Client Portal Privacy Policy

Last Updated: September 2, 2022

This Privacy Policy describes how SimplePractice LLC ("SimplePractice," "we," "us," or "our") collects, uses and discloses the Personal Information of our Customer's patients and clients ("Clients," "you," or "your") when using the client web portal and client mobile application (including telehealth services) controlled by their healthcare or wellness Provider (our "Customer" or your "Provider") (collectively, the "Client Portal" or the "Services").

Certain SimplePractice Services may use a different privacy policy to provide notice to you about how we use and disclose the Personal Information we collect in the context of that Service. To the extent that we post or reference a different privacy policy, that different privacy policy, not this Privacy Policy, will apply to your Personal Information collected in the context of that Service.

1. Note to SimplePractice Customers and their Clients

Our treatment of Client Personal Information is governed by our agreements with our Customers, including our SimplePractice Terms of Service and HIPAA Business Associate Agreement, as applicable (our "Agreement"). If any provision in our Agreement with our Customers conflicts with any provision in this Privacy Policy, the provision in the Agreement will control to the extent of such conflict.

We will also direct Clients to their Providers, the controller of their personal information. Please see the "California Privacy Statement" and "Additional State Privacy Laws" sections of this privacy policy for more details.

If you are a Client of one of our Customers, we may retain your Personal Information on behalf of that Customer. If you have questions about how we process your Personal Information, we encourage you to reach out to the appropriate Customer or visit our Help Center.

2. Personal Information We Collect

"Personal Information" is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information and internet activity. In the course of you using the Client Portal, we may collect Personal Information directly from you or indirectly from you, such as through your Provider. The categories of Personal Information we collect about you depends upon your interactions with us and how you utilize the Client Portal. For example, we may collect:

Information from authentication services you connect to our Services, such as Google Sign In.
Sensitive personal information, collected on behalf of your Provider, such as health status, secure messages, and payment information.
Appointment Information, such as date, time and location of your appointments with your Provider.
Profile information and inferences, such as information about your preferences and characteristics.
Internet, device, and other electronic network activity information, such as browsing history and device data.
Audio, electronic and visual information, such as photographs or images for Telehealth services.
Billing information, such as insurance information, invoices, and payment details.
Identifiers and contact information, such as your name, email address, mailing address, and phone numbers.

3. How We Use Personal Information

We collect your Personal Information for the following general purposes:

To maintain your Client Profile and send you requested information and updates
To respond to your support requests and address your questions
To process billing information and transactions
To authenticate your identity and allow you to sign documents
To administer, measure, and improve our Services
To detect security incidents and protect against fraudulent activity
To comply with legal, regulatory and risk management obligations
Any other purpose with your consent

4. How We Share and Disclose Your Personal Information

We may share your Personal Information in the following circumstances:

To any third party for whom you have given consent
To comply with legal requirements such as subpoenas or court orders
To protect our rights, your safety, or investigate fraud
With our parent and affiliate companies for analytics and internal business purposes
In connection with a corporate transaction such as a merger or acquisition

5. Access and Choice

Client Portal Contents: If your Personal Information changes, it can be modified by contacting your Provider. Only certain information, such as billing information, can be modified by you in the Client Portal.

Push Notification Preferences: You can edit your push notification preferences in the "Notification Settings" section of the Client Portal.

Client Profile Deletion: If you wish to have your information deleted, please contact your Provider.

6. Data Collection Technologies and Cookies

We and our third-party partners may automatically collect certain information using cookies and other tracking technologies. This includes location data, analytics data, and log data. You can adjust your browser settings to manage cookies, though disabling them may affect functionality.

7. Retention and Security

We will retain your Personal Information for as long as needed to provide Services and comply with legal obligations. We follow generally accepted standards to protect Personal Information, including encryption during transmission using SSL technology.

8. California Privacy Statement

California residents have certain rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"), including:

The right to know what Personal Information is collected
The right to deletion of Personal Information
The right to correct inaccurate information
The right to opt-out of selling Personal Information (we do not sell your data)
The right to limit use of sensitive personal information
The right to equal service without discrimination

9. Additional State Privacy Laws

SimplePractice complies with applicable state privacy laws, including the Virginia Consumer Data Protection Act (VCDPA). Virginia residents have similar privacy rights as outlined above.

10. Additional Information

Information for Visitors Outside the United States: We are located in the United States. By using the Services, you acknowledge that your Personal Information will be transferred to and processed in the United States.

Links to Other Sites: The Services may contain links to other sites not owned by SimplePractice. We are not responsible for the privacy practices of such sites.

Children's Privacy: Our Services are not directed towards children under 13, unless they are a Client of our Customer.

Changes to This Policy: We may update this Privacy Policy and will notify you of material changes.

11. Contact Us

If you have any questions about this Privacy Policy, please visit the SimplePractice Help Center or contact your Provider directly.