Our ProvidersOur LeadershipEducationResourcesFor Providers

Privacy Policy

Last Updated: July 12, 2022

This Policy describes how Nellie Health Group Inc., and its affiliates (“Nellie”) collects, uses, and shares personal information obtained by us, including via our website, platform, mobile applications, and any other products or services (the “Platform”).

Please note that by using Nellie, you agree to our Terms of Use and acknowledge that you have read and agreed to this policy. If you do not agree to this policy, please do not use Nellie. If you are under 18 years of age, please do not use or access Nellie without the permission of your parent or legal guardian.

Nellie operates in both the USA and Canada. Each of these countries has enacted legislation to protect their citizen’s rights to privacy regarding their Personal Health Information (PHI). Nellie Health is committed to compliance with both the letter and spirit of these rules. This document serves as part of that compliance, informing you of what type of information we collect, for what purpose, and how we protect it.

PERSONAL INFORMATION WE COLLECT

The categories of personal information we collect depend on how you interact with us or use our Platform and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Platform, information from third-party services and organizations, as described below. In order to provide and enhance our services, Nellie collects a variety of different types of personal information. Our different services prompt for information relevant to the service that has been selected. Information entered into the Platform is also used to ensure and improve service delivery and improve our offerings over time. All personal information is treated as confidential and Nellie Health uses industry technologies to ensure your privacy. Respecting your privacy, we do not sell or rent your data, or otherwise share with any advertisers.

Client

If you register as a potential client through the Platform, we may collect information from you including your name, postal address, location, email address, phone number, username, password, demographic information (such as your gender and date of birth, as well as race, ethnicity, religious affiliations, sexual orientation and/or pronouns if you choose to share such information), information about your mood, mental or physical health, or emotional state, as well as other information you directly give us through the Platform.

Depending on the services and products you use, you may be asked to complete additional forms (e.g., intake form, consent for therapy) which may ask for personal information such as your name, contact information, information about your current or historical health or mental health and treatment, and information about your lifestyle.

In some cases, you may be asked to provide medical records to be placed on the Platform, for which we will obtain a signed authorization from you. Your clinician may capture clinical notes during your sessions, which would be subject to their own HIPAA privacy practices. If you communicate with Nellie, such as by email, phone, Text, chat, or within our app, we will collect personal information from you, such as your name, contact information, and information you provide within your communication to us. You have the option of using the secure Platform for communication. Note that channels outside of the Platform, such as your personal email, Text message, or video chat may be unsecure.

Providers

If you register as a Provider on the Platform, we may collect information from you including your name, photo, email address, phone number, postal address, date of birth, social insurance/security number, your bank account information to receive payment, copies of your identification, and information about your education, experience, and practice, including licensure/registration information. We also collect optional demographic information including your race, disability status, and sexual orientation.

All Users

We may collect personal information that you submit or make available through our interactive features. We may get information about you from other sources. We may combine the information that we collect with data obtained from third parties or through our products and services. For example, you may also be able to access the Platform by signing on through various third-party services, such as Google; signing on through such third-party services is voluntary. If you choose to sign on through a third-party service, Nellie may collect certain information from your account including your public profile, user name, email address, birthday, stated location, city, contact lists, and other interactions on that platform (such as interests and likes). The information we may have access to will vary by platform and is controlled by your privacy settings and account settings on that platform. Your use of services on third-party platforms are governed by the privacy statement and other terms of use for that third-party platform, until such information is shared with us, and then such information is subject to this Policy. Please note that you should obtain necessary consents before providing us with personal information regarding another individual.

Information Automatically Collected. Some information is automatically logged in a manner common to websites and online platforms. This includes items such as IP address, operating system type, screen size, etc. On our external website we collect traffic statistics such as last used website, frequency of visits, time on-site, etc., to allow analysis of our reach marketing effectiveness. This can include the use of services such as Google Analytics. Third party traffic analysis tools (such as Google Analytics) are not used during logged in Platform sessions. The Platform also uses technologies that allow you to access services, applications, and tools that are required to identify irregular online behavior, prevent fraudulent activity, and improve security or that allow you to make use of our functionality.

Cookies. Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our website. Note that advertising technologies are not used once clients login to the Platform, they are only used on our publicly facing website that does not require a login.

With your consent: We may use information about you in other ways or for other purposes, where you have given us consent to do so for a specific purpose not listed above. This includes audio/video-recording of your self-directed and treatment sessions with providers with the purpose of evaluating the quality of services provided. These recordings will be securely and privately stored consistent with the policies below.

Automated Decision Making. We may engage in automated decision making to facilitate your experience on the Platform. Our processing of your personal information will not result in a decision based solely on automated processing. You always have the option to request human support and not participate in the automated decision making. If you have questions about our automated decision making, you may contact us as set forth below.

De-identified and Aggregated Information. We may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, location information, information about the device from which you access the Platform, or other data sets we may create. In some cases, we use aggregated, de-identified clinical data to provide our clients and the public with insight into how people are responding to services offered by Providers who use the Platform. If you do not want your data used for these purposes, you may contact us at admin@nelliehealth.com.

HOW INFORMATION IS STORED AND PROCESSED

We are committed to protecting your privacy and data. We have put in place appropriate safeguards and security measures to help prevent your personal information from being lost, used or accessed in an unauthorized way, altered or disclosed. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its security. If you have any questions about the security of the Platform, you can contact us as described below.

We will retain personal information we process pursuant to statutory requirements, for as long as needed to provide services, and to comply with our legal and compliance obligations (including those under HIPAA or PIPEDA, as the case may be for auditing purposes), resolve potential or actual disputes, conduct research and development for Nellie or enforce our agreements.

SHARING OF PERSONAL INFORMATION

As noted above, we will not rent or sell your personal information to others without your consent. We disclose your information to third parties for a variety of business purposes, as described below.

Your Provider. If you are a client seeking treatment or other services from a Provider available through Nellie, your Provider will have access to your personal information in order to provide you with services. Please note that the use and disclosure of your PHI in connection with such services will be governed by this policy.

Service Providers. For example, we may share your personal information with our third-party service providers. The categories of service providers (processors) to whom we entrust personal information include: IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of services.

De-identified and Aggregated Information: We may share de-identified and aggregated information (such as de-identified usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties who help us understand the usage patterns for certain services and those of our partners. To the extent that Nellie uses artificial intelligence or machine learning on the data we collect, Nellie shall only use non-personally identifiable information for these purposes. Non-personally identifiable information may be stored indefinitely.

APIs/SDKs We may use third-party Application Program Interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of the Platform. For more information about our use of APIs and SDKs, please contact us as described below.

Disclosures to Protect Us and Others: We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate: to comply with law enforcement or national security requests and legal process, such as a court order or subpoena; when required by health oversight agencies for legally authorized health oversight activities; to protect your, our or others' rights, property, or safety, including to protect the security or integrity of Nellie and any facilities or equipment used to make Nellie available; to enforce our policies or contracts; to collect amounts owed to us or any Nellie provider; or to assist with an investigation or prosecution of suspected or actual illegal activity or in an emergency.

What Happens in the Event of a Change of Control: We may buy or sell/divest/transfer the Company (including any shares in the Company), or any combination of its products, services, assets and/or businesses. Your information such as names and email addresses, and other information related to Nellie may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign, or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of Nellie.

INTERNATIONAL DATA TRANSFER

By using Nellie, you acknowledge and understand that your information will be stored within the United States and Canada, where privacy rules differ and may be less stringent than those of the country in which you reside.

THIRD-PARTY WEBSITES/APPLICATIONS

Nellie may contain links to other websites/applications and other websites/applications may reference or link to Nellie. These third-party services/applications are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices You have a number of choices you can make regarding your personal information, including as follows:


Email Communications If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and Nellie, and you will not be able to opt out of those communications (e.g., communications regarding Nellie or updates to our Terms of Use or this Privacy Policy).


Text Messages. You may opt out of receiving Text messages from us by following the instructions in the Text message/replying “STOP” to a Text message you have received from us or by contacting us as described below.


Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device.


Do Not Track. We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you. For more details about Do Not Track, including how to enable or disable this preference, visit https://termsfeed.com/do-not-track.

Your Privacy Rights. In accordance with applicable law, you may have the right to:


Access Personal Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or receiving a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or (iv) asking us to send that information to another company (the “right of data portability”);


Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;


Request Deletion of your personal information;


Request Restriction of or Object to our processing of your personal information; and


Withdraw your Consent to our processing of your personal information.
You may submit requests about personal information by contacting us through our contact page.