Privacy Policy

Last Updated: January 10, 2025

TreeTalk Therapy, LLC ("we," "our," "us") values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"), website, or any related services (collectively, the "Services"). It is designed to meet the requirements of global privacy frameworks, including the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA/CPRA), the Health Insurance Portability and Accountability Act (HIPAA), and other applicable laws.

Information We Collect

We collect the following categories of information to provide and improve the Services:

• Account Creation Data: phone number, email address, first name, last name, password, user type (client or provider), and account preferences.
• Profile Information: profile photos, biographical information, insurance information (if applicable), credentials and licenses (for therapists), availability schedules, and professional qualifications.
• Therapy Session Data: appointment details, session recordings (if enabled), session notes, video call data, and therapeutic communications between clients and therapists.
• Messaging Data: text messages, images, documents, and other content shared through in-app messaging between clients and therapists.
• Device and Technical Data: device identifiers, IP address, operating system, app version, crash logs, performance metrics, and device tokens for push notifications.
• Usage Data: frequency of use, interactions with features (e.g., booking sessions, messaging therapists, viewing profiles), session length, and engagement metrics.
• Location Data: approximate geolocation (with user consent) to ensure compliance with local laws and to help match clients with therapists in their area.
• Emergency Contact Information: contact information for family members or close relations provided for use in case of mental health crisis or other emergency situations.
• Communication Data: customer support inquiries, feedback, complaints, and other messages sent to TreeTalk Therapy.
• Payment Data: billing information, payment method details, transaction history, subscription information, and payment processing data (processed through Stripe and stored in accordance with PCI-DSS standards). We do not store full credit card numbers on our servers.
• Health Information: as a telehealth platform, protected health information (PHI) may be collected, used, and disclosed as part of the therapy services, in compliance with HIPAA and applicable health privacy laws.

How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Services, including enabling therapy sessions, matching clients with therapists, facilitating communication, and processing payments.
• To facilitate therapy services, including scheduling appointments, conducting video sessions, enabling messaging between clients and therapists, and maintaining therapy records.
• To verify therapist credentials and qualifications, conduct background checks, and ensure compliance with professional standards.
• To process payments, manage subscriptions, and handle billing inquiries.
• To ensure platform safety and compliance by monitoring for inappropriate behavior, fraud, and policy violations.
• To improve and personalize the App experience, including therapist recommendations, feature development, and usability improvements.
• To communicate with you about appointments, updates, security alerts, changes to policies, or customer support responses.
• To respond to emergency situations, including mental health crises, using provided emergency contact information when necessary.
• To prevent fraud, abuse, and unauthorized access to the platform.
• To comply with legal obligations, regulatory requests (including HIPAA and state medical board requirements), or enforce our Terms of Service.
• To measure and analyze usage trends for performance monitoring and business insights (using anonymized data where possible).

Sharing of Information

We may share your information with the following categories of recipients:

• Service Providers: we share information with third-party service providers who perform services on our behalf, including:
  • Firebase (Google): for authentication, cloud storage, database, functions, and messaging services
  • Stripe: for payment processing and billing services
  • Zoom: for video conferencing and therapy sessions
  • Twilio: for SMS and communication services
  • Mailgun: for email delivery services
  • Hosting, analytics, customer support, and other service providers under strict contractual controls including Business Associate Agreements (BAAs) where required by HIPAA
• Therapists and Clients: when you book a session or communicate through our platform, your information (including profile data, messages, and session information) is shared with the therapist or client you are matched with, as necessary to provide therapy services.
• Legal Authorities: when required to comply with applicable law, respond to lawful requests, protect rights, safety, and property, or in response to valid court orders or subpoenas.
• Emergency Situations: we may share your information (including location and emergency contact information) with emergency services, law enforcement, or medical professionals in cases of mental health crisis or other emergency situations where there is a risk of harm to you or others.
• Corporate Transactions: if TreeTalk Therapy, LLC undergoes a merger, acquisition, reorganization, or sale of assets, your data may be transferred, subject to the same privacy protections.
• With Your Consent: we may share your information with other parties when you have given us explicit consent to do so.

Child Protection & Age Restrictions

• TreeTalk Therapy is not directed to children under 18. Users under 18 are generally prohibited from creating accounts without parental or guardian consent and supervision.
• We implement strict verification processes, including requiring valid email or phone confirmation, and age verification where applicable.
• Accounts found in violation of age restrictions may be suspended or terminated.
• We comply with COPPA, GDPR (Articles 8 and 17), HIPAA, and other applicable child-protection and health privacy laws.
• For users under 18, therapy services may require parental consent and involvement as required by applicable state and federal laws.

International Data Transfers

• We store and process data in the United States, but your information may be transferred and processed in other countries where our service providers operate.
• If you are located in the EU/EEA, we ensure data transfers comply with GDPR requirements, including Standard Contractual Clauses (SCCs).
• Users in other jurisdictions may have additional rights under local laws.

Your Rights

Depending on your location, you may have the following rights:

• Right to Access: request a copy of the personal data we hold.
• Right to Rectification: correct inaccurate or incomplete data.
• Right to Erasure: request deletion of your account and data, subject to legal obligations.
• Right to Restriction: limit processing of your data.
• Right to Data Portability: receive your data in a structured format.
• Right to Object: opt out of certain processing, including direct marketing.
• Rights under CCPA/CPRA: opt-out of data selling/sharing, know what categories of data are collected, request deletion, and exercise non-discrimination rights.
• Right to Withdraw Consent: when processing is based on consent, you may withdraw it at any time.

Security

We employ technical, organizational, and physical safeguards to protect your data. This includes:

• Encrypted storage and transmission (SSL/TLS).
• Regular audits, vulnerability scanning, and penetration testing.
• Access controls limiting data access to authorized employees and contractors.
• Automated monitoring for suspicious activity and account misuse.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

Data Retention

We retain your information only as long as necessary to provide the Services or comply with legal obligations:

• Account Data: retained while your account is active and for a reasonable period after account closure for business and legal purposes.
• Therapy Records: retained as required by applicable state and federal laws governing mental health records (typically 7 years after last service, but may vary by jurisdiction).
• Session Recordings: retained only with your explicit consent and in accordance with applicable laws. You can request deletion of recordings at any time, subject to legal retention requirements.
• Payment Data: retained as required by financial regulations and for fraud prevention purposes (typically 7 years).
• Support Communications: retained for customer service and quality assurance purposes.
• Legal/Compliance Data: retained as required under applicable law, including HIPAA, state medical board regulations, and professional licensing requirements.

Do Not Track & Global Privacy Control

Our Services currently do not respond to Do Not Track (DNT) signals. However, we honor Global Privacy Control (GPC) signals where legally required.

Third-Party SDKs and Services

• TreeTalk Therapy integrates third-party software development kits (SDKs) and services to provide core functionality, including:
  • Firebase Services (Google): Authentication, Cloud Firestore, Cloud Storage, Cloud Functions, Cloud Messaging
  • Stripe: Payment processing and subscription management
  • Zoom: Video conferencing for therapy sessions
  • Twilio: SMS and communication services
  • Google Sign-In: Authentication option
  • Notifee: Push notifications
  • Analytics and crash reporting tools (where used, with anonymization)
• These third parties may collect information such as device identifiers, usage data, or IP addresses. We require contractual assurances, including Business Associate Agreements (BAAs) where applicable, that these providers comply with applicable data protection laws, including HIPAA.
• A current list of third-party SDKs and service providers is available upon request at Info@treetalktherapy.com.

HIPAA Compliance and Health Information

• TreeTalk Therapy is committed to protecting the privacy and security of protected health information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA) and applicable state health privacy laws.
• We maintain appropriate administrative, physical, and technical safeguards to protect PHI against unauthorized access, use, or disclosure.
• We enter into Business Associate Agreements (BAAs) with third-party service providers who have access to PHI.
• Your therapy sessions, messages, and health information are encrypted in transit and at rest.
• We do not sell or share PHI for marketing or advertising purposes without your explicit authorization.

Data Breach Notification

• In the event of a data breach involving personal information or protected health information, TreeTalk Therapy, LLC will notify affected users and relevant authorities as required by law, including HIPAA breach notification requirements where applicable.
• Notifications will include the nature of the breach, categories of data affected, potential consequences, and measures taken to mitigate harm.
• Users are encouraged to maintain updated contact information to ensure timely notification.
• For breaches involving PHI, we will notify affected individuals without unreasonable delay and in no case later than 60 days following discovery, as required by HIPAA.

Automated Decision-Making and Profiling

• TreeTalk Therapy may use automated systems to flag policy violations, detect suspicious activity, or recommend therapists based on location, specialization, and availability.
• These systems may result in content removal or account suspension. Users have the right to appeal such decisions by contacting Info@treetalktherapy.com.
• We do not use automated profiling for medical diagnosis, treatment recommendations, or employment decisions.
• Therapist recommendations are based on objective criteria such as location, availability, and specialization, not on automated profiling of health information.

Business Transfers

• In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred as part of the transaction.
• TreeTalk Therapy, LLC will provide notice of any such transfer and ensure your rights remain protected, including maintaining HIPAA compliance and data security measures.
• Any successor entity will be required to maintain the same level of privacy and security protections as outlined in this Privacy Policy.

Cookies and Tracking Technologies

• While TreeTalk Therapy is primarily a mobile app, our website may use cookies, pixels, and similar tracking technologies for functionality and analytics.
• You can adjust cookie settings in your browser or device preferences.
• Some features may not function properly if cookies are disabled.
• We do not use tracking technologies to collect or share protected health information.

Employee and Contractor Access

• Only authorized employees, contractors, and service providers with a legitimate business need have access to personal information.
• All personnel are bound by confidentiality agreements and subject to disciplinary action for violations.

Data Localization

• Depending on local legal requirements, certain user data may be stored in specific jurisdictions.
• Where localization laws apply, we ensure data remains accessible to Remerge operations while meeting local compliance obligations.

Updates to This Privacy Policy

• TreeTalk Therapy, LLC may update this Privacy Policy periodically to reflect changes in laws, regulations, or business practices.
• Significant updates will be communicated to users through in-app notices, email, or website postings.
• Continued use of the Services after updates constitutes acceptance of the revised Privacy Policy.
• Material changes to how we handle PHI will be communicated in accordance with HIPAA requirements.

Contact Us

If you have questions about this Privacy Policy, your data, your rights, or to exercise any of your privacy rights, you may contact us at:
Info@treetalktherapy.com
TreeTalk Therapy, LLC
United States

For questions related to protected health information (PHI) or HIPAA rights, please contact us at the email address above. We will respond to your request within 30 days as required by HIPAA.

© TreeTalk Therapy, LLC. All rights reserved.