Last modified: August 8, 2022
This Policy applies to information we collect: (1) on this Website; (2) in email, text, and other electronic messages between you and this Website; and (3) when you interact with our applications on third-party websites and services, only if those applications include links to this Policy.
It does not apply to information collected by: (1) Company offline or through any other means, including on any other website operated by Company or any third party; (2) any third party, including through any application or content that may link to or be accessible from or on the Website; or (3) the an independent healthcare professional’s use of protected health information (“PHI”) as that term is defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) that is shared with those individuals, whether or not through the Website or in the course of receiving health services. For information regarding use and disclosure of PHI, please visit our Notice of Health Information Privacy Practices.
Thru contracts with a network of independent healthcare professionals (“Counselors”) that provide intensive outpatient care via separate Thru applications and online interfaces to their patients, and not through this Website. Your Counselor is responsible for providing with you with a Notice of Health Information Privacy Practices describing his/her/their collection and use of your healthcare information through such separate applications and online interfaces, not this Website. Please do not transmit any PHI to Thru directly. PHI should only be communicated directly to your Counselor through secured means.
Table of Contents
- Agreement and Consent
- Children under the Age of 16
- Health Information Disclaimer
- The Platform
- Information We Collect About You and How We Collect It
- How We Use Your Information
- Email and Text Messages Opt-Out
- Disclosure of Your Information
- Your Rights and Choices for California Residents
- State Privacy Rights Outside of California
- Updates and Review of Account Information
- Data Security
- Transfers of Information
- Geographical Restrictions
- Contact Information
1. Agreement and Consent
2. Children under the Age of 16
Our Website is not intended for children under 16 years of age without prior written consent from that child’s parent or legal guardian. No one under age 16 may provide any Personal Information (as defined below) to or on the Website. We do not knowingly collect Personal Information from children under 16. If you are under 16, do not use or provide any information on this Website or through any of its features or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Information from a child under 16 without verification or parental or legal guardian consent, we will delete that information. If you believe we may have any information from or about a child under 16, please contact us at email@example.com.
California residents under 16 years of age may have additional rights regarding the collection and sale of their Personal Information. Please see Your Rights and Choices for more information.
3. Health Information Disclaimer
Company’s approach through this Website is educational and informational in nature only and should not be construed as a substitute for medical, therapeutic, or other professional advice. All content is general in nature and for informational purposes only. Accordingly, you should seek out advice from qualified doctors, therapists, or other professionals before relying solely on Company’s suggested use of this Website and the audiovisual materials contained thereon. By using this Website, you acknowledge and agree to take full and total personal responsibility for your actions and decisions.
Further, this Website is neither intended to create nor does it create a doctor-patient relationship between you and Company or any employees or contractors acting on its behalf. A doctor-patient relationship with Company cannot be formed by reading the information available on this Website or viewing various audiovisual works through this Website. The information and audiovisual works provided on this Website is not intended to constitute medical or therapeutic advice or to be a substitute for obtaining medical or therapeutic advice from a licensed doctor or therapist in your location. Accordingly, you should not communicate information to Company or its employees and contractors that you view as confidential or private, including PHI.
Based on the foregoing, this Website does not collect any PHI from you at this time.
4. The Platform
Once you register for our services, you will be redirected to a secure patient portal. Through this secured portal, Thru provides a powerful and comprehensive telehealth experience between you and our Counselors, where you and our Counselors may share various information, such as electronic health records. And through this secured portal, the HIPAA administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI is met. Again, please visit our Notice of Health Information Privacy Practices for more information.
5. Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website, including information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information does not include: (a) publicly available information from government records; (b) deidentified or aggregate consumer information; or (c) information excluded from the scope of the California Consumer Privacy Act of 2018 (“CCPA”) such as health or medical information covered by HIPAA and the California Confidentiality of Medical Information Act (“CMIA”), clinical trial data, or other qualifying research data.
The CCPA identifies eleven (11) categories of Personal Information and requires online businesses to disclose which of those categories have been collected from their consumers within the preceding twelve (12) months. Accordingly, our Website has collected the following categories of Personal Information from its consumers within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. (Some personal information included in this category may overlap with other categories.)
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other Personal Information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We collect this information:
- Directly from you when you provide it to us on our through our Website, for example, when you submit your name, email address, and/or phone number when creating a user account or submit your resume or curriculum vitae.
- Automatically as you navigate through the Website, which may include usage details, traffic data, location data, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
- From third parties and business partners of Company, for example, Calendly (a scheduling platform API), Google Analytics (API for reporting website traffic), and Verifiable (API verifying credentials of Counselors).
Information You Provide to Us
The information we collect on or through our Website may include:
- Information that you provide by filling in forms on our Website. This includes Personal Information provided at the time of registering to use our Website, subscribing to our service, creating a user profile, or requesting further services. We may also ask you for information when you report a problem with our Website.
- Records and copies of your correspondence (including email addresses), if you contact us.
- Your responses to questionnaires that we might ask you to complete when matching you with a Counselor.
- Your search queries on the Website.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically may include Personal Information or we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size, usage patterns, and trends.
- Store information about your preferences, allowing us to customize our Website according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Website.
- Track users’ movements around the Website.
- Administer the Website.
How We Respond to Do Not Track Signals
Some Internet browsers incorporate a “Do Not Track” feature that signals to websites that you visit that you do not want to have your online activity tracked. Each browser communicates “Do Not Track” signals to websites differently, making it unworkable to honor each and every request correctly. In order to alleviate any communication error between browsers and website, we do not respond to “Do Not Track” signals at this time. As the technology and communication between browser and website improves, we will reevaluate the ability to honor “Do Not Track” signals and may make changes to our policy. For more information about “Do Not Track,” please visit the Future of Privacy Forum, an industry-supported Washington, D.C. think tank and advocacy group, located at www.allaboutdnt.com.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see .
6. How We Use Your Information
We use or disclose information that we collect about you or that you provide to us, including any Personal Information for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our services, we will use that Personal Information to respond to your inquiry.
- To present, provide, support, personalize, and develop our Website and its contents and services.
- To match you with a Counselor in order to provide the services.
- To create, maintain, customize, and secure your account with us, and provide notices in regards thereto.
- To help maintain the safety, security, and integrity of our Website, services, databases, and other technology assets, and business.
- To prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To provide you with newsletters and other information that may be of interest to you.
- To personalize your Website experience and to deliver content and service via email or text message (with your consent, where required by law).
- For testing, research, analysis, and product development, including to develop and improve our Website and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our Website users is among the assets transferred.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
- To notify you about changes to our Website or any products or services we offer or provide though it.
- In any other way we may describe when you provide the information.
- To fulfill any other purpose for which you provide it.
- For any other purpose with your consent.
We currently do not display advertisements from non-affiliated third parties upon which you can click or otherwise interact.
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
7. Email and Text Messages Opt-Out
If you supply us with your email address and/or mobile phone number, you may receive periodic email or text messages, or electronic newsletters from us with information specific to your use of this Website if allowable by applicable law. Specifically, we may send you information about our services, contact you about certain transactions or information requests, or to learn more about your preferences. If you do not wish to receive promotional offers from us, you may elect to opt-out by following the unsubscribe instructions contained in the delivered content or by emailing us at firstname.lastname@example.org with “Opt-Out” in the subject line. Certain communications, such as those associated with important account information, may not be affected by the Opt-Out. Please be mindful that such requests may take several days to process after its receipt.
8. Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose Personal Information that we collect or you provide as described in this Policy for the following business purposes:
- To our subsidiaries and affiliates.
- To Counselors, contractors, insurance providers, service providers, and other third parties we use to support our business and/or the Website (collectively, “Service Providers”) such as for matching you with a Counselor, data analysis, customer support, internet service, and operating systems and platforms.
- To an internet cookie data recipient.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Company about our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. Further, the CCPA prohibits third parties from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
We may also disclose your Personal Information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
Personal Information Category
Business Purpose Disclosures
B: California Customer Records personal information categories.
C: Protected classification characteristics under California or federal law.
D: Commercial information.
E: Biometric information.
F: Internet or other similar network activity.
G: Geolocation data.
H: Sensory data.
I: Professional or employment-related information.
J: Non-public education information.
K: Inferences drawn from other personal information.
Limitation on Renting, Selling, and Sharing Personal Information
Other than the foregoing disclosures, in the preceding twelve (12) months, we have not rented, sold, or shared Personal Information with other people or nonaffiliated companies for their direct marketing purposes in any of the abovementioned categories found above, Information We Collect About You and How We Collect It.
Deidentified Patient Information
We may disclose deidentified patient information exempt from the CCPA and received on our separate and secured patient portal to third parties in accordance with HIPAA.
9. Your Rights and Choices for California Residents
Consumer’s online privacy rights vary from jurisdiction to jurisdiction. Given that our principal place of business is in California, we follow CCPA and applicable federal laws, rules, and regulations that provides specific rights and choices regarding Personal Information. This section describes those rights and how you may exercise those rights.
Information You Control
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. For example, you can also opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
Right to Know and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months (the “Right to Know”). Once we receive and confirm your identity (see Exercising Access, Data Portability, and Deletion Rights below), we will disclose to you: (i) the categories of Personal Information we collected about you; (ii) the categories of sources for the Personal Information we collected about you; (iii) our business or commercial purpose for collecting that Personal Information; (iv) the categories of third parties with whom we share that Personal Information; (v) the specific pieces of Personal Information we collected about you (also called a data portability request); and/or (vi) if we disclosed your Personal Information for a business purpose, we will identify the Personal Information categories that each category of recipient obtained. Please note that we do not provide these access and data portability rights for business-to-business Personal Information.
Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “Right to Delete”). Once we receive and confirm your identity (see Exercising Access, Data Portability, and Deletion Rights below), we will delete your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our Service Providers to: (i) complete the transaction for which we collected the Personal Information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (iii) debug products to identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.); (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (vii) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (viii) comply with a legal obligation; and/or (ix) make other internal and lawful uses of the Personal Information that are compatible with the context in which you provide it. We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action. Please note that we also do not provide these deletions rights for business-to-business Personal Information.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a request to us by sending a request to the following address:
Attn: Privacy Officer
Mailing Address: 1000 Quail Street, Suite 188, Newport Beach, California 92660
Phone Number: 888.294.8478
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Information. You may only make a request to know twice within a 12-month period.
Your request to know or delete must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include: providing your mobile number, full legal name, and/or email address; and (ii) describing your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. To designate an authorized agent, you must: sign a release of information form setting forth your authorized agent’s name and contact information. We will only use Personal Information provided in a request to verify the requestor’s identity or authority to make the request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact: email@example.com.
We endeavor to substantively respond to a request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
10. State Privacy Rights Outside of California
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their Personal Information.
- Access and delete certain Personal Information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their Personal Information, taking into account the information’s nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please contact: firstname.lastname@example.org.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address email@example.com. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
11. Updates and Review of Account Information
You may review, update, or modify your or your account information directly on the Website by logging into your account profile page or by submitting a support ticket through the Website’s Help function. You may also send us an email at firstname.lastname@example.org to request access to or correct any Personal Information that you have provided to us. If you email us, please put “Review of Account Information” in the subject line. We cannot delete your personal information except by also deleting your user account. Please note that we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
We reserve the right to retain your as necessary for recordkeeping and other compliance purposes to the extent allowed by applicable law, subject to your right of deletion of information.
12. Data Security
We have implemented commercially reasonable measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
13. Transfers of Information
When you use the Website, information, including Personal Information, will be stored (to the extent allowable by applicable law) and processed by our Service Providers in the United States as we are a California based company. As such, when you use your account, you consent to the collection and processing in the United States of the information, including Personal Information, as described above. Please note that our Service Providers may process information, including Personal Information, in the United States and elsewhere whose laws may materially differ from the jurisdiction in which you reside. When we transfer your information, including Personal Information, we will protect said information as described in this Policy.
14. Geographical Restrictions
The owner of the Website is based in the State of California in the United States. We provide this Website for use only by persons located in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. Access to the Website may not be legal by certain persons or in certain countries. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.
17. Contact Information
To ask questions or comment about this Policy and our privacy practices, please contact us at:
Mailing Address: 1000 Quail Street, Suite 188
Newport Beach, California 92660
Phone Number: 888.294.8478