Privacy Policy - WellPath Prime | Personalized Longevity Care

WELLPATH PRIME PRIVACY POLICY

EFFECTIVE DATE: SEPTEMBER 20, 2025

LAST UPDATED: SEPTEMBER 20, 2025

Introduction

WellPath (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our WellPath Prime platform, including our mobile application and related services (collectively, the “Services”).

WellPath Prime is a clinician-supervised health optimization platform available exclusively to patients of participating healthcare providers. Our Services are designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.

Information We Collect

Health Information

We collect comprehensive health information to provide personalized recommendations under clinical supervision:

Biomarkers and Laboratory Data

60+ biomarker values including blood work, metabolic panels, and specialized testing
Laboratory results provided by your participating healthcare provider
Historical health data and trends over time

Biometric Measurements

18 key biometric measurements including height, weight, body composition, blood pressure
Vital signs and physical assessment data
Measurements taken during clinical visits or through connected devices

Survey and Assessment Data

327 detailed health and lifestyle assessment questions
Medical history, family history, and health concerns
Lifestyle factors, habits, and behavioral patterns
Goals, preferences, and readiness for health changes

Apple HealthKit Integration With your explicit consent, we integrate with Apple HealthKit to automatically collect:

Sleep analysis data (duration, stages, consistency)
Exercise and workout data (type, duration, intensity)
Heart rate and heart rate variability
Step count and activity levels
Nutrition data (when manually entered or synced from other apps)
Body measurements and vital signs
Mindfulness and meditation sessions

Personal Information

Contact and Account Information

Name, email address, phone number, date of birth
Account credentials and authentication information
Communication preferences and settings

Provider Connection Information

Healthcare provider identity and practice information
Invitation codes and access credentials provided by your clinician
Communication records between you and your healthcare provider through our platform

Usage and Technical Information

App Usage Data

Features used, time spent in app, interaction patterns
Progress tracking data and goal adherence metrics
Recommendation acceptance, modification, or rejection patterns
Educational content engagement and completion

Device and Technical Information

Device type, operating system, app version
IP address, device identifiers, and technical specifications
Crash reports, error logs, and performance data
Location data (only if explicitly enabled for specific features)

How We Use Your Information

Primary Purposes

Clinical Care Coordination

Facilitate communication between you and your participating healthcare provider
Enable your clinician to monitor your progress and adjust recommendations
Support clinical decision-making with comprehensive health data
Coordinate care and treatment plans within the WellPath Prime framework

Personalized Health Optimization

Generate evidence-based health recommendations using AI algorithms
Create personalized 90-day goal cycles based on your health profile
Deliver behavioral interventions, challenges, and educational content
Track progress and provide insights on health metrics and biomarkers

Secondary Purposes

Service Improvement

Analyze usage patterns to improve platform functionality
Develop new features and enhance user experience
Conduct quality assurance and technical support
Optimize recommendation algorithms and behavioral interventions

Research and Development (De-identified Data Only)

Advance longevity science and health optimization research
Develop improved algorithms and recommendation systems
Contribute to evidence-based health and wellness research
Support publication of anonymized population health insights

Information Sharing and Disclosure

Healthcare Provider Sharing

Your Participating Clinician

Your participating healthcare provider has access to:

All health data, assessments, and biomarker information you provide
Progress tracking data and goal adherence metrics
Recommendation acceptance, modification, or rejection decisions
Usage patterns and engagement with educational content
Communication records and platform interactions

Clinical Oversight Requirements

Your healthcare provider maintains clinical responsibility for all medical decisions
All AI-generated recommendations require clinical review and approval
Your provider can modify, reject, or override any platform recommendations
Clinical notes and provider communications are shared bidirectionally

Limited Third-Party Sharing

Service Providers and Vendors
We may share limited information with trusted third parties who assist in providing our Services:

Cloud hosting and data storage providers (HIPAA-compliant)
Analytics and performance monitoring services (de-identified data only)
Customer support and technical assistance providers
Payment processing and billing services (for provider subscriptions)

Legal and Safety Requirements

We may disclose information when required by law or to protect safety:

Compliance with legal process, court orders, or government requests
Protection against fraud, security threats, or illegal activities
Medical emergencies or imminent threats to health or safety
Enforcement of our Terms of Service or other legal rights

Information We Do NOT Share

We never sell your personal health information
We do not share identifiable health data for marketing purposes
We do not provide data to insurance companies for coverage decisions
We do not share information with employers or third parties without consent
We do not use your data for advertising or commercial purposes outside our Services

Data Security and Protection

Technical Safeguards

Encryption and Security

End-to-end encryption for all data transmission
Advanced encryption standards (AES-256) for data storage
Secure authentication and access controls
Regular security audits and vulnerability assessments

Infrastructure Protection

HIPAA-compliant cloud hosting environments
Multi-factor authentication for all administrative access
Regular backups and disaster recovery procedures
Network security monitoring and intrusion detection

Administrative Safeguards

Access Controls

Role-based access permissions for employees and contractors
Regular access reviews and permission updates
Comprehensive employee training on privacy and security
Strict confidentiality agreements for all personnel

Compliance Monitoring

Regular compliance audits and risk assessments
Incident response procedures and breach notification protocols
Documentation of all privacy and security practices
Ongoing monitoring of third-party service providers

Your Privacy Rights

Access and Control

Data Access Rights

View and download your complete health data at any time
Request corrections to inaccurate or incomplete information
Obtain a copy of your data for personal use or provider transfer
Review the history of data sharing and access logs

Privacy Controls

Modify privacy settings and communication preferences
Control which data elements are shared with your healthcare provider
Opt out of research uses of de-identified data
Request deletion of your account and associated data

Communication Preferences

Marketing and Educational Communications

Opt out of non-essential educational content and tips
Control frequency and type of platform notifications
Manage email and push notification preferences
Unsubscribe from promotional communications at any time

Data Portability and Deletion

Account Termination

Request deletion of your account and associated data
Export your data before account termination
Understand data retention requirements for clinical and legal purposes
Transfer data to alternative platforms or providers

Children’s Privacy

WellPath Prime is designed for adults and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information immediately.

International Data Transfers

WellPath Prime is based in the United States and our Services are provided from the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our Services, you consent to this transfer.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by:

Posting the updated policy on our website with a new effective date
Sending email notifications to your registered email address
Providing in-app notifications about significant changes
Requiring acknowledgment of changes before continued use of Services

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer
WellPath, Inc.
[Address]
Email: privacy@wellpathprime.com
Phone: [Phone Number]

Healthcare Provider Questions

For questions about data sharing with your healthcare provider or clinical oversight, please contact your participating WellPath Prime clinician directly.

Technical Support
For technical issues or account access problems:
Email: support@wellpathprime.com
Phone: [Support Phone Number]

Compliance and Certification