Privacy Policy

1. What is this Policy?

This Policy is intended to help you understand what data nubloo, including its websites and apps (“we“) collect, how we use it, and your rights related to it. For purposes of this Policy and unless otherwise specified, “data” includes information that is linked to one person or household including things like name, email address, phone numbers, device ID, Third Party identifiers, contact information, and communications with Therapists using our digital communication platform (the “Platform”) to provide services (“Therapists”). Some jurisdictions might consider this to be “personal data,” “personally identifiable information,” or “sensitive personal data” in certain circumstances. When you use and access our app or website, you accept and agree to both the Terms and Conditions and this Privacy Policy, including that we’ll share certain data with Service Providers.

The purpose of this Policy is to explain the technical aspects of data Processing in a simple and clear way. Please feel free to email [email protected] if you have any questions about this Policy, or any suggestions for us to improve it.

2. Who does this apply to?

This Policy applies to any visitors to the public portions of our websites (including nubloo.com, nublooorg.com, mytherapist.com, teencounseling.com, faithfulcounseling.com, pridecounseling.com, and regain.us) and apps, users who create accounts or use of the paid portions of our Platform (“Members“), and independent contractor Therapists who are using the Platform to deliver therapy.

This Policy does not apply to the collection and use of information for employees or independent contractors (not including Therapists) of nubloo or Teladoc — nubloo’s parent company. If you’re a current or former nubloo job applicant, employee, owner, director, officer, or independent contractor other than a Therapist, please contact us at [email protected] for the appropriate notice governing those portions of the Platform.

3. When you use the term “Service Provider” in this Policy, what do you mean?

We define a Service Provider as a person or company that we have a legal agreement with to Process data collected by us or on our behalf. Data that is Processed on our behalf is required to be done only at our direction – no other person or company can authorize it. Our Service Providers are not permitted to disclose data that is individually identifiable to any other person or company, other than to us or the Service Providers’ own subcontractors provided that they’re bound to data Processing terms that are no less restrictive than the Service Provider’s terms.

The data obtained by Service Providers from their relationship with us must only be used for performing the services specified in our agreement with them, or as reasonably necessary to perform one or more of the following:

  • Comply with applicable law, regulation, or legal process;
  • Detect, prevent or mitigate fraud or security vulnerabilities;
  • Debug to identify and repair errors impairing existing intended functionalities; and/or
  • Conduct internal research for technological development and demonstration of our products or services, if such use is reasonably necessary and proportionate to achieve the purpose for which the data was shared.

4. When you use the term “Third Party” what do you mean?

For the purposes of this Policy, a Third Party means an entity that is not nubloo, not a Service Provider, not a Therapist or any other parties that are specifically called out in this Policy.

5. Do you collect, store, or Process my data?

In this Policy, we refer generally to activities done with data as “Processing” or “Process.” Examples of Processing include collecting, storing, and using data. The categories of data which we Process are listed below. We Process this data to do things like operate the Platform and make sure you are able to use our services effectively. We may also Process data to send you periodic emails or text messages. In some cases, these communications are to help provide services. Other times, they are to provide marketing communications. You can opt out of receiving texts or marketing communications at any time. Additionally, provided you opt in, we may Process and share some data with Third Parties for advertising purposes. You can find more details in the relevant sections of this Policy.

6. What specific data are you Processing?

What data we Process depends on how you’re using our website, app, or the Platform. We explain in the section below the specific data we collect and Process and, in the section following this, the business purpose for collecting and Processing this data.

Note that this section only covers the data we Process. Information about the data we share is covered in the section Why do you collect and Process my data?

As highlighted in the table below, we collect and Process “Therapy Data“, which includes health and treatment information that is required to facilitate therapy.

You can find information on how long we store the data we collect and Process these categories of data in the “How long do you keep my data?” section of this Privacy Policy.

Name of category of dataInformation that is collected
“Visitor data”When you visit the website, app, or Platform, we Process information like the particular pages visited or which features you interacted with, the amount of time on the website or app, site/app/Platform errors, information about the type of device and browser you’re using, and IP address. We may Process your Third Party identifier or advertising ID (if available based on the settings of your device) and will share the information with Third Parties, if you opt in.
“Onboarding data”To create an account with the Platform, the user first fills out a questionnaire. We Process the information used to complete this questionnaire.
“Account Data”Once a user creates an account with the Platform, we Process data such as the account name the user selects, and other demographic and contact information, such as email, age, phone number, emergency contact details, physical address, and whether a user verifies their email address.
“User ID”We assign each user (including Therapists) who create an account a sequentially-generated user ID. User IDs are unique to each account and are required in order to enable the Platform to function.
“Transaction Data”We Process data about payment transactions on the Platform such as whether a user completed payment for our services, signed up for services using a trial offer, canceled or ended a trial, received a discount or financial aid, or received any extensions or refunds. We also process whether a visitor has registered to create an account.
“Member Engagement Data”We Process data for logging into the Platform and activity conducted during that log in such as when a user logs in, the login timing, number and length of messages received or sent through the Platform, received or sent message timing, number and duration of live session scheduled or conducted, the number and timing of use of other features such as worksheets, journals, and goals. This category does not include Therapy Data like the content of any messages sent or received by users, the content of any live sessions, or the content of journal entries, worksheets, or goals.
“Therapy Data”We Process written communications and related information users share with their Therapist to facilitate the therapy. This includes messages with Therapists, worksheets, and journal entries. Users may also choose to send audio messages which are automatically transcribed. We do not record the video or audio sessions with Therapists.
“Therapy Quality Data”We Process client feedback about their Therapist including, ratings and reviews of their Therapist, actions regarding switching Therapists or quitting therapy, and the reason selected by the client. We Process Therapist session availability, session cancellations and no-shows.
“Customer Service and Communications Data”We Process communications users have with our Customer Service team.
“Therapist Data”In order to follow up with Therapists on the status of their applications, to identify, match, credential, re-credential, run checks, issue 1099s and pay Therapists, we process Therapist information such as the Therapist’s name, bank account information, gender, date of birth, governmental identification numbers (SSN/FEIN), e-mail address, phone number, address, NPI number (if applicable), license information, CAQH number (if applicable), and areas of interest/expertise, education, and job history. Therapists may also separately and outside of this Policy, consent to using facial scans to assist logging them in and verifying their identity.
“Therapist Engagement Data”For Therapists, we process such data as number/times of Therapist logins to the Platform, the number of live sessions conducted by a Therapist, number of messages and words exchanged by a Therapist, number of worksheets shared by a Therapist, and number of journal entries shared with a Therapist.

In addition to processing, we also share some data with Service Providers in order for us to operate the Platform and to perform necessary website and application functions. Additionally, when you opt into sharing, we share certain data with Third Parties. For more information please see the section: “What are the purposes for sharing my data?”

7. Why do you collect and Process my data?

There are a few reasons that we Process your data. We’ve tried to provide some examples that would be of most interest to you but please contact us at [email protected] if there are other things you’re interested in.

We Process Visitor Data, Onboarding Data, Account Registration Data, User ID, Transaction Data, Therapy Quality Data, Therapist Data and Therapist Engagement Data to connect you with therapy services: In order for us to connect you with therapy services on our Platform, we need to be able to facilitate information sharing between you and your Therapist so that you can get the help you need from them. We also Process data like your Therapist preferences, your state (if applicable), and your country to determine what Therapist to suggest to you based on applicable licensing or accreditation requirements.

We Process Visitor Data, Member Engagement Data, Account Data, Therapy Data, Therapist Data, Transaction Data Therapy Quality Data, Therapist Engagement Data and User ID to facilitate therapy tools for you and your Therapist: Once you start therapy, we need to process certain data to enable therapy tools within the Platform such as journal entries, setting goals and providing relevant worksheets. These help facilitate a more effective therapeutic experience and outcome. We Process Visitor Data, Account Data, Therapist Data, User ID, to verify your identity, secure your account (applicable to both Members and Therapists), and to monitor and protect the security of the Platform: We process certain data to make sure only you are able to access your account, and to place controls or challenges to prevent unauthorized access. We may also process some of your data when issuing security patches and bug fixes in order to address security risks. We may also process your data to track potential abuse on the platform, prevent and detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

We Process Visitor Data, Therapist Data, Account Registration Data, User ID, Member Engagement Data, Transaction Data, Customer Service and Communications Data and Therapy Quality Data to communicate with you: For example, we need to make sure that if you ask a question or have a concern about the Platform, we’re able to respond to you and provide an answer.

We Process Visitor Data, Onboarding Data, Therapist Quality Data, Member Engagement Data, User ID, Transaction Data and Therapy Quality Data to monitor and improve therapy quality: For example, we track if a live session occurred, was canceled, or if the Therapist did not show up, to ensure that timely services are being delivered to you. We also track ratings, reviews, complaints, and other client feedback to ensure the quality of Therapists on our Platform. If you consent, a licensed Therapist who is employed as part of the nubloo Clinical Operations Team may review correspondence with your Therapist for quality assurance purposes. For example, if you raise a concern about your Therapist, or we have concerns about a specific Therapist’s clinical care. In addition, our internal Trust and Safety or Legal teams may review correspondence for specific accounts if we have a reason to believe that there is a security, legal, or fraud issue occurring with that specific account.

We Process Visitor Data, Onboarding Data, Member Engagement Data, Account Registration Data, User ID, Transaction Data, Therapy Quality Data, and Therapist Data to personalize your web or app experience: For example, if you identify as a Member of the LGBTQ+ community and would prefer a Therapist who has relevant expertise, experience, and training to provide therapy services for LGBTQ+ Members, we Process information to allow us to match you with an appropriate Therapist that can meet these needs. Another example is if you state that you would like help with anxiety, we may recommend content and features that would be helpful to you, such as anxiety-related group sessions.

We Process Visitor Data, Onboarding Data, Account Registration Data, Member Engagement Data Transaction Data, Therapy Quality Data, Therapist Data and User ID to help us understand how you use our services, how we can improve our products and services to make them more effective and convenient, and offer you new features: For example, we may use some of your data to determine which products and features to roll out to you, which features are popular and require more investment or resources, or decide to remove features that are not providing value. We may also Process data to know when you have already seen certain notifications on the Platform and do not need to be shown them again. Another example of this is when we use your IP address to help conveniently auto-populate your state (if applicable) and country, or assist you with providing your address when completing information about your emergency contact. We may also track regular usage of certain pages, buttons, or features on the Platform in order to allocate our research and development resources appropriately. In addition, if you opt in to Analytics (previously “Performance cookies”), we may process some data to track site visits across our sister sites such as ReGain and Teen Counseling. This is known as “first-party cross domain tracking”.

We Process Visitor Data, Onboarding Data, Account Registration Data, Member Engagement Data, Transaction Data, Therapist Data,Therapy Data, Customer Service, Communications Data and User ID to comply with laws: For example, a court might subpoena information from us where we would be required to share certain information requested in the subpoena. This is not unique to nubloo and is applicable to in-person therapy as well. Keep in mind that, as a general rule, we defer to your chosen Therapist to decide to produce (or not produce) any psychotherapy notes or messages you have had with them. Many jurisdictions have strict rules governing Therapist/client relationships and the confidentiality requirements associated with that. We encourage you to discuss with your Therapist early on if you have concerns about their disclosure obligations.

We Process Visitor Data, Account Registration Data, Member Engagement Data, Transaction Data, Therapist Data, Customer Service and Communications Data, and User ID to protect your safety and the safety of others: For example, if we have reason to believe that you or any other person may be in immediate danger or your privacy has been infringed upon, we may use the information to investigate or reach out to you or the appropriate authorities if it is legally appropriate/permitted to do so.

If you’re a Therapist on our Platform, or being recruited to join us, in addition to the above, we may Process Therapist Data, Therapy Quality Data, Therapist Engagement Data, User ID, Onboarding Data, Account Registration Data to:

  • Assist in the Therapist recruitment process and onboard you to the Platform;
  • Operate the Platform, match clients to you based on your preferences, and facilitate the communication between you and your clients;
  • Verify your identity and secure your account;
  • Run background checks and other screening required for credentialing and re-credentialing purposes;
  • To pay you and comply with all relevant tax laws;
  • Provide you quality statistics, feedback from our nubloo Clinical Operations team, and feedback from clients.
  • Offer you information about new features, opportunities, perks and other incentives.
  • Promote your profile on nubloo and with Third Party websites and directories to get you more clients (to opt-out email [email protected]).
  • Send you email, calls or SMS reminders, notifications & updates about your application, profile or account.

We Process Visitor Data, Onboarding Data, User ID, Transaction Data, Member Engagement Data, Therapist Data, Therapy Quality Data and Therapist Engagement Data to send you opportunities, promotions, news, updates and reminders about our services and your account: For example, we might email you to offer you special promotions or discounts. We might also email you to provide you with therapy related news or content that you might find interesting. You can opt out of receiving texts or marketing communications at any time.

If you opt in to Advertising (previously “Targeting cookies“) and web beacons we process Visitor Data for advertising purposes: To learn more, see section, “Are you using my data for advertising?”.

8. Who can see the interactions I have with my Therapist?

You and your Therapist are able to see the messages you send, the worksheets you submit. Your Therapist can also see the journal entries you submit if you opt in to sharing journal entries.

If you consent, a licensed Therapist who is employed as part of the nubloo Clinical Operations Team may review correspondence with your Therapist for quality assurance purposes. For example, if you raise a concern about your Therapist, or if we have concerns about a specific Therapist’s clinical care.

In addition, our internal Trust and Safety or Legal teams may review correspondence for specific accounts if we have a reason to believe that there is a security, legal, or fraud issue occurring with that specific account.

Messages with your Therapist are not shared with any Third Party, and your live sessions are not recorded. We also do not share when you send a message, or have a session with your Therapist, with any Third Party.

9. What are the purposes for sharing my data?

Here’s some more information about the purposes for which we share your data:

  • Your data may be shared to comply with applicable laws. For example, a court might subpoena information from us where we would be required to share certain information requested in the subpoena. This is not unique to nubloo and is applicable to in-person therapy as well. Keep in mind that, as a general rule, we defer to your chosen Therapist to decide to produce (or not produce) any psychotherapy notes or messages you have had with them. Many jurisdictions have strict rules governing Therapist/client relationships and the confidentiality requirements associated with that. We encourage you to discuss with your Therapist early on if you have concerns about their disclosure obligations.
  • Occasionally, your data may be handled by a select number of employees who are part of our parent company for support services. These employees are under strict duties of confidentiality. For example, a paralegal at our parent company may receive subpoenas or legal correspondence on behalf of Members or former Members and make sure they are provided to nubloo’s Legal team to address.
  • We may share certain data with Service Providers that provide limited services that help us operate the Platform. Examples include:
    • Data hosting and storage providers: For example, cloud hosting providers such as Amazon Web Services (AWS).
    • Technology Service Providers: For example, we sometimes integrate tools into our Platform which give our Platform more functionality, like technology that helps us provide live audio, video and group meetings.
    • Customer Service Providers: For example, we use a tool that helps keep track of requests and questions from our Members, visitors and Therapists in a secure way.
    • Email management and communication Service Providers: For example, we may use a tool that makes reaching out to you easier for us and more convenient for you.
    • Billing and payment processing Service Providers: For example, we use Stripe to help process payments in a secure way. Stripe also assists us in paying Therapists and issuing tax documents to them. For this purpose, we may share email addresses of Therapists with Stripe and other data that is needed to pay Therapists such as a Therapist’s name and tax ID.
    • Reporting and analytics Service Providers: For example, we might use a service to help us keep track of which pages and features are most used on our site.
    • Advisors and lawyers: To assist with business matters.
    • We may share some of your data with Service Providers to ensure the safety and security of the Platform and that of our users.
  • If you’re a Therapist on our Platform, or being recruited to join us, in addition to the above, we may share certain data with Therapist recruiters in order to facilitate, monitor, and track the recruitment process.
  • For Members who receive services in connection with an employer, organization, or other business partner, we may share group-level usage data, which cannot be directly connected to you, with your organization. In the instance of Members who receive services through an Employee Assistance Program (“EAP”), your EAP will provide notice for any individual-level data which is shared with the EAP, if you are utilizing one and have provided them with consent for us to do so. If you have any questions on how your data will be used by or shared with your EAP, please reach out to your EAP directly.
  • We may share some of your data in connection with an asset sale, merger or bankruptcy.

Note that if you make any information publicly available on the Platform, such as with a public post, anyone may see and use such information.

If you opt in to “Analytics (previously ”Performance cookies”)”, we may use analytics cookies from trusted Service Providers to Process data for activities including but not limited to analyzing traffic sources, visits, and site interactions. This analysis helps us to improve our products and services.

If you opt in to “Advertising (previously ”Targeting cookies”)” and web beacons, information regarding your activity on our websites, excluding activity when you’re logged in and have started therapy, may be shared for advertising purposes. To learn more, see section: “Are you using my data for advertising?”

10. Do you Process location data?

We process your IP address to determine your rough location so that we can personalize the platform for you. For example, we show you relevant information about our service that applies to visitors from your country.

We also utilize your rough location to improve your user experience when using our platform. For example we auto populate your state (if applicable) and country when you are completing our onboarding questionnaire.

We do not request or process exact location information such as information provided by your phone via GPS.

We Process your address information when you provide it as part of your emergency contact information when you start therapy on the Platform. Your contact information is required to comply with therapy regulations and ethical code. It can be used, for example, in case your Therapist believes you are in immediate danger. When you are filing out this field, we may process your rough location to provide autocomplete suggestions for your convenience.

Rough location using your IP address is also Processed by the ReCAPTCHA security API tool we use. ReCAPTCHA is a Service Provider we use to identify potentially malicious actors trying to access our site. Here is the ReCAPTCHA Privacy Policy and Terms of Service.

To learn about the additional purposes for which we Process IP addresses, please see:

11. Are you using my data for advertising?

In order to reach people who may be looking for mental health support, we advertise on some Third Party web properties such as Third Party websites and apps. In order to minimize advertising costs related to this process and downstream costs to you, we strive to deliver ads that are relevant, interesting, and personal.

Therefore, if you opt in to Advertising cookies and web beacons, your IP address, Third Party identifier (if applicable), and some Visitor Data, excluding activity when you’re logged in and have started therapy, may be shared for advertising purposes. As a result, you may see ads for our services on some Third Party websites.

Even if you do opt in, we still do not engage in “retargeting” advertising. Retargeting advertising is a type of advertising whereby advertisers leverage the fact that you viewed a page or took an action on their site to advertise to you again on third party properties in the hope that you will see the ad and return to their site.

To be clear, we don’t share any data or information you share with your Therapist with any Third Party advertisers. Even if you opt in to Advertising cookies and web beacons, we still don’t share information with Third Party advertisers like Member names, email addresses, phone numbers, clinician diagnosis, questionnaires answers, sessions data, journal entries, messages, worksheets, or any other type of private communication you have with your Therapist on the Platform.

For additional information regarding Third Parties that nubloo may share data with, please reference our Third Party Partners Disclosure List.

12. What is a cookie or web beacon?

A “cookie“ is a small data file that is accessible within a folder on a computer, and it is used for record-keeping purposes. Cookies are used to enhance performance of the Platform, personalize your experience and can be used for Third Party tracking (as described above). For example, cookies may be used to help you quickly log into certain platforms and websites without having to enter your credentials every time.

A “web beacon“ or “pixel” is a tiny and sometimes invisible image or embedded code, placed on a web page or email that can report your visit or use to a Third Party (as described above). In general, these tools can be used to monitor the activity of users for the purpose of web analytics, advertising optimization, or page tagging.

13. What are you using cookies and web beacons for?

We use our own, Service Providers and Third Party cookies and web beacons to deliver a faster and safer experience, to monitor and analyze usage, to comply with laws, and for advertising purposes. To read more about the kinds of Third Party cookies we use and their purposes go to ‘List of Third Parties‘. To update your settings or opt out, click “here”.

14. How do I opt out of cookies, web beacons, and other tracking technology?

Please visit our opt-out instructions page to opt-out of tracking via cookies or web beacons, or for instructions on how to remove previously set cookies.

15. How do you keep my data secure?

We apply industry standards and strive to apply best practices to prevent any unauthorized access and disclosure. Internet-based services carry inherent security risks, but our systems infrastructure, encryption technology, operation and processes are all designed, built, and maintained with your security and privacy in mind. Our Platform is certified by HITRUST – one of the most recognized data security certification programs in the health industry.

nubloo has an experienced team of data security professionals whose job it is to make sure we use secure technology to protect your data. We have an Information Security team who test internal security at nubloo to try and anticipate threat actors and act defensively to build processes and infrastructure to prevent incidents and attacks. We have numerous robust security practices such as:

  • All messages between a Member and their Therapist are secure and have 256-bit encryption.
  • Our servers are distributed across multiple Tier 3 AWS Data Centers for optimal security and protection.
  • Our browsing encryption system (SSL) follows modern best practices.
  • Our databases are encrypted and scrambled rendering them useless in the unlikely event that they are stolen or inappropriately retrieved.
  • We have robust monitoring and alerting systems and procedures in place that include both automated systems and humans. For example, there are always security personnel active in our 24/7 rotation.

For your own security, keep the following in mind:

  • Phishing: This is a type of online identity theft or account hacking. We will never request your login information or credit card information in any non-secure or unsolicited communication. You should always be diligent when you are asked to provide your account information and make sure it is in our secure system.
  • External links: Our Platform may contain links to an external website or service. We do not control external websites, and do not have control over their privacy policies and terms of use. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that external party or of their privacy and security policies or practices.

16. Do you sell my data?

We aren’t paid by anyone for any data. However, in California, the laws define “sale” broadly to include the sharing of personal information in exchange for anything of value. If you opt in to our use of Advertising cookies and web beacons, this use may be considered a “sale” of personal information under that specific California law. For specific information on your data rights as a resident of California, see the additional notice for California residents.

17. Can I sign up for nubloo and remain anonymous?

When you sign up for an account on nubloo, we do not ask you for your full name. You may pick any name or “nickname” which will identify you in the system. You will need to provide an email address so that we can verify your account, and so we can communicate with you. You can choose an email that does not include your name(including if you are coming to us from an employer, organization, or other business partner and do not want to use your organization’s email address), but you should be aware that in some jurisdictions emails may be considered “personal data,” “personally identifiable information,” or “sensitive personal data” in certain circumstances. When you decide to start the therapy process, we’ll ask you for your contact information for emergency situations such as if your Therapist thinks that you or someone else is in immediate danger. Your Therapist may request additional specific information about you as required by their license or other accreditation guidelines.

Even though we try to limit the kinds of information you must provide to us as discussed above, it is very difficult to be truly “anonymous” when you use any app or the internet. Read more about what data we Process and why here:

If you’re interested in further limiting what data is Processed, visit our opt-out instructions page to opt-out of tracking via cookies or web beacons, or for instructions on how to remove previously set cookies.

18. How long do you keep my data?

nubloo is committed to ensuring that all applicable Member data is retained only for the amount of time required to provide relevant products and services and in accordance with relevant legal requirements.

Certain categories of data are retained for a period of time after you cancel your Membership or your Membership becomes inactive. These categories of data are retained to allow for a seamless reactivation in the event you begin using our services again and allows Therapists to reference historical information. Retaining this data is also needed to ensure our products and services function.

In addition to the data retention schedule outlined below, nubloo maintains a process to receive and process, without undue delay, requests by Members to delete their data. This process is outlined in the next section of this Privacy Policy.

If you are a Member with a nubloo account: We retain your data for the duration of your Membership and for ten (10) years from the date you last logged into your account.

In some circumstances, nubloo may have legal or regulatory obligations such that it must retain certain Member data beyond the retention schedule defined above. nubloo only retains Member data beyond the defined retention period when required due to ongoing litigation, requests by law enforcement, or regulatory action.

19. How do I request my data or delete it?

To receive a summary copy of your data, please log in to your account and go to Menu > My Account (or Account settings) > My Personal information, where you will see an option to request a copy of your data. The data you will receive as part of this request includes the contact information that you input on the site, questionnaire answers, worksheet entries, emergency contact information, messages you sent to your Therapist, journal entries that you created, and other personal information.

Additional data which we maintain includes email interactions with our help desk, which is stored on your email system. You may also request this information by writing to [email protected].

Please visit our opt out instructions page to request to delete the above data or opt out of previous settings you have opted into.

You may reach out to us at [email protected] if you need additional help. We will only comply with a request for deletion of your data if we can verify your identity. There is usually no charge. In exceptional circumstances, we may charge a reasonable fee after discussing the fee with you.

Requirements:

  • Only you or your authorized representative may make a request on your behalf. You may also make a request on behalf of your minor child depending on the applicable laws.
  • You must provide sufficient information that allows us to reasonably verify your identity or status as an authorized representative.
  • You must provide details that allow us to understand, evaluate, and respond to your request.

Exceptions:

  • We reserve the right to deny information requests that are unduly burdensome as allowed by law.
  • We reserve the right to deny information or data deletion requests in the event a litigation hold or legal request to preserve Member information is in place.
  • When we complete your data deletion requests, we still must retain some information in order to comply with laws and regulations and to maintain business integrity. For these reasons, we will retain this data for 10 years. This data is limited to: nickname, email address, communications data (like complaints and data deletion requests), records of disclosures of personal information to Third Parties, emergency contact information, Phone number (if provided), address (if provided) and date of services received.
    • This ONLY applies to Members who have started therapy.

If you have any questions about your rights, want to exercise them, or want to appeal our response to your request, please contact us in any of the following ways:
nubloo
Data Protection Office
990 Villa Street
Mountain View, CA 94041, USA
[email protected]
By calling our toll-free number: (855) 213-6709

We will not discriminate against you for exercising any of your privacy rights. We will not deny you services, charge you different prices or rates, impose penalties, or provide a different quality of service.

20. How can I stop receiving direct marketing emails from you?

You can always opt out of receiving marketing emails. In order to opt out, you can select the unsubscribe link located at the bottom of the relevant email communication.

21. How do you treat data from children?

We don’t knowingly collect or solicit any data or information from anyone under the age of thirteen (13) or knowingly allow such persons to become our users. The Platform is not directed at and not intended to be used by children under the age of thirteen (13). If you’re aware that we have collected personal information from a child under age thirteen (13), please let us know by contacting us, and we’ll delete that information.

22. How do you use my data to comply with the law?

When required by law, we cooperate with government agencies. This is not unique to nubloo and is applicable to in-person therapy as well. For example, a court might subpoena information from us where we would be required to share certain information requested in the subpoena. Keep in mind that, as a general rule, we defer to your chosen Therapist to decide to produce (or not produce) any psychotherapy notes or messages you have had with them. Many jurisdictions have strict rules governing Therapist/client relationships and the confidentiality requirements associated with that. We encourage you to discuss with your Therapist early on if you have concerns about their disclosure obligations.

You should also be aware that Therapists may be obliged to disclose information to authorities to meet professional and legal responsibilities. Specifically, some laws require mental health professionals to disclose information and/or take action for: (a) reported or suspected abuse; (b) serious suicidal potential; (c) threatened harm; and (d) court-ordered treatment. You should speak with your Therapist if you have concerns about this.

23. Will you change this Privacy Policy?

We may update this Privacy Policy. When we make significant changes to this Policy, we will notify you through our website or app when you log in to your account. We encourage you to periodically review this page for the latest information.

24. Additional Privacy Notice for California Residents

This Privacy Notice for California Residents supplements the nubloo Privacy Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (“CPRA”) of 2023.

The CCPA and the CPRA are California laws that provide its residents with certain rights over information about them, including notice about the categories of personal information we have collected from them in the preceding twelve (12) months and the purposes for which the information is used or disclosed, and correction of personal information.

The following Sections outline the data that is Processed by us, as well as the purpose for collection, and the categories of sources of such information:

The data referenced at those links may fall in certain defined categories under the CCPA and CPRA. Accordingly, we may have collected:

  • Identifiers;
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e));
  • Protected classification characteristics under California or federal law;
  • Commercial information;
  • Biometric information;
  • Internet or other similar network activity;
  • Geolocation data;
  • Sensory data;
  • Sensitive Personal Information;
  • Professional or employment-related information; and
  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

The information that we have disclosed in the past 12 months and the recipients of the information are described above, in the section titled “What are the purposes for sharing my data?” The information that we may have shared in the past 12 months falls into the following personal information categories under the CCPA and CPRA:

  • Identifiers;
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e));
  • Protected classification characteristics under California or federal law;
  • Commercial information;
  • Internet or other similar network activity;
  • Geolocation data;
  • Sensory data;
  • Sensitive Personal Information; and
  • Professional or employment-related information;
  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

As noted in the Section titled “Do you sell my data?”, our “sale” of information (including sale of information about consumers under the age of 16) consists of the disclosure of your information for targeted advertising purposes, and we aren’t paid by any external or Third Party for any data. The information that we may have “sold” (for purposes of the CCPA and CPRA) in the past 12 months falls into the following personal information categories under the CCPA and CPRA:

  • Identifiers;
  • Commercial information; and
  • Internet or other similar network activity.

Do I have the right to know what information you have about me?

Yes, as a California resident you can request certain information about what we have Processed over the past 12 months. Once we receive and verify your consumer request, we can provide:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of Third Parties with whom we shared that personal information.
  • The specific pieces of personal information we collected about you.
  • Whether we disclosed your personal information for a business purpose and the personal information categories that each category of recipient obtained.

We will verify your identity by matching the information you provide with information that we maintain about you or via biometrics (specifically, FaceID via iOs). You also have the right to request that we correct personal information about you if it is found to be inaccurate. To make such a request, please send an email to [email protected].

Can I “opt out” or request that you delete my information?

Yes, you can request that we delete your data as described in the section of this Policy called: “How do I request my data or delete it?” Once your request is received and verified by matching the information you provide with information that we maintain about you or via biometrics, we’ll move forward with the Process of deleting your information in line with our legal requirements and Retention Policy. We cannot fulfill a deletion request and need to retain your information if the data is necessary to:

  • Provide you services, take actions reasonably anticipated within the context of our ongoing business relationship, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with applicable laws, including but not limited to, the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.) and information covered by the California Confidentiality of Medical Information Act.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

As noted above, you do not need to opt in to the “sale” of personal information about you by withdrawing your consent to accept cookies used for advertising here. Our websites are also designed to implement a do-not-sell privacy preference.

Other California privacy rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosure of personal information to Third Parties for direct marketing purposes. To make such a request, please send an email to [email protected].

25. General Data Protection Regulation (GDPR) and UK General Data Protection Regulation Notice

This section provides additional information about our Policy relevant to you if you are from the European Economic Area (the EEA), United Kingdom, and Switzerland (together “European Area Countries”). It supplements and should be read in conjunction with the rest of the Policy.

Under the European Area Countries’ privacy laws, we are the Controller with respect to your data.

When is my data used?

  • When it is in our legitimate interests or an external third party’s legitimate interests (“legitimate interest” is a term defined by the General Data Protection Regulation (GDPR) and UK General Data Protection Regulation Notice). Our legitimate interests in this instance include managing the Platform and nubloo’s business, safety and security of the infrastructure, prevention of fraud, research, and development, and management of contracts and legal claims.
  • When it is needed for the provision of the Platform. In particular, for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of the Platform. We only rely on our or an external third party’s legitimate interests to Process your data when these interests are not overridden by your rights and interests.
  • When it is necessary to do so to comply with any legal obligations imposed upon us under our contractual obligations or our contractual obligation or applicable law.
  • In rare instances, when it is a medical emergency, we may use your data to protect your or another’s vital interests if consent is not a reasonable option.
  • When you have consented to the use of your data, for marketing purposes or through the use of cookies and web beacons. Where consent is the legal basis, you have the right to withdraw your consent at any time.

What Lawful Basis for Sensitive Data is Used in the UK and EEA?

nubloo may also collect and Process certain categories of personal information, which may be considered “sensitive personal information” in the UK and EEA. The lawful basis for this Processing are (1) health and social care, (2) our establishment, exercise, or defense of a right or legal obligation, (3) substantial public interest, and (4) consent. Where consent is the legal basis, you have the right to withdraw your consent at any time. Sensitive personal information that we Process includes your racial or ethnic origin, religious or philosophical beliefs, and data concerning your health or about your sex life or sexual orientation.

When you begin to use our services and register your account, we ask you to provide answers to a questionnaire to customize the service, to match you with a Therapist, and to provide therapy and related services to you. In providing your responses to the questionnaire you may provide us with “sensitive personal Information” as described above. You may also continue to share such data with us as you receive services. This data is necessary as it allows us to continue providing services to you and customize our services for you. It is also necessary to provide healthcare with a personalized and well-selected Therapist based on points of data which impact your therapy and health care needs. The Therapist also reviews this data and can choose to not work with you if they are not a good fit. We may also use this information to improve our service and understand how you interact with the services.

How we obtain your personal information

nubloo obtains the categories of personal information listed above from the following sources:

  • Directly from you, such as information when you apply to be a counselor or that you submit during the Process of using and paying for our Services.
  • Indirectly from you, such as through your actions on our website.
  • From external business partners, such as social media sites, ad networks, and analytics providers.

What are my rights and choices under European Area Countries laws?

European Area Country residents have specific rights regarding their data. This section describes your rights if you are resident in the European Area Countries and explains how to exercise those rights.

  • Subject access request: You may be entitled to ask us for a copy of any data which we hold. We will normally send you a copy within one month of your request. However, that period may be extended by two additional months where necessary, taking into account the complexity of the request or the difficulty in accessing the data that you request. There is usually no charge. In exceptional circumstances, we may charge a reasonable fee after discussing the fee with you.
  • Right to rectification: If the data we hold about you is inaccurate, you may request rectification. The data will be checked, and, where appropriate, inaccuracies will be rectified.
  • Right to erasure: In certain circumstances, you may be entitled to ask us to erase your data.
  • Right to data portability: In certain circumstances, you may wish to move, copy, or transfer the electronic data that we hold about you to another organization.
  • Right to object: You may object to your data being used for direct marketing. You may object to the continued use of your data in any circumstances where we rely upon consent as the legal basis for Processing it. Where we rely upon legitimate interests as the legal basis for Processing your data, you may object to us continuing to Process your data, but you must give us specific reasons for objecting. We will consider the reasons you provide, but if we consider that there are compelling legitimate grounds for us to continue to Process your data, we may continue to do so. In that event, we will let you know the reasons for our decision. In some instances, objecting to certain Processing may impact our ability to provide you with services.
  • Rights related to automated decision-making including profiling: We use limited data to operate the Platform and to carry out certain profiling activities to support and grow our business. When doing so, we rely upon our legitimate interests as the lawful basis for Processing your data, and you may exercise the above rights if you do not wish us to Process your data in this way.

To exercise the rights in relation to your data set out in this section, please contact us at [email protected].

Is my data transferred internationally?

As a part of our standard business practices, we may transfer your data to organizations based in countries that have not been granted an adequacy decision under the General Data Protection Regulation. Where data is transferred to such countries, we shall ensure that specific safeguards or derogations have been established.

These might include where the data transfer is necessary in order to fulfill a contract between us and yourself, where we have received your specific consent after having made you aware of any risks involved, or where contracts are in place between us and the Third-Parties involved that ensure the recipient organization has a suitable standard of data protection in place.

You can contact our Data Protection Officer with questions, about this Policy, or about your data by writing to:

Attn: nubloo UK: Data Protection Officer
Ametros Group Ltd
Lakeside Offices,
Thorn Business Park
Rotherwas Industrial Estate
Hereford, Herefordshire
England
HR2 6JT
0330 223 2246
[email protected]
www.ametrosgroup.com

Attn: nubloo EU: Data Protection Officer
Ametros Ltd
Unit 3D
North Point House
North Point Business Park
New Mallow Road, Cork
Ireland
[email protected]
www.ametrosgroup.com

While we’ll always work with you to resolve any concerns you have about the use of your data, under GDPR you have the right to lodge a complaint with the supervisory authority in your country of residence if you have any concerns about our use of your personal information.

Additional Privacy Notice for non-US, non-UK, and non-EU residents

As a part of our standard business practices, data is transferred outside of many visitors’ countries of residence and predominantly used, accessed and processed within the U.S. Fortunately, given the robust and rigorous nature of privacy laws in the US, UK, and EU with which we comply, nubloo considers that this has the effect of protecting user information in a way that, overall, is at least substantially similar or in many ways exceeds non-US data privacy legal requirements. To the extent we contract with vendors who are outside of the U.S, we ensure that specific safeguards have been established to protect that data.

Se connecter

Vous n’avez pas encore de compte ? S’inscrire

Mot de passe oublié ?

S’inscrire

Réinitialiser le mot de passe

Veuillez saisir votre identifiant ou votre adresse e-mail. Un lien permettant de créer un nouveau mot de passe vous sera envoyé par e-mail.