Privacy Policy

Privacy is an important issue on the internet, especially on a personal service such as online therapy. This Privacy Policy has important information on policies, procedures and practices regarding the collection, use and disclosure of any information on this Platform on which behavioral health services are offered (referred to as the ”Platform”, “us”, “we” or “our”), the therapists, counselors and other professionals who provide services on the Platform (referred to as “Provider” or “Providers”) and the users of the services on the Platform (referred to as “user”, “you” or “your') all agree to this Privacy Policy. The Platform may be provided, be accessible or be available on multiple websites, devices, platforms and other means, whether owned and or operated by Carepaths, Inc. or by third parties, including without limitation, the website carepaths.com.

We divided this document into three sections. The first, Platform Privacy, deals with privacy on the online therapy platform, such as the information you share when you setup an account and interact with your Provider. The second section, Rights Regarding Healthcare Records, addresses your rights with respect to a healthcare record. And the third section, General Privacy, covers issues that apply to any website.

It is up to you to decide what, if any, information to share on this Platform, but some Platform functions may not be available without your providing us certain information. When you use the Platform you accept and agree to the Privacy Policy. If you do not agree to be bound to the Privacy Policy you should stop using the Platform immediately.

Platform Privacy

Personal Information. When you sign up to the Platform, update your account details, provide your billing information, provide your emergency contact information or make other use of our services, we may ask you for certain personally identifiable information ("Personal Information"). The Personal Information can be used to contact you or identify you and it may include, but is not be limited to, your name, email, phone number, address and credit card information. We may use the Personal Information, either by itself or in conjunction with other information, for the following purposes:

• Create your account on the Platform, let you log in to the account, administer your account, monitor your account, provide Personal Information to customer service and contact you with information, alerts and suggestions that are related to your account.

• Billing, payment processing and other billing-related issues.

• Reach out to you, if either we or a Provider has a good reason to believe that you are involved in a situation that seriously endangers you or others. If we need to reach out we might do so directly, through your Provider or through the appropriate authorities.

• Find a Provider qualified to provide services in your state.

Profile Information

We may ask you questions about yourself and your needs. ("Profile Information"). We may use the Profile Information, either by itself or in conjunction with other information, for the following purposes:

• Match you with a Provider.

• Help your Provider to get to know you and your needs.

• Collect and analyze statistical or aggregated information which is not personally identifiable.

Assessment and Progress Monitoring

When you signup on the Platform and periodically thereafter you will be asked to complete various assessments and questionnaires that give you and your Provider information about how you are doing ("Assessments”). The Assessments may be used, either by themselves or in conjunction with other information, for the following purposes:

• Give the Provider a better understanding of your concerns so they can provide you with better service.

• Enable the Provider to evaluate your progress.

• Allow us to evaluate the overall effectiveness of online treatement.

• Help us make online therapy more effective.

Session Content

While using the Platform you and your Provider may communicate through text-based messages, audio or video communication and other media ("Session Content"). The Session Content may be used, either by itself or in conjunction with other information, for the following purposes:

• Enable you and your Provider to develop a therapeutic relationship.

Log Data

When you use the Platform, our servers or servers of third party service providers acting on our behalf automatically record information that your browser sends ("Log Data"). This Log Data may include, but is not limited to, information such as your computer, Internet Protocol address ("IP"), pages that you visit and the time spent on those pages, actions that you take and other statistics. We may use this information, either by itself or in conjunction with other information for the following purposes:

• Monitor, analyze and improve the use and functionality of the Platform, the Platform's technical operation and the match of the Platform functionality to your needs and preferences.

Children's Privacy

We do not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow such persons to become our user. The Platform is not directed toward and not intended to be used by children under the age of 18.

HIPAA Protection of Personal Health Information

Personal Information, Profile Information, Assessments and Session Contest is considered Personal Health Information for the purposed of the HIPAA law(45 CFR Part 160 and 164).

Rights Regarding Healthcare Records

The Personal Information, Profile Information, Assessments and Session Data and other information your Provider may add to the Platform are part of your health and the healthcare services you receive(“Healthcare Record”). You have specific rights and your Provider has specific responsibilities regarding your Healthcare Record. We maintain these Healthcare Records for you and your Provider. If you want to exercise any of your rights regarding your Healthcare Record, you should contact your Provider. Your rights include:

• Get a copy of your Healthcare Record. You may ask your provider to see or get an electronic or paper copy of your Healthcare Record. The Provider should respond within 30 days. A reasonable, cost-based fee can be charged for this.

• Ask your Provider to correct your record if you think it has information that is incorrect or incomplete. The Provider should respond within 60 days. If the Provider cannot comply with your request he or she will give you a written explanation.

• Request confidential communications. You can ask the Provider to contact you in a specific way.

• Ask Provider to limit what he or she uses or shares.

• Get a list of those with whom the Provider has shared information.

• Get a paper copy of this Privacy Policy.

• Choose someone to act for you. If you have given someone medical power of attorney or have a legal guardian, they can exercise your rights and make choices regarding health information.

• If you feel your rights regarding your healthcare information have been violated you may (1) contact your Provider, (2) contact us or (3)You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. Your Provider will not retailiate against you and we will not retaliate.

General Internet Privacy

Cookies and Web Beacons. Like many websites, we use "cookies" and "web beacons" to collect information. A "cookie" is a small data file that is transferred to your computer's hard disk for record-keeping purposes. A "web beacon" is a tiny image, placed on a Web page or e-mail that can report your visit or use. We use cookies and web beacons to enable the technical operation of the Platform, to administer your log-in to your account and to collect the Log Data. You can change your browser's settings so it will stop accepting cookies or to prompt you before accepting a cookie. However, if you do not accept cookies you may not be able to use the Platform. The Platform may also include the use of cookies and web beacons of services owned or provided by third parties that are not covered by our privacy policy and we do not have access or control over these cookies and web beacons.

Social and General Information Tools

We may use publicly-available tools and information exchange resources, such as but not limited to a blog, a Facebook page, a Twitter account, a Google Plus account and others ("Social and General Information Tools"). Social and General Information Tools are not part of the Platform and information you provide or share on Social and General Information Tools may be read, accessed, collected and used by others. Social and General Information Tools are governed by their own privacy policies and are not covered by this Privacy Policy.

Phishing

Online identity theft and account hacking, including the practice currently known as "phishing", are of great concern. You should always be careful when you are asked for your account information and should only provide such information in our secure system. We will never request your login information, your credit card information, in a non-secure or unsolicited communication (e-mail, phone or otherwise).

Aggregate Information and Non-Identifying Information

We may share aggregated information that does not include any Personal Information with third parties for purposes, including but not limited to industry analysis, research, business transactions and public relations. We will not sell or disclose any Personal Information or information that can be identified as coming from you.

Links

The Platform may contain links to other websites, services or offers which are owned, operated or maintained by third parties. If you click on a third party link, you will be directed to that third party website or service. The fact that we link to a website or service is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not have control over third party websites and services or their privacy policies and terms of use.

Transfer of Business

We may sell or transfer some or all of our assets, including your Personal Information, in connection with a merger, acquisition, consolidation, joint venture, reorganization or sale of assets. Such transactions would be covered by a confidentiality agreement.

Service Providers

We may employ third party companies or individuals to perform certain tasks which are related to the Platform or to provide audit, legal, operational or other services for us. These tasks include, but not limited to, customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing, reporting and analytics. When needed we may disclose information, including Personal Information, to such third parties but we will try to limit the Personal Information disclosed to the minimum necessary to perform their task. All service providers are required to comply with HIPAA law(45 CFR Part 160 and 164) and acknowledge that responsibility by signing a business associates agreement.

International Transfer

Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we may transfer Personal Information to the United States and processes it there. If you are located in the United States and choose to provide information to us, we may also transfer some Personal Information outside of the US and processes it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to such transfers.

Compliance with Laws and Law Enforcement

We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information, including Personal Information, to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ourselves or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable. You should also be aware that Providers may be obliged to disclose information to law enforcement or other authorities to conform to their professional and legal responsibilities. Specifically, and without limitation, you should be aware that the law requires mental health professionals to disclose information and/or take action in the following cases: (a) reported or suspected abuse of a child or vulnerable adult. (b) serious suicidal potential. (c) threatened harm to another person. (d) court-ordered presentation of treatment.

Security

We are concerned about safeguarding your information. The security of your Personal Information is very important to us. Therefore, we employ measures to protect this information from unauthorized access, use, and disclosure. However, the confidentiality of any communication transmitted through the Platform or stored with us cannot be guaranteed. Please remember that no method of electronic transmission over the Internet or method of storage can be 100% secure. You acknowledge and agree that you share and transmit the information at your own risk, as further detailed in our terms of use. If you have reason to believe that there has been of security, including but limited to "hacking" to your account, you must notify us immediately.

Changes to the Privacy Policy

We may update this privacy statement at our sole discretion. The date of the last revision of this policy appears at the end of this page. We encourage you to periodically review this page for the latest information on our privacy policy and to carefully review updates. We will make best efforts to inform Providers and Users of changes to this Privacy Policy. By accessing and using our Platform you affirm that you accept the current Privacy Policy.

Contacting us

If you have any questions or concerns about this Privacy Policy or our privacy-related practices, please contact us by clicking the Contact link at the bottom of any page in our website.

Updated : May 4, 2018