amwell logo white with registered tm amwell logo blue with registered tm

Privacy Policy

Effective Date: February 17, 2026

American Well Corporation (“Amwell,” “we,” “us,” or “our”) recognizes the importance of protecting the privacy of your personal information, and we have prepared this Privacy Policy to provide you with important information about the privacy practices applicable to the Amwell Platform and any website or service that links to or refers to this Privacy Policy (collectively, the “Services”).

In addition, individually identifiable information that you provide to us for purposes of obtaining medical care from Online Care Network II P.C. (“OCN”) (such information is also referred to as “Protected Health Information” or “PHI”) will also be subject to OCN’s Health Insurance Portability and Accountability Act Notice of Privacy Practices (the “HIPAA Notice”), which is available here. The HIPAA Notice describes how OCN can use and share your PHI and describes your rights with respect to your PHI. To the extent that there is a conflict between this Privacy Policy and the HIPAA Notice with respect to PHI, the HIPAA Notice will prevail.

I.  COLLECTION OF INFORMATION

We may collect the following kinds of information when you use the Services:

Information you provide directly to us.

For certain activities, such as when you register, use our telemedicine services, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:

  • Contact information, such as your full name, email address, mobile phone number, and address;
  • Username and password;
  • Payment information, such as your credit card number, expiration date, and credit card security code;
  • For health care providers, information about your employment, such as your job title, practice area, primary specialty, and medical license status, gender, date of birth, languages spoken, educational background, address, photograph, social security number, Tax ID, NPI number, professional license information and bank account information;
  • Personal health information; and
  • Any other information you provide to us.

We may combine such information with information we already have about you.

Information we collect automatically. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about the links you click and pages you view within the Services, and other standard server log information. We may also collect certain location information when you use our Services, such as your computer’s IP address, your mobile device’s GPS signal, or information about nearby Wi-Fi access points and cell towers.

We may use cookies, pixel tags, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer’s web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. By using the Services, you consent to our use of cookies and similar technologies, subject to your selection of cookie and tracking preferences.

We may also collect technical data to address and fix technical problems and improve our Services, including the memory state of your device when a system or app crash occurs while using our Services. Your device or browser settings may permit you to control the collection of this technical data. This data may include parts of a document you were using when a problem occurred, or the contents of your communications. By using the Services, you are consenting to the collection of this technical data.

Information we obtain from your health care providers and other sources. In connection with your treatment, we may collect medical records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to your illness.

II.  USE OF INFORMATION

We generally use the information we collect online to:

  • Provide and improve the Services;
  • Contact you;
  • Fulfill your requests for products, services, and information;
  • Send you information about additional clinical services or general wellness from us or on behalf of our affiliates and trusted third-party partners;
  • Analyze the use of the Services and user data to understand and improve the Services;
  • Customize the content you see when you use the Services;
  • Conduct research using your information, which may be subject to your separate written authorization; and
  • Prevent potentially prohibited or illegal activities.

We may also use the information:

  • For any other purposes disclosed to you at the time we collect your information or pursuant to your consent; and
  • Otherwise in accordance with our Terms of Use (which can be found at https://business.amwell.com/terms-of-use).

We may aggregate or de-identify your information, so that it cannot reasonably identify or be linked to you.

III.  SHARING OF INFORMATION

We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.

  • Healthcare providers, insurance companies, and other healthcare-related entities. We may share your information with other health care providers, laboratories, government agencies, insurance companies, organ procurement organizations, medical examiners or funeral directors, and other entities relevant to providing you with treatment options and support.
  • Authorized third-party vendors and service providers. We may share your information with third-party vendors and service-providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, mobile marketing, optimization and retargeting), performance monitoring, hosting, chat functionality, and data processing. These third-party vendors and service-providers may monitor activity (including mouse movements and clicks) on the Services and may collect, store, and use certain information, including but not limited to information regarding your device and your interactions with the Services, chat messages, and information provided by you. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
    We may share personal information with professional service providers such as consultants, auditors, law firms, and accountancy firms where necessary for our internal business purposes.
  • Text messages / SMS. We may use your mobile phone number to communicate with you by text messages. We will not share your mobile information with third parties or affiliates for marketing or promotional purposes. We may share your mobile information with third-party vendors for supporting services, such as customer service, for purposes related to the services we are providing to you. We will not share your opt-in / consent information with any third parties.
  • Research partners. We may share your information with our research partners to conduct health-related research; such sharing may be subject to your separate written authorization.
  • Corporate affiliates. We may share your information with our corporate affiliates that are subject to this policy.
  • Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
  • Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, legal claims or government inquiries, to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, and to protect and defend the rights, interests, health, safety, and security of Amwell, our affiliates, users, or the public. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us. This disclosure is done in accordance with applicable laws and with a commitment to maintaining your privacy rights.
  • With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.

Outside of the use cases specified above, we will not provide your information to third parties. However, if you access third-party services, such as Facebook, Google, or Twitter, through the Services to login to the Services or to share information about your experience on the Services with others, these third-party services may be able to collect information about you, including information about your activity on the Site, and they may notify your connections on the third-party services about your use of the Site, in accordance with their own privacy policies.

If you choose to engage in public activities on the Site or third-party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing personal information while participating in these sites. We are not responsible for the information you choose to submit in these public areas.

IV.  DATA RETENTION

Amwell retains personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

V.  SECURITY

We use reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.

VI.  YOUR CHOICES

You may opt out of receiving general health and wellness or treatment options that may be relevant to you by emailing us at privacy@amwell.com. You may also request that we delete your personal information by sending us an email at privacy@amwell.com. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect. For more information about your choices see the HIPAA Notice referenced above.

You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.

VII.  THIRD-PARTY ADVERTISING, LINKS, AND CONTENT

On our Platform

Amwell uses third party vendors and service-providers that help us provide you the Services. These third-party vendors and service providers only collect information about your use of our Platform in order to support us in providing you the Services.

On our Website

Some of our websites may contain links to content maintained by third parties that we do not control.

We may allow third parties, including business partners, advertising networks, and other advertising service providers, to collect information about your online activities on our website through cookies, pixels, local storage, and other technologies to provide you interest based advertising, subject to your selection of cookie and tracking preferences. These third parties may use this information to display advertisements online tailored to your interests, preferences, and characteristics.

Some of these third parties may participate in an industry organization that gives users the opportunity to opt out of receiving ads that are tailored based on your online activities. Due to differences between using apps and websites on mobile devices, you may need to take additional steps to disable targeted ad technologies in mobile apps.

Many mobile devices allow you to opt out of targeted advertising for mobile apps using the settings within the mobile app or your mobile device. For more information, please check your mobile settings. You also may uninstall our apps using the standard uninstall process available on your mobile device or app marketplace. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Privacy Policy.

To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt-out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt-out, so you should opt out on each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our Services may be degraded.

Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.

VIII.  U.S. STATE DATA PRIVACY LAWS

This section applies to residents of certain U.S. states and outlines additional rights that may apply under state data privacy laws, including the California Consumer Privacy Act (CCPA), in addition to those under this Privacy Policy.

At the time of publication of this policy, these states include California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia. Other states have passed privacy laws that are not yet in effect. If you have questions regarding your specific state please contact: privacy@amwell.com

State privacy laws do not apply to personal information regulated by certain state and federal laws including: the Health Insurance Portability and Accountability Act of 1996 (HIPAA), or the Health Information Technology for Economic and Clinical Health Act (HITECH), or to covered entities, including providers of health care, and their business associates, who maintain patient information in accordance with those laws.

We do not sell your personal information, have not sold your personal information within the prior 12 months, and only use and disclose your personal information as stated in this Privacy Policy.

You may have the right to request we provide you with details about the information we collect and disclose about you within the prior 12 months, including: (i) the categories of personal information we collect about you, (ii) the categories of the sources of personal information we collect about you, (iii) our business or commercial purpose for collecting that information, (iv) the categories of personal information that were disclosed for a business purpose, (v) the categories of third parties to whom we disclosed that personal information, and (vi) the specific pieces of personal information we collect about you.

You may also have the right to request that we delete your information. These rights are subject to certain exceptions and limitations permitted by applicable law. To submit an access or deletion request, you may email us at privacy@amwell.com stating your request with sufficient detail and providing information that allows us to reasonably verify you as the person whose data is the subject of such request. We will not respond to more than two requests from you in a 12-month period.

 

Where permitted by applicable law, you may appoint an authorized agent to make a request on your behalf, provided the agent has the necessary authorization and you verify your identity directly with us.

We will not discriminate against you if you exercise your state privacy rights. By exercising your rights you will not be (i) subject to denial of goods or services, (ii) charged a different price or rate, or (iii) provided different quality of service.

COMPLAINTS MECHANISM

Individuals with inquiries or complaints regarding our handling of personal information should first contact Amwell at: privacy@amwell.com

Depending upon the state where you live, you may have the right to raise a concern or lodge a complaint with your state attorney general or other regulatory authority.

IX.  INTERNATIONAL USERS

We maintain information in the United States of America and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction. By using the website and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.

To ensure the continued protection of your personal information during international transfers, we adhere to the Data Privacy Framework (DPF) Principles. We implement appropriate safeguards, such as Standard Contractual Clauses, to maintain a level of data protection consistent with the standards required by the DPF. These measures are in place to uphold your privacy rights and maintain compliance with applicable data protection laws. Please note that if you transfer personal information directly to a third party, we are not responsible for that transfer. We will nevertheless process your personal information, from the point at which we receive the data, in accordance with the provisions of this Privacy Policy.

LEGAL BASIS

We process your personal information based on the following legal grounds, as permitted under applicable data protection laws:

  • Contractual obligations.
  • Legitimate business interest.
  • Consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • To comply with applicable legal obligations.

DATA PRIVACY FRAMEWORK

Amwell and its associated affiliates comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Amwell has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We are committed to staying current with developments related to the Data Privacy Framework and may update our transfer mechanisms and safeguards as necessary to remain compliant. Any updates will be reflected in this Privacy Policy.  

Liability for Onward Transfer. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.

Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements. We will only do so in accordance with the DPF Principles.

ENFORCEMENT AUTHORITY

The Federal Trade Commission has jurisdiction over Amwell’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.

COMPLAINTS MECHANISM 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Amwell commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Amwell at: privacy@amwell.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Amwell commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. This is of no cost to customers.

Under certain conditions, a binding arbitration option may be available to you in order to address complaints not resolved by any other means. For further information, please see Annex I of the EU-U.S. Data Privacy Framework Principles at: https://www.dataprivacyframework.gov/.

X.  PRIVACY RIGHTS

Depending on the jurisdiction in which you live, you may be entitled to certain rights under applicable law, such as:

  • Right to withdraw consent, where we have asked for your consent to process your personal information.
  • Right to request information relating to what personal information we collect, process, and disclose. For further inquiries, please contact us.
  • Right to request access to or a copy of your personal information.
  • Right to request deletion of your personal information. Please note that exercising this right may impact your access to accounts or services associated with your information. Contact us to request deletion.
  • Right to request corrections if you find inaccuracies in your personal information. We may retain copies as needed for legal compliance, dispute resolution, or to enforce agreements.
  • Right to opt-out of “sales” of your personal information and “sharing” of your personal information for cross-context behavioral advertising purposes (as these terms are defined under applicable law).
  • Right to opt-out of targeted advertising.
  • Right to object to the processing of your personal information, which may affect your ability to use some services, under certain circumstances.
  • Right to object to the use of sensitive personal information, such as information concerning your health, race, religion, or political beliefs, under certain circumstances. Please note that this right does not apply to use or disclosure of PHI permitted under HIPAA.
  • Right to object to automated decision-making or profiling, under certain circumstances.
  • Right to lodge a complaint with your state’s attorney general, regulatory agency, or local data protection authority if you have concerns about the use of your personal information.

These rights are subject to certain exceptions and limitations permitted by applicable law.

To submit a request regarding your personal information please contact us at: privacy@amwell.com

XI.  CHILDREN

We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our Services.

XII.  CHANGES TO THE PRIVACY POLICY

We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.

XIII.  QUESTIONS?

If you have any questions about this Privacy Policy or our practices, please email us at privacy@amwell.com.