Privacy Policy

Effective Date: May 1, 2025

1. Introduction

Your privacy is critically important to us. This Privacy Policy explains how we collect, use, disclose, and protect information in compliance with applicable laws, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). This Policy covers your interactions with our Single-Session Intervention (SSI) mobile application ("the App").

By using the App, you consent to the practices described in this Privacy Policy. Please read carefully.

2. Age Restrictions

Our App is intended solely for individuals who are 18 years of age or older. We do not knowingly collect or solicit personal information from individuals under the age of 18. If we discover that we have collected personal information from someone under 18, we will delete that information as quickly as possible. If you believe we might have information from or about a child under 18, please contact us at [support email].

3. Information We Collect

We collect the following types of information:

a. Personal Information:

• Name, email address, phone number, and payment details, provided by you upon registration and payment.

b. Protected Health Information (PHI):

• Session transcripts and notes related to mental health interventions, which may include sensitive personal information such as emotional states, concerns, and any provided personal health details.

c. Technical Information:

• Device information, IP addresses, usage data, and analytics collected automatically when using the App.

4. Use of Information

We use your information solely to:

• Provide personalized SSI sessions via our AI-powered chat interface.
• Process payments for sessions.
• Improve and customize your user experience.
• Provide technical support and respond to your inquiries.
• Comply with applicable laws and regulations, including HIPAA.

5. Data Storage and Protection

We comply strictly with HIPAA standards to protect your PHI:

• Encryption: Data stored at rest and in transit is protected by industry-standard encryption (AES-256 encryption for stored data, TLS encryption for data in transit).
• Access Controls: Data is restricted to authorized personnel with role-based access.
• Auditing and Monitoring: Regular audits and logs are maintained to monitor access and changes to data.
• Backup and Recovery: Encrypted backups are regularly created to ensure data recovery in case of loss or damage.

6. Disclosure of Information

We may disclose your information:

• To authorized employees or contractors requiring access to deliver services.
• When required by law or in compliance with a legal request (such as a court order).
• To third-party vendors or cloud services providers who comply with HIPAA and have signed a Business Associate Agreement (BAA) to ensure PHI protection.

7. Third-Party Integrations

We integrate third-party services, including OpenAI, to facilitate session interactions. To maintain compliance with HIPAA and protect your privacy:

• We ensure no personally identifiable or sensitive health data is transmitted to third parties without necessary anonymization.
• All third-party vendors adhere to data protection and confidentiality obligations.

8. User Rights and Control

You have the right to:

• Access, view, and download your stored session data.
• Request correction of incorrect personal information.
• Request the deletion of your personal data from our system.
• Withdraw consent to data processing at any time.

You can exercise these rights by contacting us at [support email].

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Upon request, or when data is no longer necessary, it is securely deleted or anonymized.

10. Data Breach Notification

In the unlikely event of a data breach involving your PHI, we will:

• Notify affected individuals within 60 days.
• Comply with all HIPAA-required notifications and reporting to regulatory authorities.

11. Changes to this Policy

We may update this Privacy Policy periodically. We will notify you of significant changes through the App, email, or via our website, and update the "Effective Date" at the top of this policy.

12. Contact Information

If you have questions or concerns regarding this Privacy Policy, please contact us at:

• Email: [support email]
• Address: [Company Address]
• Phone: [Support Phone Number]

Thank you for trusting us with your information. We are committed to protecting your privacy and ensuring compliance with all relevant regulations.