Ward Health Consumer Health Data Privacy Policy
Effective date: June 18, 2026
Last updated: June 18, 2026
What this policy covers
This policy describes how Ward Health ("Ward," "we," "us") collects, uses, and shares "consumer health data" as defined by the Washington My Health My Data Act.
It does not cover Protected Health Information ("PHI") that Ward processes as a HIPAA business associate on behalf of healthcare facilities. PHI is governed by HIPAA, our Business Associate Agreements with those facilities, and the facilities' own privacy practices, and is exempt from MHMDA. This policy addresses only consumer health data that falls outside HIPAA.
Categories of consumer health data we collect, and how we use it
Ward is a workplace tool used by clinical staff and facility administrators. We do not seek to collect consumer health data about our own users or website visitors. To the extent any information we collect outside the HIPAA context is "consumer health data" under MHMDA, it may include:
- health-related information a person voluntarily includes when they contact us or submit our waitlist form; and
- information that could reasonably be linked to a person's health status because of the health-care context in which we collect it (for example, that someone is a clinician at a behavioral-health facility).
We use this information only to:
- respond to your inquiry or provide the service or information you requested;
- operate, secure, and support our product and website; and
- meet our legal and security obligations.
Categories of sources
We collect this information from:
- you directly, when you contact us, join our waitlist, or use the Ward app or dashboard; and
- automatically from your device or browser when you interact with our app or website.
Categories of consumer health data we share
We do not sell consumer health data, and we do not share it for advertising. We share consumer health data only with service providers (processors) that help us operate our product and website, and only as needed to provide their service to us under contract, and when required by law.
Categories of third parties and affiliates we share with
- Service providers (processors): cloud hosting and backend (Supabase), transactional email (Resend), error diagnostics (Sentry), and product analytics (PostHog). Each is bound by contract to use the information only to provide services to us.
- Affiliates: we do not share consumer health data with our affiliates.
- Legal: when required by law or to protect rights and safety.
Your rights
If you are a Washington resident, you have the right to:
- confirm whether we collect, share, or sell your consumer health data, and access it;
- withdraw consent to our collection and sharing of your consumer health data; and
- delete your consumer health data.
To exercise any of these rights, contact us at privacy@ward.health. We will respond within the time MHMDA requires. You may appeal a denial by replying to our decision; if we deny your appeal, you may contact the Washington State Attorney General at https://www.atg.wa.gov/file-complaint.
Consent and sale
We collect and share consumer health data only as needed to provide a product or service you have requested, or with your consent. We do not sell consumer health data. Selling consumer health data would require your separate, written authorization, which we do not seek.
Contact
Email: privacy@ward.health