Free, Safe, Confidential. Always.

Updated January 31 2024

 

At Kooth ("Kooth", "we," "us," or "our"), we create easy to access online mental health services that work alongside you to provide compassionate and effective support. We create a welcoming space for effective, personalized digital mental healthcare, by providing the Service (defined below) to Users, clients, and stakeholders ("Customers") as their service provider. Note that other Kooth Services may be governed by privacy notices containing different information practices applicable to those sites.

This privacy notice will provide you with information as to how Kooth collects, uses, and shares information about you (the "User"). The information on this page applies to the personal data we collect about your interactions, use, and experience with our website SolunaApp.com (our “Website”), our app on iOS and Andriod (our “App”) in connection with the mental health services (“Service”) we provide. “Personal Data” includes any information that can be used on its own or with other information in combination to identify or contact one of our Users. 

By using the Service, the user is acknowledged that they have read and agrees to the terms of the policy. If the user does not agree, please do not log into, access, or access the Service and do not submit any personal data.

 

1. Overview

Your personal information in our possession may be protected health information ("PHI") under the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), and the applicable provisions of the Health Information Technology for Economic and Clinical Health ("HITECH") Act. To the extent HIPAA applies to our processing of your PHI, we act as a Business Associate. Under other circumstances, we provide our Services to schools and school districts ("Schools"). In addition to this Privacy Policy, the HIPAA Notice of Privacy Practices of Kooth apply to your PHI.  

 

2. Consent to process children's personal information

Kooth is committed to protecting the privacy of children. To the extent that parental consent is required please, see our "Children’s Privacy and Parental Controls" policy for more information about how we collect, store and share children’s information. 

 

3. Information we collect

1. Information you provide to us

Kooth and its Service Providers (as defined below in disclosure of the information) may collect information you provide directly to Kooth or its Service Providers via the Service. This table presents the types of information collected on the Website or App (whether legally classified as personal data or PHI under HIPAA), the sources, and the uses. 

Personal Identifiable Information (PII)

Types of PII

How We Get It

What we do with it

Registration

 

Information a User may provide when creating an account or updating the User profile: 

  • Language
  • Username
  • Password
  • Email
  • Zipcode
  • Date of Birth
  • Pronouns
  • Interest
  • Notification preferences

User provides during sign up process

  • Provide you with Services 
  • To match you to a trained professional
  • Provide you with treatment information
  • Enroll you in Services and administer your account
  • Provide you with support
  • Maintain the safety and security of our Users, our Services, and our business
  • Provide announcements and communicate with you, including marketing Kooth Services
  • Provide mandatory and permissible reporting to law enforcement or other governmental authorities, for example in instances of abuse, or ascertainable threats of violence to another person 
  • Respond to a valid legal request.
  • Provide you with ? and to evaluate, improve and develop the Services
  • Conduct internal oversight
  • Control the quality of the Services

 

Use of Service


Information Users may voluntarily  provide when using the Website or App:


  • Demographic Information
  • Sexuality 
  • Religion
  • Ethnicity 
  • Information Users disclose in chat data 
  • Documents Users share with trained professionals via our chat functionality
  • Information collected via chat, telephone, or email support channels
  • Information Users provide as part of treatment intake including emergency contact details, physical and mental health information and medical history


Through Users use of the Website or App

  • To provide you with the Service
  • To build, modify, and develop new products, features, and Services
  • To conduct clinical and other academic research, internally and with approved research partners (where direct identifiers such as name and contact details have been removed, or pursuant to explicit authorization). For more information see “Research” below
  • To address patient concerns or complaints
  • To carry out quality assurance and compliance activities
  • To provide you with assistance in the event of an emergency




2. Information collected automatically

Kooth and its Service Providers may also automatically collect certain information about Users when they access or use the Services ("Usage Information"). Usage Information may include IP address, device identifier, browser type, operating system, information regarding use of the Service, and data regarding network connected hardware (e.g., computer or mobile device). The methods that may be used on the Service to collect Usage Information include:
    1. Log information: Log information is data about use of the Services, such as IP address, browser type, Internet service provider, referring / exit pages, operating system, date / time stamps, and related data, and may be stored in log files.
    2. Information collected by cookies and other tracking technologies: Cookies, web beacons (also known as "tracking pixels"), embedded scripts, location-identifying technologies, fingerprinting, device recognition technologies, and other tracking technologies now and hereafter developed ("Tracking Technologies") may be used to collect information about interactions with the Service or e-mails.

4. Uses made of the information

1. To perform services for our Customers

We process Users’ Personal Data based on legitimate business interests, in order to provide Our Services, to comply with Our legal obligations, and/or with User’s consent when we are required to obtain it. We only use or disclose Personal Data when it is legally mandated or where it is necessary to fulfill those purposes described herein. Where required by law, we will ask for your prior consent before doing so. 

Specifically, we process Users’ Personal Data for the following legitimate business purposes:

  • To process account registration and manage accounts
  • To provide counseling services
  • To fulfill our obligations to user under the Terms of Use
  • To facilitate, manage, and personalize the Service
  • To prevent and address fraud, breach of policies or terms, and threats of harm
  • To respond to your correspondence or inquiries
  • To support safeguarding processes
  • To communicate with User about and manage User’s accounts
  • To properly store and track User data within our system
  • To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders
  • To handle technical support and other requests from User
  • To enforce and ensure User compliance with Our Terms of use or the terms of any other applicable services agreement We have with User
  • To manage and improve Our operations and the App, including the development of additional functionality
  • To evaluate the quality of service that User receives, identify usage trends, and thereby improve User’s experience
  • To keep Our App safe and secure for User, and for Us
  • To send User information about changes to Our terms, conditions, and policies

2. Aggregate and deidentified data

We may create and use aggregate and deidentified data derived from personal information for our own purposes, such as the improvement of the Service. We may also analyze personal information in aggregate form to operate, maintain, manage, and improve our Service. This aggregate data does not identify Users personally. We may share this aggregate data with our affiliates and Service Providers. We may also disclose aggregated user statistics in order to describe our Services to Customers and to other third parties for additional lawful purposes.

3. Research 

Our Research team conducts analysis of the Service using routinely collected service user usage data on the platforms or through surveys and interviews. The surveys and interviews may ask about your well-being, use and experience of Kooth or other services. We will only use your data in research projects if you have provided consent to do so, either during signup, after account creation or as part of the survey completions. This data may be shared with third-party research partners. You can add or withdraw consent at any time in your account preferences by sending a message through the website or app when logged in to Kooth.

4. For Our Own Marketing Purposes

We process your contact information or information about your interactions on our Services to: send you marketing communications and keep you updated about our products and services; provide you with informational content; and deliver targeted Kooth product marketing. We may periodically send you free newsletters and e-mails that promote our Services, and that we believe may be of interest to you. When you receive such promotional communications from us, you may have the opportunity to "opt-out" (or manage your email preferences by following the unsubscribe instructions provided in the e-mail you receive). We do need to send you certain administrative and transactional communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Services, this Policy, your treatment services, or information about billing and renewals, among others.

5. Disclosure of the information

1. Disclosures to third parties

Like many businesses, we hire other companies to perform certain business-related services (our "Service Providers"). We may disclose personal information to certain types of third-party companies pursuant to a written agreement, but only to the extent needed to enable them to provide such services. The types of companies that may receive Personal Data and their functions are: data storage services, hosting services, and disaster recovery services. All such third parties function as our agents, performing services at our instruction and on our behalf.

2. Within our corporate organization

We may also disclose personal information to our affiliates or parent company in order to support the delivery of the Service. Personal information may be disclosed between affiliate, subsidiary, and parent organizations of Kooth.

3. Mergers and acquisitions

Kooth may share your personal information, in connection with or during negotiations of any proposed or actual financing of our business, or merger, purchase, sale, joint venture, or any other type of acquisition or business combination of all or any portion of Kooth's assets, or transfer of all or a portion of Kooth's business to another company, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

4. Disclosure to governmental authorities

Under certain circumstances, personal information may be subject to disclosure to comply with the law, law enforcement, or other legal process, and, where permitted, in response to a government request. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

6. Information you disclose publicly or to others

User generated content
The Service may permit you to post or submit User Generated Content ("UGC") including, without limitation, written content, User profiles, audio or visual recordings, computer graphics, pictures, data, or other content, including personal information. If you choose to submit UGC to any public area of the Service, your UGC will be considered "public" and will be accessible by anyone, including Kooth and Customer. Notwithstanding anything to the contrary, unless otherwise explicitly agreed by us, personal information included in UGC is not subject to Kooth's usage or sharing limitations, or other obligations, regarding personal information under this Privacy Policy or otherwise, and may be used and shared by Kooth, Customer, and third parties to the fullest extent not prohibited by applicable law. Kooth encourages you to exercise caution when making decisions about what you disclose in such public areas. For more information on how UGC is treated, see the service's terms of use. California minors should see children's or parental rights regarding potential removal of certain UGC they have posted on the Service.

7. Cookies and Other Tracking Technologies

1. Third party services

The Service may include hyperlinks to websites, platforms, applications, or services operated by third parties ("Third-Party Service(s)"). These Third-Party Services may use their own cookies, web beacons, and other tracking technologies to independently collect information about you and may solicit personal information from you.

2. Social features

Certain functionalities on the Service permit interactions that you initiate between the Service and certain Third-Party Services, such as third-party social networks ("Social Features"). Examples of Social Features include: "liking" or "sharing" Kooth's content or logging in to the Service using a Third-Party account (e.g., using LinkedIn to sign in to the Service). If you post information on a Third-Party service that references Kooth (e.g., by using a hashtag associated with Kooth in a tweet or status update), your post may be used on or in connection with the Service or otherwise by Kooth. Also, both Kooth and the Third-Party may have access to certain information about you and your use of the Service and other Third-Party Services.

3. Analytics Services

Kooth may use Mixpanel or other Service Providers for analytics services. These analytics services may use cookies and other tracking technologies to help Kooth analyze Service users and how they use the Service. Information generated by these services may be used for purposes such as evaluating your use of the Service, compiling statistic reports on the Service's activity, and providing other services relating to Service activity and other Internet usage. If the Service is for children under the age of 13, we will use third party tools to indicate that the personal information must be processed in accordance with COPPA.

4. Web Beacons

Web Beacons, also known as web bugs or pixel tags are tiny graphics with a unique identifier that are included on our website to deliver or communicate with cookies, in order to track and measure the performance of our website and Services, monitor how many web visitors we have, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s device, Web Beacons are typically embedded invisibly on web pages. NOTE: Web Beacons do not monitor users once they have logged into the Kooth Service.

5. Third-party data processing practices
Information collected, stored, and shared by third parties remains subject to their privacy policies and practices, including whether they continue to share information with Kooth, the types of information shared, and your choices on what is visible to others on Third-Party Services. Kooth is not responsible for, and makes no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Service Providers and Third-Party Services associated with the Service. We encourage you to familiarize yourself with and consult their privacy policies and terms of use. We do not recognize browser "Do Not Track" signals.

6. Cookies on Kooth

Kooth allows the following services to collect cookies about how users engage with the site:

 

Name:

tracking-preferences

Provider:

Kooth

Expiry:

Session

Purpose:

We store a cookie in your browser that remembers the choice you made about the use of Analytics or Marketing cookies. This is a necessary cookie and will not be used for any gathering of information.

Name:

ajs_user_id

Provider:

Mixpanel

Expiry:

Session

Purpose:

We use Analytics cookies to enable us to use tools to gather anonymous data about how you use (Kooth/Qwell) in order to better improve the user experience for all of our users.

Name:

ajs_anonymous_id

Provider:

Segment

Expiry:

Session

Purpose:

We use Marketing cookies to enable us to use tools to gather anonymous data about how you found out about (Kooth/Qwell) in order to better understand how to reach more users.

Name:

bv-campaignId

Provider:

Acuity Ads / Illumin

Expiry:

100 days

Purpose:

We use cookies from Acuity Ads to monitor advertising performance. These are anonymous cookies that are used to track registrations from targeted campaigns

Name:

auid

Provider:

Acuity Ads / Illumin

Expiry:

360 days

Purpose:

We use cookies from Acuity Ads to monitor advertising performance. These are anonymous cookies that are used to track registrations from targeted campaigns.

Name:

clickid-campaignId

Provider:

Acuity Ads / Illumin

Expiry:

100 days

Purpose:

We use cookies from Acuity Ads to monitor advertising performance. These are anonymous cookies that are used to track registrations from targeted campaigns

Name:

optOutCookie

Provider:

Acuity Ads / Illumin

Expiry:

Forever

Purpose:

We use cookies from Acuity Ads to monitor advertising performance. This cookie will ensure you are opted-out of Acuity Ads’ cookies if you have manually opted-out.

Name:

aum

Provider:

Acuity Ads / Illumin

Expiry:

30 days

Purpose:

We use cookies from Acuity Ads to monitor advertising performance. These are anonymous cookies that are used to track registrations from targeted campaigns

 

7. Managing Cookies

First-Party Cookies - If you prefer not to receive cookies while browsing our website, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. This will enable you to decide if you want to accept it or not. If you do not accept cookies, you may not be able to use all portions or features of your browser software or this site. 

Third-Party Cookies - Some third-party services providers that we engage (including third-party advertisers) may also place their own cookies on your device. Note that this Policy covers only our use of cookies and does not include use of cookies by third parties. 

For more information on how to control and/or delete cookies see https://aboutcookies.org. You can delete all cookies that are already on your computer and set most browsers to prevent them from being placed. 

8. Accessing and changing information

Kooth may provide web pages or other mechanisms allowing you to delete, correct, or update some of your personal information. Kooth will make good faith efforts to make requested changes in Kooth's then-active databases as soon as practicable, but it is not always possible to completely change, remove or delete all of your information or public postings from Kooth's databases (California minors see children's or parental rights) and residual and/or cached data may remain archived thereafter. Further, we reserve the right to retain data (a) as required by applicable law; and (b) for so long as reasonably necessary to fulfill the purposes for which the data is retained except to the extent prohibited by applicable law.

9. Children's or parental rights

  1. Applicable law may grant children or parents the right to access, review, refuse further collection of, or delete the Personal Information collected from the child online. Because Kooth is not the controller of the personal information, we are not able to respond to such requests directly. To exercise these rights, please contact the controller with your request.

  2. Any California residents under the age of eighteen (18) who have registered to use the Service, and who posted content or information on the Service, can request removal by contacting the controller, detailing where the content or information is posted and attesting that you posted it. Once directed by the controller, Kooth will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, the content may have been republished or archived content by search engines and others that Kooth does not control.

  3. Kids Privacy Assured by PRIVO: COPPA Safe Harbor Certification

Kooth USA LLC is a member of the PRIVO Kids Privacy Assured COPPA safe harbor certification Program (“the Program”). The Program certification applies to the digital properties listed on the certification page that is viewable by clicking on the PRIVO Seal. PRIVO is an independent, third-party organization committed to supporting online services to safeguard children’s personal information collected online. The PRIVO COPPA safe harbor certification Seal posted on this page indicates Kooth USA LLC has established COPPA compliant privacy practices and has agreed to submit to PRIVO’s oversight and consumer dispute resolution process. If you have questions or concerns about our privacy practices, please contact us at +44 020 3984 9337 or privacy@kooth.com . If you have further concerns after you have contacted us, you can contact PRIVO directly at privacy@privo.com.

 

10. Information security

Kooth will exercise reasonable efforts to safeguard the confidentiality of personal information we process. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Our Users’ Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to Users. However, transmissions protected by industry standard security technology and implemented by human beings cannot be made absolutely secure and Kooth does not guarantee the security of your information collected through the Service.


11. Privacy policy changes

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will post any changes on our Service as soon as they go into effect. By accessing our Service after we make any changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.

 

12. Retention

We will retain Personal Data for as long as you maintain a User Account and in accordance with regulatory and contractual obligations. The exact period of retention will depend on the type of Personal Data and applicable law. We keep Personal Data for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate business purpose outlined in this Privacy Policy. At the end of the applicable retention period, We will remove Personal Data from our databases and will request that our Business Partners remove Personal Data from their databases. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing of such data. We retain anonymized data indefinitely.

 

13. California Residence

The California Consumer Privacy Act (“CCPA”) grants California residents some additional privacy rights. Importantly, the CCPA does not include “protected health information” that is governed by HIPAA. Our Notice of Privacy Practices will govern HIPAA protected health information. This section, in contrast, will cover information on California residents who visit our Website and App but are not identifiable as patients, and information on California residents that we otherwise create or receives but that is not subject to HIPAA. This section applies to both information that we collect through our website or App and information it creates or receives offline, including hard copy information.

If you are in California, this is information about what we collect, how we use it, and how it may be shared.

The following lists the categories of information we collect about California residents, describes how we use the information, and lists the categories of third parties with whom the information has been shared during the previous twelve months.

Sources of Information

Use of Information

Sharing of Information

Directly from Users or Users' devices, for example from forms completed. 

We collect such information to communicate with Users, including for marketing purposes; to operate the Website and the App.

We share this information with certain service providers who help us process and use the information subject to written agreements.

We do not Sell this information.

We collect this information directly from Users, for example, through the sign up process

We collect such information for communication and marketing purposes, and to operate the Website and the App.

We share this information with certain service providers who use the information as described above. 


We do not Sell this information.

We collect this information automatically from Users computer or device.

We collect such information to provide and improve the Website and App.

We share this information with certain service providers who use the information as described above. 


We do not Sell this information.

Collected from the User device

Used to provide customized content based on location from a device.

We do not Sell this information.

 

Consumers have the following rights under the CCPA: 

  • Right to Know. Users can request their Personal Information and we will provide it once the request is verified. See "Exercising Your Rights" for more information. 
  • Right to Delete. Users have the right to request the deletion of their collected Personal Information.
  • Right to Opt-Out of the Sale of Personal Information. We do not Sell your Personal Information. 
  • Right to Nondiscrimination. Users have the right to exercise thier CCPA rights without fear of discriminatory treatment. We will not discriminate against Users for exercising any of their CCPA rights.  

Exercising Your Rights. To request account deactivation, Users can contact us at thoughts@kooth.com. To initiate a request to access your information, Users can contact us at privacy@kooth.com. As stated above, we do not Sell Users Personal Information.

  • Only Users, or someone that a user authorize to act on their behalf, may make a request related to their Personal Information. An authorized agent may make a request on a Users behalf  must be provided in writing and signed by the User. 
  • We will need to confirm the Users identity or the identity of the Users authorized agent, before processing the request by asking the User to log into their existing account (if they are a registered user) or by asking you for additional information, such as a government issued ID, to confirm Users identity against information we have already collected. 
  • Please note that Users may only make a request for access twice within a 12-month period.

14. Accountability

How to contact us.

If you have a question about this policy statement, you may contact Kooth at 167 North Green Street Chicago, IL, 60607, USA or by e-mail at privacy@kooth.com


Terms of use

If a Customer chooses to use Kooth's services, Customer's action is hereby deemed acceptance of Kooth practices described in this policy statement.