Privacy Policy

1. Scope & Roles

This Policy applies to information collected through our websites, applications, APIs, and services. WLFAI may act as a data controller (deciding how and why personal data is processed) or as a processor (processing data on behalf of a client). For enterprise engagements, processing will be governed by a Data Processing Addendum (DPA) and, where required for health information, a Business Associate Agreement (BAA).

2. Information We Collect

We collect information necessary to deliver our services. Types of information include:

• Identifiers: name, email, phone number, postal address, organization and account credentials.
• Healthcare Data (PHI): medical claims, clinical records, insurance identifiers, treatment records and related Protected Health Information provided by clients, providers, or users (processed in compliance with HIPAA where applicable).
• Business Information: role, company, billing and contract details.
• Communications: support tickets, emails, chat transcripts, audio recordings and transcriptions when using our transcription or telephony features.
• Technical & Usage Data: IP address, device and browser information, OS, cookies, analytics, logs, and usage metrics.
• Payment & Billing Data: billing information, invoices, payment method details (processed by third-party payment providers).
• Other: any other data you choose to provide when contacting us or using our services.

3. How We Use Information

We use personal data for the following purposes:

• To provide, operate, maintain and improve our products and services, including claim tracking, case management, automations, transcript generation, and integrations with third-party healthcare systems (e.g., Athena, Availity, Humana).
• To perform contractual obligations and manage customer relationships, billing and support.
• To secure our systems, detect and prevent fraud or abuse, and investigate security incidents.
• To comply with legal and regulatory obligations, including healthcare regulations such as HIPAA.
• To analyze usage patterns, develop new features, and support research and development using aggregated or de-identified data where possible.
• To send administrative notices, service updates, and, where permitted, marketing communications (users may opt-out of marketing messages at any time).

4. Legal Basis for Processing

Depending on applicable law and the context of processing, WLFAI relies on one or more legal bases to process personal data, which may include:

• Performance of a contract: processing necessary to provide services or fulfill a contract with you or your organization.
• Legal compliance: processing required to comply with laws or regulatory obligations (including HIPAA where applicable).
• Legitimate interests: processing for our legitimate business interests, such as improving services, security, and fraud prevention — balanced against your privacy rights.
• Consent: where required, we process data based on your consent which you may withdraw at any time (withdrawal does not affect prior processing).

5. Cookies & Tracking Technologies

We and our service providers use cookies, web beacons, local storage, and similar technologies to provide, protect, and improve our services. These technologies help with authentication, preference storage, performance monitoring, and analytics.

Types of cookies we use include:

• Strictly necessary: required for basic site functionality and security.
• Performance & analytics: used to understand and improve site performance and user experience.
• Functional: remember preferences and settings.
• Advertising & targeting: where applicable, to deliver relevant content; we do not sell personal data.

You can control cookie settings through your browser or device. Disabling cookies may affect site functionality. For more information on managing cookies, consult your browser settings or reach out to us at wlfai@outlook.com.

6. Third‑Party Services & Integrations

We integrate with and use third‑party services and platforms to deliver our solutions. These may include cloud hosting providers, analytics platforms, payment processors, communication providers (e.g., Twilio), transcription engines, and healthcare systems (e.g., Athena, Availity, Humana). These third parties may receive personal data to the extent necessary to perform their services.

We evaluate and select vendors carefully and enter into agreements requiring appropriate security and confidentiality measures, including Business Associate Agreements (BAAs) where required for PHI.

7. Data Sharing & Disclosure

We may disclose personal data to the following categories of recipients:

• Service providers and vendors performing services on our behalf.
• Healthcare providers, payers, clearinghouses, and other parties involved in treatment, payment, or healthcare operations (under HIPAA-required safeguards).
• Law enforcement, regulators, or courts as required by law or to defend legal rights.
• Acquirers, successors, or affiliates in the event of a merger, sale, or reorganization (we will use reasonable efforts to notify affected users).

We do not sell personal data and will not share personal data with third parties for their direct marketing purposes without consent.

8. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal data from unauthorized access, use, alteration, and disclosure. Key measures include:

• Encryption of data in transit (TLS) and at rest where appropriate.
• Access controls, role-based permissions, and least privilege principles.
• Multi-factor authentication and secure password requirements for accounts.
• Logging, monitoring, and periodic security assessments and penetration testing.
• Employee training, background checks, and contractual confidentiality obligations.
• Incident response plans and breach notification procedures consistent with applicable law, including HIPAA breach notification rules.

9. Data Retention & De‑identification

We retain personal data only as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and applicable law. Where feasible, we aggregate or de‑identify data and may retain such non-identifiable data for analytics and product improvement.

10. International Data Transfers

WLFAI is headquartered in India and may transfer personal data to other countries for processing and storage. When transferring personal data across borders, we implement appropriate safeguards such as contractual clauses, encryption, and vetted processor agreements to ensure an adequate level of protection.

11. Your Rights & Choices

Subject to applicable law, you may have the following rights with respect to your personal data:

• Access: request access to a copy of your personal data.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of personal data, subject to legal and contractual exceptions (especially for PHI).
• Restriction: request limitations on processing for certain purposes.
• Portability: where applicable, receive your data in a structured, commonly used, machine-readable format.
• Objection: object to certain processing activities based on legitimate interests.

To exercise these rights, contact us at wlfai@outlook.com. We may request information to verify your identity before processing requests.

12. Consent & Revocation

Where we rely on consent to process personal data, you may withdraw your consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. In some cases, withdrawing consent may limit our ability to provide certain services.

13. Children’s Privacy

Our services are intended for business users, healthcare providers, payers, and adult end users. We do not knowingly collect personal data from children under 13 (or the applicable age in your jurisdiction). If we become aware we have collected information from a child without parental consent, we will delete it and take steps to prevent further collection.

14. Business Transfers & Corporate Transactions

In the event of a merger, acquisition, reorganization, or sale of assets, personal data may be transferred to an acquirer. We will use reasonable efforts to notify affected individuals and require any successor to honor this Privacy Policy or provide substantially similar protections.

15. Compliance (HIPAA, GDPR, CCPA)

WLFAI is committed to complying with applicable privacy and data protection laws. For healthcare-related processing in the U.S., we implement HIPAA safeguards and enter into Business Associate Agreements when required. For users in jurisdictions covered by the GDPR, CCPA, or similar laws, we honor rights afforded under those laws and implement appropriate technical and organizational measures.

Note: This Policy is a general statement of practices and does not create contractual rights beyond those in specific agreements with our customers.

16. Dispute Resolution & Governing Law

This Privacy Policy and any disputes arising from it are governed by the laws applicable to WLFAI’s corporate jurisdiction. For specific contractual engagements, governing law and dispute resolution provisions in the applicable contract will apply. If you have concerns you cannot resolve with us directly, you may have the right to file a complaint with your local data protection authority.

17. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or products. When we make material changes, we will provide notice through our website or via direct communication and update the "Last Updated" date at the top of this page.

18. Contact Us

For questions, requests, or to exercise your privacy rights, please contact us at:

Disclaimer: This Privacy Policy is provided for informational purposes and does not constitute legal advice. WLFAI recommends that customers and users seek counsel to ensure compliance with applicable privacy laws and contractual obligations.