Skip to Main ContentSkip to Sitemap

Privacy Policy

Last updated November 25, 2025

Looking for China? Click here.

Wellthy.com Privacy Policy

1. Introduction

This privacy policy (the "Privacy Policy") describes how Wellthy, Inc. (together with our affiliates, "Wellthy," "we," "our," or "us") collects, uses and shares an individual’s (“you,” “your,” or “they”) personally identifiable information ("Personal Information") obtained by our business (including through our website at www.wellthy.com (the "Site"), from you, our clients and users, and from third parties).

This Privacy Policy applies to all individuals whose Personal Information is processed by Wellthy. Our relationship with you and the source of any Personal Information we receive from or about you will determine how this Privacy Policy applies to you and your Personal Information.

Please take time to review this Privacy Policy prior to providing Wellthy your Personal Information. If you submit Personal Information of others or other confidential information of a third party to Wellthy, you represent and warrant that you have the necessary consent or authority to do so.

This Privacy Policy applies to all of our services, including the services made available through Wellthy.com and other Wellthy sites and applications (including, as applicable, the Site and our web applications, application extensions, social media pages, marketing activities, live events and other activities described in this Privacy Policy) (collectively, the “Services”)).

2. Personal Information We Collect

Wellthy collects Personal Information to provide the Services as part of its contractual obligations to individuals who create an account on the Site (“Members”), to companies that cover the costs of Members’ access to the Services, to companies that cover the costs of Members’ access to the Services, and a number of other purposes, as set forth below. We also automatically collect and process Personal Information when individuals use the Site, including before they sign up to create an account.

Wellthy receives Personal Information from employers, health plans, and other third parties (including individuals) helping to facilitate and coordinate care services on our Members’ behalf.

The following chart sets forth the categories of Personal Information we collect, how we collect such Personal Information, and how we use such Personal Information.

What we collect

How we collect it

How we use it

Identifiers (e.g.: Name, Date of Birth, IP Address)

Directly from users or their use of the Services; cookies and other tracking technologies; third parties (such as employers, health plans or other Members); public sources (e.g. online business listings)

Developing, improving, and providing care services; communications; marketing; analytics; security; legal, compliance and regulatory obligations; criminal record review

Contact / Account Profile Information (e.g.: addresses, service start and end dates, relationships to other users)

Directly from users or their use of the services; third parties (such as employers, health plans or other Members or other Members)

Developing, improving, and providing the services; authentication; marketing; analytics; security legal, compliance and regulatory obligations

Sensitive Personal Information / Government Issued Identification Numbers (e.g.: Medical Records, Citizenship Information, Health Plan identification numbers, Social Security Numbers, Criminal Records, Usernames and Passwords to other services)

Directly from you or another Member or another Member; third party consumer reporting agencies third party consumer reporting agencies; third parties (such as employers, or health plans or other Members)

Developing, Improving and Providing the Services; Verifying Your Identity; Detecting Fraud Identity Theft, or Other Misuse of Your Account; Legal, Compliance and Regulatory Obligations; Criminal Record Review Criminal Record Review

Commercial Information (e.g. Services offered, considered or purchased, Service relationship feedback)

Directly from You or another Member; public sources (e.g. online business listings

Developing, Improving, and Providing the Services; Identity verity verification; Communications; Marketing; Analytics; Security, Legal, Compliance and Regulatory Obligations

Financial Data/Payment Information (e.g. credit card or other financial account information)

Directly from You or another Member

Developing, Improving and Providing the Services; Process Payments via Third-Party Processor; Process Payments via Third-Party Processor

Identifiers or Credentials for other services (e.g. Usernames or Passwords)

Directly from you

Developing, Improving and Providing the Services

Internet or Other Network or Device Activities (e.g. unique device and app identifiers, browsing history on our website or other usage data or information from cookies on our website)

Directly from users or their use of the Services; Cookies and Other Tracking Technologies

Developing, Improving, and Providing the Services; Communications; Marketing; Analytics; Security, Legal, Compliance and Regulatory Obligations

Approximate Geolocation Information

Directly from You or other Members; Cookies and Other Tracking Technologies

Developing, Improving, and Providing the Services; Communications; Marketing; Analytics; Security, Legal, Compliance and Regulatory Obligations

Professional Information (e.g. place of employment, work email, previous place(s) of employment, position(s), work history, earnings, resume) (e.g. place of employment, work email, previous place(s) of employment, position(s), work history, earnings, resume)

Directly from users or their use of the Services; Third Parties (such as Employers,  or Health Plans or other Members); Third Parties (such as Employers,  or Health Plans or other Members); Service Providers; Third Parties (such as other users); public sources (e.g. online business listings

Developing, Improving, and Providing the Services; Quality Assurance; Sales Opportunities; Security, Legal, Compliance and Regulatory Obligations

Service Feedback (e.g. information about your experience with our services or services provided by a third party) (e.g. information about your experience with our services or services provided by a third party)

Directly from users or their use of the Services

Developing, Improving, and Providing the Services; Analytics; Sentiment Analysis;  Security, Legal, Compliance and Regulatory Obligations

Other Other Information (e.g. usernames; discussions) (e.g. usernames; discussions)

Directly from users or their use of the Services

Developing, Improving, and Providing the Services;

Updating Member Directory; Analytics

Our use of Personal Information also includes any other purpose that you may intend or direct us to perform through your use of our services.

3. How We Share Personal Information

Wellthy shares and discloses Personal Information to third parties as needed to provide our services and operate our business. Wellthy shares Personal Information with third parties as follows:

Third Party

Examples of Personal Information Shared

Purposes for Sharing

Other Members

Identifiers; Contact / Account Profile Information; Sensitive Personal Information / Government Issued Identification Numbers

Providing the Services; Marketing; Security, Legal, Compliance and Regulatory Obligations

 

Sponsoring Organizations

Identifiers; Contact / Account Profile Information; Sensitive Personal Information / Government Issued Identification Numbers; Professional Information; Service Feedback

Providing the Services; Marketing; Analytics; Security, Legal, Compliance and Regulatory Obligations

IT Service Providers

Identifiers; Contact / Account Profile Information; Sensitive Personal Information / Government Issued Identification Numbers; Internet or Other Network or Device Activities Including Information from Cookies; Approximate Geolocation Information

Providing the Services; Security, Legal, Compliance and Regulatory Obligations

Business Service Providers

Identifiers; Contact / Account Profile Information; Sensitive Personal Information / Government Issued Identification Numbers; Financial Data/Payment Information; Platform Communications; Service Feedback

Developing, Improving, and Providing the Services; Analytics; Sentiment Analysis; Security, Legal, Compliance and Regulatory Obligations

Care Associated Organizations

Identifiers; Sensitive Personal Information / Government Issued Identification Numbers

Providing the Services

Corporate Partners

Identifiers; Contact / Account Profile Information; Sensitive Personal Information / Government Issued Identification Numbers; Commercial Information; Internet or Other Network or Device Activities Including Information from Cookies; Platform Communications; Professional Information; Service Feedback

Legal Obligations

Governments and Other Legal Entities

Identifiers; Contact / Account Profile Information; Sensitive Personal Information / Government Issued Identification Numbers; Commercial Information; Internet or Other Network or Device Activities Including Information from Cookies; Approximate Geolocation Information; Platform Communications; Professional Information

Legal Obligations

4. Sale of Personal Information

Wellthy does not “sell” Personal Information as defined by the California Consumer Privacy Act (CCPA) of 2018, Vermont’s protection of personal information law (9 V.S.A. § 2430), or Nevada’s 2019 privacy amendment, and have not sold Personal Information within the previous 12-month period from the date of this policy. If we decide to sell your Personal Information, we will provide you with an opportunity to opt-out as the law may require.

5. Communications and Marketing

In compliance with local rules, Wellthy may periodically send you newsletters that include information about our services, partners, and enhancements. If you no longer wish to receive e-mail marketing communications, you may unsubscribe/opt out by following the steps in the email or by contacting support@wellthy.com.

Online Advertising. Wellthy may also use third-party retargeting technology to advertise Wellthy to organizations interested in providing our services as a benefit to employees. This means we may show ads that highlight our Program Sponsor offering to you using LinkedIn, Facebook, Google, or Instagram advertising services. We will not use this technology on pages that you visit when you are logged in after creating an account. Control of LinkedIn advertising is available through your account settings and you may completely opt out of LinkedIn retargeting here. You can also update your Google ad preferences, Facebook ad preferences, and Instagram ad preferences.

6. Data Retention and Disposal

Wellthy retains and disposes of Personal Information in accordance with our data retention schedules. Generally, this means:

  • Personal data collected and not used to provide Member services such as site visitor information and sales prospect information, is reviewed for deletion periodically to assess the necessity and proportionality of the processing.
  • Certain personal data associated with the provision of our services is retained for a standard period of seven years, or longer if necessary in order to comply with our legal or contractual obligations.

Once the retention period has expired, we will delete your data and/or de-identify your Personal Information such that it can no longer identify you. With respect to all personal data, where the purpose of the processing is satisfied or where consent to processing has been withdrawn, such data will be deleted unless we need to retain it for legal or compliance purposes.

7. Your Privacy Rights

Depending on where you are located and how you interact with Wellthy, you may have certain legal rights over the personal information we hold about you, subject to local privacy laws. The following is more information regarding your rights:

Controller Relationship. Except to the extent that Wellthy may be a “processor” of Personal Information received from a third party pursuant to a contractual relationship with that third party, Wellthy is a “controller” with respect to your Personal Information and you may contact us directly to exercise your data protection rights or file a privacy complaint.

Lawful Basis for Processing Personal Information. Our lawful basis for collecting and processing Personal Information will depend on the circumstances upon which the Personal Information was collected.

  • In most circumstances, Wellthy may process your Personal Information as necessary to perform a contract with you, including to provide our Services pursuant to our Terms of Service.
  • In most circumstances, Wellthy may process your Personal Information as necessary to perform a contract with you, including to provide our Services pursuant to our Terms of Service.
  • In some circumstances, our processing of Personal Information is based on Wellthy’s legitimate interests. For example, we may use your Personal Information to measure and improve our Services, we may use your Personal Information to measure and improve our Services. Wellthy reviews the necessity and proportionality of such processing to assess whether the rights and freedoms of the data subjects is not outweighed by the processing.
  • In special circumstances, you may provide your express consent to Wellthy’s processing of your Personal Information. For example, where special category data (e.g. health data) is processed under Article 9 GDPR. In such cases, Wellthy will take steps to ensure that your consent is informed and freely given.

Automated Decision-making. Wellthy’s processing of Personal Information may include automated decision-making, specifically with respect to the assignment of a Care Coordinator to a Care Recipient. This processing is intended to best align a Care Coordinator to your specific needs. Re-assignment of Care Coordinators is available.

International and Onward Transfers of Personal Information. Wellthy is a US-based company with data centers located in the United States. If you are located outside the US, your Personal Information will be transferred across international borders and processed in the US. The US may have different or less protective data protection laws than your own country. International transfers of personal data (including onward transfers) to third countries which have not achieved adequacy under GDPR Article 45 are made pursuant to the European Commission’s Standard Contractual Clauses (SCCs), or similar guarantee of adequacy such as an IDTA as may be appropriate for the jurisdiction, and are subject to a transfer impact assessment. Where necessary, supplementary measures are adopted by the data importer and exporter to ensure personal data is afforded an essentially equivalent level of protection in the third country.

Privacy Rights of Data Subjects. Depending upon the laws of your local jurisdiction, subject to certain limitations, you may have some or all of the following data protection rights:

  • Right to Withdraw Consent – If processing is based on your consent, you have the right to withdraw consent to the processing at any time.
  • Right to Object to Processing – If processing is based on legitimate interest, you have the right to object to the processing at any time.
  • Right to Object to Automated Processing – You have the right not to be subject to a decision based solely on automated processing, including profiling.
  • Access and Rectification – You have the right to access, correct, and update your Personal Information without undue delay.
  • Right to Deletion or Erasure – You have the “right to be forgotten” through the erasure or deletion of your Personal Information without undue delay.
  • Right to Portability – You have the right to move, copy, or transfer personal data from our service to another service. If requested, we will provide you with a machine-readable file to transfer.
  • Right to Stop Processing – You have the right to object to the processing of your Personal Information and to ask us to restrict the processing of your Personal Information, subject to certain limitations.
  • Right to Submit a Complaint – You have the right to submit a complaint to your data protection authority about our collection and use of your Personal Information.

Exercising Your Rights Under Law. You may exercise many of your rights through your account or our self-service portal or by submitting a request to our Data Protection Officer at support@wellthy.com or by calling +1 (877) 588-3917.

We respond to and process requests promptly and within the timeframes required by law. Please note that requests that could adversely impact the rights and interests of a data subject are subject to appropriate verification before processing.

Local Representative. Contact information of our UK and EU local representative.

European Data Protection Office (EDPO)

European Union: Ground Floor, 71 Lower Baggot Street, Dublin, D02 P593, Ireland, or this contact form.

United Kingdom: 8 Northumberland Avenue London, England WC2N 5BY, or this contact form.

8. Exercising Control Over Your Privacy

We provide several ways for you to exercise control over your privacy. For Members, you may access and correct much of the Personal Information we have collected about you simply by logging into your account. For other individuals, you may make a privacy request by contacting us at support@wellthy.com. In our discretion and without obligation, we may fulfill privacy requests as a courtesy to other individuals subject to appropriate prior verification.

You may have certain choices and rights associated with your Personal Information, including opting out of targeted advertising or other disclosures to third parties. Residents of certain locations may have the right to have an authorized agent submit requests on your behalf. You or your authorized agent may request that Wellthy honor these rights by contacting us as outlined in the “Contact Us” section below.

Non-Discrimination. You will not receive any discriminatory treatment by us for the exercise of your privacy rights.

Verifying Your Request. Only you, or a person that you authorize to act on your behalf, may make a request related to your Personal Information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected Personal Information or a person authorized to act on your behalf. We will only use the Personal Information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.

Information Processed by our IT Service Providers. Our IT service providers have no direct relationship with the individuals whose Personal Information they process on behalf of Wellthy. If you seek to access, correct, amend, or delete inaccurate data held by any of our IT service providers, you should contact us as outlined in the “Contact Us” section below. In that event, we will instruct our IT service providers to perform the relevant processing.

9. Cookie Policy and “Do Not Track” Requests

Wellthy uses cookies to improve your experience on our Site. We may automatically collect certain Personal Information when you visit our Site, including through cookies, web beacons and other technologies. Such cookies include strictly necessary cookies, performance cookies, functional cookies, and targeting cookies. For example, we may use analytics cookies to generate and analyze statistics about your use of the Site and functional cookies to improve and customize your experience with the Site. We may also use marketing cookies to collect aggregate information about site visitors. The Personal Information collected for these purposes (including your IP address and other Personal Information collected by automated means) may be disclosed to or collected directly by our third-party web analytics service providers, such as Google Analytics. To learn more about how Google uses your Personal Information, please, click here.

To adjust your cookie settings, you may do so when you initially access our Site. Site visitors in the EEA or the UK will be presented with an opportunity to consent to non-essential cookies by opting in to cookies when they first visit our Site.

Do Not Track Signals. In accordance with the California Online Privacy Protection Act (CalOPPA), we want to inform you about our “Do Not Track” (“DNT”) request policy. DNT is a feature that some web browsers offer to allow site visitors to send signals to other websites so that no information about their browser session will be shared. You may enable your web browser to send our Site a DNT request, but your browsing and site visitor experience may be degraded. Sometimes, DNT does not work even when enabled. You can learn more about DNT here.

10. Children’s Data

Children as Members. Wellthy recognizes that children’s Personal Information is more sensitive than that of adults and that children’s Personal Information often requires greater protection. In accordance with relevant laws, this Site and Wellthy’s solution are not marketed to children. While different jurisdictions set different ages of majority, Wellthy takes steps to prevent children under the age of majority from signing up for its services in each jurisdiction. If you learn that a child under the local age of majority has created an account with Wellthy, please contact support@wellthy.com.

Children as Care Recipients or Journey Members. Notwithstanding the foregoing, a parent or legal guardian of a child may share the child’s Personal Information with Wellthy to provide them with care coordination services. We ask that Personal Information about children under the age of majority not be provided to Wellthy without the prior consent of the child’s parent or legal guardian. By providing the Personal Information of a child, you are affirming that you are legally authorized to provide such Personal Information under the laws of your jurisdiction.

11. Information Security

Through our information security program, Wellthy has implemented technical and organizational measures to ensure the protection of Personal Information. Our efforts include:

  • Risk assessments
  • Access controls
  • Encryption of personal data in transit and at rest
  • Vulnerability and penetration testing
  • Monitoring
  • Incident response
  • Backup and recovery
  • Vendor management
  • Security awareness and training

When interacting with Wellthy, we recommend that you create a unique and difficult password, that you not share your account credentials with others or allow your credentials to be easily accessed by others, that you connect to our Site over secure networks, that you log out after using our service, and that you stay alert to unusual or suspicious activities.

12. Breach Notification

Wellthy maintains robust security measures and an incident response plan that contemplates our response to a data breach. In the unfortunate event of a data breach, Wellthy will promptly comply with all relevant laws relating to breach notification and response.

13. Contact Us

For inquiries about this Privacy Policy or to make a request or file a privacy complaint, please contact support@wellthy.com or call +1 (877) 588-3917.

This Privacy Policy may be updated from time to time, so please check back regularly for updates.