Privacy Policy

1. Introduction

WildRootHealth ("we," "our," or "us") is committed to protecting your privacy and maintaining the confidentiality of your health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By using our services, you consent to the collection and use of your information as described in this policy. If you do not agree with our policies and practices, do not use our services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us. With your explicit consent, this may include:

• Contact Information: Name, email address, phone number, mailing address
• Professional Information: Licenses, certifications, specializations, experience (for practitioners)
• Health Information: Symptoms, health concerns, treatment preferences, wellness goals (for patients)
• Account Information: Username, password, profile settings, communication preferences
• Location Data: Geographic location for practitioner matching (with your permission)
• Payment Information: Billing details (processed securely through third-party providers)
• Communication Data: Messages between patients and practitioners (encrypted)

2.2 Sensitive Personal Information

2.3 Automatically Collected Information

When you use our services, we automatically collect certain technical information:

• Device Information: Browser type, operating system, device identifiers
• Usage Analytics: Pages visited, features used, time spent (anonymized when possible)
• Location Data: General geographic location (only with your permission)
• Security Information: IP address, login attempts, security events
• Cookies and Tracking: Essential cookies for functionality, analytics cookies (with consent)

2.4 Maya AI System Data

Our AI-powered matching system (Maya) processes:

• Matching Preferences: Treatment preferences, practitioner criteria, geographic preferences
• Compatibility Scores: Algorithm-generated compatibility assessments (not stored long-term)
• Feedback Data: Your feedback on matches to improve recommendations

3. How We Use Your Information

3.1 Primary Service Functions

We use your information for these essential purposes (based on your consent or our legitimate interests):

• Practitioner Matching: Using Maya AI to connect patients with compatible practitioners
• Platform Operation: Account management, authentication, and service delivery
• Communication Facilitation: Enabling secure messaging between patients and practitioners
• Quality Assurance: Monitoring platform performance and user satisfaction
• Customer Support: Responding to inquiries and resolving issues

3.2 Secondary Uses (With Additional Consent)

• Service Improvement: Analyzing usage patterns to enhance user experience
• Research & Development: Improving our AI algorithms (data anonymized)
• Marketing Communications: Sending relevant health and wellness content (opt-in only)
• Regulatory Compliance: Meeting legal and regulatory requirements

3.3 Data Retention

We retain your information for different periods based on type:

• Active Accounts: Until account deletion requested
• Health Information: Maximum 7 years or as legally required
• Communication Records: 3 years for support purposes
• Analytics Data: Anonymized after 18 months

4. Information Sharing and Disclosure

4.1 Authorized Sharing

We may share your information only in these specific circumstances:

• Practitioner Connections: Basic contact and health information with practitioners you choose to contact
• Service Providers: Encrypted data with vetted partners (email services, payment processors) under strict contracts
• Your Explicit Consent: When you specifically authorize additional sharing
• Legal Obligations: Only when required by law, court order, or to protect safety
• Business Transfers: In mergers/acquisitions, with equivalent privacy protections

4.2 Service Provider Protections

All third-party service providers must:

• Sign comprehensive data protection agreements
• Implement equivalent security measures
• Use data only for specified services
• Delete data when services end
• Submit to regular security audits

5. Data Security

We implement comprehensive security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. Our security framework follows healthcare industry standards:

5.1 Technical Safeguards

• End-to-End Encryption: All sensitive data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Secure Infrastructure: Cloud services with SOC 2 Type II compliance
• Access Controls: Multi-factor authentication, role-based permissions, principle of least privilege
• Network Security: Firewalls, intrusion detection, DDoS protection
• Data Backup: Encrypted, geographically distributed backups

5.2 Administrative Safeguards

• Staff Training: Regular privacy and security training for all employees
• Access Management: Strict controls on who can access personal information
• Incident Response: 24/7 security monitoring and incident response procedures
• Vendor Management: Due diligence and ongoing monitoring of service providers

5.3 Physical Safeguards

• Secure Data Centers: Biometric access, 24/7 monitoring, environmental controls
• Device Security: Encrypted devices, remote wipe capabilities
• Workplace Security: Secure facilities, clean desk policies

6. Your Rights and Choices

6.1 Core Rights

• Right to Know: Request details about what personal information we collect and how we use it
• Right to Access: Obtain a copy of your personal information in a portable format
• Right to Correct: Request corrections to inaccurate information
• Right to Delete: Request deletion of your personal information (with some exceptions)
• Right to Portability: Transfer your data to another service provider
• Right to Opt-Out: Withdraw consent for specific uses of your information

6.2 Specific Health Information Rights

• Consent Management: Granular control over how your health information is used
• Sharing Controls: Choose which practitioners can access your information
• AI Opt-Out: Opt out of AI-powered matching while still using the platform
• Communication Preferences: Control how and when we contact you

6.3 How to Exercise Your Rights

• Account Settings: Many rights can be exercised through your account dashboard
• Privacy Request Form: Submit requests through our online form
• Email: Contact privacy@wildroothealth.com
• Phone: Call 1-800-WILDROOT and ask for Privacy Team

We will respond to your requests within 45 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

7. Children's Privacy

Our services are designed for adults seeking healthcare services. We do not knowingly collect, use, or disclose personal information from children under 18 years of age without verified parental consent.

If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@wildroothealth.com. We will promptly investigate and delete any such information.

8. International Data Transfers

WildRootHealth is based in the United States. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

8.1 Transfer Safeguards

When transferring your information internationally, we ensure:

• Adequacy Determinations: Transfers to countries with equivalent privacy protections
• Standard Contractual Clauses: EU-approved contracts for transfers to other countries
• Encryption: All data encrypted during transfer and at rest
• Access Controls: Strict limitations on who can access transferred data

By using our services, you acknowledge and consent to the transfer of your information to the United States and other countries as described in this policy.

9. Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

• Immediate Response: Contain the breach and assess the impact within 24 hours
• User Notification: Notify affected users within 72 hours of discovery
• Regulatory Reporting: Report to applicable authorities as required by law
• Remediation: Provide free identity monitoring and support services if needed
• Transparency: Publish incident reports on our website (without compromising security)

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.

10.1 Notification Process

• Material Changes: 30-day advance notice via email and prominent website notice
• Minor Updates: Notice on website and in your account dashboard
• Health Information Changes: Separate explicit consent required

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our privacy practices, please contact us:

We aim to respond to all privacy inquiries within 10 business days. For urgent matters involving potential security incidents, we respond within 24 hours.