WellNerd

Privacy Policy

Last updated: 2026-05-10

Summary

WellNerd is a wellness and health-tracking application. We treat the information you enter as sensitive, and we apply safeguards aligned with the HIPAA Security Rule (administrative, physical, and technical safeguards). This policy explains what we collect, how we use it, and the choices you have.

Information we collect

  • Account data: email address, name (optional), authentication data.
  • Health and wellness data you provide: goals, conditions, medications, symptom logs, journal entries, lab notes and uploaded documents, coaching messages.
  • Device and access data: IP address and user agent for security audit logging.

How we use information

  • Provide and improve app functionality (tracking, reminders, insights).
  • Security and fraud prevention (authentication, rate limiting, audit logs, incident response).
  • Provide coaching features you explicitly request (including AI-assisted coaching where configured).

HIPAA note

Depending on how WellNerd is deployed and operated, it may or may not be acting as a HIPAA-covered entity or business associate. Regardless, we implement technical controls (encryption at rest for sensitive fields, TLS in transit, and immutable audit logs) to protect sensitive health information.

Sharing

We do not sell your information. We may share data with service providers that support hosting, email delivery, and AI services as needed to operate the app. Where required, we maintain Business Associate Agreements (BAAs) with relevant vendors.

Your choices

  • Access and export your data via the in-app export feature.
  • Update or correct your profile details in settings.
  • Revoke coaching/processing consent where available.

Security

We use encryption in transit (TLS) and encrypt specific sensitive fields at rest using AES-256-GCM. Access is controlled via authenticated sessions and role-based authorization. Audit logs are append-only and tamper-resistant.

Contact

For privacy questions, contact your administrator or product owner. If you believe there has been a security incident, see our incident response process.

← Back to home