Privacy Policy
This Privacy Policy describes the personal data that Theralytics (the “Company,” “our,” “us”) may collect and/or process about you (“you” or “user”) to provide you with ABA Provider Services (as defined below).
NOTICE AT COLLECTION: This Privacy Policy also serves as our Notice at Collection under applicable U.S. privacy laws. It outlines the categories of personal information we collect, the purposes for which they are used, and your rights with respect to that data.
Our Services are: (further description of the app) through our proprietary technology and software, including our website available at www.theralytics.net (the “Website”) and mobile application owned by the Company and used by you in connection with products and services provided by the Company (collectively, the “Mobile Application”). Your use of our services, including but not limited to our SaaS Services, through the Website or the Mobile Application, (collectively, “Services”) is also governed by our Terms of Use. This Privacy Policy also serves as our Notice at Collection where permitted by law and is presented at or before the time of collection of personal information through our Website.
PLEASE READ THIS PRIVACY NOTICE CAREFULLY. YOUR USE OF THE SERVICES CONSTITUTES YOUR ACCEPTANCE OF THIS PRIVACY NOTICE. DO NOT USE THE SERVICES IF YOU ARE UNWILLING OR UNABLE TO AGREE TO THIS PRIVACY NOTICE.
This Privacy Notice is for U.S. based Users of our Services only. Our Services are not intended for children under the age of thirteen (13). We do not currently offer the Services to Users outside the U.S., or to minors. Your use of the Services constitutes your representation and acknowledgement that you are not a minor nor reside or use the Services outside of the United States.
As a business associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we collect, maintain, and process certain protected health information (“PHI”) on behalf of covered entities. This Privacy Policy is intended to supplement, but not replace, our obligations under HIPAA. In the event of a conflict between this Privacy Policy and HIPAA or applicable Business Associate Agreements (“BAAs”), those obligations will govern.
DEFINITIONS
“Business Associate Agreement” or “BAA” means a written contract required under HIPAA that governs how PHI is used and disclosed by business associates on behalf of covered entities.
“Deidentified Information” means information that does not identify an individual and cannot reasonably be used to identify an individual, consistent with HIPAA and/or applicable state laws.
“Personal Information” or “PII” means information that identifies, relates to, describes, or is capable of being associated with a particular individual, such as a name, email, address, or government ID number.
“Protected Health Information” or “PHI” means individually identifiable health information maintained or transmitted in any form, as defined under HIPAA.
“Sensitive Personal Information” means information defined as sensitive under applicable privacy laws, which may include government identifiers (e.g., Social Security numbers), account credentials, precise geolocation, racial or ethnic origin, health data (outside of PHI), and contents of communications where not publicly available.
I. INFORMATION WE MAY COLLECT ABOUT YOU
We may collect the following types of information, which may include personally identifiable information (“PII”) and protected health information (“PHI”), through: (A) information you provide to us, (B) information we automatically collect, and (C) information we receive from third parties. All of the information listed in (A)-(C) is detailed below, and hereinafter referred to as “Information.” We may use the Information we collect about you as described below to draw inferences about you, including about your characteristics and creditworthiness. For individuals, whose data is not considered PHI under HIPAA — for example, employees or business contacts — this Privacy Policy governs our collection, use, and disclosure of such information in accordance with applicable state privacy laws.
A. Information You Provide to Us:
In using our Services, you may provide us with PII, including without limitation:
- Your name, address, phone number, email, date of birth, social security number, and documents or other media that verifies your identity or otherwise discloses such PII or PHI.
- The content of your email, text, or other communications with us, or information from forms or fields you may have filled out when using our website or mobile app.
- Records or copies of your correspondence if you contact us to subscribe to our alerts or report a problem.
- Your image, likeness, voice and other characteristics for purposes of providing the Services to you, including the use of any embedded third-party video or audio functions provided by third parties.
- Your responses to surveys that we might ask you to complete for research purposes from time to time.
- Financial information that may be required before placing an order through our Website or Mobile Application.
- Your search queries on the Website or Mobile Application.
- Messages, chats, discussions and other interactive or discursive features of the Website or Mobile application, including during a session.
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Website or Mobile Application, or transmitted to other users of the Website or Mobile Application or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other Users of the Services, including the Website or Mobile Application with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
B. Information We May Automatically Collect:
- IP address, which is the number associated with the service through which you access the Internet, like your ISP (Internet service provider);
- Date and time of your visit or use of our Services, your usage of our Services or browsing of our Website, including when you interact with our advertising and applications on third party websites and services;
- Domain server from which you are using our Services;
- Type of computer, web browsers, search engine used, operating system, or platform you use;
- Through mobile and desktop applications you download from this Website, which may provide dedicated non-browser based interaction between you and the Website;
- Details of your visits to our Website or Mobile Application, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website or Mobile Application.
- We may also collect information through embedded tools or third-party integrations within our Services (e.g., video conferencing platforms or analytics tools), which may collect usage data or identifiers independently. These third parties may process data pursuant to their own privacy policies.
C. Cookies and Other Tracking Technologies
We collect this Information directly and through the use of third parties by using certain technologies such as cookies and other technologies.
Analytics. We may use analytics tools, such as Google Analytics, to help provide us with information about traffic to our website and use of our website, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having your activity on the website made available to Google Analytics by installing the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout) for your web browser.
California and Other State Privacy Rights: While we are not subject to the California Consumer Privacy Act (CCPA/CPRA) or other state consumer privacy laws in our role as a HIPAA business associate, if we process personal information outside of that role, we will comply with applicable state privacy laws to the extent required.
II. HOW WE USE YOUR INFORMATION.
A. Use and Purpose of Processing Your Information. We use information that we collect about you or that you provide to us, including any personal information:
- To present the Services and its contents to you.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your account, including expiration and renewal notices.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Website or Mobile Application or any products or services we offer or provide though it.
- To allow you to participate in interactive features on our Website or Mobile Application.
- To send calendar invitations or reminders, emails, text messages, or other notifications for our Sessions.
- improving our insights so we can provide you with offer recommendations and/or insights that are most relevant to you and to evaluate and improve our Services;
- providing notices and other information to you about, or in connection with, these products and Services;
- responding to user inquiries and offer support to users;
- detecting security incidents, protect against malicious, deceptive, fraudulent or illegal activity, fulfill legal requirements and enforce our agreements;
- debugging to identify and repair errors that impair existing intended functionality;
- to provide, maintain, develop and improve the Services, your experience, and to protect Company and its users;
- improving your experience accessing the products and services offered by Company by recognizing you as a customer and remembering information you previously provided so that you will not have to re-enter it;
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
B. Disclosure of Your Information.
We may maintain, use and disclose aggregated or deidentified information about our users without restriction.
C. Use and Disclosure of PHI Under HIPAA
In our capacity as a business associate, we may use and disclose PHI only as permitted or required by the applicable Business Associate Agreements (“BAAs”) and HIPAA regulations. These permitted uses include:
- Providing services on behalf of our covered entity clients;
- Performing data aggregation, quality assessment, and other operations as allowed under the applicable BAA;
- Using de-identified or limited data sets in accordance with HIPAA;
- Disclosing PHI as required by law, including to comply with a court order or subpoena;
- Supporting public health activities, law enforcement, or health oversight as permitted by HIPAA;
- Complying with obligations in the event of a breach of unsecured PHI.
We do not use or disclose PHI for any purpose not permitted under HIPAA or the applicable BAA, and we do not sell PHI under any circumstances.
D. Choices About How We Use and Disclose Your Information.
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of the Website or Mobile Application may then be inaccessible or not function properly.
- Promotional Offers. If you do not wish to have your contact information used by the Company to promote our own or third parties’ products or services, you can opt out by sending us an email requesting to opt out at compliance@theralytics.net or at any other time by logging into the Website or Mobile Application and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes (to the extent available). If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience, or other transactions.
III. DATA RETENTION
We retain personal data and PHI for as long as necessary to fulfill the purposes outlined in this Privacy Policy and as required under applicable federal and state law, including HIPAA.
Specifically:
- PHI is retained and disposed of in accordance with HIPAA regulations and the terms of any applicable BAA. When deidentifying PHI, we follow the HIPAA Privacy Rule standards for deidentification using either the Expert Determination method or the Safe Harbor method.
- When we no longer require your information, we securely destroy or de-identify the data using commercially reasonable measures to protect it from unauthorized access or disclosure.
Retention periods may also be extended when necessary to comply with legal obligations, enforce agreements, or resolve disputes.
IV. ACCESSING, CORRECTING OR DELETING YOUR INFORMATION
Upon request (as set forth below) and subject to certain exceptions and limitations, we will inform you of the existence, use and disclosure of your Information and will provide you access to that Information. We encourage you to review, update, and correct Information that we maintain about you, and you may request that we delete Information about you that is inaccurate, incomplete, or irrelevant. We may not be able to accommodate your request, or we may not accommodate a request if we believe the change would violate applicable law. To request that you access, correct, or delete your Information, contact us at:
- Email us at: compliance@theralytics.net
- Address: 2423 SW 147th Ave., # 2058, Miami, FL 33185
- Call us at: 866-710-3590
Requests for access or deletion under state privacy laws may be subject to verification of your identity. We may deny requests as permitted by law, including where data is subject to HIPAA and we act solely as a business associate. In such cases, we will refer your request to the relevant healthcare provider.
A. Your HIPAA Privacy Rights
If you are an individual whose PHI is maintained or processed through our Services on behalf of a healthcare provider, please direct any requests to access, amend, or restrict use of your PHI to your provider directly. Under HIPAA, individuals have rights with respect to their PHI, including the right to:
- Access and receive a copy of their PHI;
- Request amendment of inaccurate or incomplete PHI;
- Request restrictions on the use or disclosure of PHI;
- Receive an accounting of certain disclosures of PHI;
- Receive a paper copy of their healthcare provider’s Notice of Privacy Practices;
- File a complaint with the U.S. Department of Health and Human Services if they believe their privacy rights have been violated.
We will support covered entities in responding to such requests in accordance with applicable BAAs and HIPAA.
B. Your State Privacy Rights (Non-HIPAA Personal Information)
If you reside in certain U.S. states, you may have additional rights regarding your personal information that is not regulated as Protected Health Information (PHI) under HIPAA. These rights vary by state and generally apply only when we process personal information in a non-HIPAA context, such as for employee, applicant, or business contact data.
We will honor the following data rights as required under applicable state laws:
(Sale only)
To exercise these rights (to the extent they apply), you may contact us at compliance@theralytics.net or call us at 866-710-3590. We will verify your identity and respond within the time required by law. If we deny your request, you may have the right to appeal by contacting us through the same means.
These rights do not apply to protected health information governed by HIPAA or data we process solely as a business associate under a Business Associate Agreement. For PHI-related requests, please see Section IV. A above.
V. CHILDREN’S INFORMATION
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children without verifiable parental consent. If we become aware that we have collected personal data or PHI from a child under the age of 13 in a manner inconsistent with the Children’s Online Privacy Protection Act (“COPPA”), we will delete such information as soon as practicable.
If you believe we may have collected information from a child under 13, please contact us at: compliance@theralytics.net.
VI. SECURITY MEASURES
We implement appropriate administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of the PHI and personal information we maintain.
These include:
- Encryption of data in transit and at rest;
- Role-based access controls and user authentication protocols;
- Secure software development practices;
- Employee training and awareness;
- Regular auditing and monitoring of system access and usage.
While we follow industry best practices and HIPAA Security Rule standards, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.
VII. BREACH NOTIFICATION
In the event of a breach involving unsecured PHI, we will comply with applicable HIPAA breach notification requirements, including notifying affected covered entities without unreasonable delay and no later than 60 days after discovery of the breach. We will cooperate with the covered entity in providing any required individual or regulatory notices, in accordance with our contractual and regulatory obligations.
For non-HIPAA personal data, we will comply with applicable state breach notification laws, including any obligations to notify affected individuals and regulators within prescribed timeframes.
VIII. CHANGES TO OUR PRIVACY POLICY
It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website or Mobile Application home page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website or Mobile Application home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website or Mobile Application and this privacy policy to check for any changes.
IX. NON-DISCRIMINATION AND ACCESSIBILITY
We comply with applicable federal civil rights laws and do not discriminate on the basis of race, color, national origin, age, disability, or sex. If you need assistance accessing this Privacy Policy or require it in another format, please contact us at compliance@theralytics.net or 866-710-3590.
X. CONTACT INFORMATION
To ask questions or comment about this privacy policy and our privacy practices, contact us at:
- Email us at: compliance@theralytics.net
- Address: 2423 SW 147th Ave., # 2058, Miami, FL 33185
- Call us at: 866-710-3590
Last Updated: August 6, 2025.