Privacy Policy
TranqBay (we, our, or us) is committed to protecting the privacy of our users across all jurisdictions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mental health platform
Last Updated Date: December 9, 2024
- European Union: General Data Protection Regulation (GDPR)
- United States: Health Insurance Portability and Accountability Act (HIPAA)
- Nigeria: Nigeria Data Protection Regulation (NDPR)
- United Kingdom: UK GDPR and Data Protection Act 2018
Regulatory Compliance
This policy complies with multiple international data protection regulations including:
Information We Collect
Personal Information
- Name and contact details
- Date of birth and demographic information
- Professional credentials (for providers)
- Payment information
- Emergency contact information
- Medical history (where relevant)
- Government-issued identification (for verification)
- Insurance information (where applicable)
Platform Usage Data
- IP address and device information
- Browser type and settings
- Access times and duration
- Pages visited and features used
- Geographic location (as permitted by law)
- Technical error logs
- Platform interaction data
Session Information
- Appointment schedules
- Session metadata
- Chat logs (if applicable)
- Treatment plans (as documented by providers)
- Crisis intervention records (where applicable)
- Provide and improve our services
- Match clients with providers
- Process payments and maintain records
- Ensure platform security
- Comply with legal obligations
- Respond to emergencies
- Conduct quality assurance
- Send service-related communications
Data Processing Purposes
We process your data to:
Regional Data Protection Rights
European Union & UK Users
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to withdraw consent
United States Users
- Right to access PHI
- Right to amend records
- Right to receive accounting of disclosures
- Right to request restrictions
- Right to confidential communications
Nigerian Users
- Right to data access
- Right to data portability
- Right to erasure
- Right to object to processing
- Right to lodge complaints
Data Security
We implement robust security measures including:
- End-to-end encryption for sessions
- AES-256 encryption for stored data
- Multi-factor authentication
- Regular security audits
- Access controls and monitoring
- Incident response procedures
Data Retention
We retain data according to regulatory requirements:
- Session metadata: 30 days
- Medical records: As required by local law
- Payment records: As required for tax purposes
- Platform usage data: 24 months
International Data Transfers
For international data transfers, we ensure:
- Appropriate safeguards are in place
- Standard contractual clauses are implemented
- Regional data protection requirements are met
- Data localization laws are followed
Third-Party Sharing
We may share data with:
- Service providers (with appropriate safeguards)
- Law enforcement (when legally required)
- Emergency services (in crisis situations)
- Insurance providers (with consent)
- Other healthcare providers (with explicit consent)
Children's Privacy
For users under 18:
- Parental consent required
- Enhanced privacy protections
- Special data handling procedures
- Age-appropriate privacy notices
- Parental access controls
Updates to Privacy Policy
We may update this policy:
- With notice via email or platform
- With clear communication of changes
- Maintaining version history
- Requesting renewed consent when needed
Contact Information
For privacy-related inquiries: