Privacy Policy

Effective Date: July 1, 2025

Saalvio (“we” or “us”) values your privacy and is committed to protecting your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use Saalvio’s mental health platform. We operate in compliance with applicable laws, including HIPAA, Canada’s Personal Health Information Protection Act (PHIPA), the California Consumer Privacy Act (CCPA), and the EU General Data Protection Regulation (GDPR) where applicable. By using our services, you agree to the practices described here.

Information We Collect

Saalvio collects the following categories of information to provide and improve our services:

• Personal and Contact Information: This may include your name, email address, postal address, phone number, date of birth, and other identifiers you provide. We collect such information when you create an account or contact us.
• Account and Subscription Data: When you register or purchase services, we collect account credentials (username/password), payment information (e.g. credit card data), and subscription or billing details. (Payment data is securely transmitted to payment processors; Saalvio does not store raw payment card numbers.)
• Health and Therapy Information: To provide psychotherapy, we collect health-related data such as therapy intake forms, self-help tool responses, chat history with therapists or our AI chatbot, progress notes, journal entries, and any questionnaires you complete. This information is considered Protected Health Information (PHI) and is treated in accordance with HIPAA and PHIPA. For example, information collected via treatment intake (e.g. emergency contacts, health and medical history) is used to provide care .
• Usage and Technical Data: We automatically collect information about your use of our Services. This includes usage logs (which videos, tools or pages you access), session duration, search queries, and chat interactions with our AI chatbot. We also collect technical data such as your IP address, device type and operating system, browser type, device identifiers, and the page you came from  . Cookies and similar technologies are used to facilitate your use of Saalvio and to remember your preferences.
• Communications: If you contact customer support or provide feedback, we collect any information you include in those communications (e.g. message content, email address).

How We Use Your Information

We use your information for the following purposes:

• Providing Services: We use your personal and health information to operate the platform and deliver psychotherapy and self-help tools. For example, we use intake information to match you with a therapist and to provide therapy sessions.
• Improving Our Services: We analyze usage data and feedback to improve our platform (fix bugs, enhance features, and develop new tools). Aggregate or de-identified data may be used for research and quality improvement. For instance, anonymized user data may be used to identify trends that help us enhance content and functionality.
• Communication: We use your contact information to communicate with you. This includes sending service-related messages (e.g. appointment reminders, account notices) and, with your consent, promotional communications about new features or offers. We honor your preferences and only send marketing materials if you opt in.
• Security and Legal Compliance: We use data to protect the security of the platform and comply with legal obligations. For example, we use technical logs to detect unauthorized access or fraud, and we retain information as required by law or professional guidelines.
• Research (Optional): With your explicit consent, we may use de-identified health data to conduct clinical or academic research that can help improve mental health care. Any research uses strictly removes personal identifiers or is performed under rigorous ethical protocols.

 

Information Sharing and Disclosure

We do not sell your personal information. We may disclose your information only as follows:

• Service Providers: We share data with vendors who assist us (e.g. hosting providers, analytics, payment processors, customer support tools). These providers are contractually bound to keep your information confidential and use it only for Saalvio’s purposes.
• Affiliates and Successors: In the event of a merger, acquisition, or sale of assets, user information may be transferred to the new owner or affiliated companies. In such cases, the information remains subject to confidentiality obligations.
• Legal Requirements: We may disclose information if required by law (such as in response to a court order, subpoena, or government request). We may also disclose if we believe it is necessary to protect Saalvio’s rights, users, or the public (for example, to investigate fraud or security issues).
• Emergencies: If a situation arises where there is an imminent risk of harm (to you or others), Saalvio (and any affiliated therapist) may share limited information with appropriate emergency or law enforcement authorities. We do not monitor for abuse automatically and are not mandated reporters unless required by law. We encourage users in crisis to contact emergency services immediately.
• Consent: We may share information with your consent or at your direction (for example, if you choose to share content from Saalvio via a social media “share” feature).

 For California residents, we provide this additional notice: Saalvio does not sell or share your personal information. Under the CCPA, California users have the right to request access to the specific pieces of personal information we hold, and to request deletion of their data. Saalvio honors these rights and will not discriminate for exercising them. You can submit requests by contacting us. We retain data only as long as needed to provide services and as required by law or professional standards.

For EU/EEA/UK residents, Saalvio processes data under lawful bases (such as your consent or our legitimate interest in providing health care). You have data subject rights under the GDPR: you may request access to your data, correction or deletion of inaccurate information, restriction of processing, data portability, or lodge a complaint with a data protection authority. Health information is considered a “special category” under GDPR, so we process it with enhanced protection (e.g. explicit consent). We follow EU–US data transfer frameworks where applicable.

Data Security and Retention

We implement administrative, technical, and physical safeguards to protect your information. For example, all communication with our servers is encrypted (256-bit) and sensitive data is stored securely. We regularly audit our security measures; we comply with HIPAA security rules and perform annual third-party assessments of our controls. However, no system can be 100% secure, so absolute security cannot be guaranteed.

We retain personal and health data only as long as necessary: for example, psychotherapy records are kept per professional guidelines (in Ontario, this may be a minimum of 10 years). When data is no longer needed or upon your valid request for deletion, we securely erase it, except where retention is required by law (e.g. tax or regulatory recordkeeping).

Your Choices and Rights

You can access and control your information in several ways:

• Account Access and Portability: If you have an account, you may review, edit, or correct your account information at any time. You can also request an export of your personal data (including account info and communications) at any time.
• Deletion (“Right to be Forgotten”): You may request that we delete your personal information, subject to applicable exceptions (for example, we may retain certain data for legal compliance).
• Opt-out of Marketing: You can opt out of marketing emails by following the unsubscribe link or contacting us. Even if you opt out, we will still send you essential service emails (e.g. about your account or therapy).
• California Rights: As noted, California users may request specific disclosures about data collection and usage, and can ask to delete data. Saalvio will comply with verified requests and will not penalize you for exercising these rights.
• European Rights: EU residents may withdraw consent at any time (which will cease data processing that relied on consent) and exercise their rights to access, correct, or erase data as permitted by GDPR. Requests may be made by contacting us.
• HIPAA Privacy Rights: If you receive therapy in the US, you are entitled to a Notice of Privacy Practices and have rights under HIPAA, including the right to request access to your protected health information (PHI) from our covered entity partners. Saalvio, as our business associate, will assist with any such requests in accordance with HIPAA guidelines.

To exercise any of these rights or for any privacy inquiries, please contact our Privacy Officer at privacy@saalvio.com. We will respond to requests in accordance with applicable law. For California requests, see our “California Privacy Notice” on the website for full details.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate and improve our Services. Cookies help us recognize you, remember your preferences, and gather analytics about site usage. You may disable cookies via your browser settings; however, this may affect functionality. For advertising cookies, we respect opt-out signals (such as DNT or GPC) as described in industry standards.

Children’s Privacy

Saalvio’s services are intended for adults. We do not knowingly collect information from children under 16. If you are a parent and discover that your child under 16 has used Saalvio, please contact us to have the child’s data deleted. We encourage parents to supervise children’s online activities.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make significant changes, we will revise the “Effective Date” at the top and, if appropriate, notify users (e.g., via email). We encourage you to review this policy periodically.