Privacy

Privacy Policy

Last Updated: February 4, 2026

1. Scope

This Privacy Policy applies to (a) the WaveGrid marketing website and related pages, and (b) the WaveGrid service when used by business customers such as clinics, health systems, telehealth organizations, and pharmacies.

For service interactions involving patients or other end users, WaveGrid generally processes information on behalf of the customer organization. Those organizations may provide their own privacy notices, and their terms may govern certain processing decisions.

2. Information We Collect

Website and marketing information

Contact details you provide when requesting an intro call or demo (for example: name, email, phone, organization, and meeting details).
Scheduling request data and form responses submitted through linked scheduling experiences.
URL and campaign information, including UTM parameters passed through links and scheduling pages.
Device, browser, and log data generated when you visit the website.
Cookie or similar data used to support core site functionality and understand site usage trends.

Service information (for customer deployments)

Scheduling and intake information configured by the customer.
Message content and metadata for SMS, email, and web interactions.
Call metadata and, where enabled by customer configuration, call recordings and call transcripts.
If the scribe module is used: visit audio, transcripts, and generated documentation artifacts (such as note drafts and summaries).
Operational metadata such as timestamps, routing, confidence signals, escalations, and activity logs.

Depending on customer configuration and use case, these categories may include identifiers and may include health-related information.

3. How We Use Information

We use information to:

Provide and operate the website and WaveGrid service.
Deliver scheduling, messaging, orchestration, and handoff workflows requested by customers.
Provide customer support, troubleshooting, and implementation services.
Monitor security, prevent abuse, investigate incidents, and maintain platform reliability.
Generate reporting, product analytics, and service performance insights.
Improve product quality, including model and workflow quality, consistent with customer agreements and applicable law.
Meet legal, regulatory, contractual, and enforcement obligations.

4. HIPAA and PHI / Business Associate Context

WaveGrid is designed to support HIPAA workflows, and a Business Associate Agreement (BAA) is available for eligible customers.

For covered-entity or business-associate customers, WaveGrid may act as a Business Associate and process Protected Health Information (PHI) only as permitted by customer instructions, the BAA, and applicable services agreements.

The marketing website is not intended to collect PHI. Please do not submit medical or other sensitive health information through marketing forms or intro-call requests.

6. Cookies and Tracking

We and our service providers may use cookies or similar technologies for website operation, session continuity, and usage insights. We also pass UTM parameters through intro-call links so campaign source data can persist into scheduling workflows.

You can adjust browser settings to block or delete cookies, though some site features may not function as expected.

We may use basic analytics tools to understand site usage. We do not sell personal information, and we do not intend to use advertising pixels for cross-context behavioral advertising without updating this policy.

7. Data Retention

We retain information for as long as needed to provide services, satisfy legal obligations, resolve disputes, and enforce agreements.

Service-data retention periods are generally controlled by customer configuration and contract terms, including any BAA. We may retain security and audit logs for limited periods needed to protect systems and investigate incidents.

Upon validated customer request or contract termination, we support deletion or return processes as required by contract and applicable law.

8. Security

We use administrative, technical, and organizational safeguards designed to protect information, including encryption in transit and at rest, access controls, and audit-oriented logging.

We also maintain a vendor review posture for critical service providers. No security program is infallible, and we cannot guarantee absolute security.

9. Your Rights and Choices

Marketing communications

You can opt out of marketing emails by using the unsubscribe link in the email or by contacting us.

US state privacy rights

Depending on your state, you may have rights to request access, deletion, correction, and portability of personal information, and rights to opt out of certain sharing or sale. We do not sell personal information or share personal information for cross-context behavioral advertising as currently implemented.

Patients and other end users

If you interacted with a WaveGrid workflow on behalf of a healthcare provider or other customer, direct privacy requests to that organization first, because it usually controls the data and workflow decisions. We will assist customers and may respond directly where required by law.

10. International Visitors

WaveGrid is operated in the United States and is intended primarily for US healthcare operations. If you access the website or service from outside the US, your information may be transferred to and processed in the US or other jurisdictions where our providers operate.

11. Children

The website and service are not directed to children. Customer organizations are responsible for configuring patient workflows and consent practices appropriate to their populations and legal obligations.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will revise the "Last Updated" date and post the new version on this page.

13. Contact

For privacy questions or requests, contact privacy@wattsonhealth.com.

Legal entity: Wattson, Inc.
Mailing address: 18117 Biscayne Blvd #66777, Miami, FL 33160