Home Policies Information Sharing & Disclosure

Information Sharing & Disclosure Policy

Transparency about how we collect, protect, and share your information. Your privacy and confidentiality are at the core of everything we do at SereneMind.

Effective Date: January 15, 2025 Last Updated: November 10, 2025 Compliant with HIPAA & GDPR

Introduction

At SereneMind, we recognize that sharing personal and health-related information requires immense trust. This policy outlines how we collect, use, share, and protect your information in compliance with applicable privacy laws, including HIPAA, GDPR, and relevant state/provincial regulations.

Confidentiality Promise

Your therapy sessions, mental health assessments, and personal communications with our licensed professionals are strictly confidential and will never be shared without your explicit consent, except as outlined in this policy.

Information We Collect

1. Personal & Contact Information

Name, email, phone number, mailing address, date of birth, and emergency contact details.

2. Health & Clinical Information

Mental health history, treatment notes, therapy session recordings, self-assessment results, mood tracking data, and progress reports generated during your care.

3. Technical & Usage Data

Device information, IP address, browser type, app usage patterns, session duration, and feature interactions to improve platform functionality and user experience.

4. Payment & Billing Information

Subscription details, insurance information (if applicable), and billing records. Payment data is processed by PCI-DSS compliant third-party providers and is never stored on our servers.

How & When We Share Information

We do not sell, rent, or trade your personal information. Sharing only occurs under the following circumstances:

  • With Your Consent: You may authorize specific sharing with healthcare providers, family members, or insurance companies through our secure client portal.
  • Healthcare Professionals: Information is shared only with your assigned therapists, care coordinators, or consulting physicians directly involved in your treatment.
  • Service Providers: Trusted third parties (e.g., cloud hosting, billing processors, analytics) bound by strict data processing agreements that prohibit secondary use of your data.
  • Insurance & Billing: Only the minimum necessary information required for claims processing or payment verification.

Mandatory Disclosures

In limited circumstances, we are legally required to disclose information without your consent. These include:

  • Imminent Harm: If there is a serious and imminent threat to your safety or the safety of others, we may disclose information to prevent harm, including contacting emergency services.
  • Abuse & Neglect: Legal mandates requiring reporting of suspected child, elderly, or vulnerable adult abuse.
  • Court Orders & Subpoenas: When compelled by valid legal process, we will disclose only the information legally required and will notify you unless prohibited by law.
  • Public Health Emergencies: Reporting required by public health authorities during disease outbreaks or health crises.

Your Rights & Controls

You maintain control over your information throughout your relationship with SereneMind. Your rights include:

  • Access & Review: Request a copy of your records or view them directly in your client portal.
  • Correction: Request amendments to inaccurate or incomplete information.
  • Restriction: Limit how your information is used or shared for non-essential purposes.
  • Data Portability: Export your data in a common, machine-readable format.
  • Deletion: Request erasure of your data, subject to legal retention requirements for clinical records.
  • Opt-Out: Unsubscribe from marketing communications at any time. Clinical communications cannot be opted out of to ensure care continuity.

To exercise any of these rights, contact our Privacy Officer or submit a request through your secure dashboard.

Security & Safeguards

We implement industry-leading technical and administrative safeguards to protect your information:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Multi-factor authentication and role-based access controls for all clinical staff
  • Regular third-party security audits and penetration testing
  • Strict employee confidentiality agreements and mandatory privacy training
  • Automated backup systems and disaster recovery protocols
  • Breach notification procedures compliant with legal timelines

Policy Updates

We may update this policy to reflect changes in technology, regulations, or our services. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last Updated" date at the top of this page will always reflect the current version.

Contact Us

If you have questions about this policy, want to exercise your rights, or need to report a concern, please reach out:

Privacy & Compliance Team
Email: privacy@serenemind.com
Phone: 1-800-555-MIND (6463)
Mail: SereneMind, Privacy Office, 100 Wellness Blvd, Suite 400, Portland, OR 97205

We respond to all inquiries within 5 business days. For urgent privacy concerns, please call our 24/7 clinical support line.

Questions About Your Data?

Our privacy team is here to help you understand and control your information. Reach out anytime.

Contact Privacy Team