W
WellOps
Terms of ServiceProvider AgreementCorporate Client TermsPrivacy PolicyTrust & SecurityInsurance Disclaimer

Legal

Privacy Policy

Last updated: July 5, 2026Effective: May 31, 2026

WellOps is owned and operated by WellOps, LLC, an Arizona limited liability company (“we,” “us,” or “our”). WellOps, LLC is the data controller for personal information collected through the WellOps platform. This policy explains what data we collect, how we use it, and your rights. WellOps serves three types of users: Providers (wellness businesses), Corporate Clients (businesses booking wellness services), and Employees (individuals booking time slots at their employer’s event).

1. Data We Collect

Providers

  • Business name, legal name, contact email, phone, website, and service area.
  • Brand preferences (color, tagline, public URL slug).
  • Insurance documentation (Certificate of Insurance), stored in Supabase Storage (AWS-backed).
  • Service agreements and other documents generated or uploaded through the Platform, stored in Supabase Storage (AWS-backed).
  • Payment method (processed and stored by Stripe — WellOps does not store card numbers).
  • Account credentials (managed by Supabase Auth).

Corporate Clients

  • Company name, contact name, email, and phone number provided when submitting a wellness request.
  • Event preferences including preferred date, employee count, and event type.

Employees

  • Name and work email address collected at the time of booking a wellness appointment.
  • Selected appointment date and time.
  • Optional session preferences provided to help the wellness provider prepare — such as focus areas, pressure preference, and an optional free-text field for general considerations (for example, mobility or comfort notes).
  • No account creation is required. WellOps is not a medical or healthcare records system. We ask employees not to submit, and we do not request, medical histories, diagnoses, or treatment records.

Usage and Analytics Data

  • Platform usage data (pages visited, features used, events triggered) collected through PostHog and Google Analytics 4.
  • Browser type, device type, operating system, and general geographic location (country/region) derived from IP address.
  • This data is used to understand platform usage, improve features, and diagnose errors. It is not used to identify individual users for advertising purposes.

2. How We Use Your Data

Providers

  • To operate and display your branded booking page.
  • To send you new corporate request notifications, quote updates, and booking confirmations.
  • To process the $49–$99 booking success fee via Stripe.
  • To verify your business during our onboarding review.

Corporate Clients

  • To relay your wellness request to your chosen Provider.
  • To send you the Provider’s quote for review and acceptance.
  • To distribute the employee self-booking link after quote acceptance.

Employees

  • To reserve your selected time slot and prevent double-booking.
  • To send a booking confirmation email to your work email address.
  • To share your name and appointment time with the Provider to facilitate your session.

3. Data Sharing

We share data only as necessary to operate the Platform:

  • Supabase — database, authentication, and file storage infrastructure. Data is stored on Supabase’s servers (AWS-backed). This includes uploaded documents such as Certificates of Insurance and service agreements. See Supabase’s Privacy Policy.
  • Stripe — payment processing. Stripe processes and stores Provider payment information. See Stripe’s Privacy Policy.
  • Resend — transactional email delivery (booking confirmations, quote notifications).
  • Replit — application hosting and deployment infrastructure for the WellOps platform.
  • PostHog — product analytics platform. We use PostHog to track platform usage events (e.g. feature interactions, onboarding steps) to improve the product. PostHog may process data outside the United States. See PostHog’s Privacy Policy.
  • Google Analytics 4 — web analytics. We use GA4 to understand traffic patterns and usage trends. Google Analytics uses cookies and may process data outside the United States. See Google’s Privacy Policy.
  • Coverdash — if a Provider clicks through to Coverdash’s site, Coverdash’s own privacy policy governs any data they collect. WellOps does not transmit personal data to Coverdash. See our Insurance Disclaimer.

We do not sell, rent, or trade personal data to any third party for marketing purposes.

4. Employee Data — Special Notice

Employees booking through WellOps are doing so at the invitation of their employer (the Corporate Client). We collect only the minimum data needed (name, email, appointment time) to complete the booking.

Employee booking data is shared with the Provider to facilitate the session. It is not used for any other purpose and is not shared with the employer (Corporate Client) beyond what is needed to coordinate the event.

Employees may request deletion of their booking data by emailing hello@wellopsapp.com.

5. Data Retention

  • Provider accounts: Retained as long as your account is active, plus 12 months after termination.
  • Uploaded documents (COI, service agreements): Retained for the duration of the Provider’s active account, plus 24 months after termination, to support compliance and dispute resolution.
  • Corporate Client data: Retained for 24 months from last interaction.
  • Employee booking data: Retained for 12 months from the event date, then deleted or anonymized.
  • Analytics data: PostHog and Google Analytics retain usage data per their own retention policies (typically 24 months for GA4; configurable in PostHog).

6. Security

We implement industry-standard security measures, including encrypted connections (TLS) for all data in transit, encryption of the database and uploaded files at rest (via our infrastructure providers), row-level security and role-based access controls that isolate each provider’s data, token-scoped access for public review, quote, booking, and invoice flows, and automated daily backups with point-in-time recovery. WellOps is not a medical or healthcare records system and does not collect Protected Health Information (PHI). No system is perfectly secure, so we encourage you to use strong passwords and report any suspected unauthorized access or vulnerability to hello@wellopsapp.com (also published at /.well-known/security.txt). If a breach affects your data, we will notify affected users without undue delay and as required by applicable law. For a full overview, see our Trust & Security page.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information in your account.
  • Delete your account and associated data (subject to legal retention requirements).
  • Object to certain processing activities.

To exercise any of these rights, email hello@wellopsapp.com. We will respond within 30 days.

8. Cookies and Tracking Technologies

WellOps uses cookies and similar tracking technologies for the following purposes:

  • Essential session cookies — required to maintain authentication and core platform functionality. Cannot be disabled.
  • Analytics cookies (PostHog) — used to track how Providers use the platform so we can improve features and fix issues. PostHog may set a persistent cookie or use local storage to identify returning sessions.
  • Analytics cookies (Google Analytics 4) — used to collect aggregate data about page visits and usage patterns. GA4 uses cookies (including _ga) that persist across sessions.

We do not use advertising cookies or retargeting pixels, and we do not track users across unaffiliated third-party websites for marketing purposes.

9. Children

WellOps is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, contact hello@wellopsapp.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email before material changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

11. Contact

For privacy questions, contact us at hello@wellopsapp.com.


Also see: Terms of Service · Insurance Disclaimer

Terms of ServiceProvider AgreementCorporate Client TermsPrivacy PolicyTrust & SecurityInsurance Disclaimer

© 2026 WellOps, LLC. Questions? hello@wellopsapp.com