Facebook pixel

Privacy Policy

TranqBay (we, our, or us) is committed to protecting the privacy of our users across all jurisdictions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mental health platform

Last Updated Date: December 9, 2024

Privacy Policy Illustration

    Regulatory Compliance

    This policy complies with multiple international data protection regulations including:

    • European Union: General Data Protection Regulation (GDPR)
    • United States: Health Insurance Portability and Accountability Act (HIPAA)
    • Nigeria: Nigeria Data Protection Regulation (NDPR)
    • United Kingdom: UK GDPR and Data Protection Act 2018

Information We Collect

Personal Information

  • Name and contact details
  • Date of birth and demographic information
  • Professional credentials (for therapists)
  • Payment information
  • Emergency contact information
  • Medical history (where relevant)
  • Government-issued identification (for verification)
  • Insurance information (where applicable)

Platform Usage Data

  • IP address and device information
  • Browser type and settings
  • Access times and duration
  • Pages visited and features used
  • Geographic location (as permitted by law)
  • Technical error logs
  • Platform interaction data

Session Information

  • Appointment schedules
  • Session metadata
  • Chat logs (if applicable)
  • Treatment plans (as documented by therapists)
  • Crisis intervention records (where applicable)

    Data Processing Purposes

    We process your data to:

    • Provide and improve our services
    • Match clients with therapists
    • Process payments and maintain records
    • Ensure platform security
    • Comply with legal obligations
    • Respond to emergencies
    • Conduct quality assurance
    • Send service-related communications

Regional Data Protection Rights

European Union & UK Users

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent

United States Users - HIPAA Rights

  • Right to access PHI
  • Right to amend records
  • Right to receive accounting of disclosures
  • Right to request restrictions
  • Right to confidential communications

California Residents - CCPA/CPRA Rights

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale or sharing of personal information
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information
  • Right to limit use and disclosure of sensitive personal information
  • Right to data portability

Other US State Residents

  • Virginia residents: Rights under VCDPA including access, deletion, and opt-out
  • Colorado residents: Rights under CPA including access, correction, deletion, and opt-out
  • Connecticut residents: Rights under CTDPA including access, correction, deletion, and opt-out
  • Utah residents: Rights under UCPA including access, deletion, and opt-out
  • Additional state-specific rights as applicable under state law

Nigerian Users

  • Right to data access
  • Right to data portability
  • Right to erasure
  • Right to object to processing
  • Right to lodge complaints

Data Security

We implement robust security measures including:

  • End-to-end encryption for sessions
  • AES-256 encryption for stored data
  • Multi-factor authentication
  • Regular security audits
  • Access controls and monitoring
  • Incident response procedures

Data Retention

We retain data according to regulatory requirements:

  • Session metadata: 30 days
  • Medical records: As required by local law
  • Payment records: As required for tax purposes
  • Platform usage data: 24 months

International Data Transfers

For international data transfers, we ensure:

  • Appropriate safeguards are in place
  • Standard contractual clauses are implemented
  • Regional data protection requirements are met
  • Data localization laws are followed

Third-Party Sharing

We may share data with:

  • Service therapists (with appropriate safeguards)
  • Law enforcement (when legally required)
  • Emergency services (in crisis situations)
  • Insurance therapists (with consent)
  • Other healthcare therapists (with explicit consent)

Sale of Personal Information (US Residents)

Your Rights Regarding Data Sales:

  • We DO NOT sell personal information as defined under CCPA/CPRA
  • We DO NOT share personal information for cross-context behavioral advertising
  • You have the right to opt-out of any future sale or sharing
  • To exercise your opt-out right, email: [email protected]
  • We DO NOT sell or share sensitive personal information
  • We DO NOT sell or share information of minors under 16

Categories of Information We DO NOT Sell:

  • Health information or medical records
  • Biometric information
  • Financial account information
  • Government identifiers
  • Sensitive personal information as defined by CPRA
  • Information about minors

Children's Privacy

For users under 18:

  • Parental consent required
  • Enhanced privacy protections
  • Special data handling procedures
  • Age-appropriate privacy notices
  • Parental access controls

In crisis? Don't use this site. Get immediate help or call emergency services.