Last updated: 12/15/2025
This Privacy Policy explains how Wist.health, Inc. (“Wist”, “we”, “us”, or “our”) collects, uses, and discloses information about individuals who use our mobile applications, websites, and related online services (the “Services”) that are made available to them through their employer or another sponsoring organization (each, a “Customer”). In most cases, you are accessing Wist because your employer, benefits provider, or another organization has purchased or granted you access. This Policy describes how we handle your information in that context.
This Policy applies to individuals who are 18 years of age or older and who are located in the United States. By using the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Policy, you should not use the Services.
We may update this Privacy Policy from time to time. When we make changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice, such as by displaying a notice within the Services or sending you an email.
Wist provides the Services to Customers under a contractual agreement. The Customer then enables access to Wist for its eligible population, such as employees or members (“End Users”). In that relationship, Wist typically acts as a service provider to the Customer, delivering stress management and well-being tools to End Users on the Customer’s behalf.
This Privacy Policy describes how we handle personal information about End Users, as well as information about Customer contacts such as HR or benefits administrators. It does not change or replace the contractual terms between Wist and any Customer. If there is any conflict between this Privacy Policy and an agreement between Wist and a Customer, that agreement may control to the extent permitted by law, particularly with respect to how we provide aggregated or de-identified reporting to that Customer.
We collect information about you in several ways, including when you provide it directly, when a Customer provides it to us, and when you use the Services.
We collect information that you choose to provide directly to us. For example, you may provide information when you activate your account, complete check-ins or reflections, write journal entries, respond to questionnaires or surveys, set preferences or goals, contact us for support, or participate in pilots, research, or promotions.
The information you provide can include account and contact information such as your name, your work or personal email address (depending on how your Customer provisions your account), the name of your employer or other sponsoring organization, and information such as your department, location, or role, if you or your organization choose to share those details.
You may also provide well-being and stress-related information, including self-reported stress or mood levels, areas of focus or concern such as workload, relationships, or sleep, and answers to well-being, stress, or related questionnaires or scales.
A particularly sensitive category of information we collect is what we refer to as “Conversation and Reflection Data.” This includes the messages you exchange with Joy, our AI assistant, and the entries and reflections you create in features such as Check-in, Daily Sync, Reflect/AutoJournal, and similar journaling or reflection tools. It also includes any tags or categories you apply to your reflections, such as “work,” “family,” or “burnout.” We recognize that this type of information is especially sensitive, and we design our systems and policies to treat it accordingly.
In addition, we collect information contained in your feedback and communications with us, such as messages you send to our support team, responses to product surveys, and any other information you choose to include when communicating with Wist.
Wist does not ask you or want you to upload medical records or enter sensitive personal information such as passport, credit card, driver’s license, or date of birth. We are not currently acting as a HIPAA covered entity.
When you use the Services, we automatically collect certain information about your activity and your device. This includes information about how you use the Services, such as which features and modules you access (for example, Check-in, Reflect, Explore, Circle, or Profile), which activities and content you view or complete, the dates and times when you use the Services, how long your sessions last, and actions you take in the app, such as marking a goal as complete or starting a breathing exercise.
We also collect technical and log information, such as your IP address (which may be used to infer general location), device type, operating system, app version, language settings, access times, the pages or screens you view, and diagnostic information such as error logs and crash reports.
Based on the information we collect, we may generate or infer additional information about you. For example, we may assign internal identifiers or pseudonymous IDs that we use internally to associate your account with your well-being data instead of using your name or email address wherever possible.
We may also derive metrics that describe how you use the Services over time, such as indicators of how consistently you engage with Wist, whether your reported stress appears to be trending upward or downward, or which categories of activities you use most often. In addition, we generate aggregated analytics, such as group-level statistics that describe how certain populations use Wist. These aggregated analytics are designed so that individual End Users are not identifiable.
We may receive information about you from your employer or other Customer. For example, a Customer may provide basic roster or eligibility information such as your name, email address, employee ID, department, location, or job role so that we can set up and manage accounts, determine eligibility, and ensure access is provided to the appropriate population. A Customer may also provide information about your status with the organization, such as whether you are active or inactive, so that we can enable or disable your access to the Services.
If you or your organization choose to connect third-party services to Wist, we may receive information from those services in accordance with the permissions you grant. For example, if you connect a calendar integration, we may receive information such as meeting times and titles. If you connect compatible health or activity devices or apps, we may receive information such as step counts, sleep duration or quality, or heart rate variability, where you have authorized this sharing.
We may also receive limited information from partners or service providers. For example, we might receive confirmation that an access code or benefit has been redeemed, or we may receive information from vendors that help us process support requests or deliver communications.
We use the information we collect for a variety of purposes related to providing, improving, and supporting the Services and our Customers.
We use information to provide and maintain the Services, which includes creating and managing your account, authenticating you when you log in, delivering features such as Check-in, Reflect, Explore, Circle, and Profile, and enabling you to track your stress, mood, and other well-being indicators over time. We also use information to personalize your experience by tailoring content, nudges, activities, and suggestions to your context and preferences.
We use information to support your well-being and stress management. This includes helping you notice patterns in your stress and mood, offering guidance about moments in your day when a short activity might be helpful, and presenting micro-interventions designed to fit into a typical workday. The Services are intended to help you build and sustain healthy habits over time, but they do not replace professional medical or mental health care.
We use information to improve and develop the Services. We analyze usage and performance data to understand how people interact with Wist, which features are working well, and where users may encounter friction. We use these insights to refine Joy’s behavior, to improve our content and interventions, and to design new tools and features. In doing so, we often rely on aggregated and de-identified data to understand trends without focusing on individuals.
We also use information to train and refine our AI models. By default, we may use aggregated or de-identified information—for example, statistics about feature usage, high-level patterns in stress scores, or general language patterns—in order to improve our algorithms and models. In some cases, we may ask you to opt in to allow us to use additional Conversation and Reflection Data to train or refine AI models. If you choose to opt in, we apply processes designed to remove or reduce direct identifiers, such as your name or email address, before using that data for training. We use this data only to operate, secure, and improve Wist and related services, and you may withdraw your consent for future use at any time. Withdrawing consent does not affect training that has already occurred, but we will not use additional Conversation and Reflection Data from you for those training purposes going forward if you opt out.
We use information to provide aggregated insights to Customers. For example, we may generate reports that show overall stress or well-being trends across an organization or team, engagement metrics describing how many eligible users are using Wist and how often, or information about which categories of activities are most popular. These reports are based on aggregated and/or de-identified data and are designed so that individual End Users are not identifiable. We do not share your individual messages, journal entries, or specific check-ins with Customers.
We use information to maintain the security and integrity of the Services, including detecting, investigating, and preventing fraudulent or abusive activity, protecting the rights, property, or safety of Wist, End Users, Customers, or others, and monitoring and troubleshooting performance and reliability issues.
Finally, we use information to communicate with you and our Customers. We may send you transactional messages about your account, such as security alerts or notices about changes to our terms and policies. We respond to your questions and support requests. We provide Customers with operational and utilization information at an aggregated level, consistent with our contracts and this Policy. We may also send you optional messages about product updates, tips, or surveys; where required, you can control or opt out of these communications as described below.
We do not use your individual-level data to make employment decisions, such as performance evaluations, promotions, or disciplinary actions.
We disclose information about you in the ways described below or as otherwise described at the time of collection.
We disclose information to service providers that perform services on our behalf. These providers help us with functions such as cloud hosting and infrastructure, analytics and performance monitoring, customer support tools, and email or notification delivery. Service providers are permitted to use your information only on our instructions and are required to protect it appropriately.
If your access to Wist is provided by a Customer, we disclose certain information to that Customer. In particular, we may share aggregated and/or de-identified information about how the Customer’s population uses Wist, such as overall engagement metrics or group-level trends in stress or well-being. We may also share limited account information needed to manage access, such as whether an account is active or when it was last used in general terms. We do not disclose your individual messages with Joy, your individual journal entries or reflections, or your specific check-ins or scores in a form that identifies you personally. Our reports to Customers are designed so that they cannot reasonably be used to identify individual End Users, and we do not permit Customers to use Wist as a tool for individual-level performance management or surveillance.
We may share information with professional advisors such as lawyers, auditors, and consultants when doing so is reasonably necessary to obtain advice, manage risk, or protect our business interests.
We may disclose information if we believe in good faith that doing so is reasonably necessary to comply with applicable laws or legal processes, to respond to valid requests from law enforcement or regulatory authorities, or to protect the rights, property, or safety of Wist, End Users, Customers, or the public.
We may disclose or transfer information in connection with a business transaction, such as a merger, acquisition, reorganization, financing, or sale of all or a portion of our business. In such cases, we will require the recipient to honor the commitments we have made in this Privacy Policy or to notify you and, where required, give you choices before the information is handled differently.
We may disclose information with your consent or at your direction. For example, if you participate in a research study that involves sharing certain data with a research institution, or if you enable a specific integration that sends data to a third party outside of Wist, we will disclose information as described to you at the time and with your permission.
We may also share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for purposes such as research, analytics, or public reporting on general stress and well-being trends.
We may use third-party analytics services to help us understand how the Services are used and how we can improve them. These services may collect information such as your device identifiers, IP address, usage patterns, and other technical details about your interaction with the Services, and they may use cookies or similar technologies to do so.
Wist is offered as a B2B well-being product and not as an ad-supported consumer application. At this time, we do not sell personal information and we do not use your information for cross-context behavioral advertising for third parties. If our practices change in the future, we will update this Privacy Policy and, where required by law, provide appropriate notices and choices.
You can typically control or limit cookies and similar technologies through your browser or device settings. However, certain parts of the Services may not function properly if you disable these technologies.
Wist is based in the United States, and we store and process information primarily in the United States. The Services are currently intended for End Users located in the United States. If you choose to use the Services from another country, you understand that your information will be transferred to, stored, and processed in the United States, which may have different data protection laws than the laws of your country.
We retain personal information for as long as reasonably necessary to provide and maintain the Services for you and for our Customers, to fulfill the purposes described in this Privacy Policy, to comply with legal, regulatory, or contractual obligations, and to resolve disputes and enforce our agreements.
If your employer or other Customer ends its relationship with Wist, or if your employment status changes, we may deactivate your account in accordance with our agreement with that Customer. We may retain certain information after deactivation where we are required or permitted to do so by law or contract. If you request deletion of your account directly from Wist, we may need to coordinate with your employer or sponsoring organization. Subject to legal and contractual obligations, we will delete or de-identify personally identifiable information within a reasonable period, while retaining de-identified or aggregated information that does not reasonably identify you.
We use technical and organizational measures designed to protect your information and to reduce the risk of loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures include encrypting data in transit and at rest where supported by our infrastructure, applying role-based access controls and least-privilege principles to production systems, separating direct identifiers such as your name and email address from well-being and Conversation and Reflection Data where feasible through the use of internal IDs, and logging and monitoring access to critical systems. We also review and update our security practices periodically.
No method of transmission over the internet or method of electronic storage is completely secure. Although we work hard to protect your information, we cannot guarantee absolute security. We encourage you to use unique, strong passwords and to take other steps to help protect your personal information.
Depending on your location and the laws that apply, and subject to our contracts with Customers, you may have certain rights with respect to your personal information. These may include the right to request access to information we hold about you, the right to request correction of inaccurate information, and the right to request deletion of some information, subject to legal and contractual exceptions. You may also have the right to opt out of certain uses of your information, such as particular types of communications.
You can exercise many choices directly within the Services, for example by updating your profile information, disconnecting third-party integrations, or adjusting certain notification settings. For other privacy-related requests, you may contact us using the information in the “Contact Us” section below. We may need to verify your identity before responding to your request, and in some cases we may need to coordinate with your employer or sponsoring organization, particularly where the Customer controls certain aspects of your data.
We will not discriminate against you for exercising your privacy rights.
We may send you emails or other communications about your use of the Services, your account, security, and other important matters. Because these communications are part of the Services, you generally cannot opt out of them while you have an active account.
We may also send you optional communications, such as product updates, tips, or invitations to participate in surveys or research. You can opt out of promotional emails by following the instructions in those messages or, where available, by adjusting your preferences within the Services. Even if you opt out of promotional emails, we may still send non-promotional messages related to your account or the Services.
With your permission, we may send push notifications to your mobile device. You can disable push notifications at any time by changing the settings on your device or, where available, within the app.
If you are a California resident, California law may provide you with additional rights regarding your personal information. In this section, “personal information” has the meaning given in the California Consumer Privacy Act (CCPA), as amended.
In the preceding 12 months, we may have collected identifiers such as your name, email address, IP address, and internal identifiers; professional or employment-related information such as your employer, department, or role; internet or network activity information such as usage and log data; and inferences drawn from the information we collect, such as engagement segments. We collect these categories of personal information for the business purposes described in this Privacy Policy, including providing and improving the Services, supporting your well-being, communicating with you and our Customers, and maintaining security.
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.
California residents may exercise the rights described in the “Your Privacy Rights and Choices” section, such as rights to access, correct, or delete certain personal information, subject to legal and contractual limits. When you make a request, please indicate that you are a California resident. We may need to verify your identity and, in some cases, coordinate with your employer or sponsoring organization in order to fulfill your request.
The Services are intended only for individuals who are 18 years of age or older and are typically provided in a workplace or organizational context. We do not knowingly collect personal information from children under 18 years old. If we learn that we have inadvertently collected personal information from a child under 18, we will take reasonable steps to delete it.
The Services are currently intended for End Users located in the United States. We do not actively market or target the Services to individuals in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions with distinct data protection requirements. If our geographic scope changes in the future, we will update this Privacy Policy and implement any additional measures required by applicable law.
If you have any questions about this Privacy Policy or our data practices, or if you would like to exercise your privacy rights, you may contact us at:
Email: info@wist.health
If you contact us in connection with a workplace program, please include the name of your employer or sponsoring organization so that we can route and handle your request appropriately.