Right to know
You have the right to know what personal information we collect about you, the sources from which we collect it, how we use it, how long we retain it, and to whom we disclose it. This California Consumer Privacy Act Policy provides the required disclosures for California residents.
Note: Wearable Technologies Inc. (WTI) operates as a Business Associate (BA) under HIPAA, not as a Covered Entity (CE). Health information rights exercised under HIPAA must be directed to the Covered Entity responsible for your care (your physician, clinic, or health plan). See our full Notice of Privacy Practices for HIPAA and CMIA rights.
Categories of personal information we collect
The table below identifies the categories of personal information WTI collects, using the statutory categories defined by CCPA (Cal. Civil Code § 1798.140), examples of specific data elements, whether WTI collects that category, and the business purpose for collection.
| Category | Examples | Collected | Purpose |
|---|---|---|---|
| Identifiers | Name, date of birth, device ID, email address, telephone number, IP address | Yes | Service delivery, device registration, account management, care coordination |
| Government Identifiers | Government-issued ID number; Medicare beneficiary number; health insurance member ID | Yes | Service enrollment, billing and care coordination with health care providers and insurers |
| Health / Medical Information | Vital signs (heart rate, oxygen saturation, blood pressure, respiratory rate); mobility and activity data; fall event data; device-generated health metrics | Yes | Core service: transmission of health data to your designated health care provider for clinical review and RPM/CCM services |
| Biometric Information | Physiological signal patterns and waveform data collected by wearable sensors (e.g., heart rate waveforms, motion-based gait data); collected for health data reporting purposes only, not for identification | Yes | Health event detection and reporting. Not used for biometric identification. |
| Precise Geolocation | GPS coordinates when location services are active within WTI software applications | Yes | Emergency response and location-based safety functions. Treated as ePHI. |
| Internet / Network Activity | Device connectivity logs, app usage data, session data necessary for platform operation and security monitoring | Yes | System security, performance monitoring, and service reliability |
| Commercial Information | Service subscription information, device purchase history | Yes | Account management and service administration |
| Financial Account Information | Credit card numbers, bank account information | No | Not collected |
| Private Communications | Personal emails, texts, or private messages not generated through WTI's platform | No | Not collected |
| Genetic Data | Genetic or genomic information of any kind | No | Not collected |
| Sexual Orientation / Gender Identity | Information relating to sexual orientation or gender identity | No | Not collected |
| Citizenship / Immigration Status | Citizenship status, immigration status | No | Not collected |
| Inferences / Consumer Profiles | Inferences drawn from collected data to create a consumer profile or predict preferences, behavior, or characteristics | No | WTI does not create consumer profiles or behavioral inferences |
| Sensory Data (Audio/Video) | Audio, visual, thermal, or similar personal information | No | Not collected in standard service delivery |
| Professional / Employment Information | Occupation, employer, employment history | No | Not collected |
| Education Information | Educational records or history | No | Not collected |
Sources of personal information
WTI collects personal information from the following categories of sources:
- From you directly: Directly from you or your authorized representative, when you or your caregiver enroll in WTI services, register a device, or interact with WTI's applications.
- From your health care provider: From your health care provider (Covered Entity), who engages WTI as a Business Associate to collect and transmit your health data for clinical review purposes.
- From WTI devices and applications: Automatically from your Wear-Tech wearable device and from WTI's software applications when installed and in use on your mobile device (iOS, Android, Apple Watch). Device-generated data includes vital sign readings, mobility data, and device performance logs.
- From WTI's network and systems: From WTI's network infrastructure and security systems, including access logs, connectivity records, and security monitoring data.
- From authorized partner providers: From authorized partner providers with whom your health care provider has established a care coordination relationship, and who are bound by equivalent privacy protections.
How we use your information
WTI uses the personal information it collects for the following specific business and operational purposes. WTI does not use data gathered through its services for commercial purposes outside the scope of services agreed upon. The only commercial use of your data that occurs is within the delivery of agreed services by WTI or authorized partner providers.
Service delivery (primary purpose)
- Collecting and securely transmitting vital sign and health data to your designated health care provider
- Supporting Remote Patient Monitoring (RPM) and Chronic Care Management (CCM) service delivery
- Providing real-time and historical health data to clinical teams for clinical review
- Enabling emergency response functions when location services are active
Operations and security
- Maintaining platform performance, reliability, and security
- Conducting security monitoring, access logging, and incident response
- Diagnosing and resolving device and software issues
Care coordination and billing
- Coordinating care with your health care provider's clinical teams
- Supporting billing for RPM and CCM services to Medicare or your health insurer on behalf of your Covered Entity provider
- Maintaining records as required by law and by our Business Associate Agreements
Legal and regulatory compliance
- Complying with applicable federal and state laws and regulations
- Responding to lawful government requests and legal process
- Maintaining documentation required by HIPAA, CMIA, and other applicable law
What we do not do
- We do not sell your personal information
- We do not share your personal information for cross-context behavioral advertising
- We do not use your information for marketing to you or to third parties
- We do not use your information for employment or insurance underwriting decisions
- We do not use your information for any purpose outside the scope of services agreed upon with you or your health care provider
- We do not create consumer profiles, behavioral inferences, or predictive models from your data
Sensitive personal information
Under CPRA, certain categories of personal information are classified as Sensitive Personal Information (SPI) and receive heightened protection. WTI collects the following categories of SPI:
- Health and medical information (vital signs, mobility data, device-generated health metrics)
- Biometric information (physiological signal patterns and waveform data, used for health data reporting only, not for identification)
- Precise geolocation data (collected through location services when active, treated as ePHI)
- Government identification numbers and health insurance identifiers (collected for service enrollment and billing coordination)
WTI does not use or disclose Sensitive Personal Information for any purpose beyond what is necessary to provide the services you have requested, or as required or permitted by law. WTI does not sell SPI, share SPI for advertising, or use SPI to infer characteristics about you beyond the health data reporting functions of the service.
You have the right to request that WTI limit the use of your Sensitive Personal Information to the purposes described above. To submit a Limit Use of SPI request, contact us using the methods described in the Exercising Your Rights section below.
Automated technology and artificial intelligence
WTI uses artificial intelligence (AI) and automated processing technology in certain of its software products. The following disclosures are made in accordance with California's evolving requirements regarding automated decision-making technology (ADMT):
- What AI is used for: WTI uses AI in certain software products to enhance event detection functions, for example, to identify potential fall events or anomalous vital sign patterns that may require clinical attention.
- Human oversight: All outputs generated by WTI's AI are governed by human oversight. WTI's AI is not autonomous and does not take any action that affects your care without human review. The software and AI operate exclusively as a decision-support tool for licensed health care providers.
- AI updates and training: WTI's AI models are updated exclusively through human input and a supervised development and validation process. The AI does not self-modify or self-train.
- Not a clinical decision-maker: WTI's AI assists with health event detection only. It does not diagnose, prescribe, or make clinical decisions. All clinical decisions are made by your licensed health care provider.
- Data used in AI: Data used in AI event detection is used exclusively for those health event detection functions within the agreed services. AI processing of your data is treated as ePHI and is subject to all HIPAA and CMIA protections.
WTI's use of AI as described above does not constitute automated decision-making that produces legal or similarly significant effects on you. All alerts generated by the AI are reviewed by clinical staff before any clinical response is taken.
Data retention
WTI retains personal information for a standard period of ten (10) years from the date of collection or last service activity, whichever is later. This single retention period applies to all categories of personal information collected, including health data, identifiers, location data, and technical data.
This retention period satisfies:
- HIPAA Business Associate documentation requirements (six-year minimum under 45 CFR § 164.530(j))
- California health record retention requirements for adult patients (seven years from date of service)
- Legal, audit, tax, investigative, and regulatory compliance obligations
Personal information is incorporated into different types of records (service records, device logs, care coordination records) which are retained under the unified ten-year standard. At the end of the retention period, records are securely destroyed or de-identified in accordance with HIPAA Safe Harbor or Expert Determination standards, unless a legal hold, active litigation, or applicable law requires a longer retention period.
Sale and sharing of personal information
WTI does not sell your personal information. WTI does not share your personal information for cross-context behavioral advertising purposes. California law defines "sale or sharing" to include sharing personal information for monetary or other valuable consideration and the sharing of information for cross-contextual advertising purposes. WTI engages in neither.
Information WTI may disclose to third parties
WTI discloses personal information only in the following limited circumstances, none of which constitute a "sale" or "sharing" as defined by California law:
- To your Covered Entity health care provider (your physician, clinic, or health plan), for the delivery of the care services you have requested
- To authorized partner providers engaged by your health care provider in your care, under equivalent privacy protections
- To cloud infrastructure, technology, and security service providers who act as service providers under written agreements that prohibit use of your data for the provider's own purposes (these service providers are bound by contractual restrictions equivalent to Business Associate Agreement requirements)
- To regulatory authorities and government agencies as required by law
- In connection with a merger, acquisition, or sale of substantially all of WTI's assets, subject to the same privacy protections described in this policy
WTI does not knowingly sell or share personal information of consumers under 16 years of age.
Your California privacy rights
As a California resident, you have the following rights under CCPA/CPRA:
Right to know (Cal. Civil Code § 1798.110)
You have the right to request that WTI disclose: the categories and specific pieces of personal information it has collected about you; the categories of sources from which personal information was collected; the business or commercial purposes for collecting personal information; and the categories of third parties to whom personal information is disclosed.
Right to access and data portability (§ 1798.110)
You have the right to access the specific pieces of personal information WTI has collected about you and to receive it in a portable, readily usable format that allows you to transmit the information to another entity.
Right to delete (§ 1798.105)
You have the right to request deletion of personal information WTI has collected about you, subject to exceptions where WTI is required to retain information to complete a transaction, comply with a legal obligation, detect or prevent security incidents, or fulfill other purposes permitted by law. Health data subject to HIPAA retention requirements may not be deletable during the applicable retention period.
Right to correct (§ 1798.106)
You have the right to request correction of inaccurate personal information WTI maintains about you. WTI will use commercially reasonable efforts to correct inaccurate information upon verification of your request.
Right to limit use of sensitive personal information (§ 1798.121)
You have the right to direct WTI to limit its use and disclosure of your Sensitive Personal Information to what is necessary to provide the services you have requested. WTI already limits SPI use to service delivery purposes; however, you may submit a formal Limit Use of SPI request using the contact methods in the Exercising Your Rights section.
Right to opt out of sale or sharing (§ 1798.120)
Because WTI does not sell personal information or share it for cross-context behavioral advertising, there is no sale or sharing to opt out of. If WTI's practices change, WTI will provide a "Do Not Sell or Share My Personal Information" mechanism and will update this policy before any such change takes effect.
Right to non-discrimination (§ 1798.125)
You have the right not to be discriminated against for exercising any of the rights described in this section. WTI will not deny you services, charge you a different price, provide a different level of service quality, or suggest that you will receive a penalty for exercising your California privacy rights.
Exercising your rights
You or your authorized agent may submit a privacy rights request by any of the following methods:
Privacy Officer, Wearable Technologies Inc.
Email: privacy@wear-tech.com
Mailing Address: 1806 State Road 83, Hartland Wisconsin 53029
Telephone: 414-567-8500
Response timelines
WTI will acknowledge receipt of your request within 10 business days and will respond to your request within 45 calendar days of receipt. If WTI requires additional time, we will notify you of the extension within the initial 45-day period. WTI may extend the response period by an additional 45 days (for a maximum of 90 days) where reasonably necessary. WTI will not charge a fee for processing requests submitted no more than twice in a 12-month period.
Identity verification
WTI is required to verify your identity before fulfilling any privacy rights request to protect your information from unauthorized disclosure. The verification process depends on the type of request:
- For requests to know, access, or delete, WTI will request that you provide at minimum two pieces of information WTI already maintains about you (such as name and device ID, or name and date of birth) to verify your identity.
- For requests involving sensitive or highly specific personal information, WTI may require additional verification steps.
- You will not be required to create an account with WTI solely to submit a request.
Authorized agents
You may designate an authorized agent to submit privacy rights requests on your behalf. To use an authorized agent, you must provide WTI with written authorization signed by you, or a valid power of attorney. WTI will verify the identity of the authorized agent and confirm the scope of their authority before fulfilling the request. WTI may require direct confirmation from you that the agent is authorized to act on your behalf.
Global Privacy Control
WTI honors Global Privacy Control (GPC) opt-out preference signals set on your browser or device. Because WTI does not sell personal information or share it for cross-context behavioral advertising, a GPC signal will be treated as confirmation of your preference not to have your information sold or shared for such purposes. WTI will log and maintain a record of GPC signals received from your account or device.
Note: We do not respond to legacy Do Not Track (DNT) signals as no uniform DNT standard is in effect. GPC signals are honored as described above.
Non-discrimination
You have the right not to be discriminated against for exercising your California privacy rights. WTI does not and will not:
- Deny you services or access to our devices or platform for exercising your rights
- Charge you a different price or rate for services
- Provide a different level of service quality
- Suggest that you will receive a penalty, reduced service, or any other adverse consequence for exercising your rights
WTI does not offer financial incentive programs in exchange for the collection, retention, or sale of personal information. If WTI introduces any such program in the future, this policy will be updated with a description of the material terms and a good-faith estimate of the value of personal information involved, before the program takes effect.
Additional California privacy rights
California Shine the Light (Cal. Civil Code § 1798.83)
California customers may request that WTI provide the identity of any third parties to whom WTI has disclosed personal information for the third parties' direct marketing purposes within the previous calendar year, along with the type of personal information disclosed. WTI does not disclose personal information for third-party direct marketing purposes. To confirm this or to submit a Shine the Light request, contact the Privacy Officer using the information below.
Minors: removal of publicly posted content (Cal. Bus. & Prof. Code § 22581)
California residents under 18 years of age who are registered users of WTI's online platforms may request removal of content or information they have publicly posted. Please note that WTI's services are designed for adult patients and are not directed at individuals under 18. Removal requests should be submitted to the Privacy Officer and should include a description of the specific content to be removed. Removal cannot be guaranteed in all circumstances and may not address content re-posted by third parties.
Minors: sale and sharing prohibition
WTI does not knowingly sell or share the personal information of consumers under 16 years of age.
Automated decision-making rights (forthcoming)
The California Privacy Protection Agency (CPPA) is finalizing regulations governing automated decision-making technology (ADMT). When finalized, those regulations may provide California residents with additional rights related to WTI's AI-assisted event detection functions, including the right to access information about automated processing and the right to opt out of certain uses. WTI will update this policy when final ADMT regulations take effect.
Contact information
If you have questions about your rights under California law or about our privacy practices, please contact us:
Privacy Officer, Wearable Technologies Inc.
Email: privacy@wear-tech.com
Mailing Address: 1806 State Road 83, Hartland Wisconsin 53029
Telephone: 414-567-8500