Last Updated: December 7, 2020
1. Note to SimplePractice Customers and their Clients
We do not have direct relationships with the Clients of our customers. If we receive any inquiries or requests from Clients about their Personal Information, we will direct those inquiries or requests to the relevant customer.
If you are a Client of one of our customers (e.g., a therapist or group practice providing you services), we may retain your Personal Information on behalf of that customer. If you have questions about how we process your Personal Information, we encourage you to reach out to the appropriate customer. We may send any inquiries that we receive directly from you about our use of your Personal Information to that customer.
2. How We Collect and Use Your Personal Information
“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information and internet activity.
The categories of Personal Information we collect from you depend on your interactions with us. For example, we may collect:
- Identifiers and contact information, such as your name, email address, mailing address, phone numbers, social security numbers, government-issued IDs (such as driver’s licenses), IP addresses, and unique identifiers such as your usernames and passwords. We collect this information directly from you and from third-party sources for the purpose of creating and managing your SimplePractice account (“Account”), for communicating with you, verifying your identity, and providing our Services to you.
- Professional and employment-related information, such as your business name, your license number, calendar and scheduling information, and other information related to your business. We collect this information directly from you for the purpose of administering your Account and providing you our Services, including facilitating your use of our CE Marketplace.
- Transactional information, such as credit or debit card numbers and tax IDs. We collect this information directly from you in order to process your payments for our Services. We also collect your insurance information in order to process payments made to you by your Clients.
- Audio, electronic and visual information, such as your photograph or image, your voice and other similar information. We process this information to enable your use of our Telehealth service.
- Commercial information, such as products and services you have purchased from us. We collect this information to maintain customer records, identify trends in our customer relationships, and conduct business analytics.
- Profile information and inferences, such as information about your preferences and characteristics. We collect profile information by drawing inferences from the above categories of Personal Information in order to understand your preferences and tailor our services and communications to you.
In addition to the purposes for collection described above, we also collect your Personal Information for the following general purposes:
- To maintain and service your Account, including to fulfill your orders, to confirm your orders, to send you requested product and Service information, and to send you product and Service updates;
- To respond to your customer service requests and address your questions and concerns;
- To send you newsletters and marketing communications;
- To administer and improve our Services and marketing efforts, including measuring the effectiveness of the websites, diagnosing problems with our servers, and analyzing traffic;
- To detect security incidents, to protect against malicious, deceptive, fraudulent or illegal activity, and to comply with our policies and procedures;
- To comply with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims.
Referral Program: SimplePractice has a referral program that allows our existing customers to refer our Services to others. If you refer someone to SimplePractice, we will let that person know that you generated the referral. For those that receive a referral to our Services, we may collect your contact information in order to send you the referral content. Please visit our Refer-a-Colleague page for more information about the terms of our referral program.
3. How We Share and Disclose Your Personal Information
We may share your Personal Information in the following circumstances:
- Publicly, but only with your permission: We may share your Personal Information publicly with your permission. For example, with your permission, we may publicly post your photograph, your name, professional titles, and comments on the “Reviews” section of our websites.
- To Service Providers: We may share your Personal Information with companies that provide services to us, such as for hosting, marketing and communication services, and payment processing (“Service Providers”). When you use our CE Marketplace, we may also share, with your permission, your name and license information with Service Providers to generate course completion certificates. Our policy is to authorize these Service Providers to use your Personal Information only as necessary to provide services for us, and require that they not use or disclose your Personal Information for any other purpose.
- To third parties outside of SimplePractice:
- If you join our Services as a result of a referral under our referral program, we may share your name and the fact that you joined our Services with the person who referred you.
- We may share your Personal Information with our parent and affiliate companies in order for them to provide analytics across the entire corporate family and for other internal business purposes.
- From time to time, we may be required to provide Personal Information to a third party in order to comply with a subpoena, court order, government investigation, or similar legal process.
- We may also share your Personal Information to third parties, such as law enforcement agencies, when we, in good faith, believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- To any other third party for whom you have given your consent for us to share your Personal Information.
- In a corporate transaction: If SimplePractice is involved in a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of its assets, we may share or transfer your Personal Information as part of any such transaction.
4. Access and Choice
Account Settings: If your Personal Information changes, or if you no longer desire our Services, you may modify or remove it by logging into your Account and making the changes in your Account settings.
Marketing Opt-out Preferences: You can opt out of receiving marketing emails by using the unsubscribe link contained in the email. We may still send you emails about your relationship with us and your transactions, including Account information and alerts, purchase confirmations, and updates to our products, services and policies.
Account Deletion: SimplePractice customers may cancel and delete their Accounts at any time. Before cancelling and deleting your account, please export your data using a private internet connection that is password protected. SimplePractice is not responsible for any lost or stolen data resulting from a customer’s lack of diligence or failure to follow reasonable security protocols during or after the data export process. Please note, if you do not export your data before deleting your account, there may be no way to retrieve the data.
After you have exported your data and stored it in a secure location, you may proceed to cancelling and deleting your account by navigating to “Billing Information” under “Settings.” You will see a link on the bottom left of the page that says “Want to cancel your account?” You may select this option, follow the prompts and proceed to cancel and delete your account.
If you would like a copy of our HIPAA Business Associate Agreement, please contact us at firstname.lastname@example.org. Please understand that we will not be able to provide you certain Services if you cancel and delete your account.
5. Tracking Technologies and Cookies
We use information gathered from these tracking technologies so that we can analyze trends, administer the Services, track users’ movements around the Services, and gather demographic information about our user base as a whole. We may combine information we obtain through tracking technologies with other Personal Information that we have collected about you in order to make our Services, communications and advertisements more targeted to your interests.
Most web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. If you reject cookies, you may still use our Services, but your ability to use some areas of our Services will be limited. You may also opt out of targeted advertisements by visiting the Network Advertising Initiative opt out page.
Do Not Track: Please note that the Services are not presently configured to respond to DNT or “do not track” signals from web browsers or mobile devices. As such, we do not recognize or respond to Do Not Track requests.
6. Retention and Security
We will retain your Personal Information for as long as your Account is active, as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. For example, when you enter sensitive information (such as your login credentials), we encrypt the transmission of that information using secure socket layer technology (SSL). However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
7. California Privacy Statement
California residents have certain rights under the California Shine the Light law and the California Consumer Privacy Act (“CCPA”).
CCPA Disclosures: In general, within the preceding 12 months:
- We have collected the categories of Personal Information listed in Section 2 above.
- We have collected these categories of Personal Information directly from you, when you use our Services, and from third parties for the purposes described in Section 2 above.
- We have disclosed the following categories of Personal Information for business purposes: Identifiers and contact information; professional and employment-related information; commercial information; transactional information; and internet and network activity information.
- We have not sold your Personal Information.
CCPA Privacy Rights: As of January 1, 2020, certain California residents are entitled to privacy rights under the CCPA. Customers who wish to exercise these rights should direct their requests to the customer who controls their Personal Information.
- The right to know. You have the right to request to know (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you in the last 12 months; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your Personal Information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your Personal Information.
- The right to deletion. You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
- The right to equal service. If you choose to exercise any of these rights, we will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of our Services.
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, please contact us at email@example.com.
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to verify you are the individual about whom we collected Personal Information. If you have an Account with us, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Shine the Light: Our California customers are also entitled to request and obtain from SimplePractice once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information please contact us at firstname.lastname@example.org.
8. Additional Information
Children’s Privacy: Our Services are not directed to, and we do not knowingly collect any Personal Information from children under 13.
9. Contact Us
For help with matters not related to exercising your rights under the aforementioned privacy laws, please contact us at SimplePractice Support.