Sawa Health Privacy Policy
This privacy policy (this “Policy”) was last updated on September 12, 2023.
Sawa Health (“we”, “our”, “us”, “Sawa Health”) takes your privacy seriously, and we want you to know how we collect, use, share and protect your information.
Introduction
At Sawa Health, we provide mental health professionals with insights and capabilities to drive improved and measurable clinical outcomes for patients receiving virtual therapeutic services on our platform. You can access our platform via the website or through our mobile application available in the app stores.
When you enroll, or inquire about enrolling for or use of Sawa Health Services (as defined below), we keep a record of the medical information that you provide to us or your therapist as well as any medical information that Sawa Health employees or independently contracted therapists provide to you via our platform (such as information on and related to your diagnosis). Medical information means any information that:
identifies you; and relates to your past, present, or future physical or mental health, treatment, the provision of health care services or payment for treatment. This includes medical history, diagnoses, treatments, current medical condition, and use of prescription medications. If you are a US subscriber to Sawa Health services, your personal information in our possession is protected health information (“PHI”) protected by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and the applicable provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. In addition to this Privacy Policy, the HIPAA Notices of Privacy Practices of Sawa Health or your Sawa Health Provider apply to your PHI.
This Policy explains Sawa Health’s practices where we process “personal data”, which is information that relates to an identified or identifiable individual. To “process” or “processing” means the use of personal data including, collecting, recording, storing, using, analyzing, combining, transferring, disclosing, or deleting.
We reserve the right to change the terms of this Privacy Policy at any time by posting those changes in revisions to this Privacy Policy, so that you are always aware of our processes related to collection, use and disclosure of information. We urge you to check here for any updates to this Privacy Policy from time to time. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to the Website or the App.
What is included in this Policy?
Personal Data We Process & How We Use It Using the Sawa Health App Advanced Data Processing Research What choices do you have about how we collect or use your information? How can I access, delete, or modify my personal data? California Privacy Rights EU/EEA/UK Privacy Rights Retention Sawa Health and Minors Other Mobile Applications and Services Applying for a Job at Sawa Health Security How to Contact Us Additional Information for EU, EEA and UK users What is included in this Policy? The information on this page applies to the personal data we collect about your interactions, use, and experience with our website at https://sawa.health/ (our “Website”), our app on iOS or Android (our “App”), and in connection with the online therapy services we provide (the Website, App and our online therapy services are together, the “Services”). As noted below, our data practices depend on how you interact with our Services, and how you receive and pay for Services, for example whether purchasing Services as a consumer or receiving them through an employment-related benefit.
This Policy does not apply to any other websites that you visit before our Website or any third-party sites that may be accessible through the Sawa Health Services. Please read this Policy carefully so that you understand your rights in relation to personal data, and how we will process that personal data. This Policy supplements our Notice of Privacy Practices (for US patients) any other privacy related disclosures we may provide from time to time (including during your enrollment or management of your account with Sawa Health) and is not intended to override them.
If you do not want us to share personal data or feel uncomfortable with the ways we use information in order to deliver our Services, please do not use the Services.
Personal Data We Process & How We Use It
This list presents the types of information (whether legally classified as personal data or PHI under HIPAA), the sources, and the uses.
Types of Personal Data
Registration
Information you provide when you create an account for yourself (or an authorized account for a minor), are matched to a therapist, or register yourself (or on behalf of a minor) as a patient:
Name (e.g. your name or the name of your parent/guardian)
AddressCountryDate of birthPhone numberGender and the preferred gender of therapistEmailRelationship statusOrganization/Employer (if applicable)Payment information and transaction history
Information on the type of subscription you chooseInsurance information (including an image of that information)Referral sourceInformation on why you are accessing our Services including what you are hoping to get from therapyNotification preferences
How we Get it
You provide this when you go through the registration process
What we do with it
Provide you with the Services (including resubscription) To match you to a therapistProvide you with treatment informationEnroll you in services and administer your accountProvide you with supportProcess insurance claims, billing, and payment informationMaintaining the safety and security of our users, our Services, and our business
Provide announcements and communicate with you via email and WhatsApp, including for marketing purposes
Provide mandatory reporting to law enforcement or other governmental authorities, for example in instances of abuse, or ascertainable threats of violence to another person (See Notice of Privacy Practices for more information)
Respond to a valid legal request.
Process claims or insurance information
Types of Personal Data
Use of the Services
Data you provide when you use our therapy service, including:
Information you disclose in chat data and your chat sharing preferences (transcripts)Audio/Video communication Documents you share with your therapist via our chat functionality
Information collected via our symptom tracker and information on your clinical progress
Information collected via chat, telephone, or email support channels
Information on friends you referInformation you provide as part of treatment intake including emergency contact details, information on your health and mental health and medical history, images (optional)If you use couples therapy, sharing of contact details and some communications will be conducted jointly.If you choose to admit another individual to a therapy “room” for a session, their contact information will be collected and used for that purpose.
How we Get it
Through your use of the Services
What we do with it
To provide you with the Services
To build, modify, and develop new products, features, and Services.
To conduct clinical and other academic research, internally and with approved research partners and identify summary trends or insights for use in external communications (where direct identifiers such as name and contact details have been
To address patient concerns or complaints
To carry out quality assurance and compliance activities
removed, or pursuant to explicit patient authorization). For more information see “Research” below. See Notice of Privacy Practices.
To provide you with assistance in the event of an emergency
Types of Personal Data
When Website visitors contact us
We collect information when you communicate with us via email. This includes information that you provide when you contact us as well as your email address.
How we Get it
You provide this information to us directly
What we do with it
To respond and address your communication
To provide you with the Services
To improve the ServicesProvide support to users (therapists and patients)
Types of Personal Data
Technical Data
Technical information from software or systems hosting the Services, and from the systems, applications and devices that are used to access the Services, such as: Information on the device operating system or Sawa Health environment Metrics on system or App feature use
Information on system events and status
How we Get it
Automatically through use of the Services
What we do with it
Create anonymized and/or aggregated data to improve and deliver our Services Comply with legal obligations
Maintain the security of our infrastructure
Facilitate the delivery and optimization of Services
Monitor performance of our data centers and networks, systems and applications
Provide support to users (therapists and patients)
Administer our business continuity and disaster recovery plans and policies
Detect, investigate, and remediate stop fraudulent, harmful, unauthorized, or illegal activity (“fraud and abuse detection”) through automated and manual means
To provide you with and to evaluate, improve and develop the ServicesTo develop new products
Types of Personal Data
Persistent Identifiers
Data collected via cookies, pixels and other tracking technologies (such as Google Analytics and Google Ads), such as:Internet protocol (IP) addressesDevice IDBrowser typeInternet service provider (ISP)Referrer URLGeolocation information (derived from IP Address,Exit pages, the pages and files viewed on our Website (e.g., HTML pages, graphics, etc.) Operating systemDate/time stampNOTE: Once you become a patient the use of cookies, web beacons, pixels, and other processes are limited to ensure that we do not monitor or use patient information for other purposes without your consent.
How we Get it
Collected automatically when you use the Services
What we do with it
To provide you with and to evaluate, improve and develop the services
To develop new products
Analyze how our Services are used so we can improve your experience
Evaluate the success of our marketing campaigns
Marketing, including tailoring advertising
Using Sawa Health App
The Sawa Health App includes third party software development kits (SDKs) from a number of other companies whom we engage as service providers, for identifying and logging code issues, errors and events; managing interactive communication within the App; compiling analytics on which features get used the most; facilitating customer service contacts regarding subscriptions and service; and processing device identifiers and event logs for ad attribution purposes (such as the initial login event, account creation, subscription events). These third parties process data as a service to Sawa Health only, pursuant to written agreements. Sawa Health does not sell client information to third parties.
Advanced Data Processing
The Sawa Health therapy experience is enhanced by advanced data processing activities, carried out in order to measure and improve clinical outcomes. Our proprietary matching algorithm and machine-learning tools provide real-time engagement insights, inform treatment, and track clinical progress, and are fundamental to our precision therapy care delivery model.
Matching Algorithm. During onboarding we ask you to provide information so that we can assess your condition and incorporate your preferences. We then leverage a proprietary algorithm (and/or support from a Sawa Health counsoler) to match you to a provider.
Optimizing Diagnosis and Treatment. Throughout your experience, your provider uses the Sawa Health Services to manage your diagnosis and treatment plan. The advanced machine learning features of our proprietary Services include natural language processing of communications with therapists. A core focus of our machine learning strategy is to provide the therapist with insights into patient needs and behaviors and offer techniques and suggestions that we believe are likely to maximize clinical outcomes.
What choices do you have about how we collect or use your information?
When you create a Sawa Health account or otherwise use the Sawa Health Services, we collect (or you may provide us with) your email address and phone number, and you opt-in to receive newsletters or promotional material about our services at this email address and to your Whatsapp number. These messages may be tailored to your responses to onboarding surveys so that you receive information relevant to you. You can further manage your email preferences by unsubscribing from emails and Whatsapp promotions by emailing us to support@sawa.health.
In addition to your rights as a patient as set out in the Notice of Privacy Practices, you can ask us to:
Stop sending marketing or promotional emails and mobile marketing communications from Sawa Health.
Limit the use of cookies, pixels, or web beacons.
If you are a EU, EEA or UK user, you can also exercise the rights set out below.
Certain California residents may have additional rights set out below.
To ask us about these choices, contact support@sawa.health
How can I access, delete, or modify my personal data?
You may request access to or deletion of your Personal Information. We will honor your request regardless of where you live or are physically located unless a legal requirement prevents us from doing so or a legal exception applies. Please complete the appropriate request form below and email the completed form with a copy of your photo identification to support@sawa.health.
Your California Privacy Rights
If you are a resident of the State of California, this privacy policy is supplemented by our California Privacy Rights Statement that explains certain California privacy rights and how affected parties can exercise these rights.
EU/EEA/UK Privacy Rights
If you are located in the European Union, the European Economic Area, or the United Kingdom, this Policy is supplemented by our Additional Privacy Statement for EU, EEA and UK Users which explains your privacy rights and how you can exercise these rights (among other matters).
Retention
We will retain your information in accordance with the appropriate statutory limitation periods as required by local law, in line with our legitimate business purposes for as long as your account is active or for as long as needed to provide you with the Services, as required in order to comply with our legal obligations, a court order or to defend or pursue legal claims, in line with industry codes of practice, to resolve disputes and enforce our agreements.
Sawa Health and Minors
In the United States, Sawa Health may collect information and may provide Services to minors ages 13 – 17 with the written authorization of a parent or guardian..
Other Mobile Applications and Services
This Policy does not apply to any third-party applications or software that you download, or any other third-party websites, mobile applications, or online products, services, or businesses you may access from the Sawa Health Website or App.
Security
We take commercially reasonable steps to protect the integrity and confidentiality of personally identifiable and health information that you may share with us. We have complied with the HIPAA security rule for administrative, technical, and physical security safeguards and have third party assessments of our controls performed annually. However, please be aware that no security measures are perfect or impenetrable and we cannot guarantee the absolute security of your information.
We will do our part to protect your information, but it is important for you to protect your information as well. In addition, we do not control the actions of anyone with whom you or any other Sawa Health user may choose to share information. As such, you should be cautious about the access you provide to others when using Sawa Health, and the information you choose to share when using the Sawa Health website or App.