Introduction and Commitment to Privacy

Forward Psychiatry is committed to protecting your privacy and treating your personal and health information with the utmost care and confidentiality. We understand that information about you and your mental health is highly sensitive and personal, and we are dedicated to safeguarding it in compliance with all applicable laws and ethical standards. We strive not only to meet but to exceed existing privacy standards in healthcare. This Policy explains what information we collect, how we use it, how it may be shared, and the choices and rights you have regarding your information. We have written it in clear, straightforward language – with a compassionate and professional tone – so you can easily understand our practices and feel confident in how we handle your data.

Information We Collect

We collect both personal information and health information to provide you with quality mental health care and to improve our services. We obtain information directly from you, automatically through your use of our site, and from your healthcare interactions with our clinicians. We limit our collection to what is relevant and necessary for your care and our operations. The types of information we collect include: Personal Information: Identifying details that you provide, such as your name, address, email, phone number, date of birth, and payment or insurance information. For example, when you create an account, schedule an appointment, or pay for services, you may give us personal details like contact information and billing data. We only collect personal details that you knowingly provide to us (for instance, through registration forms, questionnaires, or email communications) and use them for the purposes described in this Policy. It is always your choice whether to provide this information; however, not providing certain details may limit our ability to register you or offer services. Protected Health Information (PHI): Information related to your health or treatment that is subject to HIPAA protections. This includes medical or mental health history you share with us, symptoms or conditions you discuss, treatment plans or notes created by our providers, and any other health-related Information you provide during care. We treat all such information with heightened privacy safeguards by the U.S. Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws. For example, if you fill out an intake form or speak with your therapist via our platform, those details become part of your confidential health record, which we protect under HIPAA’s standards. Usage Data and Technical Information: Non-personal information collected automatically when you interact with our website or portal. Like many websites, we gather data such as your IP address, device type, browser type, operating system, pages or features you access, and the dates/times of your visits. We also use cookies and similar tracking technologies (described in the “Cookies and Tracking” section below) to collect information about how you navigate our site, your preferences, and other analytical insights. This usage data helps us understand how our services are used and improve the user experience. It generally does not identify you directly, and we do not tie it to your health information unless necessary for security or compliance reasons. Demographic and Statistical Information: We may collect certain demographic details (such as age, gender, or general location) or generate aggregated, de-identified statistics about our user base. Any aggregated data cannot be linked back to you and is used only to help us improve our services and understand the needs of our clients. If we ever combine demographic or usage data with your identifiers in a way that makes it personally identifiable, we will treat the combined data as personal information per this Policy.

How We Use Your Information

We use the information we collect only for legitimate and necessary purposes, to deliver our services, run and improve our operations, and comply with legal requirements. We do not sell your personal or health information to third parties. Below are the primary ways in which we utilize your information: To provide and Personalize Services: We use your information to deliver mental health care and support. This includes using your health information to diagnose and treat you, to create therapy or medication plans, and to coordinate care among our clinicians and staff. For example, your therapist will review the health history you provide and document session notes to guide your treatment. We also use personal and usage data to manage your appointments, process payments or insurance claims, and ensure our platform functions properly for you. Additionally, we may use your information to personalize your experience – for instance, remembering your preferences or tailoring content in our patient portal to be more relevant to your needs. For Communication: We may use your contact information to communicate with you about important matters. This includes sending appointment reminders, responding to your inquiries, sending administrative messages (such as changes to our terms or policies), and providing customer support. If you have given consent, we might also send you mental health resources, newsletters, or wellness tips that could benefit you. We will only send marketing or promotional emails (e.g., about new services or events) if we have your permission, and you can opt out of these at any time. For Operational Improvement and Analytics: We use collected data to maintain and improve our website, platform, and services. This involves analyzing usage patterns and feedback to fix issues, enhance features, and make the user experience more intuitive. For example, we might review aggregated site traffic data to identify frequently visited pages or to improve site navigation. We may also anonymize or de-identify your information (removing personal identifiers) and use those de-identified insights for analytics, research, and reporting purposes. De-identified information is not considered personal, and we may use it without restriction – for instance, to publish general trends or outcomes (e.g., “X% of our patients report improvement after 3 months”) that cannot be traced back to any individual. For Safety, Security, and Legal Compliance: Your information may be used to protect our clients and comply with laws. This includes uses such as verifying your identity when you log in, monitoring for fraudulent or unauthorized activities, and enforcing our Terms of Service to keep our platform safe. We may use your data as needed to comply with applicable legal obligations and regulatory requirements in the mental health and telehealth field. For example, we might use certain information to track and report public health information as required by law, or to send mandatory notices. We also maintain records as necessary for HIPAA compliance and other accreditation or quality control purposes. If required, we will use your contact information to notify you of any changes to this Privacy Policy or other important updates, as described in the Policy Updates section.

Data Sharing and Disclosure

Forward Psychiatry does not share your personal or health information with third parties except in the limited scenarios described here. We will never sell your information, and we only disclose it with careful safeguards and on a need-to-know basis. The situations where we may share your information include: With Your Healthcare Providers and Team: Our clinicians, therapists, psychiatrists, and support staff will share appropriate health information as needed to coordinate and deliver your care. For example, your therapist might consult with our supervising psychiatrist about your treatment, or our billing team will use your health insurance details to process a claim. All members of our workforce are trained to maintain confidentiality and only access your information for treatment, payment, or healthcare operations purposes as allowed by HIPAA. With Service Providers (Business Associates): We may disclose information to third-party Companies that help us run our business or provide services on our behalf, such as our technology platform providers, cloud data storage, appointment scheduling software, billing processors, or analytics tools. These partners act as our service providers (and as “Business Associates” under HIPAA when they handle PHI. They are bound by strict contractual obligations to safeguard your data and use it only to provide their services to Forward Psychiatry. For instance, we might use a secure electronic health record system to store your charts; that vendor can only use your information to maintain our records system and must follow privacy and security rules. We require all such partners to sign agreements ensuring your information remains confidential and protected in line with HIPAA and industry standards. For Legal Compliance or Protection: We may disclose your information when required by law or when we believe it is necessary to protect rights, safety, or property. This includes complying with court orders, subpoenas, or other legal processes, and sharing information in response to lawful requests by governmental authorities. For example, if a law enforcement agency or regulator demands access through a proper process, or if we must report certain communicable diseases or suspected abuse as mandated by law, we will provide the minimum necessary information. We may also share information to prevent a serious threat to someone’s health or safety – for instance, if you are in crisis and at risk of harm, we might contact emergency services or a loved one, consistent with legal and ethical obligations. In Corporate Transactions: If Forward Psychiatry is involved in a merger, acquisition, financing, or sale of all or a portion of our business, your information (as part of our business assets) may be disclosed to the parties involved to evaluate and complete that transaction. In such cases, we will ensure the recipient of any personal data commits to privacy protections at least as stringent as those in this Policy, and we will notify you of any ownership change affecting your personal information. With Your Consent or At Your Direction: Outside of the above scenarios, we will share your information with third parties only if you expressly request or authorize it. For instance, you may ask us to send your records to another healthcare provider or to share information with a family member or caretaker. In those cases, we will obtain your written consent or authorization as needed before disclosing your information. You are free to revoke such an authorization at any time (see “Your Rights” below), and we will stop any future sharing that was based on your consent. (Note: If you revoke consent, it will not affect any information we have already disclosed with your permission up to that point .)

Data Security Measures

We employ robust physical, technical, and administrative security measures to protect your information from unauthorized access, use, or disclosure. Forward Psychiatry takes data security very seriously and continuously works to uphold industry best practices for safeguarding health information (in line with HIPAA Security Rule standards). Some of the key security steps we take include: Encryption: We use encryption technology to protect sensitive data. Any personal or health information you provide through our website or patient portal is transmitted over HTTPS (secure SSL/TLS encryption) and stored in encrypted form on our servers or in the cloud. This means that when you enter information (like your registration details or a credit card number), the data is encoded to prevent interception. You can verify this by looking for the lock icon in your browser’s address bar when accessing our site. Access Controls: We restrict access to your personal information strictly to those employees and service providers who need it to perform their duties (for example, our clinical staff and care coordinators, or our billing personnel). All staff members undergo privacy training and are bound by confidentiality obligations. We use authentication safeguards (such as strong passwords and, where possible, two-factor authentication) to ensure that only authorized individuals can access systems that contain your data. Administrative and Monitoring Safeguards: We maintain internal policies and procedures designed to protect privacy. This includes regularly reviewing our data handling practices, monitoring for any unauthorized access attempts, and keeping audit logs of access to health records. We also have an appointed Privacy Officer and Security Officer who oversee compliance with privacy laws and promptly address any issues. Infrastructure Security: Our systems are protected by firewalls, antivirus/anti-malware tools, and intrusion detection systems to prevent unauthorized system access. We keep our software and security protocols up to date. Our data servers are housed in secure facilities, and we back up data securely to prevent loss. Additionally, if we use third-party cloud services or data centers, we ensure they meet rigorous security certifications and sign Business Associate Agreements, requiring them to protect your information to the same standards we uphold. Despite all these precautions, it’s important to note that no method of data transmission or storage is 100% secure. While we strive to protect your personal information with a high degree of care, we cannot guarantee absolute security of information against all possible breaches. However, in the unlikely event of a security breach that compromises the privacy or security of your personal or health information, we will notify you promptly as required by law and take all necessary steps to mitigate the issue.

Your Rights and Choices

We want you to have control over your personal and health information. Forward Psychiatry respects all rights you have under HIPAA and applicable privacy laws regarding your data. The following is a summary of your key rights and how you can exercise them: Access Your Information: You have the right to request an electronic or paper copy of your medical record and other information we have about you. This includes your therapy notes, diagnoses, billing records, and any other PHI we maintain in a designated record set. We will provide you with access to your records, or a copy, usually within 30 days of your request (often sooner). We may charge a reasonable, cost-based fee if applicable, as permitted by law, for copying or mailing records. To protect your privacy, we will verify your identity (for example, through a secure account login or a signed request) before releasing records. Request Corrections (Amendments): If you believe that any information in your records is incorrect or incomplete, you have the right to ask us to correct or amend your medical record. We may ask you to provide a reason for the correction. If we are unable to honor the request (for instance, if we believe the current information is accurate), we will inform you in writing within 60 days, and you have the right to add a statement of disagreement to your record. We will still note in your file that you requested a change. Confidential Communications: You can request that we contact you in a specific way or at a specific location to maintain your privacy. For example, you might ask that we call only your mobile phone and not a home number, or send mail to an alternate address. We will accommodate reasonable requests for confidential communication. You do not need to explain the reason; we simply need an alternative method to reach you that we can implement. Restriction of Disclosures: You have the right to ask us not to use or share certain health information for treatment, payment, or operations. While we will consider all reasonable requests, please understand that we are not required to agree to a restriction in most cases if it would impede care or compliance. Exception: If you pay for a particular service in full out-of-pocket, if you request that we not share information about that service with your health insurer, we will honor that request (we will not disclose that specific information to your insurer) unless required by law. Accounting of Disclosures: You can request a list of certain disclosures we have made of your health information. This accounting will include the times we shared your information beyond routine treatment, payment, and operations, going back six years from the date of your request. For example, it would list any non-ordinary disclosures such as those made for public health reporting or in response to legal requirements. We will provide you with one accounting for any 12 months for free. If you request another within 12 months, we may charge a small fee (we’ll let you know the cost in advance). Revocation of Consent or Authorization: If you have given us a specific authorization to use or disclose your information (for example, to release records to a third party or to use your testimonial on our website), you have the right to revoke that authorization at any time by contacting us in writing. Once we receive your revocation, we will no longer use or share your information for that purpose, except to the extent we have already acted based on your permission. Please note that revoking an authorization will not affect any disclosures made before the revocation date (those cannot be undone). Deleting or Removing Information: You may request that we delete certain personal information we have collected from you (for example, non-medical information you provided on our website). We will honor such requests to the extent possible; however, please be aware that we cannot delete information that we are required to keep by law or that is necessary for us to provide services to you. For instance, medical records must be retained for a minimum period under healthcare regulations, and we may need to keep certain data for billing or compliance purposes. We will also retain limited information if required for our internal purposes, such as financial recordkeeping or to document care (we may archive it and separate it from active use). When we grant a deletion request, we will remove the data from active systems and cease using it, and will also instruct our service providers to do the same, to the extent required by law. Keep in mind that once information has been shared with authorized third parties (like insurers or labs) as part of your care, we may not be able to force those entities to delete the information they have received. Opt-Out of Communications: If at any time you prefer not to receive marketing or informational emails from us (such as newsletters or mental health tips), you can opt out by using the “Unsubscribe” link in those emails or by contacting us with your request. We will process your opt-out request promptly. Please note that even if you opt out of marketing messages, we may still send you essential transactional or service-related communications (e.g., appointment confirmations, policy updates, or security alerts) when necessary. California and Other State Privacy Rights: (If applicable) If you are a resident of certain states with specific privacy laws (such as California’s Consumer Privacy Act (CCPA) or similar laws in Colorado, Connecticut, etc.), you may have additional rights regarding your personal information. These can include the right to know what categories of personal information we collect and disclose, the right to request deletion of personal data, and the right to opt out of certain data sharing. Forward Psychiatry will not discriminate against you for exercising any privacy rights under such laws. Should these laws apply to you now or in the future, you can exercise those rights by contacting us (see Contact Information below). We will update this Policy or provide a state-specific privacy notice to reflect any new rights as our service areas expand. Questions or Complaints: If you have questions about your privacy rights or are concerned that your privacy rights have been violated, you have the right to file a complaint. You can contact us directly (see Contact Information) to report your concerns, and we will investigate. Additionally, under HIPAA, you have the right to complain to the U.S. Department of Health and Human Services – Office for Civil Rights, if you believe your rights have been infringed. We will not retaliate against you for asking questions or filing complaints – your care and trust are our top priorities.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your user experience, understand usage patterns, and improve our services. Cookies are small text files placed on your device that help us remember your preferences and recognize you on subsequent visits. When you first visit our site, you will be informed about our use of cookies and given the option to manage your cookie preferences (except for “essential” cookies that are necessary for the site to function). Here is how we handle cookies and your choices: Types of Cookies We Use: We utilize both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until deleted). Session cookies enable core functionality like secure login and session management. Persistent cookies help us, for example, by saving your preferences (so you don’t have to re-enter information each time) and by supporting security features. We may also use cookies and third-party tools for analytics (to see how users navigate our site, which pages are popular, etc.) and for limited advertising/marketing purposes to reach people who might benefit from our services. For instance, we might use a Google Analytics cookie to collect anonymized traffic data, or a Facebook pixel to measure the effectiveness of our outreach, but these will not identify you by name. Any analytics or ad partners we use will be obligated to handle cookie data in compliance with applicable laws and not use it for their purposes without consent. Your Choices: On our site, non-essential cookies (like those for analytics or advertising) are optional. You can use our cookie banner or preferences center to opt out of certain categories of cookies if you wish. Additionally, most web browsers allow you to control cookies through their settings. You can set your browser to refuse certain cookies or alert you when cookies are being sent. Please note, however, that if you disable cookies entirely, some parts of our site may not function properly. For example, you might not be able to stay logged in or use certain interactive features if cookies are turned off. We do not currently respond to “Do Not Track” signals because there is not yet a common industry standard for compliance with those signals, but we continue to monitor developments in this area. Other Tracking Technologies: We may use related technologies like web beacons (tiny graphic images in emails or on web pages) or device identifiers in our mobile app (if applicable). These help us count users who have visited certain pages or opened an email, and they allow us to gauge the effectiveness of our communications. You generally cannot opt out of web beacons in emails aside from unsubscribing from the mailing list, because they are typically part of the email content. However, we do not use these technologies in a way that discloses personally identifiable information; they are only used to collect aggregate statistics.

Third-Party Links and Services

Our website and communications may contain links to third-party websites or integrations with third-party services (for example, scheduling widgets, lab services, or resource articles on external sites). Please be aware that Forward Psychiatry is not responsible for the privacy practices of external websites or services that we do not own or control. If you click on a link to an external site or use a third-party Service through our platform, any information you provide to those third parties is governed by their privacy policies, not ours. We encourage you to review the privacy policies of any website or service you visit outside of Forward Psychiatry. Additionally, if you choose to engage with us on social media (such as by visiting our official pages on platforms like Facebook, LinkedIn, or Instagram), be mindful that any information you post or share via those platforms is also subject to those platforms’ privacy rules. For instance, if you “like” or share our content on a social network, your interactions may be visible to others, and that social network might collect information about you through their cookies or tracking. We recommend reviewing your privacy settings on those services. We may integrate basic social media features (like a “Share” button), but we do not provide any personal information to social networks unless you specifically direct us to. In summary, this Privacy Policy applies only to Forward Psychiatry’s platform and services. Once you leave our site or interact with a third-party feature, we cannot control how your data is handled, so please exercise caution and read the applicable third-party privacy statements.

Children’s Privacy

Forward Psychiatry’s services are not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13 without verifiable parental consent. If you are under 13, please do not submit any personal information on our website or use our services without permission from a parent or guardian. If we learn we have inadvertently collected information from a child under 13, we will promptly delete that information from our records unless we are legally obligated to retain it. For adolescents who are 13 to 17 years old, we require the involvement and consent of a parent or legal guardian for the use of our services. If a minor is receiving services through Forward Psychiatry, their parent or guardian must consent to the collection and use of the minor’s information and agree to this Privacy Policy on the minor’s behalf. We treat the information of minors with strict confidentiality and in compliance with all applicable laws (including any additional protections under state laws for minors’ health information). Parents or guardians have the right to access their child’s records, except in certain situations where law or clinical judgment allows the minor to consent to services without parental involvement. We encourage parents and guardians to discuss this Privacy Policy with their children so that they can understand how their information will be handled.

Policy Updates and Changes

We may update or change this Privacy Policy from time to time as our services evolve or as laws and regulations require. If we make minor changes (for example, to clarify wording or address new minor features), we will post the revised Privacy Policy on our website with a new effective date, and those changes will become effective upon posting. If we make any material changes to how we collect, use, or share your personal information, we will provide you with prominent notice. This may include posting a notice on our website’s homepage or within the app, and/or contacting you via the email address we have on file before the changes take effect. In certain cases, if required by law, we may seek your consent to significant changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Forward Psychiatry’s services after a Privacy Policy update constitutes your acceptance of the changes, to the extent permitted by law. For any earlier versions of this Policy, you may contact us to obtain a copy. We always indicate the effective date at the top of the Policy so you know when it was last revised.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please reach out to us. We are here to help and are committed to addressing any inquiries about privacy or security. You can contact Forward Psychiatry’s privacy team at: Email: admin@forwardpsychiatry.com. You may also contact this email/phone if you wish to exercise any of your rights as described above (such as accessing records or opting out of communications). We will respond as promptly as possible, generally within 30 days. If you have a concern about how your information has been handled, we encourage you to contact us so we can investigate and resolve the issue.  Thank you for trusting Forward Psychiatry with your care. Your privacy is fundamental to our mission, and we will continuously strive to earn and uphold your trust by treating your personal information with care, respect, and security.