About Us Work With Us Free Resources

Privacy Policy

1. Introduction
WEHEAL, Inc. ("WEHEAL," "ConnectionDocs," "we," "us," or "our") operates ConnectionDocs.com (the "Site") and provides online educational courses and one-on-one healthcare consulting services (collectively, the "Services"), primarily to individuals navigating cancer diagnoses and related health conditions.

We take the privacy and confidentiality of your information seriously. This Privacy Policy explains what information we collect, how we use and share it, how we protect it, and the rights you have in relation to that information.
Because our Services touch sensitive health matters, we encourage you to read this policy carefully. By accessing or using the Services, you acknowledge the practices described below.

2. Scope and Hybrid Regulatory Model
ConnectionDocs operates a hybrid model that provides both medical and non-medical services:

Medical services provided by licensed physicians are subject to applicable healthcare privacy laws, including the U.S. Health Insurance Portability and Accountability Act (HIPAA). Patients receiving medical services are provided with a separate Notice of Privacy Practices (NPP) that governs the use and disclosure of Protected Health Information (PHI) in that context. Where the NPP conflicts with this Privacy Policy, the NPP controls with respect to PHI.

Non-medical services — including coaching, education, online courses, and general consulting — are not HIPAA-covered services. This Privacy Policy governs information collected in connection with those services. We nonetheless apply reasonable administrative, technical, and physical safeguards to protect personal information across all Services.

As part of our integrated care model, information may be shared among members of your care team — including physicians, coaches, educators, and other support providers — to support coordination, continuity, and effective care. Where applicable law requires your authorization for such sharing, we will obtain it.

3. Information We Collect
3.1 Information You Provide Directly

Account and contact information: name, email address, phone number, mailing address, date of birth, emergency contact.
Billing information: payment details are processed by our payment processor (Stripe). We do not store full card numbers on our systems; we retain limited transaction metadata (e.g., last four digits, transaction ID, amount).
Health and medical information, which may include:

  • Medical diagnoses and health history
  • Laboratory results and imaging reports
  • Treatment plans, medications, and clinical notes
  • Uploaded medical records and documents
  • Lifestyle information (nutrition, sleep, physical activity, stress)
  • Information shared during consultations, coaching sessions, messaging, or course participation
  • Family/guardian information where a minor is receiving services with parental involvement.
  • Communications you send to us (email, messages, consultation recordings where consented).
  • Course activity (enrollment, progress, discussion posts).

3.2 Information Collected Automatically
When you use the Site, we and our service providers may collect:

  • Device and browser information (IP address, device type, operating system, browser type)
  • Log data (pages viewed, timestamps, referring URLs)
  • Cookies and similar technologies (see Section 9)
  • Approximate location derived from IP address

3.3 Information from Third Parties
We may receive information from:

  • Healthcare providers or laboratories (with your authorization)
  • Third-party platforms you use to interact with us (e.g., scheduling or video platforms)
  • Family members or authorized representatives acting on your behalf


4. How We Use Your Information
We use information to:

  • Provide, deliver, and administer the Services, including medical care, coaching, and courses
  • Coordinate care among members of your care team
  • Communicate with you about appointments, courses, account matters, and follow-up care
  • Process payments and manage billing
  • Personalize educational content and recommendations
    Improve the Site, Services, and user experience
  • Maintain security, prevent fraud, and enforce our Terms of Service
  • Comply with legal, regulatory, licensing, and accreditation obligations
  • Send marketing communications only with your consent where required by law; you may opt out at any time

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising.

5. Legal Bases for Processing (GDPR / UK GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Consent — for processing special categories of data (including health data), marketing communications, and non-essential cookies.
  • Contract — to provide Services you have requested.
  • Legal obligation — to comply with applicable laws, including healthcare, tax, and accounting requirements.
  • Vital interests — in rare circumstances where processing is necessary to protect someone's life.
  • Legitimate interests — for Site security, fraud prevention, service improvement, and limited administrative purposes, balanced against your rights.

For health data specifically, we rely on your explicit consent and/or the provision of healthcare under Article 9(2)(a) and Article 9(2)(h) GDPR.

6. How We Share Information
We share information only as described below:

  • Care team members — physicians, coaches, educators, and support staff involved in your care.
  • Service providers / processors acting on our behalf under confidentiality and data-protection obligations, including:
  • Google Workspace (Docs, Sheets, Drive, Meet, Gmail) — document storage and communications
  • Kajabi — course hosting and website infrastructure
  • Zoom — video consultations
  • GoHighLevel - scheduling, email & SMS communication
  • Cal.com — scheduling
  • Stripe — payment processing
  • AI tools (e.g., ChatGPT, OpenEvidence, Perplexity) — used selectively to support clinical research, content development, and administrative tasks. We do not input identifiable client health information into consumer-grade AI tools unless the tool is configured with appropriate privacy protections (e.g., enterprise agreements with no-training terms) or you have specifically consented.
  • Google Analytics — website analytics (IP anonymization enabled where available)
  • Professional advisors (attorneys, accountants, auditors) under confidentiality duties.
  • Legal and safety disclosures — where required by law, subpoena, court order, or to protect rights, safety, or property.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to you where required.
  • With your consent or at your direction — for any other sharing.


7. International Data Transfers
WEHEAL is based in the United States, and our service providers may be located in the U.S. and other countries. If you access the Services from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and potentially other jurisdictions whose data-protection laws may differ from those of your country.

Where required (e.g., transfers from the EEA, UK, or Switzerland), we rely on appropriate safeguards, including Standard Contractual Clauses and the UK International Data Transfer Addendum, and conduct transfer impact assessments where applicable.

International clients: We welcome inquiries from clients outside the United States. Medical services may be limited based on physician licensing and regulatory requirements in your jurisdiction; we will discuss applicable constraints before beginning a medical engagement, and may consult legal counsel as needed.

Educational and non-medical services are generally available internationally, subject to local law.

8. Data Retention
We retain personal information for as long as needed to provide the Services and for legitimate business, legal, regulatory, and medical-records purposes. Retention periods vary by data type:

  • Medical records: retained in accordance with applicable state and federal law (typically 7+ years; longer for minors).
  • Billing and tax records: retained as required by tax and accounting laws (typically 7 years).
  • Account and course records: retained while your account is active and for a reasonable period thereafter.
  • Marketing data: retained until you unsubscribe or withdraw consent.

When information is no longer needed, we securely delete or de-identify it.

9. Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Site, remember preferences, analyze usage, and (where you consent) support marketing. Categories include:

  • Strictly necessary (site functionality, authentication)
  • Analytics (e.g., Google Analytics)
  • Functional (preferences, language)
    Marketing (only with consent where required)

You can manage cookies via your browser settings and, where available, through our cookie banner. Disabling certain cookies may limit Site functionality.

We currently do not respond to browser "Do Not Track" signals but honor Global Privacy Control (GPC) signals where required by law.

10. Your Privacy Rights
Depending on your location, you may have some or all of the following rights:

  • Access a copy of your personal information
  • Correct inaccurate information
  • Delete your information (subject to legal retention requirements)
  • Restrict or object to certain processing
  • Portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time (without affecting prior lawful processing)
  • Lodge a complaint with your supervisory authority (EEA/UK) or the relevant state Attorney General

10.1 California Residents (CCPA/CPRA)
Californians have the rights to know, delete, correct, and limit the use of sensitive personal information, as well as the right to non-discrimination for exercising these rights. We do not sell personal information and do not share it for cross-context behavioral advertising. We collect sensitive personal information (including health data) solely to provide the Services you request.

10.2 Other U.S. State Rights
Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights, including the right to appeal a denial of a rights request.

10.3 How to Exercise Your Rights
Contact us at [email protected]. We will verify your identity before fulfilling requests and respond within the timeframe required by applicable law (typically 30–45 days). You may designate an authorized agent to submit requests on your behalf.

11. Security
We maintain administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit, secure hosting, workforce training, and vendor due diligence. For PHI, we apply safeguards consistent with HIPAA's Security Rule.

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify you and regulators as required by applicable law.

12. Minors
Our Services are primarily intended for adults (18+). We may work with minors as part of a family care context, only with the involvement and verifiable consent of a parent or legal guardian. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK) without such consent. If you believe a child has provided information without appropriate consent, contact us and we will take appropriate action.

13. Third-Party Links and Services
The Site may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party service you access.

14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy with a new "Last Updated" date and, where appropriate, by email or in-Service notice. Your continued use of the Services after changes become effective constitutes acceptance.

15. Contact Us
Privacy inquiries, rights requests, and complaints:

WEHEAL, Inc.
Attn: Privacy Officer
4058 13th Street #1066
Saint Cloud, FL 34769
United States
Email: [email protected]

For questions about PHI handled under HIPAA, please also refer to the separate Notice of Privacy Practices provided to you in connection with medical services.