Facebook Pixel Tracking
Wellzy Logo
🌐 Español Home Chat Find Therapists Exercises Meditation Insights Reflections Rewards Referrals Wellzycoin Blog
Types of Therapy
Cognitive Behavioral Therapy (CBT) Dialectical Behavior Therapy (DBT) Psychodynamic Therapy Adlerian Therapy Gestalt Therapy Sign In Sign Up
Trust & Safety

Is Wellzy HIPAA compliant?

Written by Anthony Tapias, Founder, Wellzy ·Last reviewed June 2026 ·Fact-checked against authoritative sources (see Sources)
Wellzy is built with privacy and security controls aligned with HIPAA, GDPR, and SOC 2 principles. Wellzy is a direct-to-consumer wellness app — for general consumer use it is not acting as a HIPAA-covered entity, and we do not claim a formal HIPAA certification. Below is exactly what that means and how your information is protected.

What HIPAA actually covers

HIPAA is a US law that governs how "covered entities" (like healthcare providers and insurers) and their business associates handle protected health information. Most consumer wellness apps used directly by individuals are not covered entities. That distinction matters, which is why we describe our approach precisely rather than using a blanket "HIPAA compliant" label.

How Wellzy protects your information

We apply concrete technical and organizational controls modeled on healthcare-grade practices:

  • Conversations encrypted in transit (TLS 1.3) and at rest (Fernet / AES-128-CBC with HMAC)
  • Access controls and authentication on stored data
  • No selling of personal data to third parties
  • Account and data deletion available on request
  • Data handling aligned with GDPR principles for users in applicable regions

What we do not claim

We do not claim formal HIPAA certification or SOC 2 attestation unless and until we complete those programs. If that changes, we will say so explicitly and publish the details. We would rather be precise than overstate our compliance posture.

Frequently asked questions

Is Wellzy HIPAA certified?
There is no official "HIPAA certification" body. Wellzy applies security and privacy controls aligned with HIPAA principles, but as a direct-to-consumer wellness app it is generally not operating as a HIPAA-covered entity, and we do not claim formal certification.
Is my data encrypted?
Yes. Data is encrypted in transit (TLS 1.3) and at rest using Fernet (AES-128-CBC with HMAC).
Does Wellzy follow GDPR?
Wellzy handles data in line with GDPR principles, including the ability to access and delete your data.

Sources

  1. Summary of the HIPAA Privacy Rule— U.S. Department of Health & Human Services (HHS)
  2. Covered Entities and Business Associates— U.S. Department of Health & Human Services (HHS)
Wellzy is not a crisis service. If you are in crisis or thinking about harming yourself, please contact emergency services or a crisis line right away — in the US, call or text 988 (Suicide & Crisis Lifeline), or text HOME to 741741. Wellzy is designed to complement, not replace, licensed mental health care and emergency services.

Related

Is Wellzy safe?Privacy PolicyWhat is Wellzy?

Start feeling a little lighter — free

Talk to Wellzy's AI for support with anxiety, stress, low mood, and sleep. No signup or credit card needed to begin, and a free tier you can keep using.

Start free chat → Download on the App Store