For California Residents

For Virginia, Connecticut, Colorado, Utah, Delaware, Florida, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, and Nevada residents

For Nevada Consumer Health Data Privacy Policy

For Washington Consumer Health Data Privacy Policy

Wysa Global Supplementary Privacy Notice for USA State Privacy Laws.

Initial Effective Date: June 30, 2017 (GMT)
Latest Revised Date: July 24, 2025 (GMT)

This notice adds to the Wysa Global Privacy Policy (“Privacy policy”) and is for users living in USA states that have enacted state-specific privacy laws.

If you have any questions, complaints, or requests about our privacy notices, you can contact us at [email protected]. We will get back to you within 45 days after we confirm who you are. Sometimes, we might not be able to help if we cannot verify your identity correctly or if there are certain exceptions that apply.


For California Residents

California’s "Shine The Light" law (California Civil Code Section 1798.83) lets California residents ask for information about their personal data. Once a year, and for free, you can ask us what types of personal information we have shared with other companies for direct marketing purposes, and the names and addresses of those companies. If you are in California and want to make this request, just contact us in writing using the email ID provided above.

If you are under 18, live in California, and use our services, you can ask us to remove personal data you may have submitted. To do this, contact us and include the email address tied to your account and a note saying you live in California. Keep in mind that we might not be able to remove everything from our systems, like backups.

Some information is not covered by California's Consumer Privacy Laws (CCPA) and the California Privacy Rights Act (CPRA). This is done to avoid conflicts with other laws that manage these types of information. These excluded types of information include:

  • Protected health information (covered by HIPAA).
  • Medical information (covered by California's CMIA).
  • Clinical trial data.
  • Public information from government records.
  • De-identified or aggregated user data that cannot be linked to you.

Here is a list of personal information types that we might have collected from you in the last twelve months:

  • Identifiers: These include things like your Android or Apple ID, nickname, or any other identifiers you shared with us.

  • Conversation Data: This includes any remaining identifiers left in your text messages after we've tried to remove them. This includes any identifiers you might share while creating or maintaining a safety plan.

  • Correspondence Data: This includes your name and email address when you write to us. Device Data: This includes your IP address or information about how you interact with our website or apps.

  • Recruitment Data: This includes the name of your current or past company, your employment dates, and any information you provide in a job application.

  • Promotion Data: This includes your email address when you sign up for an event.

  • App Event Data: This includes insights and reports about your preferences, habits, and behaviors based on the other data we've collected.

  • Business Data: This includes your name, email address, and contact information used for business purposes like lead generation, business development, account management, and marketing.

We collect your personal information in different ways, like when you use our app and services, visit our website, or contact us on social networks. Sometimes, we get information from your Institution if needed to help you use our services. We use this information as explained in our Privacy Policy.

In the last twelve months before our Privacy Policy was updated, we might have shared your personal information with our service providers, Wysa affiliates, and related companies. We keep the information you give us when using the app according to our retention policy in the Privacy Policy. Information from research studies is always kept safe. You can read more about how we protect your information in our Privacy Policy.

Wysa does not sell your data, but we do share required data with approved third-parties to provide our app and services. You can ask us about the information we have shared and use your data protection rights. You have the right to request data deletion, opt-out of "sales," and not be treated unfairly for using your rights.

Do-Not-Track
"Do Not Track" (or "DNT") is a setting you can choose in some web browsers to protect your privacy. We do not pay attention to DNT signals sent by web browsers.

Right to non-discrimination
When you use the App, we do not ask for any personal information. You can stay as anonymous as you want. We have safety measures in place to collect as little personal data as possible. We will never treat you unfairly or ignore your data protection rights.

Right to opt-out of sale
You can choose to keep your personal data from being sold or shared with others. Following the CCPA (CPRA) and other data protection laws, we do not sell any personal data. We also do not know of any instances where the personal data of children under 16 years old has been sold.


For Virginia, Connecticut, Colorado, Utah, Delaware, Florida, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, and Nevada residents

These laws are the Virginia Consumer Data Privacy Act (VCDPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Colorado Privacy Act (CPA), Delaware Personal Data Privacy Act (DPDPA), the Florida Digital Bill of Rights (FDBR), Iowa Consumer Data Protection (Iowa CDPA), Minnesota Consumer Data Privacy Act (MNDPA), Montana Consumer Data Privacy Act (MCDPA), Nebraska Data Privacy Act (NDPA), New Hampshire Consumer Expectation of Privacy Act (NHPA), New Jersey Act Concerning Online Services, Consumers, and Personal Data (NJDPA), Oregon Consumer Data Privacy Act (OCDPA), Tennessee Information Protection Act (TIPA), Texas Data Privacy and Security Act (TDPSA) and the Nevada Privacy Law (NPL). This section adds extra information to our Privacy Policy to follow these laws.

Collection, Use, Disclosure and rights over Personal Information are as outlined in section 2, 3, 5 and 7 of our main privacy policy.

People who live in these states can choose not to have targeted ads shown to them or have their information sold. We do not issue targeted ads through our app and services. If you have any questions you can write to us at the contact provided earlier.

If you live in these states, you can also choose not to be a part of profiling that could affect important decisions about you. Even though you can make the request to restrict processing for profiling purposes, Wysa may be unable to restrict this processing where it is required to offer our services. Wysa will clearly inform you about its decision and next steps as required by the applicable laws.

Wysa does not sell your data, but we do share required data with approved third-parties to provide our app and services. For a list of service providers please read here. You can ask us about the information we have shared and use your data protection rights. You have the right to request data deletion, opt-out of "sales," and not be treated unfairly for using your rights.

If you have any questions please contact us at [email protected].


For Nevada Consumer Health Data Privacy Policy

This Section of this Wysa Supplementary privacy notice for US Sates is our Nevada Consumer Health Data Privacy Policy (“NCHD Privacy Policy”). It explains our practices for “Consumer Health Data” as defined and regulated by Nevada’s consumer health data (NCHD) privacy law (SB 370) (the “Nevada Health Data Privacy Law”).

Categories of Consumer Health Data Collected, Purpose of Collection and How We Use It
We collect and share Consumer Health Data of Nevada consumers for the purpose of providing our App and services requested by such Nevada consumers, for safety and security purposes, and for compliance and other legal purposes.

  • Providing our App and services – to provide you with information, Apps and services, to perform activities that you have requested or information you agreed to receive.
  • Customer service and communications – to respond to questions, comments, or other requests that you have for us or other customer service purposes.
  • Safety, security, and compliance with legal obligations – for prevention, detection, investigation, and mitigation of illegal activities, fraud, injury to others or violation of our Terms and Conditions or our Privacy Policies, and to prepare for and defend legal claims.
  • For purposes for which you provide your consent or agreement.

Depending on the nature of your activity on our App and Services and your requests, we collect the following, which may be considered categories of Consumer Health Data:
  • Conversation Data: Text messages that you provide during your chats with our App and services. Your responses to health or well-being related questionnaires. Your responses when you create a safety plan.

  • App Event Data: This includes insights and reports about your preferences, habits, and behaviors based on the other data we've collected.


We share Consumer Health Data in limited circumstances, as follows:
  • Our Service Providers that are classified as “processors” under the Nevada Health Data Privacy Law which process Consumer Health Data to assist us in providing our Apps and services requested by consumers, and for the other purposes described in this NCHD Privacy Policy. For a list of service providers please read here.
  • Our other contractors who assist us with the processing purposes such as legal representatives who assist us with complaints involving Consumer Health Data.
  • Assignees or potential assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business.
  • Other parties with your consent.

We may share all of the categories of Consumer Health Data that we collect, which depends on the circumstances under which we collect it. We do not sell Consumer Health Data.

We may collect Consumer Health Data from the following sources: you, your device, your Institution, your agents and representatives (for example, legal representatives in relation to a complaint), and other third parties that may have your Consumer Health Data in relation to the processing purposes described herein.

We will retain and use your Consumer Health Data for the length of time needed to carry out the purposes outlined in our Privacy Policy and in accordance with our retention policies.

Consumer Rights Requests
Subject to applicable law, if you are a Nevada Consumer, you may have the following rights related to your Consumer Health Data:

  • Right to confirm processing of Consumer Health Data and access such data
  • Right to erasure
  • Right to withdraw consent (from processing which requires your consent)
  • Other applicable rights as per the applicable law

You may request to exercise these rights by writing to us at [email protected]. Please note, as required under Nevada Health Data Privacy Law, we take commercially reasonable efforts to authenticate your request before we process your request. If we believe we need further information to authenticate your request, we may ask you to provide additional information to us.

Pursuant to the requirements of the Nevada Health Data Privacy Law, we will respond to your privacy requests free of charge, up to twice annually. If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee to cover the administrative costs of complying with the request or decline to act on the request.

We reserve the right to amend this NCHD Privacy Policy at our discretion and at any time. When we make changes to this NCHD Privacy Policy, we will update this notice or otherwise provide notice in compliance with applicable law.


For Washington Consumer Health Data Privacy Policy

This Section of this Wysa Supplementary privacy notice for US Sates is our Washington Consumer Health Data Privacy Policy (“WCHD Privacy Policy”). It explains our practices for “Consumer Health Data” as defined and regulated by Washington My Health My Data Act (RCW 19.373.005 et seq.) (the “MHMDA”).

Categories of Consumer Health Data Collected, Purpose of Collection and How We Use It
We collect and share Consumer Health Data of Washington consumers for the purpose of providing our App and services requested by such Washington consumers, for safety and security purposes, and for compliance and other legal purposes.

  • Providing our App and services – to provide you with information, Apps and services, to perform activities that you have requested or information you agreed to receive.
  • Customer service and communications – to respond to questions, comments, or other requests that you have for us or other customer service purposes.
  • Safety, security, and compliance with legal obligations – for prevention, detection, investigation, and mitigation of illegal activities, fraud, injury to others or violation of our Terms and Conditions or our Privacy Policies, and to prepare for and defend legal claims.
  • For purposes for which you provide your consent or agreement.

Depending on the nature of your activity on our App and Services and your requests, we collect the following, which may be considered categories of Consumer Health Data:
  • Conversation Data: Text messages that you provide during your chats with our App and services. Your responses to health or well-being related questionnaires. Your responses when you create a safety plan.

  • App Event Data: This includes insights and reports about your preferences, habits, and behaviors based on the other data we've collected.


We share Consumer Health Data in limited circumstances, as follows:
  • Our Service Providers that are classified as “processors” under the MHMDA which process Consumer Health Data to assist us in providing our Apps and services requested by consumers, and for the other purposes described in this WCHD Privacy Policy. For a list of service providers please read here.
  • Our other contractors who assist us with the processing purposes such as legal representatives who assist us with complaints involving Consumer Health Data.
  • Assignees or potential assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business.
  • Other parties with your consent.

We may share all of the categories of Consumer Health Data that we collect, which depends on the circumstances under which we collect it. We do not sell Consumer Health Data.

We may collect Consumer Health Data from the following sources: you, your device, your Institution, your agents and representatives (for example, legal representatives in relation to a complaint), and other third parties that may have your Consumer Health Data in relation to the processing purposes described herein.

We will retain and use your Consumer Health Data for the length of time needed to carry out the purposes outlined in our Privacy Policy and in accordance with our retention policies.

Consumer Rights Requests
Subject to applicable law, if you are a Nevada Consumer, you may have the following rights related to your Consumer Health Data:

  • Right to confirm processing of Consumer Health Data and access such data
  • Right to erasure
  • Right to withdraw consent (from processing which requires your consent)
  • Other applicable rights as per the applicable law

You may request to exercise these rights by writing to us at [email protected]. Please note, as required under MHMDA, we take commercially reasonable efforts to authenticate your request before we process your request. If we believe we need further information to authenticate your request, we may ask you to provide additional information to us.

Pursuant to the requirements of the MHMDA, we will respond to your privacy requests free of charge, up to twice annually. If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee to cover the administrative costs of complying with the request or decline to act on the request.

We reserve the right to amend this WCHD Privacy Policy at our discretion and at any time. When we make changes to this WCHD Privacy Policy, we will update this notice or otherwise provide notice in compliance with applicable law.