Withings Medical Group

Privacy Policy

Effective Date: July 06, 2026 · Version 2026-07-06

Withings Medical Group respects your right to privacy. As used in this Privacy Policy, "Withings Medical Group", "we", "us" or "our" means Withings Medical Group PA and, where appropriate, its affiliated professional entities organized to provide clinical services in the states in which we operate.

This Privacy Policy discloses how we gather, use and disclose information about you when you access or use our website located at withings.com/medical (the "Site"), the patient-facing features of the Withings mobile applications made available to you in connection with our clinical services (the "Apps"), and/or through our general business operations, excluding information about our employees and information collected through our medical and healthcare services ("Operations"). When we refer to the Website, Apps, and Operations together, we will call them the "Services."

Please note that this Privacy Policy describes our information practices with respect to your use of the Services. Withings Medical Group PA is an independent entity; this Privacy Policy does not apply to any other data gathered or used by similarly named entities, including Withings, Inc. or Withings SAS, or through websites, consumer products or applications not controlled or operated by Withings Medical Group. Your use of Withings consumer products and services, including the Withings App in its consumer capacity, is governed by the Withings, Inc. Privacy Policy available on the Withings consumer website.

This Privacy Policy is in addition to, and does not replace, our Notice of Privacy Practices, which explains how we use and disclose our patients' protected health information ("PHI") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). To the extent of a conflict between the terms of this Privacy Policy and the Notice of Privacy Practices with respect to PHI, the Notice of Privacy Practices will control how we use and disclose your PHI.

Please review this Privacy Policy, which is incorporated into and made part of our Terms of Use. By accessing or using the Services, you consent to our collection, use and disclosure of your information in accordance with this Privacy Policy and Terms of Use. If you have any questions about our Privacy Policy or our Terms of Use, please contact us at privacy@withings.com. If you do not agree to our Privacy Policy or Terms of Use, you may not use the Services.

Withings Medical Group reserves the right to change this Privacy Policy from time to time. Where required by law, we will provide notice of material changes. If you use the Services after we post changes to this Privacy Policy, you accept and agree to be bound by the changed policy. The date this Privacy Policy was last updated is identified at the top of this page.

Please use the sections below to learn more:

What Information Does Withings Medical Group Collect?

Information You Provide to Us

We collect information you provide directly to us. For example, we collect information when you: create or register an account or profile, complete intake or enrollment forms, use the interactive areas and features of the Services, communicate with your care team through the Services, participate in a survey, pay a bill, request customer or technical support, or otherwise communicate with us.

The types of information we may collect from you include:

Information We Collect Automatically When You Use the Services

When you access or use the Services, the types of information we may automatically collect about you include:

Information Collected from Other Sources

We may also obtain information about you from other sources. For example:

Once we combine information from other sources with information collected pursuant to this Privacy Policy, we apply this Privacy Policy to the combined information as long as it is combined, except that PHI remains governed by our Notice of Privacy Practices.

How Does Withings Medical Group Use Information?

Withings Medical Group uses information about you for various purposes, including to:

Please note, our use of your PHI is explained in our Notice of Privacy Practices.

How Does Withings Medical Group Share Information?

We may share information about you as follows, or as otherwise described in this Privacy Policy:

We may also share aggregated or de-identified information that cannot reasonably be used to identify you. De-identification of PHI is performed in accordance with the HIPAA de-identification standards.

We are based in the United States and the information we collect is stored in the United States and, where applicable, within the European Economic Area. By accessing or using the Services or otherwise providing information to us, you consent to the processing of information within the United States and/or the European Economic Area.

For more information about how we share your PHI, please review our Notice of Privacy Practices.

Tracking Technologies and Health Information

We recognize that regulators, including the U.S. Department of Health and Human Services Office for Civil Rights and the Federal Trade Commission, have issued guidance regarding the use of online tracking technologies by healthcare organizations. We do not use cookies, pixels, or similar tracking technologies on authenticated, patient-facing portions of the Services in a manner that discloses PHI to third parties for marketing or advertising purposes. Where a third-party technology vendor may have access to PHI in the course of providing services to us, we require that vendor to enter into a business associate agreement or we configure the technology so that PHI is not disclosed.

Children's Privacy

Withings Medical Group is committed to protecting the privacy of children. The Website and Apps are not intended or designed to attract children, and we do not knowingly collect personal information through the Services from any person known by Withings Medical Group to be a child under the age of 18. Health information we maintain about minor patients in connection with their care is governed by our Notice of Privacy Practices and applicable law.

Security

We seek to use reasonable physical, technical, and administrative measures designed to protect personal information within our organization, consistent with the HIPAA Security Rule where applicable. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the "Contact Us" section below.

State-Specific Disclosures

Information for California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"), does not apply to PHI that we collect as a HIPAA covered entity or to medical information governed by the California Confidentiality of Medical Information Act ("CMIA"). Most of the information we collect through the Services falls within these exemptions.

To the extent we collect personal information about California residents that is subject to the CCPA, the following applies:

In the preceding 12 months, we may have collected the following categories of personal information: identifiers (such as name, postal address, IP address, and email address); categories of personal information described in Cal. Civ. Code Section 1798.80(e); internet or other electronic network activity information; geolocation data; and inferences drawn from the foregoing. We collect this information for the purposes described in this Privacy Policy and disclose it to service providers for the business purposes described in this Privacy Policy under written contracts that satisfy the CCPA’s requirements. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Subject to applicable exemptions, California residents have the right to know, correct, and delete personal information we hold about them, the right to limit the use of sensitive personal information, and the right not to be discriminated or retaliated against for exercising these rights. You may exercise these rights by emailing us at privacy@withings.com. We may request information from you to verify your identity before processing your request. You may designate an authorized agent to submit a request on your behalf. We will respond to verifiable requests within the timeframes required by the CCPA.

Consumer Health Data Laws (Washington, Nevada, and Similar States)

Certain states, including Washington and Nevada, have enacted consumer health data privacy laws. These laws generally do not apply to PHI governed by HIPAA or to information maintained by covered entities in the same manner as PHI. To the extent we process consumer health data that is not exempt under these laws, we will provide any required notices and honor applicable rights. Residents of these states may contact us at privacy@withings.com with questions.

Other State Privacy Laws

Residents of other states with comprehensive privacy laws may have rights with respect to personal information that is not exempt under those laws, which generally exempt PHI and information maintained by HIPAA covered entities. To submit a request or ask a question regarding your rights under applicable state law, please contact us at privacy@withings.com.

Our Services may reference or provide links to third-party websites, applications, or services, and other websites may reference or link to our Services. Because these websites and services are not controlled by Withings Medical Group, we are not responsible for them. We encourage you to be aware when you leave our Services and to review the privacy policies posted on each website and application that collects personally identifiable information. Withings Medical Group does not control, endorse, screen or approve, and is not responsible for, the privacy policies or information practices of third parties or their websites or mobile applications. Visiting these other websites is at your own risk.

Your Choices

Account Information

You may update, correct or modify information about you at any time by logging into your online account or by contacting us at privacy@withings.com. If you wish to deactivate your account, please contact us, but note that we may continue to store information about you as required by law or for legitimate business purposes. Please note that medical records are subject to legal and regulatory retention requirements and cannot be deleted upon request; rights with respect to your medical record, including access and amendment, are described in our Notice of Privacy Practices.

Communications

You may unsubscribe from receiving marketing or other commercial emails from us by following the instructions included in the email or by adjusting your communication preferences in your account settings. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications, such as important information about your care, transactional messages, security alerts, and changes to our terms and policies.

Location Information

With your consent, we may collect information about the location of your device when you use the Apps. You may stop the collection of this information at any time by changing the settings on your mobile device, but note that some features of the Apps may no longer function if you do so.

Native Applications on Your Mobile Device

Some features of the Apps may require access to certain native applications on your mobile device, such as the camera, photo storage, microphone, and storage applications (for example, to take and upload photos or documents for your care team). If you decide to use these features, your mobile device will ask for your consent prior to accessing the applications and collecting information. You can revoke your consent at any time by changing the settings on your device. Please be aware that photos, videos, audio, and files you submit through the Apps in connection with your care may be stored in your medical record.

Cookies and Your Ad Choices

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Services. We honor opt-out preference signals, such as the Global Privacy Control, where required by applicable law. Please see our separate Cookies Policy to learn about how we use cookies and your choices in relation to the use of cookies.

Push Notifications

With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device or within the Apps.

Contact Us

If you have any questions about this Privacy Policy or concerns about the way Withings Medical Group processes your information, or require assistance in managing your privacy choices, please contact us at:

Email: privacy@withings.com

Postal Address:
Withings Medical Group PA
225 Franklin Street, Suite 1250
Boston, MA 02110
Attn: Privacy Office

For questions regarding your PHI or to exercise your rights under HIPAA, please refer to the contact information in our Notice of Privacy Practices.