERNATIONAL CUSTOMERS
If the Formulary Service is offered outside of the U.S., the information you submit to us may be
transferred to the U.S. and other countries to be processed by us or our service providers in order to
provide the Service to you or for such other purposes as set forth in this policy. If you are not a resident
of the U.S., you hereby consent and agree that we may collect, process, use, and store your information,
as discussed in this policy, outside your resident jurisdiction, including in the U.S. Please be aware that
U.S. law and the laws of other countries where we process your information may offer different levels of
protection for information than may be available in your country. However, if your information is shared
or transferred as described in this policy, we will seek assurances from the recipients of such information
(prior to the transfer) that they will safeguard the information in a manner consistent with this policy. We
ask recipients of such information to enter into a contractual relationship with us that includes
confidentiality and non-disclosure clauses, and provides the same level of commitment to and
protections of information as provided in this policy.
11. CHANGES TO OUR PRIVACY POLICY
We will continue to evaluate this policy against new technologies, business practices, changes in law,
and your needs, and may make changes to the policy accordingly. Please check this page periodically for
updates. If we make any material changes to this policy, we will post the updated terms of the policy on
the Service, and provide you notice of such changes, which may include notice by email through a
message sent to the email address you use to access the Service, or posting a message on the Service.
Any material changes to this policy will be effective upon the earlier of thirty (30) calendar days
following our dispatch of an email notice to you or thirty (30) calendar days following our posting of
notice of the changes on the Service. Please note that at all times you are responsible for updating your
information to provide us with your most current email address. In the event that the last email address
that you have provided us is not valid, or for any reason is not capable of delivering to you the notice
described above, our dispatch of the email containing such notice will nonetheless constitute effective
notice of the changes described in the notice. If you do not wish to permit changes in our use of your
information, you must notify us prior to the effective date of the changes that you wish to deactivate
terminate or cancel your account with us. Please note that the continued use of the Service following

notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound
by the terms and conditions of such changes.
12. PERSONAL INFORMATION PROTECTION
We strive to protect the security of your information during transmission using, for instance TSL
software, which encrypts information you input. It is important for you to protect against unauthorized
access to your password and to your mobile device. Be sure to sign off when finished using a shared
mobile device.
13. GOVERNANCE
You may inquire about an inaccuracy or make a complaint about a potential violation to us via the
contact information provided below. We do engage in training to support implementation and
compliance of our privacy practices; any employee that we determine is in violation of this policy may
be subject to disciplinary action.
14. DISPUTE RESOLUTION
Formulary will investigate and attempt to resolve complaints and disputes regarding use and disclosure
of information in accordance with the principles contained in this policy. This Privacy Policy shall be
governed by and interpreted in accordance with the laws of Taiwan without regard to conflict of law
principles. You and Formulary hereby irrevocably consent that any legal action or proceeding arising
under or in connection with this Privacy Policy must be submit to the personal and exclusive jurisdiction
of arbitration in The State of Arizona, USA for the purpose of arbitrating any dispute.
YOU UNDERSTAND AND AGREE THAT, BY ENTERING INTO THIS PRIVACY POLICY,
YOU WAIVE THE RIGHT TO GO TO COURT OR TO PARTICIPATE IN A CLASS OR
REPRESENTATIVE ACTION.
15. CONTACT US
If you have any questions about this privacy policy, or the privacy practices of Formulary, contact us
at info@formulary.ai
This policy was written in English, and to the extent the translated version of this policy if any is
inconsistent with the English version, the English version will control. We reserve the right to correct
translation errors or other issues caused by offering translations of this policy.