We Listen and We Don't Judge™

Client Portal Privacy Policy

Last Updated: September 2, 2022

This Privacy Policy describes how SimplePractice LLC ("SimplePractice," "we," "us," or "our") collects, uses and discloses the Personal Information (as defined below) of our Customer's patients and clients ("Clients," "you," or "your") when using the client web portal and client mobile application (including telehealth services) controlled by their healthcare or wellness Provider (our "Customer" or your "Provider") (collectively, the "Client Portal" or the "Services").

Certain SimplePractice Services may use a different privacy policy to provide notice to you about how we use and disclose the Personal Information we collect in the context of that Service. To the extent that we post or reference a different privacy policy, that different privacy policy, not this Privacy Policy, will apply to your Personal Information collected in the context of that Service.

1. Note to SimplePractice Customers and their Clients

Our treatment of Client Personal Information is governed by our agreements with our Customers, including our SimplePractice Terms of Service and HIPAA Business Associate Agreement, as applicable (our "Agreement"). If any provision in our Agreement with our Customers conflicts with any provision in this Privacy Policy, the provision in the Agreement will control to the extent of such conflict.

We will also direct Clients to their Providers, the controller of their personal information. Please see the "California Privacy Statement" and "Additional State Privacy Laws" sections of this privacy policy for more details.

If you are a Client of one of our Customers, we may retain your Personal Information on behalf of that Customer. If you have questions about how we process your Personal Information, we encourage you to reach out to the appropriate Customer or visit our Help Center.

2. Personal Information We Collect

"Personal Information" is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information and internet activity. In the course of you using the Client Portal, we may collect Personal Information directly from you or indirectly from you, such as through your Provider. The categories of Personal Information we collect about you depends upon your interactions with us and how you utilize the Client Portal. For example, we may collect:

Identifiers and contact information

Such as your name, email address, mailing address, phone numbers, and IP addresses. We collect this information directly from you or indirectly from your Provider when your Provider creates or edits your Client Profile, for allowing your Provider to communicate with you and provide their services to you, to enable you to access the Client Portal, and to enable your electronic signature on certain documents or agreements.

Billing information

Such as your insurance information, invoices, name, email address, mailing address, phone number, Provider information, date of services, and services received. We store this information on behalf of you and your Provider so that your Provider may process your payments to them, and so that you may view and manage your billing information in the Client Portal.

Audio, electronic and visual information

Such as your photographs or images, your voice and other similar information. We process this information to enable you and your Provider to use our Telehealth service, if applicable, and to allow you to create file attachments in the Client Portal.

Internet, device, and other electronic network activity information

Such as your browsing history, search history, device and connectivity data, and your navigation and interactions within and with our Services. We collect this information in an anonymized format, in which your identity is not verifiable. We collect this information through a third-party source or through our cookies and other tracking technologies in order to conduct business analytics or to improve our business functionality and the Services. The appropriate contracts are in place with third-party sources to ensure they do not use this information beyond the purpose of providing services to us. Please review the "Data Collection Technologies and Cookies" section below to learn more about our use of cookies and data collection technologies.

3. How We Use Personal Information

In addition to the purposes for collection described above, we also collect your Personal Information for the following general purposes:

  • To maintain your Client Profile, to send you requested product and Client Portal information, and to send you product and Client Portal updates;
  • To respond to your support or help center requests and address your questions and concerns;
  • To process billing information and transactions within the Client Portal;
  • To authenticate your identity and allow you to view, fill out, and sign documents in the Client Portal;
  • To administer, measure, and improve our Services and Client Portal experience;
  • To detect security incidents and protect against malicious activity;
  • To comply with our legal, regulatory and risk management obligations;
  • Any other purpose with your consent.

4. How We Share and Disclose Your Personal Information

We may share your Personal Information in the following circumstances:

  • To your Providers/our Customers: We share your Personal Information with your Providers/our Customers in order to provide you with the Services and facilitate our agreements with our Customers.
  • To Service Providers: We may share your Personal Information with companies that provide services to us, such as for hosting, marketing and communication services, analytics services, and payment processing.
  • In a corporate transaction: If SimplePractice is involved in a corporate transaction, such as a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of its assets.

5. Data Collection Technologies and Cookies

As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services. We use cookies and similar technologies to analyze trends, administer the Services, and track users' movements around the Services.

6. Retention and Security

We will retain your Personal Information for as long as your information resides in our Customer's Clients and Contacts list, as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

7. California Privacy Statement

California residents have certain rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). Clients who wish to exercise these rights should contact their Provider and send an email to privacy@simplepractice.com.

8. Contact Us

If you have any questions in connection with this Privacy Policy or other privacy-related matters, please visit our Help Center.

Rev. Sept. 2022/ © 2022 SimplePractice, LLC All rights reserved.