Privacy Policy

Effective Date: 09/30/2013

Last Updated Date: 05/02/2022

At Recovery Record, Inc. we respect your privacy and value the trust you have placed in us. We are committed to the responsible management, use, and protection of your information. This Privacy Policy explains how Recovery Record, Inc. (“Recovery Record,” “we,” “our,” or “us”) collects, uses, and discloses information we obtain through www.recoveryrecord.com, www.nourishly.com and www.recoverypath.com and any products, services, or mobile applications that link to this Privacy Policy (collectively, the “Services”).

HEALTH PRIVACY

In providing the Services, we collect and obtain information about individual consumers (“End Users”) to, among other things, provide End Users access to a mobile platform for lifestyle, nutrition, addiction and eating disorder education and management. In providing the Services, we at times act as a service provider to health care providers (“Providers”). A federal law entitled the Health Insurance Portability and Accountability Act, (“HIPAA”), safeguards “protected health information” that we create, receive, maintain, or transmit. As used in this Privacy Policy, the term “protected health information” includes any information covered by U.S. federal health laws that we maintain that reasonably can be used to identify an individual and that relates to that individual's physical or mental health condition, provision of care, or payment for such care.

HIPAA limits how we may use and disclose protected health information. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of this information. Some of our Providers may be regulated as “covered entities” under HIPAA. Please be aware that this Privacy Policy is distinct from such Provider's HIPAA Notice of Privacy Practices, which describes in detail how that Provider uses and discloses protected health information. If an End User would like to review a copy of their Provider's HIPAA Notice of Privacy Practices, the End User should request a copy directly from their Provider.

WE COLLECT YOUR INFORMATION

Information You Provide

We collect Personal Informationany information that you provide us when you: use the Services.

Use of the Services. We collect any information that you provide through the website or when you otherwise use the Services. For example, if you are an End User, to register an account you will need to provide us with your email address. You may also elect to provide us other optional information such as your name, age, gender, and city/town. We also collect the information you submit through the Services. When you enter information into a diary or communicate with individuals through the Services, we collect that information, including any protected health information you submit.

Communications and other Interactions. We may collect information through your communications with our customer-support team or through other communications with us, including through social media and when you submit your name and email address to us so we can contact you.

Information Provided by Health Professionals and Support Persons

If you are an End User, clinicians and support persons involved in your care may provide us information, including protected health information, about you. For example, if you use our Services to create a link with members of your treatment team, those linked members may provide us with information about you.

Information We Collect When You Use Our Services

We may automatically collect certain technical information from your computer or mobile device when you use the Services. For example, when you visit the Services, we and our third-party service providers collect information on our server logs such as your IP address and browser type. We may also collect certain information via cookies, web beacons, or other similar technologies. The information collected in this manner includes device IDs, referring URLs, and information about the usage of our Services. You may be able to change browser settings to block and delete cookies when you access the Services through a web browser. However, if you elect to block or delete cookies, the Services may not function properly.

HOW WE USE YOUR INFORMATION

We use your information to provide and improve our Services and communicate with you.

Internal and Service-Related Usage. We use the information we collect about and from you for a number of purposes, including: providing, supporting, and improving the services we offer, analyzing how you use the Services, and better tailoring features.

Communications. We may send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, system maintenance, and other service-related purposes.

Promotional Materials. We may send you promotional emails or other information about the products or services we offer. You may opt out of email marketing by using the unsubscribe link in a promotional email or by writing to us at the address given at the end of this Privacy Policy. Where required under applicable law, we will obtain all required authorizations/consents before sending marketing communications.

Aggregate Data. To the extent permitted by applicable law, we may anonymize and/or aggregate data collected through the Services and use it for any purpose. In a case like this, an anonymization process shall be used to remove any demographic data that, when combined, could conceivably re-identify an individual.

HOW WE DISCLOSE YOUR INFORMATION

Except as otherwise described in this Privacy Policy, we will not disclose information that we collect about you on the Services to third parties without your consent. In addition, to the extent permitted by applicable law, we may de-identify your information and process it in an anonymous and/or aggregated form. For example, we may share anonymous and aggregated reports on user demographics, service performance and traffic patterns with third parties.

We do not rent, sell, or share information about you with other people or non affiliated companies for their direct marketing purposes.

Vendors and Service Providers. We may share any information we receive with service providers retained in connection with the provision of the Services. For example, we may provide your collected information to our database hosting provider.

Linked Clinicians and Support Persons. If you are an End User and your account is linked to clinicians, or support persons they may see information, including protected health information, about you. For example, a clinician or support person may be able to view the contents of your monitoring history, symptom frequency, logs, clinical outcome scores, and other information obtained within the Services. When you are linked to clinicians or support persons, they may obtain the information about you through the Services and store it in their own systems. The Services may permit clinicians and supporters to see the names and other identifying information about the other clinicians or support persons and their organizations to which you are linked to facilitate collaborative care. We are not responsible for practices of the other users, including clinicians or support persons, who will view and use the posted information.

Linked Organizations. If you are an End User and your account is linked to the clinicians' organizations, the organizations may see information, including protected health information, about you. For example, an organization may be able to view your name, email address, your links to clinicians within the organization, outcome evaluation survey scores, your treatment setting, a general diagnosis, and aggregate statistics for various attributes, including but not limited to: logs, disordered behaviors, clinician interactions, goal completion, coping tactic utilization, average feelings and urges. Organizations may use the information available through the Services for medical diagnosis, treatment, and general analysis reporting purposes. An organization will not be able to view any message like text such as clinician messages, team chat messages, linking messages. When you are linked to organizations, they may obtain the information about you through the Services and store it in their own systems. We are not responsible for practices of the other users, including organizations, that will view and use the posted information.

Severing a Link with Clinicians, Support Persons or Organizations. If you are an End User and a link between you and a clinician, support person or his/her organization is severed, such clinician, support person or organization may continue to access for record keeping purposes the information posted by you before the link was severed. However, after the link is severed, the clinician, support person or his/her organization will no longer receive updated information about you unless you reconnect the link.

As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: comply with applicable law, respond to requests from governmental authorities, such as a court order or subpoena; respond to your requests; or protect yours', ours' or others' rights, property, or safety.

Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law.

LOCATION DATA

Our Recovery Path product's meeting finder feature requests location permissions for the purpose of helping locate nearby support meetings. It is an optional feature and the feature works without location permissions granted. This data is not stored by us.

SHARED DOCUMENTS

The shared documents feature allows End Users and clinicians to upload document files such as images and PDFs to be shared with selected linked End Users or clinicians. Recovery Record, Inc does not use these documents for any purpose other than to share them with the desired recipient(s) or to comply with applicable law. Documents uploaded can be deleted from Recovery Record systems through the application or apon request.

SECURITY

We take steps in an effort to treat your information securely and in accordance with this Privacy Policy. Unfortunately, the Internet and mobile networks over which our Services are delivered cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.

CHILDREN'S PRIVACY

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of the Services are directed to children under the age of 13. If you learn that your child has provided us with information, you may alert us at privacy@recoveryrecord.com. If we learn that we have collected any information from children under 13, we will promptly take steps to delete such information and terminate the child's account.

INTERNATIONAL USERS

Recovery Record Services host data in two seperate regions. One in the United States and one in Germany. Services with domain names ending in ".com" and ".com.au" (e.g. www.recoveryrecord.com, www.nourishly.com or www.recoveryrecord.com.au) store and process data in the United States. Services with domains names ending in ".eu", ".co.uk", ".de", ".da" (e.g. www.recoveryrecord.eu, www.recoveryrecord.co.uk, www.recoveryrecord.de, www.nourishly.eu) store and process data in Germany. Recovery Record, Inc makes a best effort to ensure European based users are only using the services hosted in Germany and non-European based users are only using services hosted in the United States. We achieve this through a verieity of technical mechanisms. However they can be defeated through usage of VPNs or incorrect/missing ip-address to country mappings. Ultimately, it is the end-user's responsibility to ensure they are only using the approriate services.

By using the Recovery Record Service hosted in the United States from outside of the United States, you will transfer data to the United States.

By using the Recovery Record Service, hosted in Germany from outside of Germany, you will transfer data to Germany.

By choosing to visit the Recovery Record Service hosted in either the United States or Germany or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the law of the state of California and the adjudication of any disputes arising in connection with Recovery Record or the Recovery Record Service will be in accordance with the Terms of Use.

If you are visiting our United States hosted services from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. By providing your information you consent to any transfer and processing in accordance with this Privacy Policy.

UPDATE YOUR INFORMATION OR POSE A QUESTION OR SUGGESTION

If you would like to update or correct any information that you have provided to us through your use of the Services or otherwise, you may use the functionality of the Services to change or delete such information. If such functionality is insufficient or if you have any questions regarding our privacy practices, please send an email to privacy@recoveryrecord.com.

CHANGES TO OUR PRIVACY POLICY AND PRACTICES

We may revise this Privacy Policy, so review it periodically.

Posting of Revised Privacy Policy. We will post any adjustments to the Privacy Policy at www.recoveryrecord.com/privacy_policy, and the revised version will be effective when it is posted. If you are concerned about how your information is used, bookmark this page and read this Privacy Policy periodically.

New Uses of Information. From time to time, we may desire to use information about you for uses not previously disclosed in this Privacy Policy. If our practices change regarding previously collected information in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time we collected the information, we will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law.

Contact Information

Recovery Record, Inc.
304 Moultrie St
San Francisco, CA 94110
privacy@recoveryrecord.com