Privacy Policy

Last updated: 7/3/2026

This Privacy Policy explains how HealthWise AI ("HealthWise AI", "we", "us", or "our"), the legal entity operating the HealthWise AI service (the "Service"), collects, uses, shares, and retains personal information about visitors and registered users.

Data controller

HealthWise AI is the data controller of the personal information described in this policy. You can reach us with privacy questions through the contact form on our site.

Personal data we collect

  • Account data: name, email address, password hash, and any profile fields you fill in.
  • Usage data: questions you ask the AI assistant, saved plan comparisons, cost estimates, quote requests, and bookmarks.
  • Device and log data: IP address, browser type, device identifiers, pages viewed, and timestamps.
  • Payment data: processed by our payment provider Paddle (see "Sharing" below). We do not receive or store full card numbers.
  • Support data: messages you send us and metadata about the conversation.

We do not collect Social Security numbers, actual medical records, or claims data.

How we use personal data and our legal bases

  • Providing the Service — account creation, saving your comparisons, running the AI assistant, and generating estimates. Legal basis: performance of a contract.
  • Security and fraud prevention — detecting abuse, protecting accounts, and rate-limiting. Legal basis: legitimate interests.
  • Product improvement and analytics — understanding aggregate usage to improve features. Legal basis: legitimate interests.
  • Customer support — responding to your requests. Legal basis: performance of a contract / legitimate interests.
  • Billing and tax compliance — via Paddle. Legal basis: performance of a contract and legal obligation.
  • Legal compliance — responding to lawful requests and enforcing our Terms. Legal basis: legal obligation.

How we share personal data

We share personal data with the following categories of recipients:

  • Paddle.com Market Ltd. — Merchant of Record. Paddle acts as our reseller and Merchant of Record for all subscription orders. Paddle processes payments, handles billing, calculates and remits sales tax/VAT, issues invoices, and handles refunds and chargebacks. Personal and payment data you provide at checkout is processed by Paddle under its own privacy notice: paddle.com/legal/privacy.
  • Hosting and infrastructure providers — cloud hosting and database providers that store data on our behalf under written data-processing agreements.
  • AI providers — third-party model providers that process the prompts you submit to the AI assistant solely to return a response.
  • Analytics providers — see "Cookies and analytics" below.
  • Professional advisers — legal, accounting, and audit advisers, bound by confidentiality.
  • Authorities — where we are required to disclose data by law, court order, or to protect our rights.

We do not sell your personal data.

Cookies and analytics

We use strictly necessary cookies for authentication and session management, and may use first- or third-party analytics cookies to understand aggregate usage of the Service. You can control non-essential cookies through your browser settings. Where required by law, we will ask for your consent before setting non-essential cookies.

Data retention

  • Account data — kept while your account is active and deleted (or anonymized) within 90 days of account deletion.
  • AI conversations, saved comparisons, quotes, estimates — kept while your account is active; deleted with the account.
  • Support messages — up to 24 months after the last interaction.
  • Log and security data — up to 12 months.
  • Billing records — retained by us and by Paddle for the period required by applicable tax and accounting law (typically 7–10 years).

When retention periods expire, data is deleted or irreversibly anonymized.

Your rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. You can delete your account at any time from your profile page, or contact us via the site's contact form to exercise any of these rights. You may also lodge a complaint with your local data protection authority.

International transfers

Where personal data is transferred outside your jurisdiction, we and our providers rely on appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.

Security

We apply appropriate technical and organizational measures — including encryption in transit and at rest, row-level access controls, and least-privilege access — to protect personal data. No system is 100% secure, but we work continuously to protect our users.

Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated "Last updated" date.