Privacy and security

Privacy Policy

Last updated: January 2025 | Applicable in United States 🇺🇸

Your Privacy is Our Priority in United States

At WellNestAI, we understand that your mental health information is deeply personal. This Privacy Policy explains how we collect, use, protect, and share your information when you use our platform in United States, in compliance with HIPAA (Health Insurance Portability and Accountability Act).

Information We Collect

Personal Information

  • Account Information: Email address, full name, date of birth (to verify age 18+), password (encrypted)
  • Profile Data: Optional demographic information, preferences
  • Contact Information: When you contact our support team

Health Information

  • Journal Entries: Your written thoughts, feelings, and experiences
  • Mood Data: Mood ratings and emotional tracking information
  • AI Interactions: Your conversations with our AI journaling assistant
  • Usage Patterns: How you interact with our platform features

Technical Information

  • Device Information: Browser type, operating system, device identifiers
  • Usage Analytics: Pages visited, features used, time spent (anonymized)
  • Location Data: General location for therapist matching (city/country level)

How We Use Your Information

Primary Uses

  • Service Provision: Provide AI-powered journaling and mental health tools
  • Personalization: Customize your experience and provide relevant insights
  • Therapist Matching: Help you find appropriate mental health professionals
  • Progress Tracking: Monitor your mental health journey and patterns

Secondary Uses

  • Platform Improvement: Enhance our AI algorithms and user experience
  • Research: Anonymized data for mental health research (with explicit consent)
  • Safety: Detect and prevent harmful or inappropriate use
  • Legal Compliance: Meet legal obligations and protect rights

Information Sharing

Your Control Over Sharing

We NEVER share your personal health information without your explicit consent.You have complete control over what information, if any, is shared with therapists or other parties.

With Your Consent

  • Licensed Therapists: Journal entries you choose to share for therapy sessions
  • Healthcare Providers: Information you authorize us to share
  • Research Participation: Anonymized data for approved research studies

Without Your Consent (Limited Cases)

  • Legal Requirements: When required by law or court order
  • Safety Concerns: To prevent imminent harm to you or others
  • Service Providers: Trusted partners who help operate our platform (under strict agreements)
  • Business Transfers: In case of merger or acquisition (with continued privacy protection)

Data Security

Technical Safeguards

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access
  • Regular Audits: Security assessments and penetration testing
  • Data Minimization: We only collect and retain necessary information

Organizational Safeguards

  • Staff Training: Regular privacy and security training for all employees
  • Background Checks: Thorough vetting of personnel with data access
  • Incident Response: Comprehensive breach response and notification procedures
  • Third-Party Agreements: Strict data protection requirements for all vendors

Your Rights and Choices

Data Rights

  • Access: Request a copy of all personal data we have about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal data (with some exceptions)
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your personal data
  • Objection: Object to certain types of data processing

Communication Preferences

  • Marketing: Opt out of promotional communications at any time
  • Notifications: Control app notifications and reminders
  • Research: Choose whether to participate in research studies

Data Retention

We retain your personal information only as long as necessary to provide our services and comply with United States legal obligations:

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data deleted after 3 years of inactivity
  • Journal Entries: Retained until you delete them or close your account
  • Legal Requirements: Some data may be retained longer for legal compliance

International Transfers

WellNestAI operates globally. Your information may be transferred to and processed in countries other than United States. We ensure appropriate safeguards are in place under HIPAA (Health Insurance Portability and Accountability Act), including:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses approved by regulatory bodies
  • Certification schemes and codes of conduct

Age Requirement

WellNestAI is only available to individuals who are 18 years of age or older.

Our services are not intended for, and we do not knowingly collect personal information from, anyone under the age of 18. By using WellNestAI, you represent and warrant that you are at least 18 years old.

If we discover that we have collected personal information from someone under 18, we will delete that information immediately. If you believe we may have information from or about someone under 18, please contact us at info@wellnestai.co.uk.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice on our platform
  • In-app notifications for significant changes

Contact Us

If you have questions about this Privacy Policy or our privacy practices in United States, please contact us:

Email: info@wellnestai.co.uk

Data Protection Authority: Department of Health and Human Services

Emergency: 911

Mental Health Crisis: 988 (Suicide & Crisis Lifeline)