1. Introduction

Mente360, Inc. ("Mente360," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our practice management software platform and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Services, including:

Account Information: Name, email address, phone number, practice name, and billing information when you create an account.
Practice Data: Client information, clinical notes, treatment plans, scheduling data, and billing records that you enter into the platform.
Communications: Messages you send through our support channels or feedback you provide.

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

Usage Data: Pages visited, features used, and actions taken within the platform.
Device Information: Browser type, operating system, device identifiers, and IP address.
Cookies and Similar Technologies: We use cookies to maintain session state and improve user experience.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Services
Process transactions and send related information
Send administrative messages, security alerts, and support communications
Respond to your comments, questions, and requests
Monitor and analyze trends, usage, and activities
Detect, investigate, and prevent fraudulent or unauthorized activities
Comply with legal obligations

4. Protected Health Information (PHI)

As a business associate under HIPAA, we handle Protected Health Information (PHI) on your behalf. Our use and disclosure of PHI is governed by our Business Associate Agreement (BAA) with you and applicable law. We will:

Only use and disclose PHI as permitted or required by our BAA and HIPAA
Implement appropriate safeguards to prevent unauthorized use or disclosure
Report any unauthorized use or disclosure of PHI
Ensure our subcontractors agree to the same restrictions

5. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: With third-party vendors who perform services on our behalf (e.g., payment processing, hosting, analytics)
Legal Requirements: When required by law, regulation, or legal process
Protection of Rights: To protect the rights, property, or safety of Mente360, our users, or others
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you have given us permission to share your information

6. Data Security

We implement industry-standard security measures to protect your information, including:

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Role-based access controls
Regular security audits and penetration testing
Multi-factor authentication
24/7 infrastructure monitoring

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. Upon account termination:

Your data is retained for 30 days to allow for reactivation
After 30 days, data is permanently deleted from our production systems
Backups are retained for up to 90 days before permanent deletion
Audit logs are retained for 7 years as required by HIPAA

You may request earlier deletion of your data by contacting us.

8. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Data Portability: Request a machine-readable copy of your data
Opt-Out: Opt out of marketing communications

To exercise these rights, contact us at privacy@gomente360.com.

9. Cookies and Tracking

We use essential cookies to maintain session state and provide core functionality. We use Cloudflare Web Analytics, which does not use cookies and does not track individual users.

You can configure your browser to refuse cookies, but this may limit your ability to use certain features of our Services.

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@gomente360.com
Mail: Mente360, Inc., [Address to be added]