1. What is this Policy?

This Privacy Policy (“Policy”) is intended to inform you about the types of data collected by the Technology Platform, how this data is used, and the rights you have concerning this data. For the purposes of this Policy, “data” refers to any information associated with an individual or household. This may include, but is not limited to, names, email addresses, phone numbers, device IDs, and communications between you and the Company providing Mental Health Services via the Technology Platform. Such information may be considered ‘personal data,’ ‘personally identifiable information,’ or ‘sensitive personal data,’ as defined by the laws and regulations applicable in your jurisdiction.

By accessing and using the Technology Platform, you accept and agree to both the Terms and Conditions and this Privacy Policy, including that we’ll share certain data with Data Processors. This includes your consent for the sharing of certain data with Data Processors and Companies for the purposes of providing Mental Health Services.

The aim of this Policy is to clarify the technical aspects of data processing in an easy-to-understand manner. For any inquiries or suggestions regarding this Policy, please contact us through our customer support page.

“Technology Platform”
This refers to the website and/or mobile application owned by Really Global.

“Really Global”
When the terms “we”, “us”, “our,” or similar are used in this Agreement, they refer to Really Global. Really Global specializes in offering Technology Platform services to mental healthcare practitioners, both licensed and non-licensed. This doesn’t imply that Really Global practices medicine or any licensed healthcare activities. Similarly, we’re not involved in providing non-licensed services like health coaching and mentoring.

“Mental Health Services”
These refer to the licensed mental healthcare and non-licensed mental health coaching and mentoring services provided by a Company to clients via the Technology Platform.

“Company”
This refers to the entity that provides Mental Health Services to clients. The Company is solely responsible for the provision of Mental Health Services on the Technology Platform in accordance with all applicable laws and regulations.

“Data Processor”
These are entities contracted by Really Global specifically for data processing. They act solely on Really Global’s instructions and must maintain the confidentiality of the data processed.

“Processing”
This refers to any operation performed on data, such as collection, storage, and usage.

2. Who does this Policy apply to?

This Policy applies to all clients who access or interact with the Technology Platform, including those who create accounts to avail themselves of the Mental Health Services offered via the Technology Platform, as well as any Company utilizing the Technology Platform to offer Mental Health Services.

3. What do we mean by “Data Processor” in this Policy?

In this Policy, we define a “Data Processor” as an entity with whom Really Global has entered into a legal agreement to Process data collected by Really Global. Data Processors are required to handle the data solely as directed by Really Global—no other entity has the authority to instruct them. Data Processors are not permitted to disclose individually identifiable data to any other entity, except to Really Global or their own subcontractors, provided such subcontractors are bound by data processing terms that are no less restrictive than those agreed upon with Really Global.

The data obtained by Data Processors from their relationship with Really Global must be used solely for performing the services specified in our agreement with them, or as reasonably necessary for one or more of the following purposes:

• Complying with applicable privacy laws, regulations, or legal processes;
• Detecting, preventing, or mitigating fraud or security vulnerabilities;
• Debugging to identify and repair errors that impair existing functionalities; and/or
• Conducting internal research for technological development and demonstration, provided such use is reasonably necessary and proportionate to the purpose for which the data was shared.

4. When you use the term “Third Party,” what do you mean?

For the purposes of this Policy, a “Third Party” refers to any entity that is not Really Global, a Data Processor, or a Company, and is not otherwise specifically identified in this Policy or the accompanying Terms of Service.

5. Do you collect, store, or process my Data?

Within the scope of this Policy, we refer generally to activities done with data as “Processing” or “Process.” Processing activities may include the collection, storage, and usage of data. The types of data we Process are elaborated in subsequent sections of this Policy. We Process this data for various purposes, such as to ensure the smooth functioning of the Technology Platform and to enable you to use our services efficiently. Data may also be Processed for communication purposes, which could include sending you periodic emails or text messages. Some of these communications are service-related, while others may be for marketing purposes. You have the option to unsubscribe from receiving text or marketing communications at any time. More details on this can be found in the appropriate sections of this Policy.

6. What specific data are you Processing?

The data we Process depends on how Clients interact with our Technology Platform. Subsequent sections will detail the specific types of data we collect and Process, as well as the business rationale for doing so.

Please note that this section pertains solely to the data we Process. Information regarding the data we share is discussed in a separate section titled, Why do you collect and Process my data?

As delineated in the table below, we collect and Process “Client Data,” which may include demographic information, usage patterns, and transaction records necessary to facilitate the provision of Mental Health Services.

Details concerning the retention period for the data we collect and Process can be found in the How long do you retain my data? section of this Privacy Policy.

• Client Interaction Data: When you visit the website, app, or Technology Platform, we Process information such as the particular pages visited, features interacted with, time spent on the website or app, any encountered errors, the type of device and browser used, and your IP address. Third-party identifiers may also be Processed, and, if you opt in, shared with Third Parties.
• Onboarding Data: To create an account with the Technology Platform, you may be required to fill out a questionnaire or provide additional information. The information used to create your account is Processed.
• Account Data: Once an account is created on the Technology Platform, we Process data such as the account name selected, along with other demographic and contact information, including but not limited to email, age, phone number, and emergency contact details.
• Client Identifier: A sequentially-generated identifier is assigned to each Client and Company account. These identifiers are unique to each account and are essential for the Technology Platform to function effectively.
• Transactional Data: Data related to financial transactions on the Technology Platform is Processed. This includes details such as whether a payment for Mental Health Services was completed, cancellations, discounts, or refunds. Information about account creation is also Processed.
• Client Engagement Data: Data related to logging into the Technology Platform and the activities conducted during that login are Processed. This includes the timing of the login, the number and length of messages sent or received through the Technology Platform, the timing of these messages, the number and duration of live sessions scheduled or conducted, as well as the number and timing of the usage of other features such as worksheets, journals, and goals. This category does not include Mental Health Services Data, such as the content of any messages sent or received, the content of live sessions, or the content of journal entries, worksheets, or goals.
• Mental Health Services Data: Communications and other information shared with Companies to facilitate services are Processed. This includes clinical notes, diagnosis, symptoms, treatment plans, and functional status; session recordings, transcriptions, summaries, and session data; messages, worksheets, journals; or any other form of communication.
• Company Quality Data: Client feedback, including ratings and reviews of Companies, as well as details on session availability, cancellations, and no-shows, is Processed.
• Customer Service and Communications Data: All communications with our Customer Service team are Processed.
• Company Data: Data necessary to engage with Companies concerning their status, credentials, payments, and other operational needs are Processed. This includes a wide range of personal and professional information such as the Company’s name, bank account information, contact details, gender, date of birth, licensing and credential information, areas of expertise, and other relevant data. Companies may also, outside of this Policy, use additional verification methods to assist in logging in and verifying their identity.
• Company Engagement Data: Data related to Company activities on the Technology Platform is Processed. This includes the number and timing of Company logins to the Technology Platform, the number of live sessions conducted by a Company, the number and content of messages exchanged by a Company, and the sharing of worksheets and journal entries.

We Process a ‘Client Health Record,’ which contains essential information necessary to identify you and document the Mental Health Services you have received. This record includes internal notes from the Company, dates you received services, and specific elements from your Onboarding, Account, and Mental Health Services Data.

• Onboarding Data: Responses to any onboarding questionnaires or initial assessments.
• Account Data: The account name you’ve chosen, phone number (if provided), email address, and emergency contact details.
• Mental Health Services Data: Dates of service, messages exchanged with Companies, any worksheets or journals shared, and internal notes from the Company.

In addition to Processing, we also share certain data with Data Processors to facilitate the operation of the Technology Platform and perform essential functions for the website and application. Moreover, should you opt into sharing, we may share select data with Third Parties. For more detailed information, please refer to the section titled, “What are the purposes for sharing my Data?”

7. Why Do You Collect and Process My Data?

There are several reasons why Really Global processes your data. Here are a few examples that might be of most interest to you.

To Facilitate Your Connection with Mental Health Services

We process Client Interaction Data, Onboarding Data, Account Registration Data, User ID, Transaction Data, Mental Health Services Quality Data, Company Data, and Company Engagement Data. This processing is needed for us to connect you with Mental Health Services via our Technology Platform. By doing so, we can facilitate the essential exchange of information between you and Companies to ensure you receive the Mental Health Services you need. Additionally, we process data like your Company preferences, and your state and country (if relevant), to match you with Companies that meet specific licensing or accreditation criteria.

To Enable Mental Health Tools for You and the Companies

We process Client Interaction Data, Member Engagement Data, Account Data, Mental Health Services Data, Company Data, Transaction Data, Mental Health Services Quality Data, Company Engagement Data, and User ID. Once you commence receiving Mental Health Services, we process certain types of data to activate various therapeutic tools on our Technology Platform, such as journaling features, goal-setting functionalities, and relevant worksheets. These tools are designed to enrich the quality and effectiveness of the Mental Health Services you receive.

To Ensure Platform Security and Account Integrity

We process Client Interaction Data, Account Data, Company Data, and User ID for the purpose of identity verification and account security, applicable to both clients and Companies. This is to ensure that only you can access your account and to implement controls or challenges that prevent unauthorized access. We may also process some of your data when releasing security patches and bug fixes to address security vulnerabilities. Additionally, we process your data to monitor for potential abuse on the Technology Platform, to detect and prevent security incidents, and to protect against any malicious, deceptive, fraudulent, or illegal activities. When necessary, we may use this data to take legal action against those responsible for such activities.

To Maintain Open Communication Channels

We process Client Interaction Data, Company Data, Account Registration Data, User ID, Member Engagement Data, Transaction Data, Customer Service and Communications Data, and Mental Health Services Quality Data for the purpose of communication. For instance, if you have a question or concern about the Technology Platform, we make sure that we have the necessary information to respond to you appropriately and provide you with the answers you seek.

To Uphold and Enhance the Quality of Mental Health Services

We process Client Interaction Data, Onboarding Data, Company Quality Data, Member Engagement Data, User ID, Transaction Data, and Mental Health Services Quality Data to monitor and improve the quality of Mental Health Services offered through our Technology Platform. For example, we track whether a live session occurred, was canceled, or if a Company failed to show up, to ensure that services are being timely delivered to you. We also monitor ratings, reviews, complaints, and other client feedback to uphold the quality of Companies on our Technology Platform.

With your consent, a member of Really Global’s Quality Assurance Team may review your correspondence with a Company for quality assurance purposes. This might happen if you raise a concern about the services you’re receiving, or if we have specific concerns about a Company’s quality of care. Additionally, our internal Trust and Safety or Legal teams may review correspondence for specific accounts if we have reason to believe that a security, legal, or fraud issue is occurring with that particular account.

To Personalize Your Experience on the Technology Platform

We process Client Interaction Data, Onboarding Data, Member Engagement Data, Account Registration Data, User ID, Transaction Data, Mental Health Services Quality Data, and Company Data to tailor your experience on our Technology Platform. For example, if you identify as a member of the LGBTQ+ community and would like to connect with a Company that has specialized expertise, experience, and training in this area, we process your data to enable a match that aligns with your preferences. Similarly, if you express a need for assistance with anxiety, we may share content and features that are specifically designed to be beneficial for you, such as therapy groups focused on anxiety management.

To Understand Platform Use and Improve Our Services

We process Client Interaction Data, Onboarding Data, Account Registration Data, Member Engagement Data, Transaction Data, Mental Health Services Quality Data, Company Data, and User ID to gain insights into how you utilize our Technology Platform and Services. These insights guide us in enhancing the effectiveness, convenience, and array of features we offer. For example, your data informs us about which services and features should be introduced, refined, or possibly discontinued. It also helps us manage notifications so you aren’t shown redundant alerts. We may also use your IP address to auto-fill geographic details like your state or country. Regular usage of specific pages, buttons, or features is also monitored to wisely allocate our R&D resources. Should you opt into Analytics, we may employ data processing to track visits across any affiliated platforms for first-party cross-domain tracking purposes.

To Comply with Legal Requirements and Regulations

We process Client Interaction Data, Onboarding Data, Account Registration Data, Member Engagement Data, Transaction Data, Company Data, Mental Health Services Data, Customer Service Data, Communications Data, User ID, and your Clinical Health Record to adhere to legal mandates and regulations. For instance, in cases where we receive a legal subpoena, we may be obligated to share specific information as required. Companies providing Mental Health Services on our Technology Platform are also subject to various legal and professional obligations. These include maintaining a complete Clinical Health Record of the care and services provided to you, which must be retained for a designated period after the conclusion of your care. This practice is not unique and is a standard procedure in both online and in-person mental health services. As a general rule, we defer to the Company you’ve chosen for Mental Health Services when it comes to producing or withholding any psychotherapy notes or messages you’ve exchanged. Given that many jurisdictions have strict regulations concerning the confidentiality of client-Company relationships, we encourage you to discuss any concerns you may have about disclosure obligations with your Company early on.

To Ensure Safety and Security

We process Client Interaction Data, Account Registration Data, Member Engagement Data, Transaction Data, Company Data, Customer Service Data, Communications Data, and User ID to safeguard your well-being and the well-being of others. For example, if we have a reasonable basis to believe that you or another individual may be in immediate danger, or if your privacy has been compromised, we may utilize this information to conduct an investigation or to contact you or the relevant authorities, provided it is legally appropriate and permitted to do so.

For Companies Providing Mental Health Services on Our Platform

If you’re a Company on our platform, or in the process of becoming one, we process Company Data, Mental Health Service Quality Data, Company Engagement Data, User ID, Onboarding Data, and Account Registration Data for various purposes:

• Recruitment and Onboarding: To aid in the recruitment process and help you get started on our platform.
• Platform Operation: To operate our platform efficiently, display Company profile and specialty pages based on Company and Client preferences, and facilitate communication between you and your Clients.
• Identity Verification and Account Security: To validate your identity and keep your account secure.
• Credential Verification: Provide services that enable background, education, and credential checks and other screenings that are essential for verification.
• Payment and Tax Compliance: To facilitate your payment and ensure compliance with all relevant tax laws.
• Feedback and Quality Assurance: To provide you with quality statistics and feedback, both from Really Global and from Clients.
• New Features and Incentives: To inform you about new features, opportunities, and incentives.
• Profile Display: To allow your profile to be displayed on Third-Party websites and directories to inform people about the Technology Platform. You can opt-out by visiting our contact page.
• Reminders and Updates: To send you reminders, notifications, and updates about your application, profile, or account via email, calls, or SMS.

For Marketing and Promotional Communication

We process Client Interaction Data, Onboarding Data, User ID, Transaction Data, Member Engagement Data, Company Data, Mental Health Service Quality Data, and Company Engagement Data to send you opportunities, promotions, news, updates, and reminders about our services and your account. For example, we might email you special promotions or discounts or provide you with news or content related to mental health services that you might find useful. You can opt out of receiving texts or marketing communications at any time.