Legal

Privacy Policy

Last Updated: March 16, 2026 Miyndsett, LLC Keller, Texas

This Privacy Policy describes how Miyndsett, LLC ("Miyndsett," "we," "us," or "our") uses and discloses the Personal Information our customers ("Customers" or "you") provide to us or that we collect when you use our website, web application, mobile applications, software, and services that link to this Privacy Policy ("Services"). Before using the Services or otherwise providing Personal Information to us, please review this Privacy Policy carefully.

This Privacy Policy is not a contract and does not create any legal rights or obligations.

1. Note to Miyndsett Customers and Their Clients

This Privacy Policy does not apply to the Personal Information we may collect about our customers' patients and clients ("Clients") in the context of providing the Services to licensed mental health professionals and clinical supervisors. Our treatment of Client Personal Information is governed by our agreements with our customers, including our Terms of Service and HIPAA Business Associate Agreement, as applicable (our "Agreement"). If any provision in our Agreement conflicts with any provision in this Privacy Policy, the provision in our Agreement will control to the extent of such conflict.

We have a limited relationship with the Clients of our Customers. If we receive inquiries or requests from Clients about their Personal Information, we will honor those requests as required by applicable data privacy laws. We will also direct Clients to our Customers, the controller of their personal information.

2. Personal Information We Collect

"Personal Information" is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information, and internet activity. Personal Information does not include aggregated or de-identified information that is maintained in a form that is not capable of being associated with or linked to a person.

In the course of our business and in providing our Services to you, we may collect Personal Information directly from you and automatically through our use of cookies and other data collection technologies. We may also collect your Personal Information from third-party sources, such as our business partners, affiliates, and professional licensing databases. We will treat Personal Information collected from third-party sources in accordance with this Privacy Policy.

The categories of Personal Information we collect from you depend on your interactions with us. For example, we may collect:

Identifiers and Contact Information

Such as your name, email address, mailing address, phone numbers, professional license numbers, IP addresses, and unique identifiers such as your usernames and passwords. We collect this information directly from you for the purpose of creating and managing your Miyndsett account, for communicating with you, verifying your identity, and providing our Services to you.

Professional and Employment-Related Information

Such as your business or practice name, your license information (including license type, number, issuing state, and expiration), your NPI number, specialties, clinical supervision credentials, calendar and scheduling information, and other information related to your practice. We collect this information directly from you for the purpose of administering your Account and providing our Services, including verifying your professional standing and customizing your practice management experience.

Billing Information

Such as credit or debit card numbers (processed and tokenized via Stripe, Inc.) and tax IDs. We collect this information directly from you in order to process your subscription payments and any payments made to you by your Clients through the platform.

Clinical and Practice Data

Such as session notes, treatment plans, progress notes, client records, supervision logs, and other clinical documentation that you create or upload through the Services. This information is treated as Protected Health Information (PHI) under HIPAA and is governed by our Business Associate Agreement rather than this Privacy Policy.

Internet, Device, and Electronic Network Activity Information

Such as your browsing history within the Services, search history, and your interactions with our platform and features. We collect this information through our cookies and other tracking technologies to conduct business analytics in order to improve our business functionality and Services to you.

Commercial Information

Such as products and services you have purchased from us. We collect this information to maintain customer records, identify trends, and conduct business analytics.

Profile Information and Inferences

Such as information about your preferences and characteristics. We collect profile information by drawing inferences from the above categories of Personal Information in order to understand your preferences and tailor our Services and communications to you.

Sensitive Personal Information

Such as your account login information and credit or debit card number (processed via Stripe). We collect this information in order for you to login, access, and pay for the Services. We do not use sensitive personal information for targeted advertising or any commercial or monetary purposes beyond providing the Services.

3. How We Use Personal Information

In addition to the purposes for collection described above, we also collect and use your Personal Information for the following general purposes:

To maintain and service your Account, including to send you requested product and Service information, and to send you product and Service updates;
To respond to your customer service requests and address your questions and concerns;
To send you newsletters and marketing communications; you have the ability to opt-out of our marketing and promotional communications as described in the "Access and Choice" section of this Privacy Policy;
To administer and improve Services and marketing efforts, including measuring the effectiveness of our platform, diagnosing problems with our servers, and analyzing traffic;
To understand and respond to your needs and preferences, including to contact and communicate with you regarding surveys, research, and evaluations;
To develop, enhance, market, sell, or otherwise provide products and services;
To develop and manage our databases, businesses, and operations;
To engage in business transactions, including the provision of products and services;
To detect security incidents, to protect against malicious, deceptive, fraudulent, or illegal activity, and to comply with our policies and procedures;
To comply with our legal, regulatory, and risk management obligations, including establishing, exercising, and/or defending legal claims; and
Any other purpose with your consent.

4. How We Share and Disclose Personal Information

We may share your Personal Information in the following circumstances:

Publicly, With Your Permission

We may share your Personal Information publicly with your permission. For example, with your permission, we may publicly post your practice name, professional credentials, specialties, and other information you choose to make public through your Miyndsett practitioner profile, if and when such a feature is made available.

To Service Providers

We may share your Personal Information with companies that provide services to us, such as for cloud hosting, marketing and communication services, professional advising services, and payment processing ("Service Providers"). Our policy is to authorize these Service Providers to use your Personal Information only as necessary to provide services for us. Current Service Providers that may receive Personal Information include:

Amazon Web Services (AWS) — Cloud infrastructure, database hosting, file storage, and authentication
Neon Technologies, Inc. — PostgreSQL database services
Mailgun Technologies, Inc. — Transactional email delivery
Stripe, Inc. — Payment processing and subscription billing
Vercel, Inc. — Application hosting and content delivery

To Parties Outside of Miyndsett

We may share your Personal Information with our affiliate companies in order for them to provide analytics and for other internal business purposes.
From time to time, we may be required to provide Personal Information to a third party in order to comply with a subpoena, court order, government investigation, or similar legal process.
We may also share your Personal Information to third parties, such as law enforcement agencies, when we, in good faith, believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
To any other third party for whom you have given your consent for us to share your Personal Information.

In a Corporate Transaction

If Miyndsett is involved in a corporate transaction, such as a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of its assets, we may share or transfer your Personal Information as part of any such transaction. We will notify you of such a transaction via email or through the Services before your Personal Information is transferred and becomes subject to a different privacy policy.

We Do Not Sell Personal Information

Miyndsett does not sell your Personal Information to third parties for monetary or other valuable consideration, and has not done so in the preceding 12 months.

5. Access and Choice

Account Settings

If your Personal Information changes, or if you no longer desire our Services, you may modify or update it by logging into your Account and making the changes in your Account settings.

Marketing Opt-out Preferences

You can opt out of receiving marketing emails by using the unsubscribe link contained in the email. We may still send you emails about your relationship with us and your transactions, including Account information and alerts, subscription confirmations, and updates to our products, services, and policies.

Account Deletion and Data Export

Miyndsett customers may cancel and delete their Accounts at any time. Before canceling and deleting your account, please export your data using a private, password-protected internet connection. Miyndsett is not responsible for any lost or stolen data resulting from a customer's failure to follow reasonable security protocols during or after the data export process.

After you have exported your data and stored it in a secure location, you may proceed to cancel and delete your account by navigating to "Account Settings" and selecting "Cancel Subscription." Your data will remain accessible for sixty-four (64) days following account termination, after which it will be permanently destroyed.

Note that Covered Entities (licensed mental health professionals subject to HIPAA) are responsible for retaining client records in compliance with applicable Texas state licensing board record-retention requirements and federal law, including HIPAA. Miyndsett's data export tools are provided to facilitate this obligation.

Product Research Opt-out Preferences

Occasionally, we may contact you regarding opportunities to participate in product research, surveys, or other product testing. We will provide you with instructions specific to the method we use to contact you regarding how to opt-out of product research communications.

6. Data Collection Technologies and Cookies

As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services, such as:

Log Data, including internet protocol (IP) address, operating system, device type and version, browser type and version, the URL visited and the referring page, date/time of visit, time spent on our Services, and any errors that may occur during the visit.
Analytics Data, including the electronic path you take through our Services, activity information (first and last active date and time), usage history (emails opened, total log-ins), and the pages and links you view or interact with.
Location Data, such as general geographic location which can be inferred based on your IP address.

We and our third-party Service Providers may use cookies or small data files that are stored on your computer's hard drive, as well as related technologies such as web beacons, pixels, SDKs, and embedded scripts ("cookies") to automatically collect this information. We use this information to monitor and analyze how you use and interact with our Services, to analyze trends, and to improve the Services.

If you would prefer not to accept cookies, most browsers will allow you to change the setting of cookies by adjusting the browser settings to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Be aware that disabling cookies may negatively affect the functionality of this and many other websites that you visit.

Do Not Track: Our Services are not presently configured to respond to "do not track" or "DNT" signals from web browsers or mobile devices. We do, however, recognize and respond to Global Privacy Control ("GPC") browser signals, which allow you to control your online privacy by communicating your personal tracking preferences to participating websites.

7. Retention and Security

We will retain your Personal Information for as long as your Account is active, as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Upon account termination, we will retain data for sixty-four (64) days to allow for export, after which data will be permanently destroyed unless retention is required by law.

We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. Our security measures include:

Encryption of data in transit using TLS 1.2 or higher
Encryption of data at rest using AES-256
Access controls enforced via Amazon Cognito with multi-factor authentication available
Role-based access controls and audit logging
Automated session timeout controls
Regular security assessments

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee absolute security. In the event of a security incident involving your Personal Information or PHI, we will notify you as required by applicable law and our Business Associate Agreement.

8. Data Privacy Statement and Rights

Residents of certain states have specific rights under their state's privacy laws. The disclosures and privacy rights below apply to individual residents of California, Colorado, Connecticut, Texas, Nevada, Utah, and Virginia, among other states that have enacted comprehensive consumer privacy legislation.

Personal Information Disclosures

In general, within the preceding 12 months:

We have collected the categories of Personal Information listed in Section 2 above.
We have collected these categories of Personal Information directly from you, when you use our Services, and automatically through data collection technologies.
We have disclosed the following categories of Personal Information for business purposes: identifiers and contact information; professional and employment-related information; billing information; commercial information; profile information and inferences; and internet network activity information.
We have not sold your Personal Information.

Data Privacy Rights

Customers who wish to exercise the rights listed below should send an email to privacy@miyndsett.com.

The right to know.

You have the right to request to know (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we disclosed for business purposes; and (v) the purpose for collecting your Personal Information.

The right to deletion.

You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected.

The right to correct.

You have the right to request correction of any inaccurate Personal Information we have about you.

The right to access and data portability.

You have the right to easy and portable access to all pieces of Personal Information that we have collected or maintain about you.

The right to opt-out of selling or sharing.

We do not sell your Personal Information. We do not share your Personal Information for cross-contextual behavioral advertising or targeted advertising purposes.

The right to limit use of sensitive personal information.

You have the right to restrict the ways in which we use and disclose your sensitive personal information. We do not use, share, or disclose your sensitive personal information in any way except as outlined in this Privacy Policy for the purposes of providing our Services to you.

The right to opt-out of profiling.

You have the right to opt-out of any processing of personal data for the purposes of profiling for decisions that produce legal effects or similarly significant effects on you. We do not use your Personal Information for this purpose.

The right to equal service.

If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our Services.

Verification and Agent Requests

We will take steps to verify your identity before processing your privacy rights requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. You may use an authorized agent to submit a privacy rights request, provided the agent submits proof that they have been authorized by you to act on their behalf.

Appealing Privacy Rights Decisions

You may appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us at privacy@miyndsett.com with the subject line "Privacy Request Appeal."

9. Additional Information

Information for Visitors from Outside of the United States

We are committed to complying with this Privacy Policy and the data protection laws that apply to our collection and use of your Personal Information. We are located in the United States, where the laws may be different from, and in some cases less protective than, the laws of other countries. By providing us with your Personal Information and using the Services, you acknowledge that your Personal Information will be transferred to and processed in the United States where we and our vendors operate.

Social Media Widgets

Our Services or website may include social media features or widgets. These features may collect your IP address, which page you are visiting, and may set a cookie to enable the feature to function properly. Your interactions with these features on a third-party site are governed by the privacy policy of the company providing them.

Links to Other Sites

The Services may contain links to other sites that are not owned or controlled by Miyndsett. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to read the privacy statements of each and every website that collects Personal Information. This Privacy Policy applies only to information collected by our Services.

Children's Privacy

The Services we provide to our Customers are not directed to, nor do we knowingly collect any Personal Information from, children under 13. If we learn that we have received any Personal Information directly from a child under the age of 13 without first receiving the child's parent's verified consent, we will use that Personal Information only to respond directly to that child (or the parent or legal guardian) to inform the child that they cannot use the Services. We will then subsequently delete that child's Personal Information. If you believe that a child under 13 may have provided us with Personal Information, please contact us at privacy@miyndsett.com.

Changes to This Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address specified in your Account) or by notice through our Services prior to or upon the change becoming effective. We encourage you to review this page periodically for the latest information on our privacy practices.

10. Contact Us

For privacy-related inquiries, to exercise your data rights, or for help with matters related to this Privacy Policy, please contact us:

Miyndsett, LLC

Attn: Privacy Officer

PO Box 80111

Keller, Texas 76244

Email: privacy@miyndsett.com

Web: miyndsett.com

For general support inquiries not related to privacy, please contact us at support@miyndsett.com.

[/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]