W
WellOps

Legal

Privacy Policy

Last updated: May 13, 2026Effective: May 13, 2026

WellOps is owned and operated by Al Romero Designs LLC, an Arizona limited liability company (“we,” “us,” or “our”). Al Romero Designs LLC is the data controller for personal information collected through the WellOps platform. This policy explains what data we collect, how we use it, and your rights. WellOps serves three types of users: Providers (wellness businesses), Corporate Clients (businesses booking wellness services), and Employees (individuals booking time slots at their employer’s event).

1. Data We Collect

Providers

  • Business name, legal name, contact email, phone, website, and service area.
  • Brand preferences (color, tagline, public URL slug).
  • Insurance documentation (Certificate of Insurance).
  • Payment method (processed and stored by Stripe — WellOps does not store card numbers).
  • Account credentials (managed by Supabase Auth).

Corporate Clients

  • Company name, contact name, email, and phone number provided when submitting a wellness request.
  • Event preferences including preferred date, employee count, and event type.

Employees

  • Name and work email address collected at the time of booking a wellness appointment.
  • Selected appointment date and time.
  • No account creation is required. We do not collect health or medical information.

2. How We Use Your Data

Providers

  • To operate and display your branded booking page.
  • To send you new corporate request notifications, quote updates, and booking confirmations.
  • To process the $99 booking success fee via Stripe.
  • To verify your business during our onboarding review.

Corporate Clients

  • To relay your wellness request to your chosen Provider.
  • To send you the Provider’s quote for review and acceptance.
  • To distribute the employee self-booking link after quote acceptance.

Employees

  • To reserve your selected time slot and prevent double-booking.
  • To send a booking confirmation email to your work email address.
  • To share your name and appointment time with the Provider to facilitate your session.

3. Data Sharing

We share data only as necessary to operate the Platform:

  • Supabase — database and authentication infrastructure. Data is stored on Supabase’s servers (AWS-backed).
  • Stripe — payment processing. Stripe processes and stores Provider payment information. See Stripe’s Privacy Policy.
  • Resend — transactional email delivery (booking confirmations, quote notifications).
  • Coverdash — if a Provider clicks through to Coverdash’s site, Coverdash’s own privacy policy governs any data they collect. WellOps does not transmit personal data to Coverdash. See our Insurance Disclaimer.

We do not sell, rent, or trade personal data to any third party for marketing purposes.

4. Employee Data — Special Notice

Employees booking through WellOps are doing so at the invitation of their employer (the Corporate Client). We collect only the minimum data needed (name, email, appointment time) to complete the booking.

Employee booking data is shared with the Provider to facilitate the session. It is not used for any other purpose and is not shared with the employer (Corporate Client) beyond what is needed to coordinate the event.

Employees may request deletion of their booking data by emailing hello@wellopsapp.com.

5. Data Retention

  • Provider accounts: Retained as long as your account is active, plus 12 months after termination.
  • Corporate Client data: Retained for 24 months from last interaction.
  • Employee booking data: Retained for 12 months from the event date, then deleted or anonymized.

6. Security

We implement industry-standard security measures including encrypted connections (TLS), row-level security on our database, and access controls. However, no system is perfectly secure. We encourage you to use strong passwords and report any suspected unauthorized access to hello@wellopsapp.com.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information in your account.
  • Delete your account and associated data (subject to legal retention requirements).
  • Object to certain processing activities.

To exercise any of these rights, email hello@wellopsapp.com. We will respond within 30 days.

8. Cookies

WellOps uses session cookies necessary to maintain authentication and platform functionality. We do not use advertising cookies or track users across third-party websites.

9. Children

WellOps is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, contact hello@wellopsapp.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email before material changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

11. Contact

For privacy questions, contact us at hello@wellopsapp.com.

Also see: Terms of Service · Insurance Disclaimer