Privacy Policy

Welcome to Enhearten, a service of Rissana, LLC ("Rissana"). Rissana is the St. Louis-based company that created and supports Enhearten, ("Enhearten") to support participants ("Participants"), professionals ("Professionals"), and organizations in the recovery process.

We want to be clear about how your information is protected. This Privacy Policy discloses our privacy practices and procedures in connection with Enhearten, the Enhearten App, and the entire Enhearten Platform. In other words, this Privacy Policy describes what Rissana shares and does not share, and with whom.

Your access and use of the Services, including all services available therein, is subject to this Privacy Policy and to our separate Terms of Service. If you use Enhearten, you are consenting to this Privacy Policy, as well as our Terms of Service.

This policy may change from time to time. The most recent version of this Privacy Policy can be found at www.enhearten.com/privacy-policy or on the Enhearten App under the Settings tab.

This Privacy Policy will describe the following:
• What data Rissana and Enhearten collect about Participants and Professionals and how it is collected
• Who has access to this data
• Who else might get access to the data
• Optional notifications outside of the App
• Where your data is stored
• How we protect and secure your data
• How long data is stored
• Our policy regarding children
• Your consent
• How you can contact us

What Data Rissana and Enhearten Collect About Participants and Professionals and How it is Collected
We collect and store data provided to us by Participants and Professionals through Participant interactions with the Enhearten App and Professionals' interactions with the Enhearten Platform. The data we collect and store may include personally identifiable information (PII), which is data that can be used to identify Participants and Professionals individually. These data are encrypted in transit and stored in an encrypted database. PII is only shared with third-party entities or services that are HIPAA-compliant for PII and have executed a business associates agreement.
‍
Based on the information you enter into Enhearten, examples of data stored by Rissana and its third-party service providers could include:
• Basic personal information, such as your name, username, email and physical address, telephone number, IP address, gender, and birthdate
• Media, such as photographs or videos
• Demographic information, such as income range, race and employment statistics
• Treatment information, such as medical information, recovery goals, and recovery tasks
• Messages sent or received using the Enhearten App and Platform (whether individual messages or group messages) including texts, emails or chats, answers to survey questions, and the names and identifies of personal contacts
• "Stories" and other social content authored or responded to by you

The Enhearten App and Platform also collects certain information automatically from the device you use to access Enhearten. This information may include the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use Enhearten.

We may also may use "cookies". A cookie is a piece of alphanumeric data stored on your hard drive or device to help us improve your access to Enhearten and identify repeat visitors to Enhearten. Cookies allow us to customize and enhance the user experience. We may also use services from third-party companies (such as Google) to collect usage data. Your use of Rissana products are subject to the privacy policies and terms of use from these third-party companies. For example, Rissana uses reCAPTCHA v3 to block spam on the Enhearten website, and your use of pages that implement reCAPTCHA v3 is subject to Google's Privacy Policy and Terms of Service.

While we save and store data, including PII, for use by a Professional for purposes of supporting the individual Participant's recovery, we also may use the data we collect for research purposes, to learn about recovery outcomes and further developments in this area, and for other Professionals to improve and benchmark their practices and outcomes. When this is done, data that could be used to identify Participants are stripped away. This includes the Participant’s name, birthdate, contacts, and other similar identifying data. Participant data, stripped of the identifying data, is called "Research Data" and will be added to large numbers of population data from other Participants and Professionals, and researchers or others using or reviewing this population data will not know what data is yours, or even whether you submitted data. Even understanding that your data will be stripped of its identifying information, if you would like to opt-out of having your Research Data shared with anyone other than Rissana, you may do so by changing the settings on your "Settings" page or by emailing us at privacy@enhearten.com.

Who has access to this data
• Rissana, which operates and supports Enhearten, has access to all of the data above, as it is necessary for the functionality of the Enhearten software suite.
• A Professional working with a Participant has access to certain data for the purposes of the Participant's recovery, which may include usage data, responses to surveys, and goal progress.
• Rissana and Researchers authorized by Rissana can perform analytics and benchmarking on Research Data.
• A Participant working with a Professional may have access to certain data for purposes of their recovery, which may include contact information, messages, and status notifications from the relevant Professional.
• Finally, certain content, including photographs, you share in the "Stories" feed (and/or other parts of Enhearten that are explicitly for the purpose of engaging with other Participants and Professionals) can also be accessed by other Rissana users. Accordingly, please take care what is shared in those features.

Who else might have access to the data
Rissana may disclose your data to other organizations when (1) required to by law, such as to comply with a subpoena, or similar legal process; or (2) when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

As stated above, Rissana may use trusted third-parties to help us deliver the Enhearten Platform, who, in this capacity, may have access to your data.

Rissana does not share data with marketing firms or sell data. These policies apply to all end users of Rissana’s products, including Participants and Professionals involved in human subjects research.

Optional notifications outside of the app
The Enhearten App has the capability to push notifications to the home screen of your mobile device. This feature is optional. If enabled, a push notification is a message that pops up on a mobile device and can be sent at any time, even when you are not using the app. Although the notifications are short and will not include specific medical information, they do identify that you are using the Enhearten App and, depending on the settings of your mobile device, may appear on your home lock screen where others can see.

Where your data is stored
Rissana stores your data on secure servers using Amazon Web Services (AWS). You can learn more about AWS and how it helps us protect your information here: https://aws.amazon.com/compliance/hipaa-compliance/

How we protect and secure your data
We are committed to safeguarding the confidentiality of your data. We use commercially reasonable physical, electronic, and procedural safeguards to protect your PII against loss or unauthorized access, use, modification, or deletion. However, no security program is foolproof, and thus we cannot guarantee the absolute security of your PII or any other information you provide to us.

If you have any questions related to how we protect and secure your data, you can reach us by email at: privacy@enhearten.com.

How long data is stored
Your PII may be stored by Rissana until the later of: (1) a Participant stops using Enhearten or subsequent Rissana products or services; or (2) a Professional stops using a Enhearten or subsequent Rissana products or services. Even after both of those occurrences, your Research Data will continue to be used by Rissana unless you have opted out of providing such data. You may decide after you have stopped using Enhearten to opt-out, in which case you must send your opt-out request to Rissana in writing or by emailing your request to opt-out to privacy@enhearten.com.

Our policy regarding children
The Enhearten products are not for children under the age of 13. If a parent or guardian becomes aware that their child has entered their own personal data into Enhearten or somehow been given an account by a Professional, please contact us at accounts@enhearten.com. If we become aware that a child under 13 has provided us with Personal Information, we take steps to remove that information and terminate the applicable account.

Changes to this Privacy Policy
Technology and the Internet are rapidly changing. Rissana, therefore, is likely to make changes to the Enhearten in the future and as a consequence will need to revise this Privacy Policy to reflect those changes. Rissana will post all such changes to the Privacy Policy on www.enhearten.com/privacy-policy so you should review the website periodically. If we make a material change to the Privacy Policy, you will be provided with appropriate notice, most likely via the Enhearten App. If we maintain your email address, we also may email you a copy of the revised Privacy Policy at your most recently provided email address. It is therefore important that you update your email address if it changes.

Your consent
As stated earlier, your use of Enhearten is an acknowledgement that you understand and consent to this Privacy Policy. Enhearten may modify this Privacy Policy at any time effective upon its posting. Your continued use of Enhearten constitutes your acceptance of this Privacy Policy and any updates. You will must also accept our Terms of Service before you can start using the App. Please read that document carefully too.

How you can contact us
If you have any questions regarding the Privacy Policy, please contact us at privacy@enhearten.com.

California Privacy Rights
In addition to the other rights set forth in this Policy, California residents who provide Personally Identifiable Information (as defined in the California Online Privacy Protection Act 2003 (CalOPPA)) and Personal Information (as defined in the California Consumer Privacy Act of 2018 (CCPA)) (collectively, the “Information”) to obtain our Services for personal, family, or household use are entitled to: (i) request and obtain from us deletion of Information, unless such Information is necessary to compute a transaction for which the Information was collected, to provide our Services, to detect or protect against security incidents, or as otherwise required or allowed by law; and (ii) request and obtain from us, up to twice in any twelve (12)-month period, information about the Information we shared in the immediately prior twelve (12)-month period, if any, including, if applicable, specific categories and pieces of such information collected, sources from which such information was collected, the identity of those businesses with which we shared such information and the business purpose for collecting or selling such information.

To make these requests please contact us at privacy@enhearten.com, and we will respond within forty-five (45) days of such verifiable request. We will need to collect information from you to verify your identity in connection with such request.

Currently, we do not sell any personal information you provide us. If in the future, circumstances arise under which we may sell personal information, you will be provided with notice and a right to opt out of the sale of any personal information you provide us.

We will not discriminate against you if you exercise any of the rights referenced above or in connection with the CCPA.