support@wellyfy.com

Privacy policy

Health Lync LLC Privacy Policy

Doing Business As (DBA): Wellyfy
Effective Date: July 21, 2025

1. Purpose

Health Lync LLC, doing business as Wellyfy (“Wellyfy,” “we,” “us,” or “our”), based in Austin, Texas, is committed to protecting the privacy and security of Personal Information in compliance with applicable laws, including the Texas Data Privacy and Security Act (TDPSA), the Health Insurance Portability and Accountability Act (HIPAA), and other relevant federal and state regulations (“Applicable Law”). This Privacy Policy outlines our responsibilities regarding the collection, use, disclosure, and protection of Personal Information (PI) and Sensitive Personal Information for our telehealth services.

2. Policy Owner

Privacy Officer, Health Lync LLC
Contact: support@thehealthlync.com

3. Scope

This policy applies to Wellyfy’s telehealth services (“Services”) offered to eligible individuals (“Members”) in Texas and, where applicable, other U.S. states. Services include connecting Members with treating physicians, psychologists, or specialists for general practitioner services, expert medical opinions, online consultations, and mental health support, including interactions with Wellyfy’s AI platform, Mirro.ai.

This policy covers all Wellyfy employees, contractors, and third-party service providers (“Subcontractors”) who handle PI in connection with our Services.

Personal Information (PI) is defined as information that identifies or could reasonably identify an individual, including name, address, phone number, email, or other data treated as personal under Applicable Law.
Sensitive Personal Information includes health information, biometric or genetic data, sexual orientation, racial or ethnic origins, or other data afforded extra protection under Applicable Law, such as protected health information (PHI) under HIPAA.

4. Personal Information Collected

Wellyfy collects PI necessary to provide Services, including:
Personal Information:

  • Demographic details (name, address, phone number, date of birth, email, IP address).
  • Identification (e.g., driver’s license, passport for identity verification).
  • Insurance policy number.
  • Demographic information of Members’ legal representatives (if applicable).

Sensitive Personal Information:

  • Medical records (e.g., medical history, treatment records, diagnostic tests, imaging like X-rays or CT scans, pathology samples).
  • Health-related data (e.g., heart and lung sounds, vital signs, sexual orientation, mental health information, if relevant to Services).
  • Interactions with Wellyfy’s AI platform, Mirro.ai (e.g., user inputs, session data).

5. How Personal Information is Collected

We collect PI through:

  • Direct input from Members or their legal representatives.
  • Authorized collection from treating physicians or healthcare facilities.
  • Insurance providers or employers, solely to verify eligibility for Services.
  • Interactions with Mirro.ai during telehealth sessions.

Notice and consent are obtained before collecting PI, except where necessary to determine eligibility, in accordance with TDPSA and HIPAA requirements.

6. Purposes for Collecting, Using, and Disclosing Personal Information

6.1 Providing Services

Wellyfy collects, uses, and discloses PI primarily to deliver telehealth Services, including:

  • Verifying eligibility for Services.
  • Collecting medical history and treatment information.
  • Collaborating with physicians, psychologists, or specialists.
  • Assessing, diagnosing, and treating Members.
  • Recommending healthcare providers or facilities.
  • Engaging Members with eligibility notifications or health-related updates.

6.2 Use of Anonymized Data for AI Training and Healthcare Improvement

To enhance healthcare outcomes and improve our Services, Wellyfy may use anonymized patient data to train artificial intelligence (AI) models, including our Mirro.ai platform. This data includes, but is not limited to:

  • Heart and lung sounds.
  • Vital signs (e.g., blood pressure, heart rate, temperature).
  • Interactions with Mirro.ai (e.g., de-identified session data).
  • Other de-identified health information derived from medical records.

All data used for AI training is anonymized to remove personally identifiable information, ensuring compliance with HIPAA and TDPSA. Anonymized data cannot be linked back to an individual Member. This process supports the development of more accurate diagnostic tools, personalized treatment recommendations, and improved telehealth experiences.

6.3 Management and Administration

PI may be used for internal operations, including:

  • Information security and privacy compliance (e.g., HIPAA, TDPSA).
  • Maintaining IT systems.
  • Quality assessment, training, and personnel management.
  • Auditing, legal services, and business development.
  • Facilitating potential sales, mergers, or company restructuring.

6.4 Disclosures to Members or Authorized Individuals

PI is disclosed to Members or their legal representatives after identity verification. Disclosures to others involved in a Member’s care require written or documented verbal consent, per HIPAA.

6.5 Disclosures to Subcontractors

Wellyfy may share PI with Subcontractors (e.g., healthcare experts, IT providers, or Affiliates) to support Services or administrative functions. Subcontractors sign Business Associate Agreements (BAAs) or other contracts ensuring PI protection and compliance with Applicable Law. Wellyfy conducts due diligence to verify Subcontractors’ compliance. If a Subcontractor violates privacy obligations, Wellyfy will investigate, require corrective action, or terminate the agreement if feasible. Upon termination, Subcontractors must securely destroy or return PI.

6.6 International Data Transfers

PI is primarily stored on servers in the United States. If Services involve experts or Affiliates outside the U.S. (e.g., for specialist consultations), PI may be transferred internationally with Member consent and compliance with Applicable Law, including HIPAA and TDPSA safeguards for cross-border data transfers.

6.7 Legal and Public Policy Disclosures

PI may be disclosed as required by law, including:

  • Public health reporting (e.g., disease exposure, child abuse).
  • Health oversight activities.
  • Judicial or administrative proceedings.
  • Law enforcement requests.
  • Health or safety purposes (e.g., preventing harm).

Such disclosures require Privacy Officer approval and must comply with Applicable Law.

7. Authorizations

Uses or disclosures of PI beyond those outlined require written Member authorization, particularly for collecting medical records from third parties or using PI for AI training (prior to anonymization), per HIPAA.

8. Minimum Necessary Standard

Wellyfy limits PI use, disclosure, or requests to the minimum necessary to achieve the intended purpose, as required by HIPAA and TDPSA.

9. Verification

Before disclosing PI, Wellyfy verifies the identity and authority of the requestor (e.g., via questions or ID documents), unless the requestor is known to us.

10. Sale of Personal Information

Wellyfy does not sell PI or receive remuneration for PI disclosures, in compliance with TDPSA and HIPAA.

11. Security of Personal Information

Wellyfy maintains a robust security program to protect PI, including:

  • Staff training on privacy and security.
  • Secure disposal of PI.
  • Physical and technical safeguards (e.g., encryption, password protection).
  • Disaster recovery and data backup plans.
  • Regular security audits.
  • Retaining PI for the minimum period required by law (e.g., 7 years for HIPAA-covered records in Texas, or as required by other regulations).

12. Member Rights

12.1 Access

Members may request access to their PI, including PHI, per HIPAA and TDPSA.

12.2 Amendment

Members may request amendments to their PI in writing to the contact below.

12.3 Opt-Out and Data Deletion

Under TDPSA, Members may opt out of targeted advertising, data sales, or profiling. Deletion requests are honored unless retention is required by law (e.g., HIPAA record retention).

12.4 Complaints and Questions

Members may submit privacy-related complaints or questions to:

  • Email: support@thehealthlync.com
  • Mail: Health Lync LLC, 9817 Llano Estacado Ln Austin TX 78759

Complaints are reviewed by the Privacy Officer, with anonymized cases forwarded to privacy-incident@thehealthlync.com for investigation.

13. Incident Response

Employees must report potential unauthorised PI uses or disclosures (“Privacy Incidents”) to support@thehealthlync.com. Reports must be anonymized by removing identifiers (e.g., name, ID, DOB). The Privacy Officer will investigate, document, and determine if notification to Members or regulators (e.g., HHS for HIPAA breaches, Texas Attorney General for TDPSA violations) is required.

14. Policy Exceptions

Exceptions are reviewed case-by-case by the Privacy Officer in consultation with legal counsel.

15. Enforcement

Non-compliance by employees or Subcontractors may result in disciplinary action, up to termination.

16. Contact Information

For questions, complaints, or to exercise rights:

  • Email: support@thehealthlync.com
  • Mail: Health Lync LLC, 9817 Llano Estacado Ln Austin TX 78759