We are looking for 12 therapists!

 

Privacy Policy for Recouple

Legal Entity and Ownership

Recouple is a product managed and operated by Sodasoft LLC, a company registered in the United States. Our registered office address is:

Sodasoft LLC

30 N Gould St.

Sheridan, WY 82801

For any legal inquiries or concerns regarding your data, please refer to the contact information provided above, or contact Sodasoft LLC directly at the address above.

Introduction to Our Privacy Practices

At Recouple, we recognize the importance of privacy and are committed to ensuring the confidentiality and security of all personal data we collect, store, and process. Our mission is to provide a safe, secure, and trustworthy environment where therapists and patients can connect and interact without concerns over the privacy of their personal information. This Privacy Policy aims to transparently explain our data handling practices and affirm our commitment to protecting your privacy rights.

Contact Information of Our Data Protection Officer (DPO)

Recouple has appointed a Data Protection Officer (DPO) to oversee and ensure the compliance of our data protection strategies with GDPR and other relevant laws. If you have any questions about this privacy policy or concerns about how we handle your personal data, please contact our DPO at:

Email: [email protected]

The DPO is available to answer any queries you might have about our processing of your personal data and is responsible for assisting with requests to access, correct, or delete personal information held by Recouple.

Recouple Privacy Policy Overview

Understanding Our Privacy Practices

We aim for transparency and ease of understanding in our Privacy Policy. Should you have questions while reading, please contact us at [email protected].

Who We Are

Our website address is: https://recouple.com. We’re a platform connecting therapists and patients for online counseling and therapy services.

Changes to This Document

This Privacy Policy may evolve. When we make significant changes, we’ll notify you through our website or app during your login process. Regular reviews of this policy are encouraged.

Navigating This Policy

This document covers various aspects of data handling, categorized for your convenience. If you’re seeking information on a specific topic, click the relevant section to jump straight there.

1. Data Collection and Processing

What Data Do We Collect, Store, and Process?

Identity and Contact Data: Includes names, usernames, email addresses, and telephone numbers.

Financial Data: Payment and billing information, which we encrypt and process securely.

Health and Therapy Data: Information you share with your therapist, including therapy session notes and health history.

Technical Data: Includes internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, and platform.

Profile Data: Your username and password, appointments made, your interests, preferences, feedback, and survey responses.

Usage Data: Information about how you use our website, products, and services.

Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

Why Do We Collect and Process This Data?

•To provide and manage your account and our services.

•To communicate with you about your appointments, account, or any changes to our policies or services.

•For internal research and development purposes and to improve, test, and enhance the features and functions of our services.

•To understand how you use our service, which helps us develop more interesting and relevant content and services.

•To detect and prevent fraud or illegal activities.

•For financial processing and to prevent fraudulent transactions.

•To provide customer support, and to ensure we can contact you if needed.

How Is This Data Collected?

Direct Interactions: Such as signing up for an account, filling out forms, or corresponding with us by post, phone, email, or through chat.

Automated Technologies or Interactions: Such as web server logs that collect technical data about your equipment, browsing actions, and patterns.

Third Parties or Publicly Available Sources: Such as analytics providers, advertising networks, search information providers, or from therapists who use our platform to provide services to you.

What Do We Mean by ‘Process’?

The term ‘process’ in the context of this policy includes any operation or set of operations performed on personal data, whether or not by automated means. This encompasses collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing, or destroying data.

Sub-Processors

Recouple uses a number of trusted third-party sub-processors to help provide our services. These may include cloud hosting providers, customer relationship management systems, and analytics services. All sub-processors are subject to strict data processing terms and security reviews to ensure they meet our privacy standards and legal requirements.

Anonymization of Personal Data

Where possible, Recouple anonymizes personal data to protect user privacy. Anonymization involves modifying personal data so that no individual can be identified from the data, either by itself or when combined with other data.

Obtaining and Withdrawing Consent

Consent is explicitly requested when you sign up for our services or at the point of data collection where required by law. Detailed information on the purpose of the data processing is provided at the time of consent. You can withdraw your consent at any time by accessing the settings in your account or by contacting our support team directly.

Specific Examples of Data Use

Health and Therapy Data: This information is critical for tailoring your therapy sessions. For example, knowing your mental health history allows therapists to design more effective treatment plans that address your specific needs.

Financial Data: When you make payments for our services, this data helps us process transactions securely and enables us to implement fraud prevention protocols to protect your financial information.

Technical and Usage Data: This data helps us identify how you interact with our platform which can lead to direct improvements in website functionality. For instance, if we notice that many users struggle with a particular feature, we can redesign that aspect for better usability.

Marketing and Communications Data: By understanding your preferences in receiving marketing communications, we can send you offers and information that are most relevant to your interests, thereby enhancing your experience with our services.

2. Data Sharing

Why Do We Share Your Data?

With Service Providers: We share data with third parties that help us operate and improve our services, such as payment processing, analytics, and email delivery.

For Legal Reasons: We may share information if required by law, if we believe in good faith it is necessary to protect our rights, or to comply with a legal proceeding, court order, or a legal request from a law enforcement agency.

With Your Consent: We will share data with third parties when we have your express consent to do so.

Who Are the Recipients of Your Data?

Service Providers: Companies that provide services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service.

Legal and Regulatory Authorities: If required for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Third Parties: In the context of a sale of some or all of our business, we will share your data with third parties involved in the transaction.

Do We Sell Your Data?

No, Recouple does not sell any client or therapist information to third parties.

How Do You Protect My Shared Data?

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our data processing activities, including encryption, firewalls, and anti-virus software to prevent unauthorized access to your data.

Types of Service Providers

Cloud Hosting Services: Such as Google Cloud Services, which store and manage data.

Analytics Services: Such as Google Analytics, which help us understand how our services are used.

Payment Processors: Such as Stripe, which handle transactions.

Customer Support Platforms: Such as Zendesk, which help us manage user inquiries.

Ensuring Compliance by Service Providers

•Recouple enters into data processing agreements with all service providers, requiring them to meet the privacy standards set forth in GDPR, CCPA, and other relevant laws.

•We conduct regular audits of service providers to ensure their compliance with our standards and legal obligations.

•Service providers are required to notify us immediately in case of a data breach or non-compliance and provide a remediation plan.

3. Data Retention, Erasure, and Exporting

How Long Do We Retain Your Data?

Comments and Contact Forms: Indefinitely, to recognize and approve follow-up comments and to provide continuous customer support.

Account Data: As long as your account remains active plus a period necessary to comply with applicable legal or record-keeping requirements.

Health and Therapy Data: Retained in accordance with healthcare industry standards and regulations to ensure continuity of care.

Financial Data: For a period after the completion of the transaction to comply with financial auditing requirements.

Technical and Usage Data: Typically retained for a short period for system administration and platform improvement purposes.

How Can You Manage Your Data?

•You may request access to, correction of, or deletion of your personal data at any time.

•You can also request the transfer of your personal data to another service provider (data portability).

•If you wish to exercise any of these rights, please contact us through the contact information provided on our website.

Data Erasure Requests

You may request that we erase certain data where it is no longer necessary for us to retain it for the purpose it was collected, or if you wish to withdraw consent where consent was the basis for processing. To request data erasure, please submit a request through your account settings or contact our support team.

Data Exporting

You have the right to receive a copy of the personal data we hold about you in a structured, machine-readable format and to request that we transfer this data directly to another service provider.

Data Retention Periods Detailed

Comments and Contact Forms: Retained indefinitely to facilitate ongoing communications and user engagement.

Account Data: Kept for the duration of the user’s account activity plus an additional seven years for compliance with tax and accounting requirements.

Health and Therapy Data: Stored for a minimum of ten years in compliance with healthcare regulations to ensure continuity of care and for use in potential legal proceedings or insurance claims.

Financial Data: Transaction records are retained for a period of seven years to comply with financial auditing standards.

Technical and Usage Data: Typically stored for no longer than two years, used primarily for system administration and to improve platform functionality.

Managing Your Data

Users can access, review, and modify their personal data at any time through their account settings on our platform. To request data erasure or portability, users can submit a request via their account settings or contact our customer support directly. Detailed instructions and the form for these requests are available on our support and FAQ pages.

Data Erasure and Exporting Procedures

Erasure Requests: Upon request, data that is no longer necessary for the purpose for which it was collected and has no legal requirement for retention will be securely deleted.

Data Exporting: Users have the right to request a copy of their data in a structured, commonly used, and machine-readable format, which can also be transmitted directly to another controller if technically feasible.

4. Security and Anonymity

How Do We Keep Your Data Secure?

•We employ industry-standard security measures such as SSL encryption, firewalls, and secure data storage facilities.

•Regular security audits and monitoring are conducted to ensure our measures are effective and up to date.

•Access to personal data is strictly limited to personnel who require it to perform their job functions.

How Do You Remain Anonymous While Using Recouple?

•While we require some personal information for account creation, you have the option to choose a username that does not reveal your identity.

•We recommend using an email address that does not contain your full name if you wish to increase anonymity.

Who Has Access to the Conversations with Your Therapist?

•All communications with your therapist are confidential and encrypted.

•Access to these conversations is strictly limited to you and your therapist, except as required by law or with your explicit consent.

Security Measures

•We use SSL/TLS encryption for data transmitted over the internet.

•Our servers are protected by high-grade firewalls and have strict access controls in place to prevent unauthorized access.

•Regular penetration testing is conducted by external security experts to ensure the robustness of our security measures.

•We adhere to the principles of “privacy by design” and “privacy by default” to ensure that personal data protection is embedded within the entire life cycle of personal data processing.

Maintaining Anonymity

•Users are encouraged to use pseudonyms or usernames that do not disclose their real names.

•Email addresses that do not contain personal information are recommended to enhance privacy.

•We provide users with tools to manage the visibility of their data on our platform, ensuring that they can maintain a level of anonymity consistent with their comfort and privacy preferences.

Access Control

•Access to sensitive data is strictly restricted to authorized personnel who need the data to perform their job functions.

•Training on data protection and security is regularly provided to all employees who handle personal data.

•Our access control policies are regularly reviewed and updated to adapt to new security technologies and potential threats.

5. Cookies and Tracking Technology

What Are Cookies and Web Beacons?

Cookies: Small text files stored on your device when you visit a website. They are used to remember your preferences, login information, and browsing habits.

Web Beacons: Tiny graphics with a unique identifier that are used to track user activity and are similar in function to cookies.

What Do We Use Them For?

•To enhance and personalize your experience on our platform.

•To analyze site traffic and trends, which helps us improve the functionality and user experience.

•For targeted advertising, only if you have opted in.

How Can You Manage Cookies and Web Beacons?

•You have the option to accept or decline cookies by modifying your browser settings.

•To opt-out of web beacons, you can adjust the settings within the email client or app to prevent automatic downloading of images.

Detailed Cookie and Tracking Technology Use

Functionality Cookies: Used to recognize you when you return to our platform. They enable the personalization of content, greet you by name, and remember your preferences (e.g., choice of language or region).

Performance Cookies: Collect information about how you use our website, such as which pages you visit most often, and if you receive error messages from web pages. This helps us improve the performance of our website.

Advertising Cookies: Used to deliver adverts more relevant to you and your interests. They also help measure the effectiveness of advertising campaigns.

Analytical Cookies: Help us understand user behavior, allowing us to customize and improve your user experience.

Managing Your Preferences

•You can manage your cookie preferences through your browser settings where you can refuse the setting of all or some cookies. We provide easy-to-follow instructions on our website under the ‘Cookie Settings’ section.

•For web beacons used in our email communications, you can manage your preferences by changing your email client settings to prevent the automatic downloading of images, which disables web beacons.

6. Additional Legal Notices

Regional Specific Compliance Notices

California Residents: As per the California Consumer Privacy Act (CCPA), you have specific rights around the access to, deletion of, and sharing of your personal data. We provide detailed instructions on how you can exercise these rights on our dedicated CCPA compliance page.

European Economic Area (EEA), United Kingdom, and Switzerland Residents: Rights under the General Data Protection Regulation (GDPR) and UK GDPR are detailed on our dedicated GDPR compliance page, including how to access, correct, delete, or transfer your data. Information on data transfers outside the EEA and UK and the safeguards in place is also provided.

For Non-US/UK/EU Residents: We aim to protect your data to a standard that meets or exceeds your local privacy laws. Specific rights and protections for users from other jurisdictions are available on our dedicated International Users page.

Compliance with Sector-Specific Regulations

If applicable, Recouple complies with sector-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) in the U.S., which affects how health-related information is processed and shared. Detailed information about our compliance with other relevant regulations is available on our Legal Compliance page, which is regularly updated to reflect the latest regulatory developments.

7. Policy on Children’s Data

Recouple is committed to protecting the privacy of children. Our platform is not designed for or intentionally targeted at children under the age of 16. We do not knowingly collect or solicit personal information from children under the age of 16 without obtaining verifiable parental consent.

If we become aware that we have collected personal data from a child under the age of 16 without parental consent, we will take steps to delete that information from our servers immediately. If you believe that we might have any information from or about a child under 16, please contact us at [email protected].

We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal data on our platform without their permission.

8. Updates and Changes to the Policy

Recouple is committed to keeping our privacy practices up to date and compliant with the latest legal and technical standards. As such, this Privacy Policy may be periodically updated to reflect changes in our data practices, legal requirements, or advances in privacy protection technologies.

Notification of Changes

Direct Communication: We will notify you of significant changes to our Privacy Policy through direct communication methods such as email, notifications within the service, or a prominent announcement on our website.

Review Opportunity: Before any substantial changes take effect, we will provide a reasonable period for you to review the changes and make informed decisions about continued use of our platform.

Feedback Mechanism: We encourage feedback on our policy updates. You can send your thoughts or concerns to our dedicated email address for privacy matters, allowing us to consider user input in our privacy practices.

Access to Previous Versions

To ensure transparency, previous versions of our Privacy Policy will be archived and accessible to the public. This allows you to see how our data handling practices evolve over time.

9. Breach Notification Procedures

Recouple takes the security of your data very seriously and has implemented strong protective measures. However, in the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we have established the following breach notification procedures:

Immediate Response: Upon discovery of a breach, our rapid response team is activated to contain and assess the situation. This team includes IT security, legal, and communication experts.

Notification Timeline: If the breach poses a risk to your personal data, we will notify you and the appropriate regulatory authorities within 72 hours of becoming aware of the breach, in accordance with GDPR and other applicable laws.

Notification Content: The notification will provide details of the breach, including the likely consequences and the measures taken or proposed to be taken by Recouple to address the breach. We will also provide guidance on steps you can take to protect yourself from potential harm.

Ongoing Communication: We commit to keeping you informed about how the breach is being managed, including any developments and additional protective measures you should take.

Transparency: We will maintain transparency throughout the process and ensure that all affected parties are promptly informed about relevant information regarding the breach.

10. Language and Accessibility

Recouple is dedicated to ensuring that our privacy policy is accessible and understandable to all users. We have taken the following steps to enhance the accessibility and comprehensiveness of our policy:

Plain Language: This policy is written in plain language to ensure that everyone, regardless of legal or technical expertise, can understand our data practices.

English Only: Our privacy policy is available only in English. We are committed to ensuring that the policy is clear and comprehensible to our users.

Visual Aids: Where appropriate, we include diagrams and flowcharts to illustrate data flows and processing activities, making complex information more digestible.

Accessibility Features: Our website supports accessibility features such as text-to-speech and high-contrast modes to assist users with disabilities.

Feedback and Improvements: We welcome feedback on the accessibility and clarity of our policy. Please contact us with suggestions or comments, and we will consider them in our ongoing accessibility improvement efforts.

11. Cross-border Data Transfers

Recouple operates globally, and thus, your personal data may be transferred to, stored, and processed in a country other than your own. These countries may have data protection laws that are different from those of your country. In such cases, Recouple takes careful measures to ensure that your personal data remains protected to the standards outlined in this policy.

Safeguards for International Data Transfers Include:

Adequacy Decisions: Where possible, we transfer personal data to countries that have been deemed to provide an adequate level of data protection by the European Commission or other relevant bodies.

Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, we rely on Standard Contractual Clauses approved by the European Commission, ensuring that personal data transferred outside the EEA is maintained with equivalent levels of security.

Binding Corporate Rules (BCRs): For intra-company transfers, Recouple may use Binding Corporate Rules that have been approved by European data protection authorities to ensure compliance across our global operations.

Privacy Shield Framework: Although the Privacy Shield Framework has been invalidated, we are actively monitoring and adapting to the latest regulatory guidance to ensure compliance with the GDPR during data transfers to the US.

Data Transfer Impact Assessments

For any new data transfer mechanisms or changes in international data transfer scenarios, we conduct thorough impact assessments to identify risks and implement mitigating measures before proceeding with the transfer.

12. Policy on Children’s Data

Recouple is committed to protecting the privacy of children. Our platform is not designed for or intentionally targeted at children under the age of 16. We do not knowingly collect or solicit personal information from children under the age of 16 without obtaining verifiable parental consent.

If we become aware that we have collected personal data from a child under the age of 16 without parental consent, we will take steps to delete that information from our servers immediately. If you believe that we might have any information from or about a child under 16, please contact us at [email protected].

We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal data on our platform without their permission.

13. Updates and Changes to the Policy

Recouple is committed to keeping our privacy practices up to date and compliant with the latest legal and technical standards. As such, this Privacy Policy may be periodically updated to reflect changes in our data practices, legal requirements, or advances in privacy protection technologies.

Notification of Changes:

Direct Communication: We will notify you of significant changes to our Privacy Policy through direct communication methods such as email, notifications within the service, or a prominent announcement on our website.

Review Opportunity: Before any substantial changes take effect, we will provide a reasonable period for you to review the changes and make informed decisions about continued use of our platform.

Feedback Mechanism: We encourage feedback on our policy updates. You can send your thoughts or concerns to our dedicated email address for privacy matters, allowing us to consider user input in our privacy practices.

Access to Previous Versions:

To ensure transparency, previous versions of our Privacy Policy will be archived and accessible to the public. This allows you to see how our data handling practices evolve over time.

14. Breach Notification Procedures

Recouple takes the security of your data very seriously and has implemented strong protective measures. However, in the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we have established the following breach notification procedures:

Immediate Response: Upon discovery of a breach, our rapid response team is activated to contain and assess the situation. This team includes IT security, legal, and communication experts.

Notification Timeline: If the breach poses a risk to your personal data, we will notify you and the appropriate regulatory authorities within 72 hours of becoming aware of the breach, in accordance with GDPR and other applicable laws.

Notification Content: The notification will provide details of the breach, including the likely consequences and the measures taken or proposed to be taken by Recouple to address the breach. We will also provide guidance on steps you can take to protect yourself from potential harm.

Ongoing Communication: We commit to keeping you informed about how the breach is being managed, including any developments and additional protective measures you should take.

Transparency: We will maintain transparency throughout the process and ensure that all affected parties are promptly informed about relevant information regarding the breach.

15. Language and Accessibility

Recouple is dedicated to ensuring that our privacy policy is accessible and understandable to all users. We have taken the following steps to enhance the accessibility and comprehensiveness of our policy:

Plain Language: This policy is written in plain language to ensure that everyone, regardless of legal or technical expertise, can understand our data practices.

English Only: Our privacy policy is available only in English. We are committed to ensuring that the policy is clear and comprehensible to our users.

Visual Aids: Where appropriate, we include diagrams and flowcharts to illustrate data flows and processing activities, making complex information more digestible.

Accessibility Features: Our website supports accessibility features such as text-to-speech and high-contrast modes to assist users with disabilities.

Feedback and Improvements: We welcome feedback on the accessibility and clarity of our policy. Please contact us with suggestions or comments, and we will consider them in our ongoing accessibility improvement efforts.

16. Cross-border Data Transfers

Recouple operates globally, and thus, your personal data may be transferred to, stored, and processed in a country other than your own. These countries may have data protection laws that are different from those of your country. In such cases, Recouple takes careful measures to ensure that your personal data remains protected to the standards outlined in this policy.

Safeguards for International Data Transfers Include:

Adequacy Decisions: Where possible, we transfer personal data to countries that have been deemed to provide an adequate level of data protection by the European Commission or other relevant bodies.

Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, we rely on Standard Contractual Clauses approved by the European Commission, ensuring that personal data transferred outside the EEA is maintained with equivalent levels of security.

Binding Corporate Rules (BCRs): For intra-company transfers, Recouple may use Binding Corporate Rules that have been approved by European data protection authorities to ensure compliance across our global operations.

Privacy Shield Framework: Although the Privacy Shield Framework has been invalidated, we are actively monitoring and adapting to the latest regulatory guidance to ensure compliance with the GDPR during data transfers to the US.

Data Transfer Impact Assessments

For any new data transfer mechanisms or changes in international data transfer scenarios, we conduct thorough impact assessments to identify risks and implement mitigating measures before proceeding with the transfer.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Address: Sodasoft LLC, 30 N Gould St, Sheridan, WY 82801, United States

Effective Date: Aug 15, 2024