Pathwai Platform Privacy Policy

Last Updated on March 18, 2026

Pathwai Platform Privacy Policy

Last Updated on March 18, 2026

Pathwai Platform Privacy Policy

Last Updated on March 18, 2026

1. Introduction and Scope

BranchLab, Inc. (“BranchLab,” “we,” “us,” or “our”) provides the Pathwai platform (“Pathwai” or the “Platform”), a technology solution that helps healthcare marketers deliver relevant communications to audiences at appropriate stages of their care journey. We are committed to protecting privacy and operating transparently.

This Pathwai Platform Privacy Policy describes how we collect, use, process, and protect data in connection with the Pathwai platform and its associated services. It explains our data practices, the privacy-enhancing technologies we employ, your rights under applicable law, and the obligations of all platform users regarding the responsible use of Pathwai's data and outputs. By accessing or using the Pathwai platform, authorized users agree to be bound by the data use restrictions set forth in this policy, including the prohibited uses described in Section 3.

Scope of This Policy

This policy applies to the Pathwai platform and its data processing activities. For information about data collected through the BranchLab corporate website (branchlab.com), including contact forms and email inquiries, please see our Website Privacy Policy at branchlab.com/legal/privacy-policy.

Pathwai is a business-to-business platform used by authorized healthcare marketers and their agencies and media partners. Pathwai does not directly interact with consumers, patients, or the general public. However, because our platform processes de-identified health data to generate audience insights, we are committed to transparency about those practices and to honoring the rights of individuals whose data may be reflected in our aggregated datasets.

2. Data We Process and Its Sources

Understanding what data Pathwai processes—and what it does not—is central to understanding our privacy practices.

2.1 De-Identified Health Data

Pathwai processes de-identified health data that has been stripped of personal identifiers in accordance with the HIPAA Privacy Rule. This data is sourced from licensed third-party data providers and includes:

  • De-identified medical and dental claims data

  • De-identified pharmacy claims data

  • De-identified insurance eligibility data

  • Aggregated social determinants of health (SDoH) indicators

This data arrives at BranchLab already de-identified by our data suppliers. BranchLab does not receive, access, or store any protected health information (PHI) or personally identifiable information (PII) as part of its platform operations.

De-Identification Standard

The health data processed by Pathwai has been de-identified using one of the two methods established by the HIPAA Privacy Rule (45 CFR § 164.514):

  • Safe Harbor Method: Removal of all 18 categories of identifiers specified by HIPAA, with no actual knowledge that the remaining information could identify an individual; or

  • Expert Determination Method: A qualified statistical or scientific expert has determined that the risk of identifying an individual from the data is very small, applying accepted statistical and scientific principles and methods.

BranchLab maintains documentation of the de-identification methodology applied to all datasets we process. We do not claim to be a HIPAA covered entity or business associate; rather, we use HIPAA’s de-identification standards as a recognized framework for responsible data handling.

Expert Determination Certification

Where expert determination has been completed, a qualified expert has certified that the risk of identifying any individual from the data is very small. Under HIPAA, data that has undergone expert determination is not protected health information and falls outside the scope of the HIPAA Privacy Rule. BranchLab maintains de-identification certifications, including expert determination where applicable, for datasets processed within the Pathwai platform and periodically reassesses re-identification risk as data sources, linkage methods, and external datasets evolve.

Important

We acknowledge that de-identification reduces but does not eliminate all theoretical re-identification risk, and that certain state laws may impose obligations on de-identified data that differ from HIPAA. Our additional safeguards, described in Section 4, are designed to address these evolving standards.

2.2 What We Do Not Process

To be clear about the boundaries of our data practices, BranchLab and the Pathwai platform do not:

  • Collect, store, or process protected health information (PHI);

  • Access or use names, addresses, Social Security numbers, or other direct personal identifiers;

  • Use individual health records to target specific people through advertising platforms — audience activation is based on statistical population models, not on any individual's health data (see Sections 3.3 and 4.1 for details);

  • Track identified individuals across websites, apps, or devices based on their health information;

  • Purchase or use consumer browsing history, location data, or app usage data; or

  • Attempt to re-identify any individual from de-identified data.

2.3 Platform User Data

Separately from the health data described above, we collect limited information from authorized users of the Pathwai platform (i.e., employees or agents of our business clients) to administer platform access. This includes:

  • Name, business email address, and job title

  • Login credentials (passwords are encrypted and not accessible to BranchLab personnel)

  • Platform usage logs (queries run, features accessed, timestamps)

This platform user data is used solely for account administration, security monitoring, and platform improvement. It is not combined with or linked to any health data.

3. How We Use Data

Pathwai uses de-identified health data exclusively to generate aggregated, population-level audience insights for healthcare marketers. Specifically:

3.1 Audience Modeling

Pathwai builds cohort-level models that identify population segments likely to be interested in or receptive to information about specific healthcare treatments, therapies, and services. These models:

  • Operate at the population and cohort level, not the individual level;

  • Produce statistical probability scores for groups, not diagnoses or health status determinations for individuals;

  • Are designed to help healthcare marketers deliver relevant treatment-awareness communications to appropriate audiences; and

  • Use aggregate clinical signals — including diagnosis codes (e.g., ICD-10), treatment categories, procedure histories, and pharmacy data — applied at the population level to identify audiences likely to engage with relevant healthcare communications.

What This Means in Practice

When a healthcare marketer uses Pathwai, the platform helps them identify audience segments that are likely to be interested in learning about a specific treatment or therapy. Pathwai does not identify individuals with specific health conditions, generate lists of patients with diagnoses, or enable targeting based on a person’s inferred medical status. The output is always an aggregated audience cohort, not an individual health profile. While the platform uses clinical data signals at the population level to inform audience modeling, the output describes likely advertising engagement, not health status.

3.2 Campaign Performance Measurement

Pathwai provides aggregated, de-identified measurement of campaign performance, helping healthcare marketers understand whether their communications are reaching relevant audiences. Performance metrics are calculated at the campaign and cohort level and do not reveal information about any individual’s health status, behavior, or response.

3.3 Prohibited Users

BranchLab enforces the following restrictions on how Pathwai and its outputs may be used. These restrictions apply to both BranchLab and to all platform users:


  1. No individual-level health inference or targeting. Neither Pathwai nor any platform user may use the Platform to identify, single out, or target a specific individual based on that individual’s actual or inferred health condition, diagnosis, treatment, prescription, or procedure history. This prohibition applies regardless of the method used, including but not limited to:
    (a) Requesting a “list” of individuals with a specific condition (e.g., “give me a list of individuals who have HIV” is a prohibited request);
    (b) Constructing queries designed to narrow a population to a single person or a group small enough to be identifiable;
    (c) Combining Pathwai outputs with external data to re-associate health attributes with identified individuals; or
    (d) Using Pathwai’s audience segments as a proxy for individual health status determinations.


  2. Permitted audience building; prohibited individual inference. Pathwai builds audience segments using aggregate clinical signals, including diagnosis codes (e.g., ICD-10), treatment categories, procedure histories, and pharmacy data, applied at the population level to identify cohorts that cohorts likely to engage with communications about a therapeutic area. This is a permitted use. What is prohibited is any attempt to use these clinical signals to infer, determine, or assert the health status of any specific identifiable individual. The distinction is between:

    • Permitted: “Build me an audience of people likely interested in HIV treatment information.” This produces a statistical population segment.

    • Prohibited: “Tell me which specific people have HIV.” This seeks individual-level health inference.

Platform users acknowledge that audience segments are probabilistic models describing population characteristics, not diagnostic determinations about any person.


  1. No re-identification. No user, client, partner, or third party may attempt to re-identify any individual from Pathwai’s de-identified data, aggregated outputs, or audience segments, whether through combination with external data sources, reverse-engineering of audience parameters, inference from small population sizes, or any other method. Any suspected re-identification attempt or actual re-identification event must be reported to BranchLab immediately. Violation of this prohibition constitutes a material breach of the applicable subscription agreement and may result in immediate termination of platform access.


  2. No unauthorized downstream use. Audience segments generated through Pathwai are licensed for use solely in connection with the healthcare marketing campaigns authorized under the applicable subscription agreement. Platform users may not:
    (a) Use audience segments to build or enhance consumer profiles, identity graphs, or data products outside of the authorized campaign context;
    (b) Combine audience segments with external datasets in any manner that could enable individual-level health inference;
    (c) Resell, sublicense, or redistribute audience segments to parties not authorized under the subscription agreement; or
    (d) Retain audience segments beyond the campaign period specified in the subscription agreement.

Audience activation through authorized media partners is a permitted use, subject to the data handling requirements in the applicable insertion order or media partner addendum.


  1. Privacy-preserving audience activation. Pathwai activates audience segments through a process designed to prevent individual-level health data from being exposed to advertising platforms. Specifically:
    (a) Within the secure environment, de-identified health data is used to build statistical audience models;
    (b) These models are translated into audience segments that can be activated through advertising platforms using those platforms’ native identifiers (e.g., hashed identifiers, advertising IDs);
    (c) At no point in this process does an advertising platform receive individual health records, diagnosis codes, or clinical data—the platform receives only the audience segment membership, without the health data that informed the model.

Platform users and their media partners may not reverse-engineer audience segment parameters to infer health information about specific individuals, and may not enrich advertising identifiers with health data outside of the Pathwai secure environment.


  1. Minimum population thresholds. All audience segments produced by Pathwai must meet minimum population size thresholds established by BranchLab to prevent the identification of individuals within small populations. BranchLab will suppress or generalize query results that fall below these thresholds. Platform users may not attempt to circumvent these thresholds through iterative queries, geographic narrowing, or other methods designed to isolate small populations.

4. Privacy-Enhancing Technologies and Safeguards

BranchLab processes all health data within a secure secure environment that provides multiple layers of technical protection beyond de-identification alone.

4.1 Secure environment Architecture

BranchLab processes all health data within a secure, isolated computing environment (sometimes referred to in the industry as a “data secure environment”) that provides multiple layers of technical protection beyond de-identification alone. This secure environment has the following characteristics:

  • Data isolation: De-identified health data resides within the secure environment and cannot be exported at the individual record level. No raw data leaves the secure environment.

  • Query-only access: Platform users interact with data exclusively through Pathwai’s interface, which returns only aggregated, population-level results. Direct access to underlying data tables is not available.

  • Output controls: All query results pass through privacy screening that enforces minimum cohort sizes, applies rounding, and suppresses results that could risk identifying small populations.

  • Privacy-preserving activation bridge: The secure environment architecture maintains a strict separation between health data and advertising identifiers. Individual health records are never directly joined to or co-located with advertising identifiers within the secure environment. Audience activation is accomplished through a privacy-preserving bridging process in which statistical audience models—not individual health records—are used to define segment membership for activation through advertising platforms.

Segment membership is assigned based on modeled similarity to population-level characteristics, not on any individual’s health record. No advertising platform receives information sufficient to determine that a specific person has a particular health condition.

4.2 Access Controls and Monitoring

  • Authentication controls appropriate to the sensitivity of data accessed

  • Comprehensive audit trails logging all queries, data access events, and result exports

  • Automated monitoring for anomalous query patterns or potential re-identification attempts

  • Time-bound access: partner data access sessions expire and must be re-authorized

  • Regular access reviews and privilege audits

4.3 Organizational Safeguards

  • Data processing agreements with all data suppliers include contractual prohibitions on re-identification

  • Platform subscription agreements require users to adhere to acceptable use policies prohibiting individual-level health inference and re-identification

  • Annual third-party security assessments

We leverage AWS’s SOC 2-certified infrastructure.

5. How We Share Data

BranchLab shares data only in the limited circumstances described below. We do not sell personal information as that term is defined under applicable state privacy laws.

5.1 Aggregated Audience Insights

The primary output of Pathwai is aggregated audience insights delivered to authorized platform users (healthcare marketers and their agencies). These insights describe population-level cohort characteristics and do not contain individual-level data, personal identifiers, or information that could be used to identify a specific person.

5.2 Media Partners and Advertising Platforms

Pathwai activates audience segments through authorized media partners and advertising platforms. In this process, audience segment membership information is shared with these partners to enable campaign delivery. This information consists of audience segment membership delivered through those platforms' native audience identifiers, and does not include individual health records, diagnosis codes, or clinical data.

All media partners are bound by contractual data handling requirements that prohibit the use of audience segment data for purposes other than authorized campaign delivery, including any attempt to infer individual health information from audience segments.

5.4 Legal and Regulatory Disclosures

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of BranchLab, our clients, or the public.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, data processed by Pathwai may be transferred to the acquiring entity. We will provide notice before any such transfer and the acquiring entity will be bound by the terms of this Privacy Policy.

5.6 With Your Consent

We may share platform user information (as described in Section 2.3) for purposes you have specifically authorized. We will obtain your affirmative consent before any such sharing.

6. Data Retention and Deletion

We retain data only as long as necessary for the purposes described in this policy, or as required by law.

  • De-identified health data: Retained within the secure environment for the duration of the applicable data license agreement. When a license expires or is terminated, data is securely deleted within 30 days.

  • Aggregated audience insights: Retained for 12 months to support campaign measurement, after which they are deleted or further aggregated.

  • Platform user accounts: Retained for the duration of the business relationship. Upon account termination, personal data is deleted within 30 days, except as required for legal compliance or audit purposes.

  • Platform usage logs: Retained for 12 months for security and compliance monitoring, then deleted.

All deletion is performed using secure methods designed to render data unrecoverable.

7. Your Privacy Rights

BranchLab is committed to honoring the privacy rights of all individuals, regardless of jurisdiction. Because the Pathwai platform processes de-identified, aggregated data, we do not possess information that can be linked to a specific identifiable individual. However, we recognize that applicable laws may grant rights related to data we process, and we will work in good faith to address any request.

7.1 Rights for All Individuals

Any individual may contact us to:

  • Request information about the categories of data we process and the purposes for which we process it

  • Ask whether we hold data that could be associated with them (in most cases, we will not, given our de-identification practices)

  • Request deletion of any data we may hold that is associated with them

  • Opt out of any processing that could constitute a sale or sharing of personal information under applicable law

7.2 State-Specific Rights

Residents of certain states have additional rights under state privacy laws. We honor these rights as described below.

Jurisdiction

Your Rights

California (CPRA)

Right to know, delete, correct, and opt out of sale/sharing of personal information. Right to limit the use and disclosure of sensitive personal information. We honor the Global Privacy Control (GPC) signal as a valid opt-out request.

Colorado (CPA)

Right to access, correct, delete, and opt out. Right to opt out of profiling. We process sensitive data inferences in accordance with Colorado law, including deletion requirements. We honor universal opt-out mechanisms including GPC.

Connecticut (CTDPA)

Right to access, correct, delete, and opt out. Connecticut law requires affirmative opt-in consent for the collection and use of consumer health data. We obtain such consent where required and honor all opt-out requests.

Washington (MHMDA)

Right to access and delete consumer health data. Right to opt out of the sale and sharing of consumer health data. Right to opt out of the use of consumer health data for targeted advertising. BranchLab is committed to compliance with the MHMDA and maintains that its audience modeling outputs, which are derived from HIPAA-de-identified data and subject to minimum cohort size requirements, are designed to satisfy the MHMDA's de-identification exemption. BranchLab publicly commits to process de-identified data only in a de-identified fashion and will not attempt to re-identify any individual.

Virginia (VCDPA)

Right to access, correct, delete, and opt out. Right to opt out of targeted advertising and profiling.

Other States

We monitor the evolving state privacy landscape and honor rights requests from residents of all states with applicable comprehensive privacy legislation, including but not limited to Utah, Nevada, Florida, Oregon, Texas, Montana, Iowa, Indiana, and Tennessee.

7.3 How to Exercise Your Rights

To submit a privacy rights request, contact us at:

We will acknowledge your request within [5] business days and respond substantively within the timeframe required by your state’s law (typically 45 days, with extensions available under certain circumstances). We may need to verify your identity before processing your request. You will not be charged a fee or treated differently for exercising your rights.

8. Global Privacy Control and Browser Signals

BranchLab honors the Global Privacy Control (GPC) signal as a legally valid opt-out request in all jurisdictions where required, including California, Colorado, and Connecticut.

When we detect a GPC signal from your browser:

  • We treat it as a request to opt out of the sale or sharing of personal information associated with that browser or device

  • We apply the opt-out across our services and extend it to our service providers

  • We do not require additional verification for GPC-based opt-out requests

  • The opt-out remains in effect unless and until you affirmatively revoke it

Consumers who wish to exercise privacy preferences may enable GPC through a supported browser or browser extension. More information is available at globalprivacycontrol.org.

For legacy Do Not Track (DNT) signals, which lack a uniform technical standard, we treat these as an indication of privacy preference and process them in the same manner as GPC signals as a matter of best practice.

9. Consumer Health Data Practices

Certain state laws, including the Washington My Health My Data Act (MHMDA) and amendments to the Connecticut Data Privacy Act (CTDPA), define “consumer health data” broadly to include health information that is inferred or derived from non-health data. BranchLab takes these laws seriously and provides the following disclosures in compliance with their requirements.

9.1 Categories of Consumer Health Data

Pathwai processes the following categories of de-identified data that may constitute “consumer health data” under applicable state law:

  • Aggregated medical and dental claims information (de-identified);

  • Aggregated pharmacy claims information (de-identified);

  • Aggregated insurance eligibility information (de-identified); and

  • Population-level statistical models derived from the above categories.

9.2 Purposes of Collection and Processing

  • To build cohort-level audience models that identify population segments likely to be receptive to healthcare treatment communications;

  • To measure the aggregate effectiveness of healthcare marketing campaigns; and

  • To improve the accuracy and relevance of our audience modeling technology.

9.3 Categories of Third Parties

Consumer health data (in de-identified, aggregated form) may be shared with:

  • Cloud infrastructure and data hosting providers;

  • Authorized platform clients — healthcare marketers and their agencies who receive aggregated audience insights (not individual-level data);

  • Authorized media partners and advertising platforms — who receive audience segment membership for campaign activation (not individual health records or clinical data); and

  • Security and compliance monitoring providers.

9.4 Consent and Choice

Where applicable law requires affirmative consent for the collection, use, or sharing of consumer health data, BranchLab obtains such consent through its data supply chain. Our data license agreements require that data suppliers represent and warrant that they have obtained all necessary authorizations, consents, and de-identification approvals before providing data to BranchLab.

Individuals may exercise the following choices with respect to consumer health data:

  • Opt out of the sale or sharing of consumer health data;

  • Opt out of the use of consumer health data for targeted advertising; or

  • Request access to or deletion of consumer health data.

To exercise any of these rights, contact privacy@branchlab.com.

9.5 MHMDA De-Identification Compliance

BranchLab is committed to compliance with the Washington My Health My Data Act and maintains that its processing of de-identified health data is designed to satisfy the MHMDA's de-identification exemption because:

  1. The data, as processed within the secure environment and subject to minimum cohort size requirements enforced through a combination of platform controls and operational review, is designed so that it cannot reasonably be used to infer health information about or be linked to an identified or identifiable consumer;

  2. BranchLab maintains technical, contractual, and organizational measures designed to ensure the data cannot be re-associated with any individual; and

  3. BranchLab publicly commits, through this policy and its data processing agreements, to process such data only in a de-identified fashion and not to attempt re-identification.

BranchLab extends these commitments contractually to all downstream recipients of audience segment data.

For the avoidance of doubt, Pathwai’s audience segment outputs describe cohort-level engagement likelihood – not individual health status. Membership in an audience segment does not constitute a health inference about any specific consumer, because segment membership reflects a statistical similarity to population-level patterns rather than any determination about an individual’s health condition, diagnosis, or treatment history.

10. Data Security

BranchLab maintains a comprehensive information security program designed to protect data throughout its lifecycle. Our safeguards include:

Technical Controls

  • Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent)

  • Network segmentation isolating the secure environment from other systems

  • Automated vulnerability scanning and patch management

  • Intrusion detection and prevention systems

  • Secure software development lifecycle practices

Access Controls

  • Multi-factor authentication required for all platform access

  • Role-based access control with least-privilege principles

  • Regular access reviews and prompt deprovisioning upon role changes or termination

  • Segregation of duties between data operations and platform administration

Governance and Oversight

  • Annual third-party penetration testing and security assessments

  • Employee and contractor security awareness training, with specific modules on health data handling

  • Incident response plan with defined procedures, roles, and notification timelines

  • Regular review of security practices against evolving threats and regulatory expectations

11. Breach Notification

In the event of a security incident involving unauthorized access to, or disclosure of, data processed by Pathwai, BranchLab will:

  • Investigate the incident promptly and take steps to contain and remediate it

  • Notify affected individuals and applicable regulators without unreasonable delay, and within the timeframes required by applicable law

  • Provide notice to the Federal Trade Commission as required under the FTC Health Breach Notification Rule, if applicable

  • Cooperate with regulatory investigations and provide all legally required information

BranchLab maintains an incident response team with defined escalation procedures to ensure timely and effective response to security events.

12. Children’s Privacy

The Pathwai platform is a business-to-business service not directed at consumers, including children. We do not knowingly process data that identifies children under the age of 13 (or under the age of 16, where required by applicable law). The de-identified datasets we process do not contain information capable of identifying individuals of any age. If we become aware that our data processing has inadvertently involved identifiable information about a child, we will take prompt steps to delete such information.

13. Data Broker Disclosure

Certain state laws classify entities that collect, aggregate, or sell consumer data as “data brokers” and require registration and specific disclosures. BranchLab evaluates its obligations under each applicable state’s data broker laws on an ongoing basis.

BranchLab does not believe it meets the definition of a “data broker” under applicable state laws, because it does not collect personal information directly from consumers, does not maintain individual level consumer profiles, and processes only de-identified, aggregated health data sourced from licensed third-party providers. BranchLab monitors data broker registration requirements on an ongoing basis and will register in any jurisdiction where it determines registration is required.

Regardless of data broker classification, BranchLab provides all individuals with the ability to:

  • Request information about the categories of data we process

  • Opt out of any sale, licensing, or sharing of data associated with them

  • Request deletion of data associated with them

These rights may be exercised by contacting privacy@branchlab.com.

14. International Data Practices

Pathwai currently processes data derived from the United States healthcare system. Our data processing infrastructure is located in the United States. We do not currently process data subject to the European Union’s General Data Protection Regulation (GDPR) or the United Kingdom’s Data Protection Act 2018. Should our operations expand internationally, we will update this policy to reflect applicable data protection requirements.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Effective Date” and “Last Revised” dates at the top of this policy

  • Notify platform users via email or in-platform notification

  • Post a prominent notice on our website for at least 30 days

We encourage you to review this policy periodically. Your continued use of the Pathwai platform after the effective date of a revised policy constitutes acceptance of the revised terms.

16. Contact Information

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Privacy Inquiries

BranchLab, Inc.
Email: privacy@branchlab.com

For rights requests, please include sufficient information for us to verify your identity and understand the nature of your request. We will respond within the timeframe required by applicable law.