Privacy Policy

Last updated: December 4, 2025

Our Commitment to Your Privacy

At Huddl, we understand that your mental health information is among the most sensitive personal data. We are committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA).

Information We Collect

Personal Information

  • Name, email address, phone number
  • Account credentials
  • Payment information (processed securely via Stripe)

Protected Health Information (PHI)

  • Diagnosis information from your access code
  • Session records and transcripts (with your consent)
  • Emergency intervention logs
  • Treatment notes from your therapist

Technical Information

  • Device and browser information
  • IP address and location data
  • Usage patterns and preferences

How We Use Your Information

  • To provide and improve our therapy services
  • To match you with appropriate therapists and groups
  • To process payments and provide receipts
  • To respond to emergencies via the crisis button
  • To communicate important updates about your care
  • To comply with legal and regulatory requirements

HIPAA Compliance

Huddl maintains strict HIPAA compliance through:

  • Encryption: All PHI is encrypted at rest and in transit using AES-256 encryption
  • Access Controls: Role-based access ensures only authorized users can view data
  • Business Associate Agreements: All vendors handling PHI have signed BAAs
  • Audit Logging: All access to PHI is logged and monitored
  • Regular Security Audits: We conduct penetration testing and security reviews

Data Sharing

We do not sell your personal information. We share data only with:

  • Your assigned therapist(s)
  • Service providers under BAA (hosting, video, payments)
  • Emergency services when required for your safety
  • Legal authorities when required by law

Your Rights

Under HIPAA, you have the right to:

  • Access your PHI and request copies
  • Request corrections to your records
  • Receive an accounting of disclosures
  • Request restrictions on how we use/share your data
  • Revoke consent for PHR recording at any time

Data Retention

We retain your data as required by healthcare regulations (typically 7 years after your last session). You may request deletion of non-essential data at any time.

Security Measures

  • End-to-end encryption for all video/audio sessions
  • Anti-screenshot and anti-recording measures in session rooms
  • Multi-factor authentication available
  • Automatic session timeout
  • Regular security updates and patches

Contact Us

For privacy-related inquiries or to exercise your rights:

Privacy Officer
Email: privacy@huddl.health
Phone: 1-800-HUDDL-99

Changes to This Policy

We will notify you of material changes to this Privacy Policy via email and in-app notification at least 30 days before they take effect.