Is Wellzy HIPAA compliant?
What HIPAA actually covers
HIPAA is a US law that governs how "covered entities" (like healthcare providers and insurers) and their business associates handle protected health information. Most consumer wellness apps used directly by individuals are not covered entities. That distinction matters, which is why we describe our approach precisely rather than using a blanket "HIPAA compliant" label.
How Wellzy protects your information
We apply concrete technical and organizational controls modeled on healthcare-grade practices:
- Conversations encrypted in transit (TLS 1.3) and at rest (Fernet / AES-128-CBC with HMAC)
- Access controls and authentication on stored data
- No selling of personal data to third parties
- Account and data deletion available on request
- Data handling aligned with GDPR principles for users in applicable regions
What we do not claim
We do not claim formal HIPAA certification or SOC 2 attestation unless and until we complete those programs. If that changes, we will say so explicitly and publish the details. We would rather be precise than overstate our compliance posture.
Frequently asked questions
Is Wellzy HIPAA certified?
Is my data encrypted?
Does Wellzy follow GDPR?
Sources
- Summary of the HIPAA Privacy Rule— U.S. Department of Health & Human Services (HHS)
- Covered Entities and Business Associates— U.S. Department of Health & Human Services (HHS)
Related
Start feeling a little lighter — free
Talk to Wellzy's AI for support with anxiety, stress, low mood, and sleep. No signup or credit card needed to begin, and a free tier you can keep using.