Privacy Policy

Last Updated: December 1, 2024

Information We Collect

Personal Information

We collect information you provide directly to us when creating an account or using our services:

  • Name, email address, and contact information
  • Professional credentials and license information
  • Clinic or institution affiliation
  • Billing and payment information
  • User preferences and account settings

Protected Health Information (PHI)

As healthcare providers, you may store patient information in our system:

  • Patient demographic information
  • Assessment responses and clinical data
  • Diagnosis codes and treatment notes
  • Appointment records and scheduling information
  • Generated reports and clinical documentation

Usage Information

We automatically collect certain information about your use of our platform:

  • Device information (browser, operating system, IP address)
  • Usage patterns and feature interactions
  • Login times and session duration
  • Error logs and performance data
  • Cookies and similar tracking technologies
How We Use Your Information

Service Delivery

  • Provide, maintain, and improve our assessment platform
  • Process and store clinical assessments securely
  • Generate AI-powered analysis and reports
  • Enable communication between healthcare providers and patients
  • Facilitate appointment scheduling and management

Account Management

  • Create and manage your user account
  • Process subscription payments and billing
  • Send service-related notifications and updates
  • Provide customer support and technical assistance
  • Verify professional credentials and licenses

Security and Compliance

  • Detect, prevent, and respond to security incidents
  • Monitor and prevent fraudulent activity
  • Comply with legal obligations and regulations
  • Maintain audit trails for HIPAA compliance
  • Enforce our Terms of Service and acceptable use policies

Research and Development

We may use de-identified, aggregated data for:

  • Improving AI algorithms and assessment accuracy
  • Developing new features and assessment tools
  • Conducting research on mental health trends (with IRB approval)
  • Publishing anonymized statistical analyses

Note: Individual patient data is never used for research without explicit consent.

Data Security

Technical Safeguards

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Controls: Role-based permissions and multi-factor authentication
  • Infrastructure: SOC 2 Type II certified cloud infrastructure
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: Automated daily backups with geo-redundant storage
  • Penetration Testing: Regular third-party security audits

Administrative Safeguards

  • Comprehensive employee training on HIPAA and data privacy
  • Background checks for all personnel with data access
  • Business Associate Agreements (BAAs) with all vendors
  • Incident response plan with defined escalation procedures
  • Regular risk assessments and security policy reviews

Physical Safeguards

  • Data centers with 24/7 physical security and surveillance
  • Biometric access controls and visitor logs
  • Fire suppression and environmental controls
  • Secure disposal of physical media containing data
Information Sharing and Disclosure

We Do NOT Sell Your Data

LetPhsyc will never sell, rent, or trade your personal information or patient data to third parties for marketing purposes. Your trust is paramount to our mission.

Limited Disclosure

We may share information only in the following circumstances:

  • With Your Consent: When you explicitly authorize information sharing
  • Service Providers: With vendors who assist in operations (e.g., cloud hosting, payment processing) under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In the event of merger, acquisition, or sale (with continued privacy protection)
  • Safety: To prevent harm or protect rights and property

De-Identified Data

We may use and share de-identified, aggregated data that cannot be linked back to individual users for research, analytics, and improving our services. This data is stripped of all personally identifiable information per HIPAA de-identification standards.

Your Rights and Choices

Access and Correction

You have the right to access, review, and request corrections to your personal information and patient records stored in our system. Contact us at privacy@letphsyc.com to exercise these rights.

Data Portability

You can export your data in machine-readable formats (JSON, CSV, PDF) at any time from your account settings.

Account Deletion

You may request deletion of your account and associated data. Note that we are required to retain certain clinical records for legal and compliance purposes (typically 7-10 years depending on state law).

Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link or adjusting preferences in your account. You will continue to receive essential service communications.

Cookie Preferences

Manage cookie settings through your browser or our cookie preference center. Note that disabling certain cookies may limit functionality.

Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Account Information: Duration of active account plus 30 days after deletion
  • Clinical Records: Minimum 7 years from last patient encounter (per state requirements)
  • Billing Records: 7 years for tax and audit purposes
  • Usage Logs: 90 days for security monitoring
  • De-identified Data: Retained indefinitely for research purposes
International Data Transfers

Our services are provided from the United States. If you access our platform from outside the U.S., your information will be transferred to, stored, and processed in the United States. We implement appropriate safeguards to protect data transferred internationally in compliance with applicable laws.

Children's Privacy

Our services are intended for healthcare professionals, not for direct use by individuals under 18. We do not knowingly collect personal information from children. Patient data entered by healthcare providers for minors is protected under the same standards as adult patient data.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes via:

  • Email notification to your registered address
  • Prominent notice on our website and platform
  • In-app notifications upon login

Continued use of our services after notification constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer: privacy@letphsyc.com

Data Protection Officer: dpo@letphsyc.com

Mail: LetPhsyc Privacy Team
123 Mental Health Ave, Suite 100
Los Angeles, CA 90210

Phone: +1 (555) 123-4567

We will respond to all requests within 30 days in accordance with applicable privacy laws.

Customer Support