Privacy Policy

This Privacy Policy explains how TalkDoc, Inc. (“TalkDoc,” “we,” “us,” or “our”) collects, uses, and shares information when you use the websites at talkdoc.com and related pages, our web or mobile applications, and any services we provide (collectively, the “Platform”).

TalkDoc operates the Platform. Clinical services are delivered by independently owned professional entities and licensed clinicians (“Providers”), sometimes referred to as “Talkdoc Health.” If you receive care from a Provider, that Provider’s HIPAA Notice of Privacy Practices (“NPP”) describes how your protected health information (“PHI”) is used and disclosed in the clinical context. This Privacy Policy covers our handling of information when we act outside of the Provider’s HIPAA role (for example, on our public website, in product analytics, or for your account administration).

For emergencies, do not use the Platform. Call 911 or use crisis resources listed on the site.

We collect the following categories of information, depending on how you use the Platform:

• Account & Identity Data (e.g., name, email or phone, date of birth, gender, address, emergency contact, and—if applicable—health plan or member ID).
• Eligibility & Payor Data (details needed for insurance billing (including Medi-Cal) and other payor workflows: verifying benefits, coverage, authorizations, referrals, and claims).
• Care-Related Data (e.g., intake forms, clinical assessments, scheduling details, messages you send through the Platform). When used or kept by your Provider, this may be PHI governed by the Provider’s HIPAA NPP.
• TalkDoc AI Interactions (prompts and outputs you exchange with “TalkDoc AI”). TalkDoc AI offers general support and is not a substitute for professional care. Do not enter emergency information here.
• Device & Usage Data (e.g., IP address, approximate location, browser/device info, pages viewed, time/date, diagnostics, and logs).
• Communications Data (your preferences and the content of email/SMS/app notifications and support requests).
• Payment Data (limited billing details where applicable; most financial processing is handled by our payment processors).
• Third-Party Sources (e.g., payors verifying eligibility; service providers supporting identity, fraud, or security; or analytics processors).

• Provide, maintain, and improve the Platform; operate telehealth logistics; and support your account.
• Match you with Providers, verify eligibility/benefits, process claims or copays, and coordinate care.
• Operate safety, security, fraud prevention, and integrity programs.
• Conduct analytics and quality improvement, including de-identifying or aggregating data and publishing non-identifiable insights (e.g., outcomes trends).
• Develop and improve TalkDoc AI. We may use de-identified/aggregated AI interaction data to train and evaluate features, but not in a way intended to re-identify you.
• Comply with law, respond to lawful requests, and enforce our Terms and policies.
• Provide limited marketing about our services (e.g., service updates or new availability), consistent with your preferences and applicable law. We do not use or disclose your health information for targeted advertising.

TalkDoc Co-Pilot is the clinical AI that assists your assigned clinician. It runs on-device, on that clinician’s own machine — not in a third-party AI cloud. This means your identifiable records are not shipped to an external large-model provider to be analyzed.

When your clinician uses Co-Pilot during or between visits (for example, to draft notes, summarize history, or suggest screeners), the underlying inference happens locally on their workstation. Identifiable PHI stays on the clinician’s machine for that workflow.

Where cloud compute is needed (for example, heavier workloads), we route the work through our zero-trust pipeline that first de-identifies the data (see Section 5). Identifiable PHI is not sent to third-party cloud inference services.

If and when your data is processed in the cloud for analytics, model inference, or quality improvement, it is de-identified first. De-identification is performed inside TalkDoc’s zero-trust pipeline before anything is emitted to cloud inference or cloud analytics systems.

In practice, direct identifiers (e.g., name, contact info, member ID, precise dates) and common indirect identifiers are stripped or transformed before cloud egress. Our pipeline is designed so that identifiable PHI does not cross the boundary into general-purpose cloud inference surfaces.

De-identified data may be used for product improvement, safety monitoring, model evaluation, and aggregate reporting. We do not attempt to re-identify you.

When identifiable records are stored in the cloud so that they can sync between you and your clinician, they are encrypted using keys such that only you (the patient) and the clinician(s) you’ve explicitly shared them with can decrypt them.

TalkDoc’s backend servers store opaque, encrypted blobs. TalkDoc itself does not hold the keys that unlock your records and cannot read them. If you add a clinician to your care team, your records are re-wrapped to that clinician’s key as part of an approval workflow; if you remove them, future records are no longer shared with them.

This means that a compromise of our server storage alone does not expose identifiable records. It also means that if you lose access to your keys we may not be able to recover records on your behalf; we provide recovery options through your account where feasible.

Today: synchronous (live) video visits run on AWS Chime under a HIPAA Business Associate Agreement (BAA). Video and audio are encrypted in transit and handled under that BAA.

Starting Q3 2026: synchronous video visits move to end-to-end encrypted WebRTCdirectly between you and your clinician. A TURN/relay server may help connect the call where a direct peer-to-peer connection is not possible, but the server will not hold decryption keys and will not be able to see or hear the video or audio of your visit.

Recordings (if any) are only created with appropriate consent and are treated as part of your clinical record under your Provider’s HIPAA NPP.

We use Mixpanel for product analytics, under a HIPAA Business Associate Agreement. Even with a BAA in place, we deliberately limit what we send to analytics.

We send things like:

• Page paths and navigation events.
• Generic CTA labels (e.g., “start-screening,” “book-visit”).
• Interaction types and coarse funnel stages.
• Pillar IDs and other non-identifying content identifiers.

We do not send things like:

• Your symptom text, chat messages, or intake free-text.
• Insurance or member IDs.
• Clinician–patient pairings or your assigned clinician’s identity.
• PHQ-9, GAD-7, or other clinical screener scores.
• Diagnoses, medications, or other clinical content.

We do not use analytics to target ads, and we do not allow third-party advertising pixels on pages or flows where you submit health information.

Today, TalkDoc provides mental health care (psychiatry and therapy) to members in California. We accept a growing list of insurances including Medi-Cal, commercial plans, and self-pay.

Primary care is launching late 2026 / early 2027. Additional specialties are on our roadmap. National expansion is planned through 2026–2027. We are not currently set up for procedures, hands-on exams, emergency care, or substance-use-disorder-specific intake; please see our Terms of Service for details.

Future feature — not currently in production.

We are building a per-appointment, revocable, explicit-consent flow that will let you opt in to share de-identified data from a specific visit and be compensated directlyfor that share.

Design principles we have committed to for this feature:

• Per-appointment. You decide visit-by-visit; there is no blanket “share forever” toggle.
• Revocable. You can withdraw a share going forward.
• Explicit consent. No pre-checked boxes, no dark patterns, no bundling with required care.
• De-identified only. Data leaves our zero-trust pipeline in de-identified form; we will not sell your data in identifiable form.
• Direct compensation. If a share is monetized, you receive the compensation directly, not a third party on your behalf.

This feature is on our roadmap and will only apply if you affirmatively opt in when it launches. Until then, member-compensated data sharing is not offered.

We use cookies and similar technologies to operate core features, remember preferences, measure site usage, and improve performance. Your browser may let you block or delete cookies; some features may not work without them.

To protect sensitive health information, we do not allow third-party advertising pixels on pages or flows where you submit health information and we do not disclose PHI or sensitive mental-health details to third parties for advertising. You may also opt out of certain analytics where available.

“Do Not Track” signals: we currently do not respond to DNT signals. You can use the controls described above (and our state privacy choices below) to manage certain data uses.

• With Providers to enable care delivery, scheduling, documentation, and coordination. Provider use of PHI is governed by the Provider’s HIPAA NPP.
• With Payors (including Medi-Cal and other insurers) for eligibility, authorizations, billing, case management, and quality programs.
• With Service Providers (Processors) that host, support, and secure our systems; provide analytics; process payments; send communications; or support customer service—under contracts restricting their use to our instructions.
• For Safety, Security, and Legal Reasons (e.g., to comply with law, respond to lawful requests, or protect rights).
• Business Transfers (e.g., merger, acquisition). We will require the successor to honor this Policy or notify you of changes.

We do not sell your Personal Information and do not share it for cross-context behavioral advertising. We prohibit disclosure of health information for targeted advertising.

Google Cloud Platform (GCP) is our primary forward infrastructure. We retain specific AWS services where they are currently the right tool for the job. Each vendor below that handles PHI has a HIPAA Business Associate Agreement (BAA) in place with us:

• Google Cloud Platform (GCP) — primary hosting, storage, and confidential-compute infrastructure. BAA in place.
• Amazon Web Services (AWS) — hosting and managed services where they are the right tool (for example, SMS delivery). BAA in place.
• AWS Chime — synchronous video visits today. BAA in place. Sync video moves to end-to-end encrypted WebRTC starting Q3 2026 (see Section 7).
• Mixpanel — product analytics. BAA in place. We intentionally restrict what is sent (see Section 8); we do not send symptoms, member IDs, clinician–patient pairings, or clinical screener scores.

We will update this list as infrastructure changes. Subprocessors used solely for non-PHI workloads (e.g., marketing site hosting) are not listed here.

Depending on where you live, you may have the right to request access, correction, deletion, portability, to opt out of sale/sharing/targeted advertising, and to appeal a denied request. These rights generally apply to data we control in a non-HIPAA context (they do not apply to PHI held by Providers under HIPAA).

• California (CCPA/CPRA) and other U.S. comprehensive privacy states (e.g., CO, CT, VA, UT, OR, TX, MT, IA, DE, NJ): you may submit a request via the contact options below. We will verify and respond as required by law.
• Washington “My Health My Data” (MHMDA) and Nevada SB370 (Consumer Health Data): we obtain consent where required to collect, use, or disclose consumer health data; we do not geofence health facilities for advertising; and you may request access/deletion of consumer health data we control, subject to legal exceptions.

To exercise rights, please contact us using the methods below. If your request pertains to PHI in your clinical record, contact your Provider (their HIPAA NPP applies).

The Platform is not directed to children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. Minors may use the Platform only with a parent or legal guardian’s consent and as permitted by law.

We retain information for as long as necessary to provide the Platform and for legitimate business needs (e.g., security, fraud prevention, accounting) and to comply with legal obligations. Providers may retain clinical records for the periods required by applicable law (often several years).

We implement administrative, technical, and physical safeguards designed to protect information (e.g., encryption in transit, access controls, and monitoring). No system can be guaranteed 100% secure. Where required, we will notify you of certain security incidents or breaches and take steps consistent with applicable law.

We operate in the United States and store data in the U.S. If you access the Platform from outside the U.S., you understand your information may be transferred to, stored, and processed in the U.S.

We may update this Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. If we intend to use your information in materially new ways, we will provide appropriate notice and choices.

Questions or requests about this Policy (or your privacy rights) can be submitted through your account or via the contact options on talkdoc.com. For clinical records (PHI), please contact your Provider directly.

For emergencies or immediate risks of harm, call 911. Do not use the Platform for emergencies.