This Privacy Policy describes how SimplePractice LLC (“SimplePractice,” “we,” “us,” or “our”) collects, uses and discloses the Personal Information (as defined below) of our Customer’s patients and clients (“Clients,” “you,” or “your”) when using the client web portal and client mobile application (including telehealth services) controlled by their healthcare or wellness Provider (our “Customer” or your “Provider”) (collectively, the “Client Portal” or the “Services”).

Certain SimplePractice Services may use a different privacy policy to provide notice to you about how we use and disclose the Personal Information we collect in the context of that Service. To the extent that we post or reference a different privacy policy, that different privacy policy, not this Privacy Policy, will apply to your Personal Information collected in the context of that Service.

1. Note to SimplePractice Customers and their Clients

Our treatment of Client Personal Information is governed by our agreements with our Customers, including our SimplePractice Terms of Service and HIPAA Business Associate Agreement, as applicable (our “Agreement”). If any provision in our Agreement with our Customers conflicts with any provision in this Privacy Policy, the provision in the Agreement will control to the extent of such conflict.

We will also direct Clients to their Providers, the controller of their personal information. Please see the “California Privacy Statement”and “Additional State Privacy Laws” sections of this privacy policy for more details.

If you are a Client of one of our Customers, we may retain your Personal Information on behalf of that Customer. If you have questions about how we process your Personal Information, we encourage you to reach out to the appropriate Customer or visit our Help Center.

2. Personal Information We Collect

“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information and internet activity. In the course of you using the Client Portal, we may collect Personal Information directly from you or indirectly from you, such as through your Provider. The categories of Personal Information we collect about you depends upon your interactions with us and how you utilize the Client Portal. For example, we may collect:

• Identifiers and contact information, such as your name, email address, mailing address, phone numbers, and IP addresses. We collect this information directly from you or indirectly from your Provider when your Provider creates or edits your Client Profile, for allowing your Provider to communicate with you and provide their services to you, to enable you to access the Client Portal, and to enable your electronic signature on certain documents or agreements.
• Billing information, such as your insurance information, invoices, name, email address, mailing address, phone number, Provider information, date of services, and services received. We store this information on behalf of you and your Provider so that your Provider may process your payments to them, and so that you may view and manage your billing information in the Client Portal.
• Audio, electronic and visual information, such as your photographs or images, your voice and other similar information. We process this information to enable you and your Provider to use our Telehealth service, if applicable, and to allow you to create file attachments in the Client Portal.
• Internet, device, and other electronic network activity information, such as your browsing history, search history, device and connectivity data, and your navigation and interactions within and with our Services. We collect this information in an anonymized format, in which your identity is not verifiable. We collect this information through a third-party source or through our cookies and other tracking technologies in order to conduct business analytics or to improve our business functionality and the Services. The appropriate contracts are in place with third-party sources to ensure they do not use this information beyond the purpose of providing services to us. Please review the “Data Collection Technologies and Cookies” section below to learn more about our use of cookies and data collection technologies.
• Profile information and inferences, such as information about your preferences and characteristics. We collect profile information by drawing inferences from the above categories of Personal Information, in an anonymized format, in order to understand Client patterns and preferences, and to enable us to tailor and update our Services and communications.
• Appointment Information, such as date, time and location of your appointments with your Provider. We store this information on behalf of your Provider so that you and your Provider can view and manage your appointments.
• Sensitive personal information, collected on behalf of your Provider in the course of providing their services to you, such as your race or ethnic origin, sexual orientation, credit or debit card number, health status, driver’s license or subsequent form of identification, or secure messages exchanged between you and your Provider. We may store this information on behalf of your Provider to ensure they can manage your Client Profile, provide their services and/or care to you, verify your identity and insurance information, and to allow them to process payments from you. We also store this information so that you may manage your payments to your Provider and so that you may securely communicate with your Provider in the Client Portal. This information is not accessed or used outside of what is described in this privacy policy and is in accordance with HIPAA privacy law. Please contact your Provider for questions regarding how they handle your sensitive personal information.
• Information we receive from authentication services you connect to our Services. Some parts of our Services may allow you to login through a third-party social network or authentication service such as Google. These services will authenticate your identity and provide you the option to share certain personal information with us, which may include your name, email address, or other information. The data we receive is dependent on that third party’s policies and your privacy settings on that third-party site. We will treat Personal Information collected from third party sources in accordance with this Privacy Policy, but we are not responsible for the accuracy of information provided by third parties or for their policies or practices. If you choose to connect a Google or Gmail account to our Services, we will ask you to grant us application permissions to access your Gmail account. These permissions are necessary to sustain the functionality of our Services. We will store your authentication token and account email address. This data will be securely stored to be used by us to provide you with the Services (including, but not limited to, allowing you to access the Client Portal). This data will not be voluntarily shared with any third parties, but we may provide this information to legal authorities upon their lawful request. You may choose to disconnect your Gmail account at any time. We do not use data obtained from Clients (from their Google accounts) for advertising purposes. We may need access to the user data to resolve a support issue, provide advice on service usage or provide any other help requested by the Client, or as such access may be necessary for a security investigation or to comply with applicable laws. We use this information to operate, maintain, and provide to you the features and functionality of the Services. We may also send you service-related emails or messages (e.g. Client support, changes, or updates to features of the Services, or technical and security notices).

3. How We Use Personal Information

In addition to the purposes for collection described above, we also collect your Personal Information for the following general purposes:

• To maintain your Client Profile, to send you requested product and Client Portal information, and to send you product and Client Portal updates;
• To respond to your support or help center requests and address your questions and concerns;
• To process billing information and transactions within the Client Portal;
• To authenticate your identity and allow you to view, fill out, and sign documents in the Client Portal;
• To administer, measure, and improve our Services and Client Portal experience, including measuring the effectiveness and functionality of the Services, aggregating statistical information on site usage, diagnosing problems with our servers, and analyzing traffic;
• To detect security incidents, to protect against malicious, deceptive, fraudulent or illegal activity, and to comply with our policies and procedures;
• To comply with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims, responding to law enforcement requests and as required by applicable law, court order, or governmental regulations, and to comply with applicable state and federal laws, including, but not limited to laws related to protecting Client and public health and safety;
• Any other purpose with your consent.

4. How We Share and Disclose Your Personal Information

We may share your Personal Information in the following circumstances:

• To your Providers/our Customers: We share your Personal Information with your Providers/our Customers in order to provide you with the Services and facilitate our agreements with our Customers.
• To Service Providers: We may share your Personal Information with companies that provide services to us, such as for hosting, marketing and communication services, analytics services, and payment processing (“Service Providers”). Our policy is to authorize these Service Providers to use your Personal Information only as necessary to provide services for us, and we require that the appropriate contracts are in place to ensure they do not use or disclose your Personal Information for any other purpose.
• To parties outside of SimplePractice:
  • We may share your Personal Information with our parent and affiliate companies in order for them to provide analytics across the entire corporate family and for other internal business purposes. 
  • From time to time, we may be required to provide Personal Information to a third party in order to comply with a subpoena, court order, government investigation, or similar legal process.
  • We may also share your Personal Information to third parties, such as law enforcement agencies, when we, in good faith, believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • To any other third party for whom you have given your consent for us to share your Personal Information.
• In a corporate transaction: If SimplePractice is involved in a corporate transaction, such as a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of its assets, we may share or transfer your Personal Information as part of any such transaction.

5. Access and Choice

Client Portal Contents: If your Personal Information changes, it can be modified by contacting your Provider and requesting that they update your Personal Information. Only certain information, such as your billing information, can be modified by you in the Client Portal. 

Push Notification Preferences: We may send you emails or banners in the Client Portal relative to your relationship with your Provider, with us, and your transactions. This may include, but is not limited to alerts, push notifications, appointment reminders and updates, and updates to our products, services, and policies. You can edit your push notification preferences in the “Notification Settings” section of the Client Portal.

Client Profile Deletion: We provide our customers a software service for which they can manage their Client’s information. We control a limited amount of your data. If you wish to have your information within the Client Portal deleted, please contact your Provider. Please note that this may affect your Provider’s ability to provide you with their services and that this data may be subject to certain data privacy laws and regulations. If you wish to delete other information that SimplePractice collects about you as outlined in this privacy policy please refer to our“California Privacy Statement”and “Additional State Privacy Laws”sections in this privacy policy.

Please understand that we will not be able to provide you Services if you are not a Client of a SimplePractice Customer. 

6. Data Collection Technologies and Cookies

As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services, such as:

• Log Data, including internet protocol (IP) address, operating system, device type and version, browser type and version, browser id, the URL entered and the referring page/campaign, date/time of visit, other user agent string data, the time spent on our Services, and any errors that may occur during the visit to our Services). Log data may overlap with the other categories of data below.
• Analytics Data, including the electronic path you take to our Services, through our Services and when exiting our Services, UTM source, as well as your usage and activity on our Services, such as the time zone, activity information (first and last active date and time), usage history (emails opened, total log-ins) as well as the pages and links you view, click or otherwise interact with.
• Location Data, such as general geographic location which can be inferred based on your IP address. 

We and our third-party Service Providers may use (i) cookies or small data files that are sent to your browser from a web server and stored on your computer’s hard drive and (ii) other, related technologies, such as web beacons, pixels, SDKs, embedded scripts, and logging technologies (“cookies”) to automatically collect this information. We may use this information to monitor and analyze how you use and interact with our Services.

We use information gathered from these technologies so that we can analyze trends, administer the Services, and track users’ movements around the Services.

If you would prefer not to accept cookies, most browsers will allow you to change the setting of cookies by adjusting the settings on your browser to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Be aware that disabling cookies may negatively affect the functionality of this and many other websites that you visit. Disabling cookies may result in also disabling certain functionalities and features of the Services.

Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.

Do Not Track: Please note that the Services are not presently configured to respond to DNT or “do not track” signals from web browsers or mobile devices. As such, we do not recognize or respond to Do Not Track requests.

7. Retention and Security

We will retain your Personal Information and sensitive Personal Information for as long as your information resides in our Customer’s Clients and Contacts list, as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. For example, when you enter sensitive information (such as when you submit your intake forms), we encrypt the transmission of that information using secure socket layer technology (SSL). However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

8. Additional Information

Information for Visitors and Users from Outside of the United States: We are committed to complying with this Privacy Policy and the data protection laws that apply to our collection and use of your Personal Information. We are located in the United States, where the laws may be different and, in some cases, less protective than the laws of other countries. By providing us with your Personal Information and using the Services, you acknowledge that your Personal Information will be transferred to and processed in the United States and other countries where we and our vendors operate.

Links to Other Sites: The Services may contain links to other sites that are not owned or controlled by SimplePractice. This may include, but is not limited to, links to add appointments to your calendar or links for directions to your Provider’s office. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects Personal Information. This Privacy Policy applies only to information collected or stored in or by our Services.

Children’s Privacy: Our Services are not directed towards, nor do we knowingly collect any Personal Information from children under 13, unless they are a Client of our Customer. Please contact your Provider for information on how they collect and handle information from a Client who is under the age of 13.

Changes to This Policy: We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address specified in your Client Profile) or by means of a notice in our applications or on our websites prior to or upon the change becoming effective. We encourage you to review this page periodically for the latest information on our privacy practices.

9. Contact Us

If you have any questions in connection with this Privacy Policy or other privacy-related matters, please visit the Simple Practice Help Center.