Wellnest Technologies, Inc. ("Wellnest," "Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the Wellnest platform, including our website, mobile applications, and all related services (collectively, the "Platform").
1. INFORMATION WE COLLECT
1.1 Information You Provide Directly
(a) Account Information: Name, email address, phone number, date of birth, gender, mailing address, and account credentials;
(b) Profile Information: Health goals, preferences, emergency contacts, designated family members and caregivers;
(c) Payment Information: Credit/debit card details, billing address (processed and stored by our third-party payment processors — Stripe, RevenueCat, Apple — and not stored on our servers);
(d) Communications: Messages, support requests, feedback, and correspondence with Wellnest.
1.2 Information Collected from Wearable Devices
When you connect a wearable device or health application to the Platform, we collect data transmitted by that device, which may include:
(a) Heart rate and heart rate variability (HRV);
(b) Sleep duration, stages, and quality metrics;
(c) Physical activity data (steps, distance, calories, workouts);
(d) Stress indicators;
(e) Blood oxygen saturation (SpO2);
(f) Body temperature;
(g) Respiratory rate;
(h) Electrocardiogram (ECG) readings (if supported by your device);
(i) Weight, body composition, and other metrics supported by your device.
This data is collected via third-party APIs (including Terra API) and is dependent on the capabilities of your specific device and the permissions you grant.
1.3 Information Collected Automatically
(a) Device Information: Device type, operating system, unique device identifiers, browser type;
(b) Usage Data: Pages viewed, features used, time spent on the Platform, click patterns;
(c) Log Data: IP address, access times, referring URLs, error logs;
(d) Location Data: Approximate location based on IP address (we do not collect precise GPS location).
2. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
(a) Providing Services: To operate, maintain, and improve the Platform, display your wellness data, and enable sharing features;
(b) Personalization: To personalize your experience and provide relevant insights and notifications;
(c) Communications: To send you service-related communications, updates, security alerts, and support messages;
(d) Safety and Security: To detect, prevent, and address fraud, security issues, and technical problems;
(e) Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests;
(f) Analytics: To analyze usage patterns and improve the Platform (using aggregated or de-identified data);
(g) Research: To conduct research and development to improve our products and services (using aggregated or de-identified data only);
(h) Marketing: To send promotional communications, with your consent where required by law. You may opt out at any time.
3. HOW WE SHARE YOUR INFORMATION
3.1 Sharing at Your Direction
We share your wellness data with individuals and entities you specifically designate, including: family members, caregivers, healthcare providers, and employer wellness programs. You control who receives your data and may revoke access at any time.
3.2 Service Providers
We share information with third-party service providers who perform services on our behalf, including: cloud hosting (Aptible for HIPAA-grade infrastructure, Render for non-health services), payment processing (Stripe, Apple, RevenueCat), wearable data integration (Terra API), authentication (Auth0), communications (Twilio), and analytics providers. These providers are contractually obligated to use your information only as directed by us and to maintain appropriate security measures.
3.3 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to: (a) Comply with applicable law or regulation; (b) Enforce our Terms of Service; (c) Protect the rights, property, or safety of Wellnest, our users, or the public; (d) Detect, prevent, or address fraud, security, or technical issues.
3.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any change in ownership or use of your personal information.
3.5 Data Sales
WELLNEST DOES NOT SELL YOUR PERSONAL INFORMATION. If this practice were ever to change in the future, we would only share aggregated, de-identified, and anonymized data that cannot reasonably be used to identify any individual, in compliance with HIPAA de-identification standards (45 CFR 164.514) and applicable law. Any such change would require an update to this Privacy Policy and, where required by law, your affirmative consent.
4. DATA RETENTION AND DELETION
4.1 Retention Period
We retain your personal information for as long as your account is active or as needed to provide you with the Services. We may also retain information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.
4.2 Account Deletion
You may request deletion of your account at any time by contacting us at privacy@hellowellnest.com or through account settings. Upon receiving a verified deletion request:
(a) We will delete or de-identify your personal information within thirty (30) days, except as noted below;
(b) Certain information may be retained for up to six (6) years where required by applicable law, including tax records, transaction history, and information necessary for legal compliance;
(c) Aggregated or de-identified data that cannot reasonably identify you may be retained indefinitely;
(d) Backup copies may persist for up to ninety (90) days before being overwritten;
(e) Information that has been shared with third parties (family members, caregivers, healthcare providers) prior to deletion cannot be recalled by Wellnest.
5. DATA SECURITY
We implement and maintain reasonable administrative, technical, and physical safeguards to protect your information, including:
(a) Encryption of data in transit (TLS/SSL) and at rest (AES-256);
(b) HIPAA-grade hosting infrastructure through Aptible for health-related data;
(c) Access controls and authentication mechanisms;
(d) Regular security assessments and monitoring;
(e) Employee training on data protection and security practices.
Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
6. YOUR RIGHTS AND CHOICES
6.1 Access and Portability
You may access and download a copy of your personal information at any time through your account settings or by contacting us.
6.2 Correction
You may update or correct your account information at any time through your account settings.
6.3 Deletion
You may request deletion of your personal information as described in Section 4.2 above.
6.4 Opt-Out of Marketing
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us.
6.5 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to: (a) Know what personal information we have collected about you; (b) Request deletion of your personal information; (c) Opt out of the "sale" or "sharing" of your personal information (note: we do not currently sell personal information); (d) Not be discriminated against for exercising your rights. To exercise these rights, contact us at privacy@hellowellnest.com.
6.6 Other State Privacy Rights
Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws may have additional rights under their respective state laws. Please contact us to exercise any applicable rights.
7. CHILDREN'S PRIVACY
The Platform is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child under 18 has provided us with personal information, please contact us at privacy@hellowellnest.com and we will take steps to delete such information.
8. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. If you are accessing the Platform from outside the United States, please be aware that your information may be transferred to a country with different data protection laws than your country of residence. By using the Platform, you consent to such transfers. Where required by applicable law (including the Brazilian General Data Protection Law, LGPD), we implement appropriate safeguards such as Standard Contractual Clauses to protect your information during international transfers.
9. THIRD-PARTY LINKS AND SERVICES
The Platform may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.
10. HEALTH INFORMATION PRACTICES
While Wellnest implements HIPAA-grade security infrastructure for health-related data storage and processing, the Wellnest Platform is a general wellness application and the data collected through the Platform generally does not constitute Protected Health Information (PHI) under HIPAA. However, we voluntarily apply HIPAA-level security standards as a best practice to protect your wellness data. If your data is shared with a HIPAA-covered entity (such as a healthcare provider), that entity's own HIPAA obligations apply to the data once received by them.
11. COOKIES AND TRACKING TECHNOLOGIES
We use cookies, web beacons, and similar tracking technologies to collect usage information, remember your preferences, and improve the Platform. You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Platform functionality.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform, updating the "Last Updated" date, and, where required by law, seeking your consent. Your continued use of the Platform after the effective date of changes constitutes your acceptance of the updated Privacy Policy.
13. DATA PROTECTION OFFICER
For questions about this Privacy Policy or our data practices, please contact our Data Protection team:
Wellnest Technologies, Inc.
Attn: Lucas Colagrossi, Data Protection Officer
5105 DTC Parkway
Greenwood Village, CO 80111
Privacy inquiries: privacy@hellowellnest.com
DPO / Data subject requests: dpo@hellowellnest.com
Security disclosures: security@hellowellnest.com