Privacy policy
Last Updated: 14/12/2023
Introduction
Verba is committed to protecting the privacy and security of your personal and health-related data. This privacy policy outlines our practices in line with the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
Data Controller (GDPR) and Covered Entity (HIPAA)
Verba acts as the data controller (GDPR) and a covered entity (HIPAA) regarding the personal health information (PHI) collected and processed through our app.
Types of Data Collected
Personal Identification Information: Name, email, and other contact details.
Health Information: Journal entries that may contain health-related information.
Usage Data: Interaction with the app, including time logs and feature usage.
Lawful Basis for Processing (GDPR) and PHI Use and Disclosure (HIPAA)
Consent (GDPR): Explicit consent is obtained to process your personal data for specified purposes.
Contractual Necessity (GDPR): Processing necessary for the performance of our service.
Legal Obligation (GDPR): Compliance with legal requirements.
Treatment, Payment, and Healthcare Operations (HIPAA): Use of PHI for healthcare treatment, payment processing, or healthcare operational purposes.
Purpose of Processing
To provide mental health journaling services.
To facilitate communication between you and your therapist.
For internal research to improve our services.
Providers and processors
The following providers store or process some or all of your data:
Google Cloud EU: https://cloud.google.com/privacy/gdpr
MongoDB Inc: https://www.mongodb.com/legal/privacy/privacy-policy
We use the following providers only with anonymized data, and Verba ensures they do not retain the data, and do not use it for any purpose other than those required by Verba:
OpenAI Inc: https://openai.com/security
In particular, the data held in Verba is not used by these providers to train or refine any technologies, including AI models.
Data Subject (GDPR) and Individual Rights (HIPAA)
Under GDPR and HIPAA, you have the right to:
Access your personal and health information.
Request corrections to your data.
Obtain a copy of your data in a portable format.
Request deletion of your data (subject to legal and regulatory requirements).
Withdraw consent for data processing (GDPR).
Data Sharing and Transfer
Therapists: Journal entries are shared with your designated therapist as part of the app’s functionality.
Third Parties: We do not sell or rent your data. We may share anonymized data with research partners.
International Transfers (GDPR): Safeguards are in place for data transfer outside the EEA.
Data Security
We implement stringent security measures to protect against unauthorized access, alteration, or destruction of data.
Data Retention
Data is retained as long as necessary for providing our services and as required by law. You may request the deletion of your data by contacting us.
Children's Privacy
Not intended for individuals under the age of 16 without parental consent.
Changes to This Policy
We reserve the right to modify this policy, with changes communicated through our website or the app.
Contact Information
For any inquiries about this policy or your data rights, please contact us at hello@myverba.com
Last Updated: 14/12/2023
Introduction
Verba is committed to protecting the privacy and security of your personal and health-related data. This privacy policy outlines our practices in line with the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
Data Controller (GDPR) and Covered Entity (HIPAA)
Verba acts as the data controller (GDPR) and a covered entity (HIPAA) regarding the personal health information (PHI) collected and processed through our app.
Types of Data Collected
Personal Identification Information: Name, email, and other contact details.
Health Information: Journal entries that may contain health-related information.
Usage Data: Interaction with the app, including time logs and feature usage.
Lawful Basis for Processing (GDPR) and PHI Use and Disclosure (HIPAA)
Consent (GDPR): Explicit consent is obtained to process your personal data for specified purposes.
Contractual Necessity (GDPR): Processing necessary for the performance of our service.
Legal Obligation (GDPR): Compliance with legal requirements.
Treatment, Payment, and Healthcare Operations (HIPAA): Use of PHI for healthcare treatment, payment processing, or healthcare operational purposes.
Purpose of Processing
To provide mental health journaling services.
To facilitate communication between you and your therapist.
For internal research to improve our services.
Providers and processors
The following providers store or process some or all of your data:
Google Cloud EU: https://cloud.google.com/privacy/gdpr
MongoDB Inc: https://www.mongodb.com/legal/privacy/privacy-policy
We use the following providers only with anonymized data, and Verba ensures they do not retain the data, and do not use it for any purpose other than those required by Verba:
OpenAI Inc: https://openai.com/security
Anthropic: https://trust.anthropic.com/
In particular, the data held in Verba is not used by these providers to train or refine any technologies, including AI models.
Data Subject (GDPR) and Individual Rights (HIPAA)
Under GDPR and HIPAA, you have the right to:
Access your personal and health information.
Request corrections to your data.
Obtain a copy of your data in a portable format.
Request deletion of your data (subject to legal and regulatory requirements).
Withdraw consent for data processing (GDPR).
Data Sharing and Transfer
Therapists: Journal entries are shared with your designated therapist as part of the app’s functionality.
Third Parties: We do not sell or rent your data. We may share anonymized data with research partners.
International Transfers (GDPR): Safeguards are in place for data transfer outside the EEA.
Data Security
We implement stringent security measures to protect against unauthorized access, alteration, or destruction of data.
Data Retention
Data is retained as long as necessary for providing our services and as required by law. You may request the deletion of your data by contacting us.
Children's Privacy
Not intended for individuals under the age of 16 without parental consent.
Changes to This Policy
We reserve the right to modify this policy, with changes communicated through our website or the app.
Contact Information
For any inquiries about this policy or your data rights, please contact us at hello@myverba.com
Last Updated: 14/12/2023
Introduction
Verba is committed to protecting the privacy and security of your personal and health-related data. This privacy policy outlines our practices in line with the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).
Data Controller (GDPR) and Covered Entity (HIPAA)
Verba acts as the data controller (GDPR) and a covered entity (HIPAA) regarding the personal health information (PHI) collected and processed through our app.
Types of Data Collected
Personal Identification Information: Name, email, and other contact details.
Health Information: Journal entries that may contain health-related information.
Usage Data: Interaction with the app, including time logs and feature usage.
Lawful Basis for Processing (GDPR) and PHI Use and Disclosure (HIPAA)
Consent (GDPR): Explicit consent is obtained to process your personal data for specified purposes.
Contractual Necessity (GDPR): Processing necessary for the performance of our service.
Legal Obligation (GDPR): Compliance with legal requirements.
Treatment, Payment, and Healthcare Operations (HIPAA): Use of PHI for healthcare treatment, payment processing, or healthcare operational purposes.
Purpose of Processing
To provide mental health journaling services.
To facilitate communication between you and your therapist.
For internal research to improve our services.
Data Subject (GDPR) and Individual Rights (HIPAA)
Under GDPR and HIPAA, you have the right to:
Access your personal and health information.
Request corrections to your data.
Obtain a copy of your data in a portable format.
Request deletion of your data (subject to legal and regulatory requirements).
Withdraw consent for data processing (GDPR).
Data Sharing and Transfer
Therapists: Journal entries are shared with your designated therapist as part of the app’s functionality.
Third Parties: We do not sell or rent your data. We may share anonymized data with research partners.
International Transfers (GDPR): Safeguards are in place for data transfer outside the EEA.
Data Security
We implement stringent security measures to protect against unauthorized access, alteration, or destruction of data.
Data Retention
Data is retained as long as necessary for providing our services and as required by law.
Children's Privacy
Not intended for individuals under the age of 16 without parental consent.
Changes to This Policy
We reserve the right to modify this policy, with changes communicated through our website or the app.
Contact Information
For any inquiries about this policy or your data rights, please contact us at [Your Contact Information].