WHT Privacy Policy

Last reviewed: May 14, 2026

Introduction: Scope and Purpose

1.      Introduction

Warm Health Technology, Inc. (“WHT,” “we,” “us,” or “our”) operates this website, wht.care and any of its subdomains, and our mobile applications (together, the “Site”). We develop and deliver evidence-based health platforms to improve health and well-being to patients, and offer related products and services through the Site (collectively, our “Services”).  We have developed this Privacy Policy to inform all users (“user(s),” “you,” or “your”) about how we collect information in the course of conducting our business, including on the Site, how we use the collected information, and a user’s rights with respect to the collected information.

Please read this Privacy Policy carefully.  If you do not agree to be bound by this Privacy Policy, then do not access or use the Services.  By accessing and/or using the Services, you accept and agree to be bound by this Privacy Policy. This Privacy Policy is incorporated into our Terms of Use [WHT EULA]. Your use of our Services and any Personal Information (as hereafter defined) you provide through the Services are subject to this Privacy Policy at all times.

You must be at least EIGHTEEN (18) years old to access the Site and use our services.  If you are under eighteen (18) years old, you are not permitted to use any part of the Services for any reason.

If you have any questions about this Privacy Policy, please contact us at support@wht.care or at the contact information below support@wht.care, or at the contact information listed below.This Privacy Policy applies to:

• Users who access the Site directly or whose information is submitted by a
clinic;

• Clinic staff, administrators, and other authorized users;

• Visitors to our Site; and

• Any other individual whose personal information we process.

2.       Information We Collect

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases, as described below. We use the term “Personal Information” to mean information that may identify, relate to, describe, or that could be linked or associated with, you or your household; and “Non-Personal Information” to mean information that does not identify you, but provides insights regarding your use of the Site.

The Personal and Non-Personal Information we collect through the Site and Services include the following:

        a. Information Submitted by You as Patient or Authorized by You to be
Shared by Clinics

•  Contact and Account Information. Your first and last name(s), email, phone number, date of birth, username, password. We use this to provide the Site and the Services, verify your eligibility (including that you meet the minimum age requirement of 18), manage our relationship with you, respond to inquiries, send service communications, authenticate users, and comply with legal obligations. Retention generally aligns to the duration of our relationship with us plus a reasonable period to comply with legal requirements.

•    Sensitive or Healthcare Information. You may be required to provide your social security number, health insurance information, including health plan identification numbers, medical history, including diagnoses, treatment records, prescription data, lab results, appointment history, and substance use disorder (“SUD”) treatment records if applicable. We use this information to provide the Site and the Services, manage our relationship with you, respond to inquiries, and comply with legal obligations. We will not use or collect sensitive personal information for purposes beyond those disclosed in this Privacy Policy or without your consent where required by applicable law. Where applicable law provides a right to limit the use of sensitive personal information, we will honor that right. Retention generally aligns to the duration of our relationship with us plus a reasonable period to comply with legal requirements.

•        Billing and Financial Information. We may collect your wireless carrier information (e.g., T-Mobile, AT&T, Verizon) in connection with data credit programs offered by your clinic, if applicable. Your clinic may also record data credit amounts, dates, and information about your redemption code. If requested by your care team, you may upload images of proof of insurance through the document upload feature, which are stored on our secure servers. We do not collect, process, or store traditional payment information (such as credit card or bank account numbers) from patients.

•         Audio, Visual, and Electronic Information. Photos, images, audio recordings, video recordings, and text that you upload or submit through the Site or the Services. We may also offer the clinic the option to embed secure video links for telehealth services provided to their patients, but we do not store or otherwise process any telehealth sessions on our Site or Services. We store and use this information to provide and maintain the Site and Services. Retention corresponds to the duration of your relationship with us, plus a reasonable period to comply with legal requirements.

•        Customer Support or Feedback Information. If you interact with our customer support services, or if you provide us with feedback, e.g., through surveys, we may collect the content of your communications, your name, contact information, including physical address, and any other information you provide in connection with your inquiry. We use this information to respond to and resolve your inquiry, improve our Site and Services, including our support services, and for quality assurance. Retention is limited to the purpose and duration necessary for operations, quality, dispute resolution, or compliance.

•        Mobile App Permissions. If you use our mobile app, you may provide us with access to the camera, microphone, photo library, or other information transmitted from your phone. You have the option of toggling these on or off in your app preferences or from your phone settings. We will only use the information you provide through these functionalities for the stated purpose and functionality. Retention is limited to the purpose and duration necessary for operations or for compliance.

•         Inferences. We may derive personal information about you in the form of inferences, which are derivations of information, data, assumptions, or conclusions from facts, evidence or other sources of information or data about you. We do not use sensitive personal information for the purpose of building any inferences. We use this to improve and provide the Services to you. Retention is limited to the purpose and duration necessary for operations, quality, dispute resolution, or compliance.

By voluntarily providing us with Personal Information, you represent that the Personal Information you provide is true, accurate, current, and complete, and that you are authorized to provide it to us.

b.        Information Automatically Collected

Whenever you interact with the Site or the Services, we may automatically receive and record information from your computer, browser and/or mobile device, which may include the following:

•        Internet or Other Network Activity. IP addresses, device information, browser type, operating system, website usage patterns, and interaction data, including the content, features, and activities that you access, and the time, frequency, and duration of those activities, collected through cookies and similar technologies when you use our Site. We use it for security, to analyze performance, to improve the Site and the Services, to remember preferences, and for fraud prevention. Retention varies by signal type and is typically short for security logs unless needed to investigate or comply with law.

•         Information Provided by Clinics. At your direction or instruction, we may receive information from you from your clinics, either directly from your clinics or from electronic medical records systems, including anything listed under subsection (a) above. We use this information to provide, maintain, and improve the Site and the Services, and to manage our relationship with you. Retention corresponds to the duration of your relationship with us, plus a reasonable period to comply with legal requirements.

Personal Information and Non-Personal Information are collectively referenced as "Information." We may also collect and use aggregated and de-identified usage data and analytics to understand engagement patterns or user activities, to improve the Site and Services, and for other internal business purposes. To the extent any such information constitutes PHI, it will only be de-identified in accordance with the standards set forth under applicable law, including the Expert Determination or Safe Harbor methods under 45 CFR  164.514(b). Information that has been de-identified in compliance with applicable law is not Personal Information and is not subject to this Privacy Policy.

c.                   Information You Send to Us About Others

If you are a Clinic or a member of staff at a clinic, you may provide us with Personal Information you collect from others, such as patients. You are responsible for collecting any and all consents and authorizations required by applicable law before you share such third party’s Personal Information with us, either through the Site or the Services.

d.                   Cookies and Similar Technologies

A cookie is a small text file placed in visitors’ computer browsers to store their preferences.  Cookies help provide additional functionality to the Services and help us analyze Services usage more accurately for research, advertising, and marketing purposes. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notifications when you are receiving a new cookie and on how to turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Services’ features, and, if you block or delete cookies, the Site may not work properly.

•         Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. We use Google Analytics to help us understand how our customers use the Site. Google Analytics is deployed only on publicly accessible, non-authenticated pages of the Site, and we have implemented technical measures to prevent any PHI or SUD treatment records from being transmitted to Google Analytics. We do not use Google Analytics on any pages where patients are logged in or where PHI may be accessible. You can find more information on how Google uses data from these cookies at https://policies.google.com/privacy. You may choose to opt out of Google Analytics by installing their opt out browser add on at: https://tools.google.com/dlpage/gaoptout/. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

•         Healthcare Information and Tracking Technologies. We have implemented technical measures designed to prevent the collection or transmission of protected health information (“PHI”) or substance use disorder (“SUD”) treatment records through cookies, tracking pixels, or other tracking technologies deployed on the Site. We do not use tracking technologies to collect, share, or disclose PHI or SUD treatment records to third-party advertising networks or analytics providers. If you have concerns about tracking technologies, please contact us at support@wht.care.

Please note that our Site currently does not respond to “Do not Track” (“DNT”) signals and operates as described in this Privacy Policy, whether or not a DNT signal is received.

3.         Use of Information

We may use Information we collect from you for the following purposes:

•        To fulfill or meet the reason you provided the Personal Information.  For example, if you share your name and contact information to ask a question about our Services, we will use that Personal Information to respond to your inquiry. 

•         To establish and secure accounts to use the Services, check on your account status, and to validate your username, e-mail, password, and/or other login credentials.

•         To provide, support, personalize, and develop our Services, including without limitation, to conduct aggregate or research analysis and develop business intelligence that helps us to enhance, improve, evaluate, operate, protect, make informed decisions about, and report on the performance of our Services. Any research use of SUD treatment records protected under 42 CFR Part 2 will only occur pursuant to patient consent or as otherwise permitted under 42 CFR  2.52.

•         To communicate information to you, where you have not expressed a preference otherwise, and to send you information and updates about the Services and any changes to relevant agreements, policies, or other terms, and to enforce such terms.

•         To provide information and other marketing materials about our Site and Services to business prospects and existing customers, including industry insight and product updates, or to display personalized or targeted content. This purpose does not apply to PHI, which we do not use for marketing without a separate, HIPAA-compliant patient authorization.

•         To work with our service providers, who perform certain business functions or services on our behalf and who are bound by contractual obligations consistent with this Privacy Policy.

•         To prevent or investigate fraud, or for risk management purposes, and to help maintain the safety, security, and integrity of our Services, databases and other technology assets, and business.

•         To comply with legal obligations, court orders, or in order to exercise any legal claim or to defend against any legal claim.

•         To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our consumers is among the assets transferred. Any such transfer of Personal Information that constitutes PHI will be subject to a Business Associate Agreement or otherwise handled in accordance with HIPAA. SUD treatment records protected under 42 CFR Part 2 will not be transferred in connection with any such transaction without prior patient consent, as required by applicable law.

•        As otherwise described to you when collecting your Personal Information.

We may, from time to time, invite you to participate in online surveys. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, regarding products, events, and Services.  The information collected by these surveys is used to research market trends, company growth, community needs, etc.  Your input will help us to improve customer experience and shape development of our products and Services.

4.            How We Disclose Information

We do not sell Personal Information. We do not use PHI for marketing without a separate, compliant patient authorization.

To the extent any Personal Information constitutes protected health information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”) or substance use disorder (“SUD”) treatment records protected under 42 CFR Part 2, we process such information in accordance with applicable law and pursuant to Business Associate Agreements with our clinic partners. We will not use or disclose SUD treatment records without patient consent except as expressly permitted by 42 CFR Part 2.

Certain states, including but not limited to New York and California, have HIV confidentiality laws that impose requirements beyond those of HIPAA. Where required by applicable state law, we will obtain specific written consent before disclosing HIV-related information and will comply with any additional restrictions on the use or disclosure of such information. As we expand our services to additional states, we will update this Privacy Policy as necessary to reflect any additional state-specific requirements.

We may share Personal Information with the following parties:

•         Corporate affiliates, including corporate parents, subsidiaries, other affiliated entities, and associated entities for the purposes described in this Policy which are required to treat the information in accordance with this Privacy Policy;

•         Clinics, all patient information is disclosed to the clinic that engaged us to process that patient’s data. Such information is shared in a manner consistent with the contractual relationship we have with that clinic and subject to all applicable laws, as well as in a manner consistent with the patient’s treatment relationship with that clinic. If you have any concerns, as a patient, with the clinic’s access to such Personal Information, please reach out to your clinic directly;

•         Service providers that help us administer and provide the Services (for example, a web hosting company whose services we use to host our platform).  These third-party services providers have access to your Personal Information only for the purpose of performing services on our behalf.  We have entered into contractual relationships with these service providers and require them to comply with all applicable information privacy laws and regulations and to use the Information only for the purposes for which it was disclosed.  We require that any third-party service providers limit their use of your Information solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Information and not make unauthorized use or disclosure of the Information;

•         Authorized third parties, who are parties directly authorized by you to receive the applicable Information, such as when you authorize a third-party application provider to access your account.  The use of your Information by an authorized third party is subject to the third party’s privacy policy;

•         Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we will require the recipient to use such information in accordance with this Privacy Policy;

•         As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence; and

•        Pursuant to your express consent.

If you are a patient receiving treatment for a substance use disorder, additional consent requirements under 42 CFR Part 2 apply to disclosures of your SUD treatment records. You may be asked to provide written consent before we disclose your SUD treatment records to third parties, except as otherwise permitted by 42 CFR Part 2 (e.g., medical emergencies, audit and evaluation activities, court orders, and research meeting Part 2 requirements). Any disclosure of your SUD treatment records will be accompanied by the following notice: "This information has been disclosed to you from records protected by federal confidentiality rules (42 CFR Part 2). The federal rules prohibit you from making any further disclosure of this information unless further disclosure is expressly permitted by the written consent of the person to whom it pertains or as otherwise permitted by 42 CFR Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose (see 42 CFR  2.31). The federal rules restrict any use of the information to criminally investigate or prosecute any patient with a substance use disorder."  A general authorization for the release of medical or other information is NOT sufficient for this purpose (see 42 CFR 2.31).


5.             Information Retention

Generally, we retain the Personal Information we receive as described in this Privacy Policy for as long as you use our Site or as necessary to fulfill the purpose(s) for which it was collected, provide our products and services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

6.                   Other Important Information

a.                   Your Choices

On our Site and in your Account, you may make changes to your settings and preferences, including privacy preferences.

You may opt out of marketing at any time in every marketing communication as applicable. Opting out will stop marketing emails and SMS/MMS as applicable. We will process your opt-out request as soon as practicable. If you have an account, you will continue to receive transactional or service-related emails and texts (if you have opted into receiving texts). You will not be able to opt out of receiving transactional or service-related emails without cancelling your account.

If you exercise any of these choices, you may be asked to verify your identity, and we reserve the right to deny the request in order to protect against unauthorized access to Personal Information.

b.                   Registration; Account Information

If you choose to create an account, you agree to provide and maintain true, accurate, current, and complete information about yourself.

Please note that if you allow others to use your account, they may be able to view information about your Account, including your profile information, activities, transaction history or medical information.

c.                   Information Security

We take reasonable steps online and offline to safeguard the Personal Information that you provide to us, including: receiving and transmitting data through an encrypted, secure connection. We have implemented technical, administrative, and physical safeguards, which are designed to protect your information from unauthorized use and access. For example, access to the Site requires a successful login with an account created by an Administrator, and you will be automatically logged out from the Site if it is closed or otherwise becomes unavailable (e.g., switching applications, locking phone, power off, sleep). Phone push notification messages display generic announcements to keep information private and confidential. Administrators set and reset passwords for Site users. Passwords must be at least 8 characters long and include a special character. Longer passwords are encouraged, but not required. Administrators can create more complex passwords at their discretion.

It is common knowledge that transmission of information via the Internet is not wholly secure, and we cannot guarantee or warrant the security of your Personal Information, or any other information, transmitted to or through our Site or Services or otherwise provided to us.  We are not responsible for the theft, destruction, or inadvertent disclosure of such information.  It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Service(s).  Any transmission of information is at your own risk.

If you have any questions about security on our Services, or if you become aware of any unauthorized use of an account, loss of your account credentials or suspect a security breach, notify us immediately via e-mail at support@wht.care.  If our security system is breached, we will notify you of the breach to the extent required under applicable law.

d.                   Links to Third-Party Sites

The Site may contain links to other sites that are not operated by us.  If you click on a link to another site, you will be directed to that third party’s site, which may be opened within our mobile application.  Such links do not constitute an endorsement by us of those other websites, their content or services, or the persons or entities associated with those websites.  This Privacy Policy does not apply to third-party websites.  We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.  We encourage you to review the privacy policies and terms of all third-party websites or services that you may visit.

e.                   Children’s Privacy

We do not sell products or services for purchase by anyone under the age of thirteen (13).  In accordance with the Children’s Online Privacy Protection Act (“COPPA”), we will never knowingly request or solicit Personal Information from anyone under the age of thirteen (13) without verifiable parental consent.  In the event that we receive actual knowledge that we have collected such Personal Information without the requisite and verifiable parental consent, we will delete that information from our database as quickly as is practical.  We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Service(s).

f.                    International Data Transfers

We are based in the United States, and the Personal Information we collect is stored and processed in the United States. If you access the Site or the Services from outside the United States, your Personal Information will be transferred to, stored in, and processed in the United States.

7.          Your U.S. Privacy Rights

Depending on where you live, you may have certain rights related to your Personal Information.  These rights may include the below.  Please be aware that these rights are not absolute and may apply only in certain circumstances.  In certain cases, we may decline your request as permitted by law.

●         Right to Access / Know. You may have a right to request access to
Personal Information that we hold about you, including details relating to the ways in which we use and share your Personal Information, subject to certain privacy and other limitations.

●         Right to Delete. You may have a right to request that we delete Personal Information we maintain about you, subject to certain exceptions under applicable law.

●         Right to Correct. You may have a right to request that we correct inaccurate Personal Information that we maintain about you.

●         Right of Portability. You may have a right to receive a copy of the Personal Information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.

●         Right to Limit Use and Disclosure of Sensitive Personal Information. We will not process or use your sensitive Personal Information without your consent.

●         Right to Opt Out. You may have the right to opt out of the sale of your personal information and the sharing or processing of personal information for cross-context behavioral advertising or targeted advertising, as applicable. Please refer to “Cookies and Similar Technologies” for how to turn these features off.

●         Right Not to Be Discriminated Against. You may have the right not to be discriminated against for exercising any of your rights under applicable law. 

●         Restriction of Processing: You may have the right to ask us to stop or restrict our processing of Personal Information.

●         Withdrawal of Consent: Where we rely on consent to process your Personal Information, you may have the right to withdraw this consent.

●         Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial.

You may exercise these rights where indicated on our Site or by contacting us using the contact details provided below.  Note that we may choose not to honor requests where we are not legally obligated to do so, and we may choose to honor requests even where we are not legally obligated to do so, in each case in our sole and absolute discretion.  By honoring such requests, however, we do not assume, and hereby expressly disclaim, any obligation to honor such requests in the future.  

We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request.  In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights.  Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.  We will respond to your request in a timely manner as required under applicable law.

8.            California Privacy Notice

This section describes how we collect, use, and share the Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”) and the rights these users may have with respect to their Personal Information.

For purposes of this section, the term ‘Personal Information’ has the meaning given in the CCPA and does not include information exempted from the scope of the CCPA.  This section does not apply to our collection, use, and sharing of personal information of our internal staff.

Categories of personal information we collect and disclose: See “What information do we collect” for more information.

Sensitive Personal Information: We do not collect or process sensitive personal information for purposes of inferring characteristics about consumers, and we do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA regulations. Accordingly, the consumers’ “Right to Limit” under the CCPA does not apply to our current practices. If that changes, we will provide a Notice of Right to Limit and honor requests as required by law.

Sales and Sharing: Under the CCPA, ‘sales’ and ‘sharing’ are broadly defined, respectively, and include disclosing or making available personal information in exchange for monetary or other valuable consideration or for purposes of cross-context behavioral advertising. We do not sell your personal information, but we do share your personal information as such term is defined by the CCPA. To opt out, please follow the process provided under “Your U.S. Privacy Rights”.

We also do not have actual knowledge that we sell or share personal information of consumers under 16 years old.

Recordkeeping: We maintain records of consumer requests and our responses as required by law and will implement any additional requirements that become effective under forthcoming California regulations.

Automated Decisionmaking Technology (ADMT): We do not currently use ADMT to make significant decisions about consumers. If we begin doing so, we will provide a pre-use notice as required by law.

California Shine the Light: California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties.  Requests may be made only once a year and are free of charge.  Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to support@wht.care. 

9.          Other State Privacy Rights

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Indiana, Iowa, Delaware, and others as they become effective) may have rights similar to those described above. To exercise your rights, follow the process laid out in “Your U.S. Privacy Rights” section above.

Where these laws impose additional or different requirements, e.g., consent for certain sensitive data, data protection assessments for targeted advertising or profiling, or disclosures about automated decision-making, we will comply and provide state-specific supplements as necessary.

To the extent we process de-identified personal information, we will maintain and use it in a de-identified form and will not attempt to re-identify it unless permitted by applicable law.

10.           Changes in the Privacy Policy

We reserve the right to modify and update this Privacy Policy at any time by posting an amended version of the statement on our Site. Please refer to this policy regularly.  If at any time we decide to use Personal Information in a manner different from that stated at the time it was collected, we will notify you either on the panel home page of our Site or via e-mail.

11.             How to Contact Us

If you have any questions or comments about our Privacy Policy, or would like to make a complaint, please contact us using the details provided below:

By e-mail:                            dataprivacy@wht.care

By telephone:                    434-260-0517

By regular mail:                 Warm Health Technology, Inc

                                                722 Preston Ave, ste 108

                                                Charlottesville, VA 22901

                                                USA

Back to top of document