Wellward Health

Privacy Policy

Effective: May 13, 2026 | Last Updated: May 13, 2026

Jupiter Health, Inc., a Delaware corporation doing business as Wellward ("Wellward," "we," "us," or "our") provides healthcare advisory, navigation, and concierge services that help consumers obtain better care at lower cost. We offer two memberships: the standard Wellward membership for consumers with insurance, and Wellward Direct for uninsured consumers (collectively, the "Services"). This Privacy Policy describes how we collect, use, and disclose information about you when you visit our websites, including wellwardhealth.com and any subdomain or path operated by Wellward (collectively, the "Sites"), or use the Services.

Because Wellward provides services that involve protected health information, parts of this Privacy Policy must be read together with two additional documents:

  • Our Notice of Privacy Practices, which describes how we use and disclose Protected Health Information under the Health Insurance Portability and Accountability Act ("HIPAA").
  • Our Consumer Health Data Privacy Policy, which describes how we handle consumer health data subject to state laws such as Washington's My Health My Data Act.

Where there is a conflict between this Privacy Policy and the Notice of Privacy Practices with respect to PHI, the Notice of Privacy Practices controls.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

  • Account and contact information: name, email address, password, phone number, postal address, and date of birth.
  • Payment information: we use a third-party payment processor. The processor collects your payment-card and billing information directly; we do not store full card numbers on our systems.
  • Intake information: after enrollment, we collect information needed to provide the Services, such as ZIP code and travel radius, household composition, demographic information, current and historical insurance status, recent or anticipated healthcare needs, current medications, preferred pharmacy, chronic conditions you choose to share, and (for Wellward Direct) your prior premium or other benchmark you authorize us to use to track savings.
  • Concierge communications: the content of messages you exchange with our care navigators and AI-assisted concierge, including any documents, photos, bills, prescriptions, or other materials you upload or submit.
  • Service activity information: your selected providers and pharmacies, scheduled appointments, prescription comparisons, bill submissions, appeals submissions, and other actions you take through the Services.
  • Authorizations and consents: records of authorizations you provide for Wellward to act on your behalf (for example, to contact a provider's billing department, to compare pharmacy pricing, or to release health information).

1.2 Information We Collect Automatically (on the Public Marketing Site Only)

When you visit our public marketing pages (including the homepage, /direct, /care, blog, and other non-authenticated pages), we automatically collect:

  • Device and connection information, such as IP address, browser type, operating system, and approximate location derived from IP address.
  • Browsing information, such as the pages you view, links you click, the date and time of your visit, and the referring or exit page.
  • Information collected through cookies, web beacons, pixels, and similar technologies (see Section 3).

We do not use tracking technologies, advertising pixels, or third-party analytics on authenticated member surfaces. Pages you visit while logged in (including the Wellward Direct member home, concierge, prescription, savings, and account pages, and any pages where you submit health information) do not load Google Analytics, Meta/Facebook Pixel, or other third-party tracking technologies.

1.3 Information We Obtain From Others

With your authorization, we may obtain information from third parties such as:

  • Healthcare providers, pharmacies, laboratories, and imaging centers (for example, to confirm pricing, scheduling, or appointment outcomes you have authorized us to coordinate).
  • Health plans, insurers, and pharmacy benefit managers (for example, to verify coverage or submit appeals).
  • Publicly available sources, including public datasets such as the federal HRSA database of community health centers.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Services, including assembling and updating your Personal Provider Lineup, comparing prescription prices, reviewing and negotiating bills, and helping you navigate insurance and benefits.
  • Authenticate your identity, process payments, and manage your membership.
  • Communicate with you about your account, service updates, and (with your consent) marketing communications about Wellward.
  • Conduct internal analytics, research, and development on aggregated or de-identified data to improve our Services.
  • Protect the rights, property, and safety of Wellward, our members, and the public, and to enforce our Terms of Service and other agreements.
  • Comply with legal obligations and respond to lawful requests.

To the extent the information we use is Protected Health Information under HIPAA, we use it only as described in our Notice of Privacy Practices.

2.1 Use of AI and Automated Tools

Wellward uses AI tools, including large language models, to help our care navigators draft, summarize, and prioritize concierge communications, to send certain messages with human oversight available, and to support internal workflows. We do not use member data, including any messages, intake information, or Protected Health Information, to train AI models, and the AI providers we use are contractually prohibited from using your data to train their own models. AI output is not a substitute for the judgment of a qualified medical, legal, financial, or insurance professional.

3. Cookies and Similar Technologies (Marketing Site Only)

On our public marketing pages, we use cookies and similar technologies for essential functionality, analytics, and (with your consent where required) advertising. We use the following categories:

  • Strictly necessary cookies: required for the marketing site to function.
  • Analytics cookies: to understand how visitors interact with our marketing site.
  • Advertising cookies and pixels: used solely on our marketing pages to measure ad performance and reach prospective members. We do not deploy these tools on any page where you can submit health information or where you are logged in to your member account.

You can manage cookies through your browser settings or through the cookie banner presented on first visit. Disabling certain cookies may affect the functionality of the marketing site.

4. How We Disclose Information

We disclose information in the following ways:

4.1 Service Providers and Business Associates

We disclose information to service providers that perform services on our behalf, including hosting and infrastructure, database management, communications and notification delivery, identity verification, fraud prevention, customer support tooling, security and audit logging, and analytics on the marketing site. Service providers that receive Protected Health Information sign Business Associate Agreements with us and may use PHI only as permitted by those agreements and applicable law.

4.2 Payment Processing

Payment information you enter at checkout flows directly to our third-party payment processor under that processor's own privacy policy. We receive limited information from the processor such as the last four digits of your card, card brand, expiration, and transaction status. We do not share Protected Health Information with our payment processor.

4.3 At Your Direction

With your authorization, we share information with healthcare providers, pharmacies, health plans, insurers, brokers, billers, and other third parties in order to provide the Services you have requested. You may revoke an authorization at any time, though revocation does not affect actions already taken.

4.4 Legal and Safety

We may disclose information when we believe in good faith that disclosure is necessary to: comply with applicable law, regulation, legal process, or a governmental request; enforce our Terms of Service or other agreements; protect the security or integrity of our Services; or protect the rights, property, or safety of Wellward, our members, or others.

4.5 Corporate Transactions

In connection with any merger, acquisition, sale of assets, financing, due diligence, reorganization, bankruptcy, or similar transaction, we may disclose or transfer information, subject in the case of PHI to the requirements of HIPAA and our Notice of Privacy Practices.

4.6 Aggregated or De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you, for any purpose.

4.7 What We Do Not Do

We do not sell your personal information for money. We do not share your personal information for cross-context behavioral advertising. We do not sell or share consumer health data. We do not use Protected Health Information for marketing without your written authorization, except as permitted by HIPAA (for example, face-to-face communications and promotional gifts of nominal value).

5. Communications

5.1 Email

We send transactional emails about your account, service updates, and required disclosures. With your consent, we may also send marketing emails. You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing message or by contacting us at the address below. You cannot opt out of transactional communications while you remain a member.

5.2 SMS / Text Messaging

If you provide your mobile phone number and consent to receive text messages, we will send you SMS messages related to your account and the Services, such as appointment reminders, lineup updates, concierge replies, and (with separate express written consent) marketing messages. Message frequency varies. Message and data rates may apply. Reply HELP for help. Reply STOP to opt out of further messages. We will honor opt-out requests promptly. Your consent to receive SMS is not a condition of purchase or service.

5.3 Voice Calls

Wellward staff or contracted care navigators may call you to provide the Services, and certain calls may be monitored or recorded for quality assurance and training. We do not use AI-generated outbound voice agents to call members.

6. Security and Account Sessions

We maintain administrative, technical, and physical safeguards designed to protect the information we hold. These include encryption in transit using TLS 1.2 or higher, encryption at rest using AES-256, role-based access controls, audit logging on access to records containing health information, regular security testing, and a vendor risk-management program with Business Associate Agreements where required.

Automatic session timeout. For your security, the Services will automatically log you out of your account after a period of inactivity. You are responsible for keeping your password confidential, for logging out when using a shared device, and for promptly notifying us of any unauthorized use of your account.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security. If we learn of a security breach affecting your information, we will notify you as required by applicable law.

7. Data Retention

We retain information for as long as needed to provide the Services and to comply with our legal, regulatory, and operational obligations. Specifically:

  • Member account records: while you remain a member, and for a period thereafter consistent with our document retention policy.
  • Records containing Protected Health Information that are part of a designated record set: at least six years from the date of creation or the date when last in effect, whichever is later, consistent with HIPAA.
  • HIPAA audit logs: at least six years.
  • Payment records: as required for tax, accounting, and audit purposes, typically at least seven years.
  • Marketing and analytics data: typically up to 24 months unless we are required to retain it longer.

We use a soft-delete pattern on records containing health information. When you terminate your membership, your records are marked inactive and access is restricted, but the records are not immediately purged. You may exercise rights with respect to your information as described in Section 9 and in our Notice of Privacy Practices.

8. International Data Transfers

The Services are intended for use by individuals in the United States. We store and process information in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.

9. Your Rights and Choices

Depending on where you live, you may have rights under applicable privacy laws. To exercise any of these rights, contact us using the information in Section 13. We will verify your identity before responding, and we will respond within the time period required by applicable law. You may also designate an authorized agent to make a request on your behalf.

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you may have the right to:

  • Know what categories and specific pieces of personal information we have collected about you, the sources, the purposes for which we collected it, and the categories of third parties with whom we have shared it.
  • Request deletion of personal information we have collected, subject to certain exceptions.
  • Correct inaccurate personal information we maintain about you.
  • Opt out of the sale or sharing of your personal information. As stated above, we do not sell or share personal information.
  • Limit the use and disclosure of sensitive personal information, subject to certain exceptions.
  • Be free from retaliation for exercising your rights.

Personal information regulated by HIPAA is not subject to the CCPA. The exercise of your rights with respect to Protected Health Information is governed by our Notice of Privacy Practices.

9.2 Nevada Residents

Nevada residents have the right to direct us not to sell certain covered personal information. As stated above, we do not engage in such sales.

9.3 Washington Residents and Other Consumer Health Data Rights

If you are a Washington resident, or if you live in another state with a consumer health data law (currently Nevada and Connecticut), please review our separate Consumer Health Data Privacy Policy, which describes the categories of consumer health data we collect, the purposes for which we collect it, and the rights you have with respect to it under Washington's My Health My Data Act and similar laws.

9.4 Other U.S. States

Residents of other states with comprehensive privacy laws (including, as applicable, Colorado, Virginia, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Jersey, New Hampshire, Tennessee, Indiana, Minnesota, and others) may have similar rights to access, delete, correct, and opt out of certain processing. To exercise these rights, contact us as described in Section 13.

9.5 PHI-Specific Rights

Rights with respect to your Protected Health Information are described in our Notice of Privacy Practices, including the right to inspect and copy, request amendment, request an accounting of disclosures, request restrictions, request confidential communications, and receive notice of breach.

10. Third-Party Sites and Social Media

The marketing site may contain links to third-party websites and social media plug-ins (including Facebook, Instagram, and LinkedIn). We are not responsible for the privacy practices of those third parties. Their privacy policies govern your interactions with them. Social media plug-ins, where present, appear only on our marketing site and not on any authenticated member surface.

11. Public Posting Areas

If we make any public posting area available through the Services, information you post will be visible to others. Do not include in any public post information you do not want made public. We are not responsible for the use by others of information you disclose in a public posting area. The Services do not currently include public posting areas open to the general public.

12. Children's Privacy

The Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a person under 18, we will delete it. Adults may share information about minor dependents in the course of using the Services for the dependent's benefit, in which case the information is treated as the adult member's information for purposes of this Privacy Policy and as Protected Health Information for purposes of HIPAA.

13. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above. If the changes are material, we will provide additional notice, such as by email to the address you have on file or a prominent notice on the Services. Your continued use of the Services after the effective date of the updated Privacy Policy will indicate your acceptance of the updates, except where additional consent is required by law.

14. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy, or to exercise your rights, contact us at:

Jupiter Health, Inc. d/b/a Wellward
Attn: Privacy
860 Broadway, 6th Floor, New York, NY 10003
Email: hello@wellwardhealth.com