Skip to content

Legal

Privacy Policy

Effective: March 12, 2026Last updated: March 12, 2026
WellAI is committed to protecting your privacy and the privacy of the individuals you care for. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our services. We comply with applicable data protection laws including PIPEDA (Canada) and align with HIPAA standards for health-related data.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number, password, and account type (personal or facility)
  • Resident/Loved One Information: Full name, phone number, room number, emergency contacts, communication preferences, and care notes
  • Payment Information: Credit card details and billing address (processed and stored by our PCI DSS-compliant payment processor; we do not store full card numbers)
  • Facility Information: Facility name, address, timezone, and organizational details
  • Staff Data: Names, phone numbers, roles, and shift schedules
  • Support Communications: Messages you send to our support team

1.2 Information Collected Automatically

  • Check-in Responses: SMS messages and voice call transcriptions from check-in interactions
  • Sentiment and Wellness Data: AI-generated sentiment scores, mood indicators, distress flags, and wellness trends derived from check-in responses
  • Usage Data: Log data including IP addresses, browser type, device information, pages viewed, and timestamps
  • Device Data: If using the WA-200 companion device: voice interaction logs, battery status, and connectivity telemetry
  • Push Notification Tokens: Device identifiers for delivering mobile push notifications

1.3 Information from Third Parties

  • Communication Delivery Providers: Delivery receipts and status information for SMS and voice calls
  • Authentication Providers: Basic profile information from supported auth methods

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To conduct scheduled check-ins, analyze responses, generate wellness reports, and deliver alerts
  • Account Management: To create and manage your account, process payments, and provide customer support
  • Safety and Alerts: To detect distress signals and notify designated caregivers and emergency contacts
  • Service Improvement: To improve our AI models and enhance features using aggregated, de-identified data only
  • Communications: To send service-related notifications, billing receipts, and important account updates
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

3. SMS and Voice Data

Given the nature of our service, SMS and voice communication data receives special handling:

What we collect

Content of SMS check-in messages (outbound and inbound), voice call transcriptions, delivery status, timestamps, and phone numbers involved.

Why we collect it

To perform sentiment analysis, detect distress, generate wellness reports, and trigger caregiver alerts. This is the core function of the Service.

How we protect it

All message content is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted to authorized personnel only. AI processing occurs on secure infrastructure with no human review of individual messages unless required for safety or legal compliance.

Retention

Check-in message content is retained for 90 days for wellness trend analysis, then automatically purged. Summary data (sentiment scores, response rates) is retained for the duration of the account.

Opt-out

Reply STOP to any SMS, contact support@wellai.live, or use the dashboard to opt out. This disables check-in monitoring for that individual.

4. Data Sharing and Disclosure

We do NOT sell your personal data. Ever.

We share information only in these limited circumstances:

  • Service Providers: Trusted third-party providers that help deliver the Service, including cloud infrastructure, communication delivery, payment processing, and AI analysis services. These providers are contractually bound to protect your data and use it only for specified purposes.
  • Authorized Caregivers: Wellness data and alerts are shared with caregivers and family members you designate in your account.
  • Legal Requirements: When required by law, subpoena, court order, or governmental request.
  • Safety: When we believe in good faith that disclosure is necessary to protect the safety of a person or prevent fraud.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, with advance notice before your data becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive security measures:

Encryption in Transit

All data transmitted over TLS 1.3 encrypted connections

Encryption at Rest

All stored data encrypted using AES-256 encryption

Access Controls

Role-based access with multi-factor authentication for all staff

Infrastructure

SOC 2 Type II certified hosting with regular security audits

Monitoring

Continuous security monitoring and intrusion detection

Incident Response

Breach notification within 72 hours of confirmation

6. HIPAA Compliance

For healthcare facility accounts, WellAI operates as a Business Associate under HIPAA:

  • Business Associate Agreements (BAAs) available for qualifying facility accounts
  • HIPAA-compliant data handling, storage, and transmission
  • Employee training on HIPAA requirements
  • Regular risk assessments and security audits
  • Breach notification compliant with the HIPAA Breach Notification Rule

Personal (family) accounts are not HIPAA-covered, but receive the same high standard of data protection.

7. Data Retention

We retain data according to the following schedule:

Data TypeRetention Period
Account informationDuration of account + 30 days
Check-in message content90 days (rolling)
Wellness summary dataDuration of account
Voice call recordings30 days
Event logs & alerts12 months
Payment records7 years (legal requirement)
Usage logs12 months

8. Third-Party Services

We use trusted third-party service providers to operate WellAI, including:

  • Cloud Database & Authentication Provider: Secure data storage and user authentication (hosted in US)
  • Communication Delivery Provider: SMS and voice call delivery for check-ins and alerts
  • AI Voice Conversation Provider: AI-powered voice interactions for wellness check-ins
  • AI Analysis Provider: Natural language processing for sentiment analysis and conversation generation
  • Payment Processing Provider: Secure payment handling and billing (PCI DSS compliant)
  • Push Notification Provider: Mobile push notification delivery

Each provider processes data according to their own privacy policies. We share only the minimum data necessary for each service to function. Specific provider names are available upon request.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to certain types of processing
  • Withdraw Consent: Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact support@wellai.live. We respond within 30 days.

10. Consent for Residents

Account administrators are responsible for obtaining and maintaining proper consent from residents (or their legal representatives) before enrolling them in the Service. This includes consent for:

  • Receiving automated SMS messages and voice calls
  • Processing of communication data by AI systems
  • Sharing of wellness data with designated caregivers

11. Cookies and Tracking

We use only essential cookies required for the Service to function (authentication tokens, session management). We do not use third-party advertising cookies or tracking pixels. We may use anonymized analytics to improve the product.

12. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe we have, contact support@wellai.live and we will promptly delete such information.

13. International Data Transfers

Your data may be processed and stored in Canada and the United States. Where transferred internationally, we ensure appropriate safeguards are in place consistent with applicable data protection laws.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect. The “Last Updated” date at the top indicates the latest revision. Continued use constitutes acceptance.

15. Contact Us

For privacy questions or to exercise your data rights:

WellAI — Privacy Team

Email: privacy@wellai.live

Support: support@wellai.live

Website: wellai.live

Back to homeTerms of Service →