Privacy Policy

This Privacy Policy applies to www.thrivetalk.com and any visitor or registered client of ThriveTalk, Inc. (“ThriveTalk”, “we”, “our”). It does not apply to third-party sites linked from ours.

Therapy delivered by an independently licensed clinician through ThriveTalk is also governed by the federal Health Insurance Portability and Accountability Act (HIPAA) and our separate Notice of Privacy Practices, which your matched clinician will provide to you in writing before your first session.

We collect three categories of information:

• Information you give us when you complete the intake form, request a match, message support, or correspond with us — your name, email, phone number, state of residence, insurance information, the reason you’re seeking care, scheduling preferences, and anything else you choose to share.
• Protected Health Information (PHI) generated during therapy — clinical notes, assessments, diagnoses, and treatment plans. PHI is created and held by your treating clinician under HIPAA and is never used for advertising.
• Technical information from your device — IP address, browser type, pages viewed, referrer, device identifiers, and cookies/local-storage values needed for the site to function and to measure aggregate usage.

• To match you with a clinician licensed in your state.
• To verify your insurance benefits with your insurer when you’ve asked us to.
• To operate, secure, and improve our website and matching service, including diagnosing technical errors and preventing fraud or abuse.
• To send you transactional messages (intake confirmations, scheduling reminders, security alerts, and policy updates).
• To send you optional marketing communications you have agreed to receive — you can unsubscribe at any time using the link in every marketing email.

We do not sell your personal information, and we do not use your clinical information to train advertising models or third-party AI products.

We share information only with vetted parties who need it to provide ThriveTalk to you:

• Your matched clinician(s) and the limited members of our care team who coordinate your match.
• Service providers (telehealth video, secure messaging, scheduling, billing, payment processors, analytics, email delivery, error monitoring, and cloud hosting) operating under written agreements that restrict their use of the data. Vendors that handle PHI sign HIPAA Business Associate Agreements with us.
• Your insurer, when you have asked us to verify benefits or submit claims on your behalf.
• Government authorities, only when required by law (subpoena, court order, mandatory reporting), and only to the minimum extent required.

If ThriveTalk is ever involved in a merger, acquisition, or sale of assets, your information may be transferred to the successor, subject to this policy.

You can ask us, at any time, to:

• Confirm what information we hold about you.
• Correct inaccurate information.
• Delete your account and the personal information associated with it. Note: HIPAA requires us to retain certain clinical records for a minimum number of years even after deletion of your account.
• Receive a portable copy of the information you provided to us.
• Withdraw consent for marketing emails, cookies that are not strictly necessary, or any optional data sharing.

California, Colorado, Connecticut, Virginia, Utah, and other state privacy laws give residents specific rights around access, deletion, correction, and opting out of “sales” or “sharing” of personal information. We honor these rights for all U.S. residents regardless of state.

To exercise any right, email privacy@thrivetalk.com or use the form on our contact page. We respond within 30 days.

Information is encrypted in transit using TLS 1.2+ and at rest using AES-256. Telehealth sessions are end-to-end encrypted. Access to personal and protected health information is limited to staff and contractors with a documented need to know, all of whom are trained on HIPAA and on our internal security policies.

No system is perfectly secure. If we ever experience a breach that affects your information, we will notify you and the appropriate authorities within the timeframes required by applicable law (HIPAA §164.404 and state breach-notice statutes).

ThriveTalk’s services are intended for adults and for adolescents (13–17) whose parent or legal guardian has consented in writing. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us information, please contact us so we can delete it.

We update this policy from time to time. When we make material changes, we will revise the “Last updated” date above and, where appropriate, notify you by email or in-product banner before the change takes effect.

Questions about this policy or about how we handle your information? Email privacy@thrivetalk.com or write to ThriveTalk Privacy, Attn: Privacy Officer, at the address listed on our contact page.