Privacy Policy

Client

Effective February 15, 2023

Upheal Inc., a Delaware corporation, https://upheal.io, is the provider of the Upheal application which your healing professional uses to provide therapy, coaching, or other health and wellness related services.

What personal data do we process?

We will use your: 

Data category
Data items
Personal details
Spoken language
Potential health data, habits, lifestyle
Session transcript & insights
Clinical notes
Usage data
Length of the session

Why do we use your data?

Personal data is used on our website for the following purposes:

Purpose
Data category
Legal basic
Are you obliged to provide the data?
How long do you hold your data?
Improvement of the app’s functionalities
Session transcript & insights, spoken language, length of the session, clinical notes
Because you expressed your consent for the processing of both  common and special data (health data)
No, it is always optional to provide us with your data and consent. If you do not provide us with such data you will still be able to use the app, but you will not help us improve the app’s functionalities
For 6 months after the usage of the app. Then it will be anonymized making it impossible for it to be traced back to you. Remember that you can always withdraw your consent and we will stop using your data

How do we use your data

Upheal is an app which creates notes based on what’s discussed during healing sessions. Using AI, the app transcribes the conversation and provides summaries and insights. With your consent we will use the summaries and insights to train the AI and improve our app so that it can offer better features and results. For more about the Upheal app visit https://www.upheal.io. 

To receive more information about our processing activities contact us at support@upheal.io and we will be more than happy to share more information with you.

Who can we communicate your data to?

Your data will be communicated to our hosting providers, suppliers of IT services and application software, who are our data processors. The information shared is for operational purposes unless an exception applies.

Disclosure for Law Enforcement: Upheal will disclose user personal data outside the scope of these provisions only as required to do so by law or compelled by court, government or administrative agency of competent jurisdiction. Personal data from users may be subject to federal and local laws that require Upheal to disclose this data in certain circumstances.

CCPA Disclosure: we do not sell your personal information, including personal information of California consumers. 

Where is your data processed?

Most of our team is based in the EU and your data is stored in the EU. Some of our suppliers (IT services, hosting provider) operate in the US. Therefore, it is possible that your data will be processed outside of your country/region. In this case, we inform you that the data transfer will take place only in presence of adequate safeguards provided for by the applicable law. In particular, for transfers from the EU and the UK, where an Adequacy Decision is not applicable, we rely on the Standard Contractual Clauses provided by the European Commission. For further information about the data transfer you can contact Us at the email address indicated below.

How do we support you in dealing with data subject rights?

You have the right to access and request amendment to your data.

You can obtain the erasure of your personal data under certain circumstances. 

You also have the right to restrict the processing of your personal data.

You can withdraw your consent at any time. 

Moreover, you can receive a copy of your personal data or ask Upheal to transmit that data to another controller, where technically feasible. 

You can lodge a complaint with the supervisory authority of your country in case you think that your rights have been breached. If you wish to exercise one of these rights, you can contact us at privacy@upheal.io.

HIPAA Compliance

To know more about how we comply with HIPAA, click here.