Privacy Policy

1. Introduction

Texican Inc. ("Texican," "we," "us," or "our") is committed to protecting the privacy and security of the information we collect from visitors to our website, users of our platform, and clients who engage our professional services.

This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights with respect to that information. By accessing our website or using our services, you agree to the practices described in this policy.

2. Scope

This Privacy Policy applies to:

• Our public website and all associated web pages.
• Our investor portal and LOAC platform (when accessed by authorized users).
• Business communications and professional interactions with Texican.

This Privacy Policy does not apply to Protected Health Information ("PHI") handled in the course of providing healthcare RCM services, which is governed separately by applicable Business Associate Agreements ("BAAs") and our HIPAA compliance program.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when you complete a contact form, inquiry form, or self-assessment tool; request a consultation or demonstration; communicate with us via email or phone; execute a Service Agreement or Business Associate Agreement; or access our investor portal or restricted digital properties.

This may include your name, job title, organization name, business email address, phone number, and any information you choose to include in your message or submission.

3.2 Information Collected Automatically

When you visit our website or access our platform, we or our third-party service providers may automatically collect IP address and approximate geographic location, browser type, device type and operating system, pages visited, time spent on pages and referring URLs, and interaction data such as clicks, scrolls, and navigation paths. This information is collected using cookies and similar tracking technologies (see Section 7).

3.3 Business and Engagement Data

In the course of providing professional services, we collect and process operational and financial data provided by our healthcare organization clients. This data is used solely to perform contracted services and is subject to confidentiality obligations under the applicable Service Agreement.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to inquiries — Contacting you in response to a form submission, request for information, or consultation request.
• To provide services — Performing contracted RCM consulting, platform access, and related deliverables.
• To manage client relationships — Account setup, onboarding, milestone tracking, and service delivery communications.
• To improve our website and platform — Analyzing usage patterns to enhance functionality, content, and user experience.
• To comply with legal obligations — Responding to lawful requests from regulatory bodies and complying with applicable laws.
• To protect our business and users — Detecting and preventing fraud, unauthorized access, and security incidents.

We do not sell your personal information to third parties. We do not use your information for behavioral advertising or permit third-party advertising on our platform.

5. Healthcare Data and HIPAA

Texican is a Business Associate under HIPAA when providing services to Covered Entities. As such:

• Any access to or processing of PHI is governed by an executed Business Associate Agreement.
• We maintain administrative, physical, and technical safeguards consistent with HIPAA requirements.
• We do not use PHI for any purpose beyond what is authorized under the applicable BAA and HIPAA regulations.
• PHI is never processed through our general website contact forms or public-facing digital properties.

If you are a healthcare organization client with questions about how PHI is handled within your engagement, please contact us directly.

6. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

• Service Providers — Trusted third-party vendors who assist in operating our website and delivering services, subject to confidentiality agreements.
• Legal Requirements — When required to do so by law, court order, or valid request from a government or regulatory authority.
• Business Transfers — In the event of a merger, acquisition, or sale of assets, subject to the same privacy protections.
• With Your Consent — We may share information with your authorization for purposes you have approved.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and analyze site performance:

• Essential Cookies — Required for the website to function, including session management and secure login.
• Analytics Cookies — Help us understand how visitors interact with our site. This data is aggregated and anonymous.
• Preference Cookies — Remember your settings and preferences across sessions.

You may manage cookie preferences through your browser settings. We do not use third-party advertising or behavioral tracking cookies.

8. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS/SSL), access controls restricting information to authorized personnel, regular security assessments and monitoring, and SOC 2 Type II certified infrastructure for our software platform.

Despite these measures, no method of transmission or storage is completely secure. We encourage you not to transmit sensitive or confidential information through unsecured channels.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer required, we securely delete or anonymize it.

10. Your Privacy Rights

Depending on your location, you may have certain rights including the right to access, correction, deletion, and opt-out of communications.

California Residents: Under the CCPA and CPRA, California residents have additional rights including the right to know what categories of personal information are collected, the right to request deletion, and the right to opt out of the sale of personal information. Texican does not sell personal information.

To exercise any of these rights, please contact us using the information in Section 14.

11. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

12. Third-Party Websites and Services

Our website may contain links to third-party websites or integrate with third-party platforms. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted to our website with a revised "Last Updated" date. Your continued use of our services after such changes constitutes your acceptance of the updated policy.

14. Contact