Patient Privacy Notice

Whadata Patient Privacy Notice

Date of Policy: July 17, 2026

Applies to: Patients using the Whadata Patient Portal and patient-facing features

Download PDF

This Patient Privacy Notice explains how Whadata AI, Inc. ("Whadata," "we," or "us") handles your information when you use the Whadata Patient Portal and related patient-facing features, such as onboarding, digital intake forms, submitting insurance information, joining telehealth visits, and viewing visit information your Provider shares with you. Available features depend on what your Provider has enabled.

Important: Whadata is a technology provider, not your healthcare provider. Your doctor, clinic, or practice (your "Provider") is the entity responsible for your medical care and for your medical record. Under the Health Insurance Portability and Accountability Act (HIPAA), your Provider is the "Covered Entity" and Whadata is a "Business Associate" that processes your health information on the Provider's behalf and under the Provider's instructions. Your Provider's own Notice of Privacy Practices describes your rights with respect to your medical record.

1. Information We Handle About You

Depending on which features your Provider uses, we may process the following on your Provider's behalf:

  • Identity & contact: name, date of birth, contact details, and emergency contact.
  • Insurance: insurance card images and the payer, member, and group information extracted from them.
  • Clinical: your medical and clinical information, including visit notes, vitals, medications, allergies, lab results, immunizations, and prescriptions.
  • Telehealth media: video and audio of telehealth visits and the transcripts and summaries created from them.
  • Visit location: the physical location you provide or confirm at the start of a telehealth visit, used for provider licensure and compliance.
  • Communications: faxed documents associated with your record, appointment details, and appointment-related emails or links.
  • Payments: copay and payment amounts where your Provider collects payment through the platform, plus a tokenized reference to any payment method you choose to save for future charges (full payment-card numbers are held by our payment processor in tokenized form, not stored by Whadata).
  • Technical: login, device, and usage information needed to operate and secure the portal.

2. How Your Information Is Used

We use your information only to provide the Platform's features to you and your Provider (for example, to schedule and conduct visits, document care, manage prescriptions and communications, verify insurance, and process payments) and to keep the Platform secure and operational. We use and disclose your health information as permitted by HIPAA and as instructed by your Provider. We do not sell your information, and we do not use it for advertising.

3. Artificial Intelligence

Some features use AI to assist your Provider, for example by drafting a summary of a visit, suggesting billing codes for your Provider to review, or reading information from an uploaded document. AI output is always a draft that your Provider reviews and approves; it does not make decisions about your care. We do not use information that identifies you to train AI models. We may use information that has been de-identified (so it no longer identifies you), consistent with HIPAA, to improve our services and AI, for analytics, and for research and medical studies.

4. How Your Information Is Shared

We share your information only as needed to provide the Services:

  • Your Provider: with your Provider and the people your Provider authorizes to access your care.
  • Subprocessors: with vetted third-party providers (for example, for hosting, video, email, fax, e-prescribing, claims clearinghouse, and payments) that act under Business Associate Agreements and may use your information only to provide their service. The list is available on request.
  • Legal: when required by law, or to protect the safety, rights, or security of patients, providers, or the Platform.

5. How Your Information Is Protected

We protect your information with administrative, physical, and technical safeguards, including encryption in transit and at rest, access controls, audit logging, and continuous monitoring. Health information is processed and stored within the United States.

6. Your Rights

Your rights to access, amend, or receive an accounting of disclosures of your medical record are exercised through your Provider, who controls that record. If you ask Whadata to exercise such a right, we will refer you to your Provider and assist your Provider in responding. You may contact us at any time with questions or concerns about how the Platform handles your information.

7. Children

Where the Platform is used to support care for a minor, a parent or legal guardian typically accesses the portal on the minor's behalf, consistent with your Provider's policies and applicable law.

8. Changes to This Notice

We may update this Notice from time to time. The current version will be posted in the Patient Portal and at whadata.com/patient-privacy with an updated date.

9. Contact

For questions about your care or your medical record, contact your Provider. For questions about how the Platform handles your information, contact Whadata at .