Last Updated: May 01, 2020
1. What Information Do We Collect?
a. Personally-Identifiable Information: We may collect personally identifiable information when you specifically and knowingly provide it to us (including health coaches or others providing services to you), for example when you sign up for a free trial, request support, register and account, or provide personal information such as your e-mail address, name, phone number, year of birth, height and weight, health details, or other information. Where applicable, personally identifiable information includes “personal data”, “personal information” and/or “sensitive personal information” each as defined in applicable law. Personally identifiable information that relates to your past, present, or future physical or mental health or condition is considered “protected health information” or “PHI”. We ask that you not disclose to us any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, biometrics or genetic characteristics, criminal background or trade union membership) on or through Services or otherwise. If you do send or disclose any sensitive personal data to us, you consent to our processing and use of such sensitive personal data in accordance with this policy.
We employ administrative, physical, and technical measures designed to protect personally identifiable information under our control from unauthorized access, use, and disclosure. In addition, when we collect, maintain, use, disclose, and process your personally identifiable information, we will do so using systems and processes consistent with the information privacy and security requirements of applicable federal and state laws, including as to PHI the Health Information Portability and Accountability Act of 1996 (“HIPAA”).
We provide some aspects of our Services through contracts with third parties such as cloud hosting, management consultants, quality assurance systems, analytics providers, and billing and collection services. We may share your personally identifiable information with such third party service providers so that they can perform the jobs that we have asked them to perform. We require all of our third party service providers to sign written agreements requiring that they appropriately safeguard your personally identifiable information and use it only as we direct.
This policy does not apply to the privacy practices of third parties that we do not own or control, including but not limited to (i) any employer or insurer that you consent to receive any personally identifiable information from us, or (ii) any third party website, service, application, or online resource to which the Service may link or otherwise reference (collectively “Third Party Services” or “TPS”) that you may access through the Services. We encourage you to carefully review the privacy policies and terms of service of any TPS that you access or consent to receive your personally identifiable information.
SimpleTherapy does not consider personally identifiable information to include information that has been anonymized so that it does not reasonably allow a third party to identify a specific individual or household. We collect and use your personally-identifiable information to: provide the Services; operate and improve our Service; provide customer service; perform research and analysis aimed at improving our products, Service and technology; and display content that is customized to your interests and preferences.
You may always choose not to provide personally identifiable information, but if you so choose, certain parts of the Service may not be available to you. If you have registered an account with us, you will have agreed to provide your personally identifiable information in order to access the Services. This consent provides us with the legal basis we require under applicable law to process your data. You maintain the right to withdraw such consent at any time. If you do not agree to our use of your personal data in line with this Policy, please do not use our Services.
b. Non-Personally-Identifiable Information: We may collect and aggregate non-personally identifiable information which is information which does not permit you to be identified or identifiable either by itself or in combination with other information available to a third party. This information may include information, such as a website that referred you to us, your IP address, browser type and language, hardware types, geographic location, and access times and durations. We also may collect navigational information, including information about the Service content or pages you view, the links you click, and other actions taken in connection with the Service.
c. Cookies, Pixels and Local Storage: We may collect information using “cookies”, which are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience when using the Services.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits any site or application that is party of the Services; and (2) third party cookies, which are served by service providers on sites or applications and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
The Services use the following types of cookies for the purposes set out below:
Type of cookie
These cookies are essential to provide you with services available through the Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of the sites or applications and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
These cookies allow the Services to remember choices you make when you use a site or application, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of your account, or preferences. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the Services.
Analytics and Performance Cookies
These cookies are used to collect information about traffic to the Services and how users use the Services. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to, the websites that referred them, the pages visited, what time of day they visited, whether they have visited before, and other similar information. We use this information to help operate the Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.
We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how the Services work. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies
You can find out more about how Google protects your data here: www.google.com/analytics/learn/privacy.html.
You can prevent the use of Google Analytics relating to your use of the Services by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB
Social Media Cookies
These cookies are used when you share information using a social media sharing button or “like” button on any site or application for the Services or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings. If you do not accept our cookies, you may experience some inconvenience in your use of the Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you use the Services
Do Not Track Signals
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
2. What Do We Do With The Information That We Collect?
Except as disclosed in this policy, SimpleTherapy does not share or sell your personal information to any outside parties.
a. SimpleTherapy will use the personally identifiable information directly provided by you solely for the purpose for which you have provided it, which may include:
• to access a free trial, register, use, operate, maintain, and improve the Service;
• to manage your account, including to communicate with you regarding your account;
• to share it with a third party that has authorized or is paying for your use of the Service, as specifically approved by you;
• to operate and administer any events or promotions you participate in on any site or application;
• to respond to your comments and questions and to provide customer service;
• to send you information including technical notices, updates, security alerts, and support and administrative messages;
• with your consent, to send you marketing e-mails about new opportunities, upcoming events, and other news, including information about products and services offered by us and our affiliates. You may opt-out of receiving such information at any time: such marketing emails tell you how to “opt-out.” Please note, even if you opt out of receiving marketing emails, we may still send you non-marketing emails. Non-marketing emails include emails about your account with us (if you have one) and our business dealings with you;
• to process payments you make via the Services;
• for training of our personnel or for legal and audit processes. When we use your personally identifiable information for our such purposes, we use only the information necessary; and
• as we believe necessary or appropriate (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities; (c) to enforce this policy or our Terms, or resolve disputes; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
We may share your information with service providers who perform services on our behalf, such as processing information requests, providing security services, displaying stored data you access, to assist us in marketing, to conduct audits, etc. Those companies will be permitted to obtain only the personal information they need to provide the service they provide, will be required to maintain the confidentiality of the information, and will be prohibited from using it for any other purpose.
We may also use information you provide to better serve you, and, if you have given your consent for us to do so, to send you email or text messages concerning offers from our partners and other third parties that we think may be of interest to you. If you do not wish to receive marketing emails, you may adjust your “Personal Information Preferences” as described below or follow the “unsubscribe” or “stop” instructions included within each communication.
We will only retain your personally identifiable information as long as reasonably required to provide you with the Services unless a longer retention period is required or permitted by law (for example, for regulatory purposes). Data collected via the YouTube API will be retained for a maximum of 30 days unless required to provide you with the Services or a longer retention period is required by law.
You may contact us anytime to opt-out of: (i) direct marketing communications; (ii) our collection, sharing or selling of your personal data; (iii) any new processing of your personal data that we may carry out beyond the original purpose; or (iv) if the General Data Privacy Directive of the European Union applies to you, the transfer of your personal data outside the European Union. Please note that your use of some of the Services may be ineffective upon opt-out.
b. Disclosure: As a general rule, SimpleTherapy will not disclose any of your personally identifiable information except under one of the following circumstances: we have your permission; we determine in good faith that it is legally required to be revealed by any relevant statute, regulation, ordinance, rule, administrative or court order, decree, or subpoena; information revealed during the course of SimpleTherapy’s enforcement of the policies and procedures of the Service, its application, and/or website; it is information that we determine must be disclosed to correct what we believe to be false or misleading information or to address activities that we believe to be manipulative, deceptive or otherwise a violation of law; where you are otherwise notified at the time we collect the data; where we need to share your information to provide the product or service you have requested; when such disclosure is made subject to confidentiality restrictions in connection with a sale, merger, transfer, exchange, or other disposition (whether of assets, stock, or otherwise) of all or a portion of the business conducted by SimpleTherapy. SimpleTherapy may share the non-personally identifiable information that SimpleTherapy gathers, in aggregate form only, with advertisers and other partners.
3. Your Rights
Consistent with applicable law, you may exercise any of the rights described in this section. See here for information on personal data rights requests and how to submit a request. Please note that we may ask you to verify your identity and request before taking action on your request.
a. Managing Your Information.
If you have an Account, you may access and update some of your information through your Account settings. You are responsible for keeping your personal information up-to-date.
b. Rectification of Inaccurate or Incomplete Information.
You have the right to ask us to correct inaccurate or incomplete personal information about you (and which you cannot update yourself within your Account, if any).
c. Data Access and Portability.
In some jurisdictions, applicable law may entitle you to request certain copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
d. Data Retention and Erasure.
We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. In certain jurisdictions, you can request to have all your personal information deleted entirely. Please note that if you request the erasure of your personal information:
• We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. For example, if we suspend an Account for fraud or safety reasons, we may retain certain information from that Account to prevent that user from opening a new Account in the future.
• We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, for tax, legal reporting and auditing obligations.
• Information you have shared with others (e.g., reviews, forum postings) may continue to be publicly visible on or through the Service, even after your Account is cancelled. Additionally, some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers.
• Because we maintain the Service to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
e. Withdrawing Consent and Restriction of Processing.
If we are processing your personal information based on your consent you may withdraw your consent at any time by changing your Account settings or by sending a communication to us specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing pursuant to the next section and pending the verification whether our legitimate grounds override your own.
f. Objection to Processing.
In some jurisdictions, applicable law may entitle you to require us not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defense of legal claims.
Where your personal information is processed for direct marketing purposes, you may, at any time ask us to cease processing your data for these direct marketing purposes by sending an e-mail to firstname.lastname@example.org.
g. Lodging Complaints.
You have the right to lodge complaints about our data processing activities by filing a complaint with us via the “Contact Us” section below or with a supervisory authority.
4. California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those third parties. See the “Contact Us” section below for where to send such requests.
5. Children’s Policy
The Terms of Service clearly provide that Users must be (i) 18 or older. SimpleTherapy does not knowingly collect personally identifiable information from users under 13. In the event that we learn that we have collected any personal information from a user under the age of 13, we will attempt to identify and delete that information from our database.
6. International Usage
The Service is owned by SimpleTherapy and may be accessed in the United States and abroad. Information collected may be retained, and may be stored, processed, accessed, and used in jurisdictions whose privacy laws may be different and less protective than those of your home jurisdiction. If you are located outside of the United States, please note that the information you provide to us may be transferred to the United States. By using the Service, application and/or website, you consent to such transfer. We will take reasonable steps to ensure that your data is treated securely and in accordance with this Policy.
7. Security and Encryption
We follow generally accepted industry standards to help protect your personal information. No method of transmission over the internet, mobile technology, or method of electronic storage, is completely secure. Therefore, while we endeavor to maintain physical, electronic, and procedural safeguards to protect the confidentiality of the information that we collect online, we cannot guarantee its absolute security. Our Service has security measures in place designed to protect against the loss, misuse and alteration of the information under our control. We use standard Secure Socket Layer (SSL) encryption that encodes information for such transmissions. All Service information is maintained on secure servers. Access to stored data is protected by multi-layered security controls including firewalls, role-based access controls and passwords. You are responsible to keep your password secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at email@example.com.
8. Changes to This Policy
9. Contact Us
For general inquires or to lodge a complaint, email us at firstname.lastname@example.org, or by mail to SimpleTherapy Data Inquiries, 39180 Farwell Drive, Suite 110, Fremont, CA 94538.
To opt-out of use of your data for direct marketing, email us at email@example.com.
To deactivate your account, go to your Account, click Settings, and then click Deactivate my account.
Deactivating an Account and an Account deletion request are two different things. When you choose to deactivate your account, you can reactivate it at a later date if you wish; when you delete your Account, no deleted information can thereafter be recovered. You can request permanent deletion of your personal data and closure of your Account at any point by submitting a deletion request to firstname.lastname@example.org. We may ask you to verify your identity before taking action on your request. Please include the subject line “Personal Data Right Request – Deletion Request”, and your country of residence.
To access your data, you can visit the Dashboard of your Account. If you would like to get a copy of some or all of the personal data we hold about you pursuant to applicable law, you can send us an email to email@example.com. Please note that we may ask you to verify your identity before taking further action on your request. Please include the subject line “Personal Data Right Request – Access Request”, provide us your country of residence, and provide as much information as you have regarding the data you would like a copy of.
To exercise a right to portability under applicable law, please email us at firstname.lastname@example.org and include the subject line “Personal Data Right Request – Portability Request” and your country of residence.
To object to our processing of some of your personal data where allowed under the laws of the jurisdiction where you reside, you may request that we not process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing, we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing, or such processing is required for the establishment, exercise, or defense of legal claims. You may exercise your rights to object to processing by sending us an email to email@example.com. Please include the subject line “Personal Data Right Request – Processing Objection”.
© 2020 SimpleTherapy, Inc. All rights reserved.