Privacy Policy

GENERAL

Is it Well? (“Company” or “we” or “us” or “our”) respects the privacy of its users (“user” or “you”) that use our mobile application and website located at isitwell.com, including other media forms, media channels, mobile website or mobile application related or connected thereto (collectively, the “Website”).

The following Company privacy policy (“Privacy Policy”) is designed to inform you, as a user of the Website, about the types of information that Company may gather about or collect from you in connection with your use of the Website. It also is intended to explain the conditions under which Company uses and discloses that information, and your rights in relation to that information.

Changes to this Privacy Policy are discussed at the end of this document. Each time you use the Website, however, the current version of this Privacy Policy will apply. Accordingly, each time you use the Website you should check the date of this Privacy Policy (which appears at the beginning of this document) and review any changes since the last time you used the Website.

The Website is hosted in the United States of America and is subject to U.S. state and federal law. If you are accessing our Website from other jurisdictions, please be advised that you are transferring your personal information to us in the United States, and by using our mobile app, you consent to that transfer and use of your personal information in accordance with this Privacy Policy.

You also agree to abide by the applicable laws of applicable states and U.S. federal law concerning your use of the Website and your agreements with us. Any persons accessing our Website from any jurisdiction with laws or regulations governing the use of the Internet, including personal data collection, use and disclosure, different from those of the jurisdictions mentioned above may only use the Website in a manner lawful in their jurisdiction. If your use of the Website would be unlawful in your jurisdiction, please do not use the Website.

SMS TEXT MESSAGING CONSENT

The Service enables users to invite trusted contacts to receive SMS text message notifications related to wellness check-ins.

Trusted contacts will only receive SMS messages after they have provided direct, explicit consent via a secure consent link. Users cannot provide consent on behalf of their contacts.

When a user adds a trusted contact, the Service generates a unique, time-limited consent link that the user may share with the contact using their preferred messaging method (such as SMS, WhatsApp, or other communication channels).

The recipient must independently open the link, review the message details, and explicitly agree to receive messages by selecting the acceptance option on the consent page.

The consent page clearly discloses:

• The identity of the application (Is it Well?)
• The name of the user requesting contact
• The purpose of the messages (wellness check-in alerts)
• Message frequency (varies based on user activity, with a maximum of up to 10 messages per day)
• “Message and data rates may apply”
• Instructions to reply STOP to opt out
• Instructions to reply HELP for assistance

No SMS messages are sent to any contact unless that contact has explicitly opted in through this process.

SMS messages are informational and non-promotional in nature. Messages are only sent when triggered by a user action within the application and are not sent on a recurring or automated schedule.

Recipients may opt out at any time by replying STOP to any SMS message. Opt-out requests are processed immediately, and no further messages will be sent unless the recipient completes a new consent flow.

Recipients may reply HELP to receive assistance or support information.

Consent records, including timestamp, status, and associated identifiers, are securely stored to support compliance and audit requirements.

We will not share, sell, or distribute any mobile phone numbers, SMS opt-in data, or messaging consent information to any third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties.

GATHERING, USE AND DISCLOSURE OF USER DATA

What User Data is Collected - Personal Identifying and SMS Information

“Personal-Identifying Information,” is information such as a name or email address that, without more, can be directly associated with a specific person.

Like most mobile app operators, Short Message Service refers to the transmission and receipt of short text-based messages between mobile devices.

Users will make available phone numbers of three to five individuals that will be sent SMS text notification messages on demand.

Company may gather from users of the mobile app Personal-Identifying Information of the sort that Web browsers, depending on their settings, may make available. We do not collect user’s Internet Protocol (IP) address, operating system, browser type or the locations of the websites the user views right before arriving at, while navigating and immediately after leaving the mobile app.

Company analyzes Personal identifying Information gathered from users of the mobile app to help Company better understand how the mobile app is being used.

What User Data is Shared

Data collected will be retained no more than two years after users account indicate that users have not accessed the application for 12 consecutive months. Company will not share email address or any other personal identifying information with any third party.

The following personal data (“information”) collected from users is limited to:

• Email address. User email address is collected for the express purpose of restoring lost or forgotten passwords.
• SMS Phone Number. Users are asked to identify three to five people that the app will send a SMS text when requested by the user.

How user data is accessed and stored

We collect the information from users. The email and SMS text user data will be stored on an encrypted database in an encrypted AWS cloud server. The data is accessed through an administrative portal that is restricted to a primary and backup administrator only.

How user data is used

User email is restricted to restoring lost or forgotten passwords. Phone number use is restricted to sending SMS text to the three to five non-users identified by the user.

Third-Party Advertisers and Marketing Communications

Company will not share any personal identifying information to third party advertising companies or their affiliates. Company will not provide users’ email information or the phone numbers of non-users to third party advertisers or marketing companies, so that those third parties may directly contact them about additional products and services.

Mobile Device Additional Terms

Mobile Device

If you use a mobile device to access the Website or download any of our applications, we do not collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.

Geo-Location Information

Although users are asked to enter their country of origin, we do not access or track any location-based information from your mobile device at any time while downloading or using our mobile application or our services.

Push Notifications

We send you push notifications if you choose to receive them, letting you know when someone has sent you a message or for other service-related matters. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

COLLECTION, USE AND DISCLOSURE OF PERSONAL-IDENTIFYING INFORMATION

Website Registration

As defined above, Personal-Identifying Information is information that can be directly associated with a specific person. The information collected by Company about non-users is information provided by users themselves when registering for our app. That information is limited to mobile phone numbers that receive SMS text.

Users of the Website are under no obligation to provide Company with Personal-Identifying Information of any kind, with the caveat that a user’s refusal to do so may prevent the user from using certain Website features.

Company Disclosures

Company may disclose Personal-Identifying Information under the following circumstances:

By Law or to Protect Rights

When we believe disclosure is appropriate, we may disclose Personal Identifying Information in connection with efforts to investigate, prevent or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of Company, our users, our employees or others; to comply with applicable law or cooperate with law enforcement; to enforce our Terms of Use or other agreements or policies, in response to a subpoena or similar investigative demand, a court order or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.

Third-Party Service Providers

We may share your Personal-Identifying Information, which may include your name and contact information (including email address) with our authorized service providers that perform certain services on our behalf. These services may include troubleshooting app performance, web software performance, or phone performance using the app.

Business Transfers; Bankruptcy

Company reserves the right to transfer all Personal-Identifying Information in its possession to a successor organization in the event of a merger, acquisition, bankruptcy or other sale of all or a portion of Company’s assets. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred Personal-Identifying Information will be subject to this Privacy Policy, or to a new privacy policy if you are given notice of that new privacy policy and are given an opportunity to affirmatively opt-out of it. Personal Identifying Information submitted or collected after a transfer, however, may be subject to a new privacy policy adopted by the successor organization.

Changing Personal-Identifying Information; Account Termination

You may at any time review or change your Personal-Identifying Information by going to your account settings (if applicable) or contacting us using the contact information below.

Upon your request, we will deactivate or delete your account and contact information from our active databases. Such information will be deactivated or deleted as soon as practicable based on your account activity and accordance with our deactivation policy and applicable law.

To make this request, either go to your account settings (if applicable) or contact us as provided below.

COLLECTION AND USE OF INFORMATION BY THIRD PARTIES GENERALLY

Company contractually prohibits its contractors, affiliates, vendors, and suppliers from disclosing Personal Identifying Information received from Company, other than in accordance with this Privacy Policy.

SECURITY

We take the security of your Personal-Identifying Information seriously and use reasonable electronic, personnel and physical measures to protect it from loss, theft, alteration, or misuse. However, please be advised that even the best security measures cannot fully eliminate all risks. We cannot guarantee that only authorized persons will view your information. We are not responsible for third-party circumvention of any privacy settings or security measures.

We are dedicated to protecting all information on the Website as is necessary. However, you are responsible for maintaining the confidentiality of your Personal-Identifying Information by keeping your password confidential. You should change your password immediately if you believe someone has gained unauthorized access to it or your account. If you lose control of your account, you should notify us immediately.

PRIVACY POLICY CHANGES

Company may, in its sole discretion, change this Privacy Policy from time to time. All changes to Company’s Privacy Policy will be reflected on this page and the date new versions are posted will be stated at the top of this Privacy Policy.

CHILDREN

The Children's Online Privacy Protection Act ("COPPA") protects the online privacy of children under 13 years of age. We do not knowingly collect or maintain Personal-Identifying Information from anyone under the age of 13, unless or except as permitted by law.

Any person who provides Personal-Identifying Information through the mobile app and/or Website represents to us that he or she is 13 years of age or older.

If we learn that Personal-Identifying Information has been collected from a user under 13 years of age on or through the mobile app and/or Website, then we will take the appropriate steps to cause this information to be deleted.

If you are the parent or legal guardian of a child under 13 who has become a member of the mobile app and/or Website or has otherwise transferred Personal-Identifying Information to the mobile app and/or Website, please contact Company using our contact information below to have that child's account terminated and information deleted.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about the Personal-Identifying Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year.

If applicable, this information would include a list of the categories of the Personal Identifying Information that was shared and the names and addresses of all third parties with which we shared Personal-Identifying Information in the immediately preceding calendar year.

If you are a California resident and would like to make such a request, please submit your request in writing to our privacy officer as listed below.

General Data Protection Regulation Compliance

All users are protected per the recent GDPR guidance. These rights include the following rights: to be informed, access to user data, user data deletion, restricted data processing, data portability, objection, and the right to not be exposed to profiling of any kind or be subject to automated decision making.

DO-NOT-TRACK POLICY

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.

Because there is not yet a common understanding of how to interpret the DNT signal, the Website currently does not respond to DNT browser signals or mechanisms.

CONTACT

If you have any questions regarding our Privacy Policy, please contact our Data Protection Officer at: