SessionGlance Privacy Policy

1. Introduction & Scope

SessionGlance LLC (“Company,” “we,” “our,” or “us”) respects your privacy and is committed to safeguarding the information you entrust to us. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Software-as-a- Service (SaaS) platform and/or desktop application (collectively, the “Service”). This Policy applies only to users located in the United States. The Service is not offered to, or intended for, users outside of the United States. If you are located outside the U.S., you must not use the Service. By using the Service, you agree to the terms of this Privacy Policy and our End User License Agreement (EULA).

2. Definitions

• Personal Data: Information that identifies, relates to, or can reasonably be linked to an individual.

• Protected Health Information (PHI): Health information protected under the Health Insurance Portability and Accountability Act (HIPAA).

• User Data: Any data submitted by users to the Service, including Personal Data and PHI.

• Output Data: Reports and other documents generated by the Service based on User Data.

• Aggregate/Anonymized Data: Data that has been de-identified so it cannot reasonably identify an individual.

• Service Providers: Third-party vendors that process information on our behalf, including AWS (hosting), Stripe (payments), and Google Analytics (metrics).

• Cookies: Small text files placed on your device to support Service functionality.

3. Information We Collect

We collect the following categories of information:

• Account Data: Name, email, organization details, login credentials, and payment information.

• Client/Patient Data (PHI): Information uploaded by therapists regarding their clients for the purposes of generating clinical reports.

• Technical and Usage Data: IP address, browser type, device identifiers, session activity, error logs, and cookie data.

• Communications: Feedback, support inquiries, and other communications you send us.

4. How We Use Information

We use collected information for the following purposes:

• To provide, operate, and maintain the Service;

• To process payments and manage accounts;

• To generate reports and other outputs from User Data;

• To improve our algorithms and features in a de-identified or aggregated manner;

• To comply with HIPAA and other applicable laws;

• To communicate important notices, updates, and policy changes;

• To send marketing communications (with opt-out options).

5. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Authenticate sessions and maintain login security;

• Collect usage analytics via Google Analytics;

• Improve Service performance.

We do not use cookies for advertising or behavioral tracking. By using the Service, you consent to our use of cookies as described in this Policy. Google Analytics may set its own cookies; you can opt out of Google Analytics by installing the opt-out browser add-on available at: https://tools.google.com/dlpage/gaoptout. We do not send PHI to Google Analytics or any analytics provider.

6. Disclosure & Sharing of Information

We may disclose information as follows:

• Service Providers: AWS for hosting, Stripe for payments, Google Analytics for metrics.

• Legal Compliance: To comply with applicable laws, regulations, subpoenas, or government requests.

• Business Transactions: In connection with mergers, acquisitions, or sales of assets.

• Aggregate Data: For analytics, research, and product improvements.

We do not sell personal data.

7. HIPAA Commitments

If you are a Covered Entity or Business Associate under HIPAA, we act as your Business Associate. We will:

• Use and disclose PHI only as permitted by HIPAA and our Business Associate Agreement (BAA);

• Safeguard PHI in compliance with the HIPAA Security Rule;

• Report security incidents and breaches of PHI as required by law;

• Make available PHI as required for access, amendment, and accounting of disclosures.

8. User Rights

Depending on applicable law, you may have the following rights:

• HIPAA Rights: Access, correct, or request an accounting of disclosures of PHI.

• CCPA Rights (California residents): Right to know what data we collect, request deletion, opt out of the sale of data (we do not sell data), and non-discrimination for exercising rights. We do not use sensitive personal information (such as health data) for purposes other than those permitted by law (e.g., providing the Service).

Requests may be submitted by contacting us (see Section 14).

9. Data Security & Breach Response

We use industry-standard safeguards, including encryption in transit and at rest, access controls, monitoring, and audits. In the event of a data breach involving PHI or Personal Data, we will provide notification without unreasonable delay and in no case later than 60 calendar days after discovery, consistent with HIPAA and applicable state law.

10. Data Retention

We retain data while your account is active. Upon account termination, User Data will be retained for 30 days to allow for data export or reactivation. After this period, we may delete or anonymize the data unless required by law to retain it longer.

11. Children’s Privacy

The Service is intended solely for use by licensed adult professionals (18 years of age or older). We do not knowingly permit children to register for accounts or to provide information to us directly.

Clinicians and other authorized users may, however, input information relating to clients who are minors in the course of providing clinical services. Any such information is treated as Protected Health Information (PHI) and is safeguarded in accordance with HIPAA and this Privacy Policy. We rely on our users to ensure that all necessary consents and authorizations from parents or legal guardians have been obtained prior to the entry of any child client information into the Service.

12. Marketing & Communications

We may send promotional communications about our Service. You will always have the ability to opt out of marketing emails by following the unsubscribe instructions or contacting us. We will honor opt-out requests within 10 business days, consistent with the CAN-SPAM Act.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide at least 30 days’ notice before new terms take effect, unless immediate changes are required for legal compliance.

14. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: SessionGlance LLC Detroit, MI 48202 Email: support@sessionglance.com

15. Governing Law & Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws principles. Any disputes shall be resolved in accordance with the dispute resolution and arbitration provisions set forth in the EULA, with venue in Oakland County, Michigan.