Headway Privacy Policy

Last Updated: August 8, 2023

This Headway Privacy Policy describes how Therapymatch, Inc. d/b/a Headway and our subsidiaries and affiliated companies (collectively, “Headway”, “we”, “us”) collect, use, and disclose information about you. This Privacy Policy applies to information we collect from you as a consumer when you access or use our websites, mobile applications, and other online products and services, or when you otherwise interact with us where we provide this Privacy Policy, such as through our customer support channels (collectively, “Services”). In some circumstances, we may provide different or additional notices of our privacy practices to the extent they apply to you because of the product or services you obtain from us, the capacity in which you engage with us, or different laws that may apply. For example, if you interact with us for products and services covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), our Notice of Privacy Practices applies to you and not this Privacy Policy. If you are a resident of California or Colorado, the Additional California and Other State Notice and Privacy Rights applies to you. If you engage with us in a commercial or business capacity, including as a Provider or a Health Plan representative, please see our California Privacy Notice for Business Customers.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. We may also provide you with additional notice (such as by adding a statement to the Services or sending you a notification), such as in connection with making material changes to this Privacy Policy. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

Notice of Collection and Uses of Information

We collect and use your information in a variety of ways. We collect information you provide directly to us. For example, we collect information directly from you when you create an account, fill out a form, request Services or customer support, or otherwise communicate with us. We also collect certain information from you or your device automatically when you interact with our Services such as activity or usage information. We use this information to provide you Services and for other business purposes. The types of information about you that you provide and that we collect automatically are listed below along with our uses of that information.

Category and Types of Personal InformationUses of Personal Information
Headway generally collects the Personal Information described below as part of our HIPAA covered products and services. We describe below certain information we might collect to the extent you interact with Headway as a consumer (where HIPAA does not apply), along with our uses of that information.
  • Identifiers, including name, user name, email address, postal address, online identifier, IP address
  • Customer records, including name, user name, email address, photos, postal address, telephone number
  • Commercial information, including records of products or services purchased, obtained, or considered, and other purchasing or consuming histories
  • Providing services, including maintaining and servicing accounts, improving, and developing new products and services, debugging and repairing errors in our Services
  • Providing customer service
  • Processing or fulfilling transactions
  • Verifying customer information
  • Processing payments
  • Communicating with you
  • Direct marketing
  • Analytics
  • Security
  • Characteristics of protected classifications, including age, gender, race, and ethnicity
  • Providing services, including maintaining and servicing accounts, improving, and developing new products and services, debugging and repairing errors in our Services
  • Providing customer service
  • Processing or fulfilling transactions
  • Direct marketing
  • Analytics
  • Internet or other electronic network activity information, including browsing history, search history, information regarding your interaction with the Services or ads, internet service provider, device ID, cookie or other tracking information
  • Providing services, including maintaining and servicing accounts, improving, and developing new products and services, debugging and repairing errors in our Services
  • Providing customer service
  • Verifying customer information
  • Direct marketing
  • Analytics
  • Security
  • Geolocation data, including approximate location based on IP address
  • Providing services, including maintaining and servicing accounts, improving, and developing new products and services, debugging and repairing errors in our Services
  • Verifying customer information
  • Direct marketing
  • Analytics
  • Security
  • Audio, such as call recording.
  • Providing services, including maintaining and servicing accounts, improving, and developing new products and services, debugging and repairing errors in our Services
  • Providing customer service
  • Verifying customer information
  • Security
  • Sensitive personal information, including account log in and password, consumer health data, information relating to sex life or sexual orientation, age, gender, race, and ethnic information.
  • Providing services, including maintaining and servicing accounts
  • Providing customer service
  • Analytics
  • Processing or fulfilling transactions

  • In addition, we may use the above categories of information to create de-identified, anonymized, or aggregated information that no longer identifies or relates to a specific person. We use such de-identified, anonymized, or aggregated information in accordance with applicable law.
  • We may also use the personal information listed above to comply with legal and financial obligations and/or to carry out any other purpose described to you at the time the information was collected.
  • Additionally, if you make a payment through our Services, we work with a third-party payment processor that collects and processes your payment information, and we do not directly handle your payment card information.

Information We Collect from Other Sources

In addition to collecting information from you, we obtain information from other sources. For example, we may collect and process information from Providers and Health Plans that use our Services.

Information We Derive

We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address.

Retention of Personal Information

We will retain your Personal Information for as long as reasonably necessary to carry out the purposes disclosed in this policy.

Disclosure of Information

We disclose the following categories of personal information to the recipients described below for the following business purposes or as otherwise described in this policy:

Category of Personal InformationRecipients and Purposes of Disclosure
Headway generally discloses the Personal Information described below as part of our HIPAA covered products and services. We describe below certain information we might disclose to the extent there might be instances where HIPAA does not apply, along with our purposes of disclosure of that information.
  • Identifiers
  • Customer Records
  • Commercial Information
  • Characteristics of protected classifications
  • Internet or other electronic network activity information
  • Service Providers and Contractors that perform services on our behalf or that assist us with our business purposes described above, including Internet service providers, data analytics service providers, data management providers, operating systems and platforms, payment processors, fulfillment partners, customer support partners, marketing service partners, and fraud prevention partners
  • Geolocation data
  • Sensitive Personal Information
  • Service Providers and Contractors that perform services on our behalf or that assist us with our business purposes described above, including Internet service providers, data management providers, operating systems and platforms, payment processors, fulfillment partners, customer support partners, marketing service partners, and fraud prevention partners

In addition, we may disclose any of the categories of personal information listed above for the following purposes:

  • We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
  • We may disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Headway, our users, the public, or others.
  • We disclose personal information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
  • We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
  • Personal information is disclosed between and among Headway and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
  • We disclose personal information with your consent or at your direction.

We also use and disclose aggregated or de-identified information that cannot reasonably be used to identify you.

Advertising and Analytics

This section describes how we collect and use non-HIPAA covered information on our Services for our analytical purposes. We engage service providers and/or contractors to provide analytics services across the web and in mobile apps subject to certain written agreements where required by law. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. Headway and others may use this information to, among other things, analyze and track data, determine the popularity of certain content, and better understand your online activity.

Google Analytics. We use analytic services such as Google Analytics to manage our operations and better understand how you engage with the Services we provide to you. More specifically, we use Google Analytics to analyze information regarding visits to our Services, including, for example, to measure traffic and flow to our Services, frequency and duration of visits to our site, and how visitors come to our site. Click here to learn about the different ways How Google uses information from sites or apps that use its services, including for analytics, and see the Google Privacy Policy to learn more about its privacy practices and how you can manage your privacy preferences.

Transfer of Information to the United States and Other Countries

Headway is headquartered in and offers Services to those in the United States, and we have operations and vendors in the United States and other countries. Therefore, we and those that perform work for us may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law.

Your Choices

Account Information

You may update and correct certain account information at any time by logging into your account and editing your information. If you wish to deactivate your account, please contact compliance@findheadway.com, but note that we may retain certain information as required by law or for our legitimate business purposes.

Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.

Additional California and Other State Notice and Privacy Rights

The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.), as amended by the California Privacy Rights Act (“CPRA”), affords consumers residing in California certain rights with respect to their personal information. Privacy laws in Colorado also provide consumers residing in that state certain rights with respect to their personal information. So, in addition to the notices provided above, if you are a California or Colorado resident, this section applies to you as indicated.

California Sales and Sharing of Personal Information

California law requires that we provide transparency about personal information we “sell” or “share.” “Sale,” for the purposes of the CCPA, broadly means scenarios in which we have disclosed personal information with partners in exchange for valuable consideration, while “sharing” means we have disclosed information to a third party for cross-context behavioral advertising. In addition, the CCPA has been interpreted to deem this “sharing” to also be a form of “sale.” Accordingly, in the preceding twelve (12) months, Headway has not “sold” or “shared” your personal information to or with third parties for cross-context behavioral advertising, such as targeting of advertising to you based on your personal information obtained from your activity across businesses, websites, apps, and services other than our Services. See the Targeted Advertising and Analytics section above for more information about behavioral advertising.

We do not knowingly sell or share personal information about consumers under the age of 16.

Information Relevant to Other States

Colorado's privacy law requires that we notify you if we use your information for Targeted Advertising. Targeted Advertising means displaying advertisements to you where the advertisement is selected based on personal information obtained from your activities over time and across nonaffiliated websites or online applications to predict your preferences or interests. We do not use your personal information for targeted advertising.

Privacy Rights

Subject to certain limitations, you have the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose, (2) request correction of your personal information, (3) request deletion of your personal information, and (4) not be discriminated against for exercising these rights. You may make these requests by sending an email to privacyrights@findheadway.com. If we need to further verify your request, we may do so by asking you to provide information related to your interactions with us.

If we deny your request, you may appeal our decision by contacting us at privacyrights@findheadway.com. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.

Opt-out Preference Signals

Some browsers allow you to enable privacy-controls in the browser's settings to automatically signal your opt-out preference to the websites you visit (e.g., Global Privacy Control). To the extent we are required to offer opt-outs through Global Privacy Control, we honor these signals as a valid request to opt-out of the sharing of information linked to your browser. Please be aware, however, that opt-out preference tools are limited to the browser or device you are using. Also, to maintain your privacy preferences, your browser may save some information in its cookies and cache, and if you clear cookies, you may remove your opt-out preferences so that you may have to opt-out again.

If we receive your request from an authorized agent and they do not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you are an authorized agent seeking to make a request, please contact us at privacyrights@findheadway.com.

Contact Us

If you have any questions about this Privacy Policy, please contact us at compliance@findheadway.com.