Book a Demo

Privacy Policy

How PathwAI Labs LLC collects, uses, and safeguards information across its website and platform.

Last updated: February 5, 2025

Effective as of February 5, 2025

1. About This Policy

PathwAI Labs LLC (“PathwAI”, “we”, “us”, or “our”) provides a multi-tenant, white-label platform that enables digital health companies (our “Customers”) to build patient engagement flows, conversion funnels, and activation experiences, along with the supporting data infrastructure to operate them in a compliant manner (collectively, the “Platform” or the “Services”).

This Privacy Policy explains how we handle information in connection with our public website at pathwai.care (the “Website”) and our Services. It is written for two audiences: visitors to our Website and representatives of prospective and current Customers (together, the kinds of information described in Section 3 as “Business Information”), and individuals whose information is processed through the Platform on behalf of our Customers (described in Section 4 as “Customer Data”).

Because of how our Platform is designed, the way we handle information depends on the role we occupy. For Business Information we collect directly, we act as the controller and this Policy governs our practices. For Customer Data processed through the Platform, we act as a service provider and processor on behalf of our Customers, and our handling is governed by our agreements with those Customers rather than by this Policy. Section 4 explains this distinction in detail.

Capitalized terms not defined in this Policy have the meanings given to them in the applicable agreement between the parties and, where applicable, our Business Associate Agreement.

2. Scope and Applicability

This Policy applies to the Website and to PathwAI’s own processing of Business Information. It does not apply to:

  • Customer products and websites. Our Customers operate their own patient-facing properties using the Platform. Each Customer maintains its own privacy notice and is responsible for the relationship with, and disclosures to, its own end users.
  • Third-party services. The Website and Platform may reference or integrate with third-party services that have their own privacy practices. We are not responsible for the practices of those third parties, and their inclusion does not signify our endorsement.

3. Business Information We Collect

“Business Information” is the information we collect directly from Website visitors and from representatives of prospective and current Customers. This includes:

  • Contact and account details. Name, business email address, employer, role, and similar business contact information you provide when you request a demo, contact us, or create an account on the Platform.
  • Communications. The contents of messages, support requests, and feedback you send to us, along with our responses.
  • Billing details. Business billing and payment information necessary to administer a Customer’s subscription. Card processing is performed by our payment processor, and that processor’s handling of payment information is governed by its own terms and privacy policy.
  • Device and usage information. When you visit the Website or use the Platform’s administrative interface, we automatically collect information such as IP address, approximate location derived from IP address, browser type, operating system, referring and exit pages, device identifiers, and diagnostic data. We use this information to operate and secure the Website and Platform and to resolve errors.
  • Cookies and similar technologies. We use cookies and similar technologies on the Website and administrative interface to provide functionality, remember preferences, and understand usage. See our Cookie Policy for details and choices.

We do not seek to collect protected health information through the Website or our marketing activities. Please do not submit health information about yourself or others through Website contact forms.

4. Customer Data and Our Role as a Processor

“Customer Data” is the information that our Customers, and the end users of our Customers, create, submit, or generate through the Platform. This may include patient and prospective-patient information, event and activity data captured through flows and the PathwAI beacon, and, where a Customer configures the Platform to handle it, protected health information.

  • Customers are the controllers. Our Customers determine what information is collected through their flows, for what purposes, and with whom it is shared. The Customer, not PathwAI, owns the relationship with its end users and is responsible for providing privacy notices, obtaining any required consents, and honoring individual rights requests.
  • PathwAI is a processor and service provider. We process Customer Data only to provide and support the Services, and only in accordance with our Customer agreements and the documented instructions of the relevant Customer. We do not use Customer Data for our own independent purposes, and we do not sell Customer Data.
  • HIPAA. Where a Customer uses the Platform to create, receive, maintain, or transmit protected health information, PathwAI acts as a Business Associate and our handling of that information is governed by our Business Associate Agreement with that Customer.
  • Individual requests. If you are an end user of one of our Customers and you wish to access, correct, or delete information about you, please contact the Customer that operates the service you used. We will support our Customers in responding to those requests as described in our agreements with them. If you contact us directly, we may refer your request to the relevant Customer.

5. How We Use Information

We use Business Information for the following purposes:

  • To provide and operate the Platform. Including authenticating users, provisioning accounts, delivering the Services, and providing support.
  • To communicate with you. Including responding to inquiries, sending service-related notices, and, where you have not opted out, sending information about features and offerings that may be relevant to your use of the Platform.
  • To secure the Platform. Including verifying accounts and activity, monitoring for suspicious or fraudulent activity, and identifying violations of our terms.
  • To improve the Platform. Including understanding usage patterns, diagnosing problems, and developing new features. Where we analyze usage to improve the Platform, we use aggregated or de-identified information wherever practicable.
  • To comply with law. Including meeting legal, regulatory, accounting, and reporting obligations.

Our use of Customer Data is limited to providing and supporting the Services on behalf of the relevant Customer, as described in Section 4 and in our Customer agreements.

6. Conversion Tracking and Advertising Integrations

The Platform includes server-side conversion tracking and audience activation features that Customers may choose to configure. When enabled by a Customer, these features can capture advertising click identifiers (for example, identifiers passed by Meta, Google, and TikTok), attribute conversions, and transmit conversion signals and hashed audience identifiers to advertising platforms on the Customer’s behalf and under the Customer’s direction.

  • Customer configured; consent is the Customer’s responsibility. These features operate only where a Customer enables and configures them. The Platform supports passing an end user’s consent state with events, and certain advertising fan-outs are designed to honor that consent state. Capturing consent, presenting consent controls, and determining when consent is required, however, are the responsibility of the Customer as controller. PathwAI does not warrant that any feature is, by default, configured to satisfy the consent requirements applicable to a given Customer or its end users.
  • Identifiers are minimized and hashed. Where identifiers are sent to advertising platforms for matching, they are hashed before transmission, and information is limited to what the relevant Customer has allowlisted for that destination.
  • No sale of Business Information. We do not sell Business Information, and we do not share Business Information with advertising platforms for those platforms’ own independent marketing purposes. Conversion and audience activation through the Platform is performed as a processor on behalf of our Customers in connection with their own advertising.

Customers are responsible for ensuring that their use of these features, and the disclosures and consents they provide to their own end users, comply with applicable law and the terms of the relevant advertising platforms.

7. How We Share Information

We share information only as necessary to operate our business and provide the Services, and we limit shared information to what is reasonably necessary for the relevant purpose. We may share information with:

  • Service providers and subprocessors. Third parties that help us operate the Website and Platform, such as cloud hosting and infrastructure, analytics infrastructure, and customer support tooling. These providers act on our instructions and are bound by obligations to protect information. Where a provider processes protected health information on our behalf, that provider is bound by a business associate agreement.
  • At a Customer’s direction. For Customer Data, with the destinations and integrations that the relevant Customer configures, including advertising platforms and the Customer’s own connected systems.
  • Legal and safety. Where we believe in good faith that disclosure is necessary to comply with applicable law, respond to lawful requests from public authorities, enforce our agreements, or protect the rights, property, or safety of PathwAI, our Customers, or others.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, in which case information may be transferred to the successor entity, which will continue to be bound by this Policy or a successor policy consistent with it.

We do not sell Business Information, and we do not share it for the independent marketing purposes of third parties.

8. Subprocessors and Infrastructure

We rely on trusted third-party providers to deliver the Services, including cloud infrastructure and analytics infrastructure providers. We evaluate the security and privacy practices of providers that handle information on our behalf as part of our vendor review process, and we maintain appropriate agreements with them, including business associate agreements where they process protected health information. Additional detail about our security practices is available on our Trust Center.

9. Data Retention

We retain Business Information for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, maintain business records, and satisfy legal, accounting, and regulatory requirements. When information is no longer needed, we take steps to delete or de-identify it.

We retain and dispose of Customer Data in accordance with our agreements with the relevant Customer. Where we act as a Business Associate, retention and return or destruction of protected health information is governed by our Business Associate Agreement.

10. Security

We take the security of information seriously and implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, use, alteration, and disclosure. These safeguards include encryption of data in transit and at rest, access controls based on the principle of least privilege, and ongoing monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work continuously to protect the information in our care.

11. Your Choices and Rights

Depending on where you live, you may have rights regarding your personal information, such as the right to access, correct, delete, or restrict the processing of your information, and the right to object to certain processing.

  • Business Information. If you have a question or request regarding Business Information we hold about you, contact us using the details in Section 14, and we will respond within a reasonable timeframe consistent with applicable law.
  • Customer Data. If you are an end user of one of our Customers, please direct access, correction, and deletion requests to that Customer, which controls the information. We will support our Customers in fulfilling those requests as described in our agreements.
  • Marketing communications. You may opt out of marketing communications at any time by following the unsubscribe instructions in those messages. We may still send you non-promotional messages, such as messages about your account or our ongoing business relationship.
  • Meta app data deletion. If you connected PathwAI through Meta and want data we received from Meta deleted, you can submit a request from your Facebook Apps and Websites settings after removing the app. You can also review request status on our Meta Data Deletion page using the confirmation code provided in Meta’s flow.

12. International Transfers

PathwAI is based in the United States, and the information we process is stored and processed in the United States. If you access the Website or Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where privacy laws may differ from those of your jurisdiction. We take appropriate steps to protect information consistent with this Policy and applicable law.

13. Privacy of Minors

The Website and the administrative interface of the Platform are intended for business users and are not directed to children. We do not knowingly collect personal information from children through the Website. Any collection of information relating to minors through a Customer’s patient-facing service is determined and controlled by that Customer, and is subject to that Customer’s privacy notice and applicable law.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

PathwAI Labs LLC
[email protected]
[email protected]

15. Changes to This Policy

If this Privacy Policy changes, the revised policy will be posted on the Website, and if we make material changes we may provide additional notice. Your continued use of the Website or Services after the effective date constitutes acceptance of the amended Policy. Any amended Policy supersedes all previous versions. This Privacy Policy was last updated on February 5, 2025.