We at Waverider Studios, Inc. (“We,” “Us,” “Our,” “Waverider”) value your (“Your”) privacy and are committed to keeping Your Personal Data confidential. We use Your data solely in the context of providing behavioral health tracking services and facilitating provider-to-client interaction and support.
This Privacy Policy applies to Personal Data Waverider collects from behavioral health services providers (“Provider Users”) and participants of behavioral health tracking services (“Client Users;” collectively, “Users”) who use the Waverider Platform (the “Platform”), which includes a web-based and mobile application, and any related services (the “Services”). “Personal Data” includes any information that can be used on its own or with other information in combination to identify or contact one of our Users. We believe that transparency about the use of Your Personal Data is of utmost importance. In this Privacy Policy, We provide You detailed information about Our collection, use, maintenance, and disclosure of Your Personal Data. This Privacy Policy explains what kind of information We collect, when and how We might use that information, how We protect the information, and Your rights regarding Your Personal Data.
Some of the Personal Data We collect and transmit will, in some circumstances, be considered “Health Data” (data related to a Client User’s physical or mental health) or “Protected Health Information” (information that relates to the past, present, or future physical or mental health or condition of a Client User; or the past, present, or future payment for the provision of healthcare services to a Client User); or medical records as defined by state law. Therefore, Our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA“) provisions regarding sensitive Personal Data, where applicable. In addition, We intend to comply with state law related to Health Data, where applicable. For additional information related to healthcare information, please contact Us at support@waverider.io
By submitting Your Personal Data through the Platform, You are acknowledging that You have read and agree to the terms of this Privacy Policy. If You do not agree, please do not submit any Personal Data to Us and immediately cease use of the Services.
Please note that We occasionally update this Privacy Policy and that it is Your responsibility to stay up to date with any amended versions. If We modify the Privacy Policy, We will post a link to the modified terms on our Platform. You can store this Privacy Policy and/or any amended version(s) digitally, print it, or save it in any other way. Any changes to this Privacy Policy will be effective immediately upon providing notice, and shall apply to all information We maintain, use, and disclose. If You continue to use the services following such notice, You are agreeing to those changes.
If You have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact Us at support@waverider.io. We appreciate Your feedback. If You no longer agree to the processing of Personal Data as described in this Privacy Policy, You can notify Us by email at support@waverider.io.
Links to Other Sites
Our Platform may contain links to websites and services that are owned or operated by third parties (each, a “Third-Party Service”). Any information that You provide on or to a Third-Party Service or that is collected by a Third-Party Service is provided directly to the owner or operator of the Third-Party Service and is subject to the privacy policy of that owner or operator. We are not responsible for the content, privacy or security practices and policies of any Third-Party Service. To protect Your information, We recommend that You carefully review the privacy policies of all Third-Party Services that You access.
What Personal Data Do We Collect?
We collect four types of information: (i) Demographic data; (ii) Client User-generated data; (iii) Health and device data; (iv) Payment data; (v) Support data; and (vi) Technology data.
Demographic Data
FOR PROVIDER USERS: We collect demographic data, such as Your name, phone number, email address, and professional details, such as Your title, practice type, license number(s), license state(s), qualifications, and photo. Primarily, the collection of Your Personal Data assists us in creating Your “User Account” and in providing You with the Services.
FOR CLIENT USERS: We collect demographic information, such as Your name, phone number, email address, and photo. Primarily, the collection of Your Personal Data assists Us in creating Your User Account and in providing You with the Services.
Client User-Generated Content
FOR CLIENT USERS: The Services allow You to input original content, such as tracking entries, which may contain Personal Data.
Health and Device Data
FOR CLIENT USERS: We may collect information from connected devices regarding Your health conditions and fitness. We collect this information to provide You with the Services and to supply the Provider User with information regarding Your condition.
Payment Data
FOR PROVIDER USERS: If You make payments via our Platform We may require that You provide to Us Your billing information, such as billing name and address.
Support Data
We collect technical or other information from You through log files and other technologies, some of which may qualify as Personal Data. (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Platform and related Services in accordance with this Privacy Policy.
Technology Data
We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data, from Your computer or mobile device as You navigate our Platform, or interact with emails We have sent You. The information We collect may include Your Internet Protocol (IP) address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files You viewed and the actions You take on Our Platform, Your operating system and system configuration information, and date/time stamps associated with Your usage. This information is used to analyze overall trends, to help Us provide and improve Our Platform and to promote their security and continued proper functioning.
How Will We Use Your Personal Data?
Waverider processes Your Personal Data based on legitimate business interests, the fulfillment of Our Services to You, compliance with Our legal obligations, and/or Your consent. We only use or disclose Your Personal Data when it is legally mandated or where it is necessary to fulfill the purposes described in this Privacy Policy. Where required by law, We will ask for Your prior consent before disclosing Your Personal Data to a third party.
More specifically, We process Your Personal Data for the following legitimate business purposes:
To provide Services;
To fulfill our obligations to You under the Terms of Use;
To communicate with You about and manage Your User Account;
To properly store and follow Your data within our system;
To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders;
To protect Our rights, privacy, safety or property, and/or that of You or others by providing proper notices, pursuing available legal remedies, and acting to limit Our damages;
To handle technical support and other requests from You;
To manage and improve Our operations and the Platform, including the development of additional functionality;
To manage payment processing;
To evaluate the quality of service You receive, identify usage trends, and thereby improve Your user experience;
To keep Our Platform safe and secure;
To send You information about changes to our terms, conditions, and policies; and
FOR CLIENT USERS: To enable You to connect with or share Personal Data with Your authorized Provider User, which enables that Provider User to provide You with healthcare services as they deem appropriate.
Where is Your Personal Data Processed?
Personal Data will be transmitted to third-party cloud services providers who will store or maintain the data on their secure servers. These third parties are not permitted to transfer Your Personal Data outside of the United States.
With Whom is Your Personal Data Shared?
Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and/or other persons/entities who help run Our business (“Business Partners”). Specifically, We may employ third-party companies and individuals to facilitate Our Services, provide Services on Our behalf, perform Service-related functions, or assist Us in analyzing how Our Services are used. Our Business Partners are contractually bound to protect Your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer service, and payment processing.
Our Advisors: We may share Your Personal Data with third parties that provide advisory services to Waverider, including, but not limited to, Our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Personal Data will only be shared with advisors if Waverider has a legitimate business interest in the sharing of such data.
With Your Provider (CLIENT USERS ONLY): We will share information You enter into the Platform with the Provider with whom You selected. If, at any point, You want to deny access to one or more Provider Users, You can do so accessing the settings of Your User Account.
Third Parties Upon Your Direction or Consent: You may direct Waverider to share Your Personal Data with third parties. Upon Your request and consent, We may share such Personal Data with those third parties that You identify.
Third Parties Pursuant to Business Transfers: In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Waverider’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings), We may share Your Personal Data with a third party.
Government and Law Enforcement Authorities: If reasonable and necessary, We may share Your Personal Data to (i) comply with legal processes or enforceable government requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms of Use; or (iii) bring legal action against someone who may be violating the Terms of Use or who may be causing intentional or unintentional injury or interference to the rights or property of Waverider or any third party, including other Users of Our Services.
How Long Do You Retain Personal Data?
Waverider retains Your Personal Data for only as long as necessary for Our business operations, the provision of Services, archival purposes, and/or to satisfy legal requirements. The exact period of retention will depend on: (i) the amount, nature, and sensitivity of the Personal Data; (ii) the personal risk of harm for unauthorized use or disclosure; (iii) the purposes for which We process Your Personal Data, including whether those purposes can be achieved through other means; and (iv) business operations and legal requirements. In general, Waverider strives to retain Your Personal Data for no longer than 10 years after Your User Account is closed (the “Retention Period”), or as otherwise required by law; however, the above factors may extend or decrease this Retention Period.
At the end of the applicable Retention Period, We will remove Your Personal Data from Our databases and will request that Our Business Partners remove any identifiable Personal Data from their databases. If there is any data that We are unable to delete entirely from Our systems, We will put in place appropriate measures to prevent any further processing of such data. Please note that one We disclose Your Personal Data to third parties, We may not be able to access that Personal Data and We cannot force the deletion or modification of such information by third parties.
Waverider and its Business Partners reserve the right to de-identify Your Personal Data and continue using that de-identified data indefinitely, even after Personal Data has been removed from Waverider’s databases. De-identified data is not subject to most state and federal privacy laws, We may continue to disclose de-identified data to third parties in a manner that does not reveal personally identifiable information, as described in this Privacy Policy. Our continued use of de-identified data will comport with applicable law.
What is Our Cookie Policy?
Cookies are small files that a web server sends to Your computer or device when You visit a web application that uses cookies to keep track of Your activity on that site. Cookies also exist within applications when a browser is needed to view certain content or display certain content within the application. Cookies hold a small amount of data specific to a web application, which can later be used to help remember information You enter into the application (like Your email or username), preferences selected, and movement within the application. If You return to a previously visited web application (and Your browser has cookies enabled), the web browser sends the small file to the web server, which tells it what activity You engaged in the last time You used the web application, and the server can use the cookie to do things like expedite logging in and retrieving user data and keeping Your browser session secure.
We use cookies and other technologies to, among other things, better serve You with more tailored information, to facilitate efficient and secure access to the Services, and to track the performance of Our marketing efforts. We may also collect information using pixel tags, web beacons, clear GIFs or other similar technologies. These may be used in connection with some web site pages and HTML formatted email messages to, among other things, track the actions of users and email recipients, and compile statistics about usage and response rates.
Do Not Track Disclosure
Some web browsers may transmit do not track (“DNT”) signals to websites with which the user communicates. To date, there is no industry standard for DNT and users cannot know how a given company responds to a DNT signal they receive from browsers. Waverider is committed to remaining apprised of DNT standards. However, Waverider does not support DNT browser settings and does not currently participate in any DNT frameworks that would allow Waverider to respond to signals or other mechanisms regarding the collection of Your Personal Data.
How Can You Opt-Out of Cookies?
You must enable Essential Cookies to use the Services. Essential Cookies are automatically placed on Your personal devices to facilitate the functionality of the Platform and the Services. You can usually choose to set Your browser to remove and reject non-essential cookies. If You enable a do not track signal or otherwise configure Your browser to prevent Us from collecting cookies, You may be unable to take advantage of some of the Services.
What Happens to Personal Data Submitted by Minors?
Waverider does not knowingly collect Personal Data from individuals under the age of 18. Additionally, Our Services are not directed to individuals under the age of 18. We request that these individuals not provide Personal Data to Us. If We learn that Personal Data from Users less than 18 years of age have been collected, We will deactivate the User Account and take reasonable measures to promptly delete such data from Our records. If You are aware of a User under the age of 13 using the Platform, please contact Us at support@waverider.io.
What Rights Do You Have With Respect to Your Personal Data?
As a User of Waverider’s Services and Platform, You have certain rights relating to Your Personal Data. These Rights are subject to local data protection and privacy laws, and may include the right to:
Access Your Personal Data held by Waverider;
Erase/delete Your Personal Data, to the extent permitted by applicable data protection laws and to the extent technologically feasible;
Receive communications related to the processing of Your Personal Data;
Restrict the processing of Your Personal Data to the extent permitted by law;
Object to the further processing of Your Personal Data, including the right to object to marketing;
Request that Your Personal Data be transferred to a third party, if possible;
Receive Your Personal Data in a structured, commonly used, and machine-readable format; and/or
Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete.
Where the processing of Your Personal Data by Waverider is based on consent, You have the right to withdraw that consent at any time. If You would like to withdraw Your consent or exercise any of the rights listed above, please contact us at support@waverider.io.
California Residents
California residents may request and obtain from Us, once a year, free of charge, a list of third parties, if any, to which We disclose their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties. If You are a California resident and wish to obtain that information, please submit Your request by sending Us and email at support@waverider.io with “California Privacy Rights” in the subject line.
How Can You Update, Correct, or Delete Personal Data or Your User Account?
You have the right to request restrictions on uses and disclosure of Your Personal Data. While We are not required to comply with all restriction requests, We will attempt to accommodate reasonable requests when appropriate.
You may change Your email address and other contact information by accessing Your User Account. If You need to make changes or corrections to other information, You may contact Us at support@waverider.io. In order to comply with certain requests to limit use of Your Personal Data, We may need to terminate Your ability to access and/or use some or all of the Services. BY REQUESTING TO LIMIT USE OF YOUR PERSONAL DATA OR DELETE PERSONAL DATA, YOU ACKNOWLEDGE AND AGREE THAT WAVERIDER WILL NOT BE LIABLE TO YOU FOR ANY CORRESPONDING LIMITATION IN THE SCOPE OF SERVICES OR TERMINATION OF SERVICES AS NECESSARY TO COMPLY WITH YOUR REQUEST.
Under state law, You may have the right to request deletion of certain Personal Data from Your User Account or the Platform. To request deletion of Your Personal Data, please email Us atsupport@waverider.io and include a description of the Personal Data You would like removed. We will respond to all requests for data deletion as soon as reasonably possible or as otherwise required by law.
Should You decide to delete Your User Account entirely, You may do so by accessing Your User Account settings. By terminating Your User Account, You agree that You will not be able to access any information previously contained in Your User Account. You further understand that it may not be technologically possible to remove all of Your Personal Data from Our systems. While We will use reasonable efforts to remove Your Personal Data, the need to back up Our systems to protect information from inadvertent loss means a copy of Your Personal Data may exist in a non-erasable form that will be difficult or impossible for Us to locate or remove.
Is My Personal Data Secure?
Waverider understands the importance of confidentiality and security. We use a combination of reasonable physical, technical, and administrative safeguards to: (i) maintain the security and integrity of Your Personal Data; (ii) protect against any anticipated threats or hazards to the security or integrity of Your Personal Data; and (iii) protect against unauthorized access to or use of such information in Our possession or control that could result in substantial harm to You.
Waverider uses reasonable security controls. WE CANNOT GUARANTEE OR WARRANT THAT SUCH TECHNIQUES WILL PREVENT UNAUTHORIZED ACCESS TO YOUR PERSONAL DATA. WAVERIDER IS UNABLE TO GUARANTEE THE SECURITY OR INTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET AND THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. ACCORDINGLY, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US. YOU ASSUME THE RISK THAT UNAUTHORIZED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, AND OTHER FACTORS MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME.
What Safeguards Do We Have In Place to Secure Your Personal Data?
The information collected by Waverider and stored by third-party cloud services providers is protected by a combination of technical, administrative, and physical security safeguards, such as encryption, backups, and access controls. If Waverider learns of a security concern, We may attempt to notify You and provide information on protective steps, if available, through the email address that You have provided to Us. Depending on where You live, You may have a right to receive such notices in writing.
How Can You Protect Your Personal Data?
You are solely responsible for protecting information entered or generated via the Platform that is stored on Your device and/or removable device storage. Waverider has no access to or control over Your device’s security settings, and it is up to You to implement any device level security features and protections You feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that You take any and all appropriate steps to secure any device that You use to access Our Services.
Please note that Waverider will NEVER send You an email requesting confidential information such as account numbers, usernames, passwords, or social security numbers. If You receive such an email purportedly from Waverider, DO NOT RESPOND to the email and DO NOT click on any links and/or open any attachments in the email, and notify Waverider support atsupport@waverider.io.
You are responsible for taking reasonable precautions to protect Your password and other User Account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should immediately notify Us at support@waverider.io. if You know of or suspect any unauthorized use or disclosure of Your user ID, password, and/or other User Account information, or any other security concern.
Can You Opt Out of Receiving Communications from Waverider?
We may send communications, including emails and SMS text messages, to You regarding Your User Account and the Services or Platform. You can choose to filter any User Account, Services, and Platform communications using Your email and SMS settings, but We do not provide an option for You to opt out of these emails. If You consent to Our sending You marketing or other commercial emails or SMS text messages not related to Your User Account, the Services, or the Platform, We will provide You with the option to opt out of such marketing emails and SMS text messages within the applicable message.
How Do I Contact Waverider With Questions or Concerns?
If You have any questions about this Privacy Policy, please contact Us by email at support@waverider.io or please write to: Waverider Studios, Inc., 99 Hudson St., 5th Floor, New York, NY 10013. Please note that email communications are not always secure, so please do not include sensitive information in Your emails to Us.