Legal

Privacy Policy

Last Updated: August 27, 2025

Contents

1. Introduction2. Definitions3. Collection of Data4. Categories of Data5. Legal Bases6. Purpose of Processing7. Processing Limitations8. Security9. EMEA & UK Rights10. US State Rights11. General

1. Introduction

1.1. About us. This Privacy Policy of joinwellsphere.com ("Website") describes how we collect, use, disclose, and otherwise process personal data of Applicants, Employers and Visitors (as defined below). Wellsphere Enterprises LLC, a Delaware limited liability company with its principal place of business at 1st St, Apt 28D, 11249 Brooklyn, New York, United States ("Wellsphere," "we," "us," or "our"), is the controller of personal data processed in connection with the Website and related online services (collectively, the "Platform"). You may contact us regarding privacy matters at hello@joinwellsphere.com.

1.2. Wellsphere's role. Wellsphere acts as an independent controller of the personal data it processes through the Platform. We do not act as an Employer's processor/service provider with respect to candidate data an Employer independently receives and processes. Employers determine their own purposes and means of processing Applicant data they obtain via the Platform and are responsible for providing their own privacy notices and complying with applicable law. We operate in the United States, the European Union, and the United Kingdom. Supplemental regional disclosures (e.g., GDPR/UK GDPR, U.S. state privacy laws) form part of this Privacy Policy and apply to residents of those jurisdictions.

1.3. Private Visibility. Opportunities and Applicant profiles are visible only to authenticated account holders with valid Platform access. We implement technical controls designed to prevent search-engine indexing of listings and profiles. While we employ rate-limiting and anti-automation measures to deter scraping or bulk extraction, no method is infallible and we cannot guarantee absolute prevention of unauthorized harvesting.

1.4. Wellsphere Hiring. If you apply for a role with Wellsphere (as an employee or contractor), a separate HR privacy notice will be provided at the point of collection and will govern our processing of your application and any subsequent employment-related data.

1.5. Communications. We send service and product communications. Where permitted by law, we may send direct marketing emails about Wellsphere features, updates, offers, and relevant content under our legitimate interests. You can opt out at any time. Where consent is mandatory, we will not rely on legitimate interests and will obtain your consent first.

2. Definitions

2.1 "Personal Data" or "Personal Information" means information relating to an identified or identifiable natural person, or information defined as personal information under applicable law (including, without limitation, the CPRA, the EU GDPR, and the UK GDPR).

2.2 "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

2.3 "Controller" means the natural or legal person which, alone or jointly with others, determines the purposes and means of Processing Personal Data. Wellsphere acts as an independent Controller of Personal Data it Processes through the Platform.

2.4 "Special-Category Data" means data deemed sensitive under applicable law, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, or data concerning a person's sex life or sexual orientation. Wellsphere does not intentionally request or Process Special-Category Data.

2.5 "Applicant" means an individual wellness professional who creates a Platform account, posts a profile or CV, or applies for available jobs.

2.6 "Employer" means a business or organization that posts or manages job posts or otherwise uses the Platform to connect with Applicants.

2.7 "Visitor" means any individual who accesses the Website without creating an account.

3. Collection of Personal Data

3.1 Direct Interactions. We collect Personal Data you provide when you create an account, complete or update a profile or CV, send or receive messages, schedule interviews, submit applications, or otherwise interact with the Platform. This includes marketing preferences and engagement (e.g., newsletter sign-ups, opt-in/out, and unsubscribes) to manage our marketing programs and honor your choices. When you enroll in a free trial or purchase a plan, we process plan type, start/end dates, and usage activity to operate and enforce the plan and to prevent abuse.

3.2 Automated Means. We automatically collect technical and usage information from your device and browser (including IP address, operating system, device identifiers, log data, page views, event timestamps, approximate location, and cookie/consent strings).

3.3 Transactions. When you purchase or enrol in a free trial subscription to the Platform, we receive transaction data such as plan type, currency, payment status, and Stripe customer/payment identifiers. Wellsphere does not store full payment card numbers.

3.4 Disclosure. When you apply to or message about a job post, you direct us to disclose your Applicant profile/CV and related information to the Employer you select. Employers act as independent controllers of the Personal Data they receive and must provide their own privacy notices.

3.5 Service Providers. We receive fraud-prevention and security signals, aggregated analytics, email delivery, marketing automation providers, and error/crash reports from vendors engaged to host, secure, measure, or operate the Platform.

3.6 No Special-Category. We do not request or intend to process Special-Category Data. Please do not include such information in your profiles, CVs, or messages. If such data is provided inadvertently, we may delete or minimize it.

4. Categories of Personal Data

Category Data Applies To Source Retention
Account Information Name, email, password hash, country/region, role (Applicant/Employer); for Employers: organization name, billing/admin contact details Applicants, Employers Directly from user Life of account + 24 months
Profile Education, experience, qualifications, licenses/certifications, skills, portfolio materials, photos, uploaded content Applicants (primarily), Employers Directly from user Life of account + 24 months

4.1 Personal Data collected:

4.2. Principles. Wellsphere applies data minimization and storage limitation consistent with applicable law. Where necessary to comply with law, enforce agreements, or resolve disputes, Wellsphere may retain relevant data beyond the periods above and will delete or de-identify it when the basis for extended retention ends.

4.3. Backups. Backup personal data is stored encrypted in time-limited rolling cycles, after which data is overwritten or destroyed.

5. Legal Bases

Legal Basis Article GDPR When We Rely On It Examples
Contract Art. 6(1)(b) To perform our agreement with you Account creation, messaging, applications, billing, free trials
Legitimate Interests Art. 6(1)(f) Reasonable business purposes, balanced against rights Security/fraud prevention, analytics, enforce terms, private visibility
Consent Art. 6(1)(a) Where law requires consent Non-essential cookies/trackers (EU/UK), optional marketing
Legal Obligation Art. 6(1)(c) Comply with laws/regulator requests Tax/accounting records, regulator responses
Vital Interests Art. 6(1)(d) Protect life/safety Safety-related notices

6. Purpose of Processing

Purpose Description Legal Basis Data Categories
Provision of Services Operate, maintain, improve Platform; enable connections at user's direction Contract; Legitimate interests Account, Profile, Usage, Messaging
Account & Service Transactional/service messages (receipts, terms, alerts) Contract; Legitimate interests Account, Billing, Usage
Free Trials Operate/administer/enforce free trials Contract; Legitimate interests Account, Billing, Usage
Fraud Prevention Prevent, detect, investigate fraud, spam, abuse Legitimate interests Usage, Messaging, Account
Analytics Improve reliability, performance, UX; aggregate reporting Legitimate interests; Consent (EU/UK) Usage, Support/Feedback
Visibility Controls Enforce members-only visibility; deter scraping Legitimate interests Usage, Account
Legal Compliance Comply with laws/regulators; enforce rights and Terms Legal obligation; Legitimate interests Billing, Account, Logs
Direct Marketing Marketing emails, subscription management, engagement metrics Legitimate interests Account, Marketing & Comms

7. Processing Limitations

7.1 No Sale or Sharing. Wellsphere does not "sell" or "share" Personal Information, as those terms are defined under the CPRA, including for purposes of cross-context behavioral advertising.

7.2 No Automated Decision-Making. Wellsphere does not subject individuals to decisions based solely on automated processing, including profiling, that produce legal effects concerning them or similarly significantly affect them within the meaning of Article 22 of GDPR and the UK GDPR.

7.3 No Profiling. Wellsphere does not engage in profiling other than limited, non-intrusive processing necessary to provide core Platform functionality (e.g., keyword matching, deduplication, and ordering of search results by recency/relevance).

7.4 Disclosures of Personal Data

Wellsphere may disclose Personal Data to the following categories of recipients:

  1. Service Providers and Processors. Third-party vendors acting as processors on Wellsphere's behalf, including hosting, storage, CDNs, communications tools, analytics, customer support, error logging, and payment processing.
  2. Employers. Where an Applicant elects to apply for or communicate regarding an Opportunity, Wellsphere will disclose relevant Personal Data to the selected Employer.
  3. Corporate Transactions. In connection with a merger, acquisition, restructuring, financing, insolvency, or sale of assets.
  4. Legal and Compliance. Where required to comply with applicable law, regulation, legal process, or governmental request.
  5. Aggregated and De-Identified Data. Aggregated, anonymized, or de-identified information that cannot reasonably be used to identify an individual.

8. Security

8.1 Measures. Wellsphere implements appropriate administrative, technical, and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures include encryption in transit (and at rest where feasible), role-based access controls, least-privilege policies, audit logging, vulnerability management, monitoring, backups, regular security reviews, and rate-limiting/anti-automation controls.

8.2 No Absolute Security. No system can be guaranteed 100% secure. You acknowledge that you share Personal Data at your own risk. If you become aware of any unauthorized access or suspected compromise of your account, you must notify Wellsphere promptly.

8.3 Incident Response. If Wellsphere becomes aware of a personal-data breach affecting your information, Wellsphere will investigate and notify affected users and, where applicable, supervisory authorities without undue delay, consistent with applicable law.

9. EMEA and UK Data Subject Rights

9.1 Scope. If you are located in the European Economic Area or the United Kingdom, you have the following rights under the EU GDPR/UK GDPR:

  1. Access. Obtain confirmation whether we process your Personal Data and receive a copy.
  2. Rectification. Correct inaccurate Personal Data and have incomplete data completed.
  3. Erasure ("Right to be Forgotten"). Request deletion of Personal Data where it is no longer necessary, you withdraw consent, or you successfully object.
  4. Restriction. Request that we restrict processing in specific circumstances.
  5. Portability. Receive your Personal Data in a structured, commonly used, machine-readable format.
  6. Objection. Object at any time to processing based on legitimate interests.
  7. Consent Withdrawal. Withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  8. Information about Recipients. Request information about the recipients to whom Personal Data has been disclosed.
  9. Complaint. Lodge a complaint with a supervisory authority.

9.2 Execution. Submit a request via in-product tools or by emailing hello@joinwellsphere.com. We may request information necessary to verify your identity before acting on a request.

9.3 Response. We will respond within one (1) month of receiving a verifiable request. We may extend by up to two (2) further months where necessary due to complexity or number of requests.

10. US State Privacy Rights

10.1 Scope. If you are a resident of a U.S. state with a comprehensive consumer privacy law, you may have the rights described in this section.

10.2 Categories Collected (preceding 12 months):

  1. Identifiers (e.g., name, email address, account ID)
  2. Internet or other electronic network activity information
  3. Professional or employment-related information
  4. Commercial information (e.g., plan type, transaction amounts, payment status)
  5. Approximate geolocation (derived from IP address)
  6. Sensitive personal information (SPI) limited to account log-in credentials, used solely for authentication and security

10.3 Your Rights:

  1. Know/Access the personal information we hold about you
  2. Delete personal information we collected from you
  3. Correct inaccuracies in your personal information
  4. Portability (receive certain information in a portable format)
  5. Opt out of any "sale" or "sharing" for cross-context behavioral advertising. We do not currently sell or share personal information.

10.4 How to Exercise. Submit a request through your account portal or by email to hello@joinwellsphere.com. We will respond within 45 days; we may extend once by an additional 45 days where reasonably necessary.

10.5 Non-Discrimination. We will not discriminate against you for exercising your rights.

11. General

11.1 Do Not Track. Wellsphere does not respond to browser Do Not Track signals except where response is legally required.

11.2 Cookies. Cookie categories, purposes, and durations are maintained in Cookiebot's live cookie declaration, accessible from the Platform's persistent Cookie Settings link.

11.3 Minors. The Platform is intended only for individuals aged eighteen (18) and older. If we become aware that Personal Data has been collected in violation of this restriction, we will delete such data promptly.

11.4 Updates. Wellsphere may amend or update this Privacy Policy from time to time. The "Last Updated" date at the top indicates when the latest revisions were made. If material changes are made, we will provide notice by reasonable means.

11.5 Severability. If any provision of this Privacy Policy is found invalid or unenforceable, the remaining provisions shall remain valid and enforceable.

11.6 Transfers. Personal Data may be processed in the United States and other jurisdictions where our service providers operate. For transfers from the EEA, UK, or Switzerland, we implement appropriate safeguards including adequacy decisions, Standard Contractual Clauses (SCCs) with the UK Addendum/IDTA as applicable, and participation in the EU–U.S. Data Privacy Framework (if and when certified). A copy or summary of transfer mechanisms may be requested via hello@joinwellsphere.com.

Questions about your data?

Our team is happy to help with any privacy-related requests.

Contact Us

Wellness as a profession. And wellness as a lifestyle.

Talent

Explore RolesCreate ProfilePricing

Businesses

Post a RoleAdvisory ServicesPartner With UsPricing

Company

About WellsphereStandardsContactPress

© 2024 Wellsphere · All rights reserved · Raising the standard of wellness hiring globally

FacebookInstagramWhatsappLinkedIn

Privacy Policy·Applicant Terms of Service·Client Terms of Service