Our Commitment to Your Privacy
At Huddl, we understand that your mental health information is among the most sensitive personal data. We are committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA).
Information We Collect
Personal Information
- Name, email address, phone number
- Account credentials
- Payment information (processed securely via Stripe)
Protected Health Information (PHI)
- Diagnosis information from your access code
- Session records and transcripts (with your consent)
- Emergency intervention logs
- Treatment notes from your therapist
Technical Information
- Device and browser information
- IP address and location data
- Usage patterns and preferences
How We Use Your Information
- To provide and improve our therapy services
- To match you with appropriate therapists and groups
- To process payments and provide receipts
- To respond to emergencies via the crisis button
- To communicate important updates about your care
- To comply with legal and regulatory requirements
HIPAA Compliance
Huddl maintains strict HIPAA compliance through:
- Encryption: All PHI is encrypted at rest and in transit using AES-256 encryption
- Access Controls: Role-based access ensures only authorized users can view data
- Business Associate Agreements: All vendors handling PHI have signed BAAs
- Audit Logging: All access to PHI is logged and monitored
- Regular Security Audits: We conduct penetration testing and security reviews
Data Sharing
We do not sell your personal information. We share data only with:
- Your assigned therapist(s)
- Service providers under BAA (hosting, video, payments)
- Emergency services when required for your safety
- Legal authorities when required by law
Your Rights
Under HIPAA, you have the right to:
- Access your PHI and request copies
- Request corrections to your records
- Receive an accounting of disclosures
- Request restrictions on how we use/share your data
- Revoke consent for PHR recording at any time
Data Retention
We retain your data as required by healthcare regulations (typically 7 years after your last session). You may request deletion of non-essential data at any time.
Security Measures
- End-to-end encryption for all video/audio sessions
- Anti-screenshot and anti-recording measures in session rooms
- Multi-factor authentication available
- Automatic session timeout
- Regular security updates and patches
Contact Us
For privacy-related inquiries or to exercise your rights:
Privacy Officer
Email: privacy@huddl.health
Phone: 1-800-HUDDL-99
Changes to This Policy
We will notify you of material changes to this Privacy Policy via email and in-app notification at least 30 days before they take effect.