Last Updated 13 September 2020.

Your privacy is very important to us so we have taken several steps to protect your information and put you in control. We provide this privacy policy (“Privacy Policy”) explaining our online information practices and the choices you can make about the way your information is collected, used, and disclosed by this Platform.

We encourage you (“user” or “visitor”) to read this Privacy Policy carefully before providing any personal information on the Platform. By visiting or using our Platform you are accepting the practices described in this Privacy Policy and you are consenting to the collection and processing of your personal information as described in this Privacy Policy.

Collection of Information

We collect “personal information” about users of the Platform in the normal course of our business and to provide the Platform to you. As used in this Privacy Policy, “personal information” is information that identifies or is capable of being associated with an identifiable person. Examples of personal information include, but are not limited to, your name, email address, phone number, information about your health and medical history that you may provide while using or communicating through the Platform, billing and payment information, profile information, log data, information related to the Services or your need for Services, and any information which is exchanged between you and your expert.

Personal information does not include aggregate, anonymised, or de-identified information (collectively, “Aggregate Information”). “Aggregate Information” is information gathered or generated directly by the use of the Platform, such as information collected about Platform users, or a category of users, from which any personal information has been removed. An example of Aggregate Information would be a report stating that forty-seven percent of the Platform’s registered users have identified themselves as male.

We will never sell or rent any personal information you share on the Platform. Other than in the limited ways detailed in this Privacy Policy, we will never use or disclose any personal information unless you specifically and explicitly request or approve us to do so.

We collect your personal information:

• When you sign up for an Account with us – we will ask for and collect personal information such as your name, a valid email address, and birthdate. We need this information to provide you with the Services.


• When you access the Services and when you contact or correspond with us or experts via the Platform. If you purchase paid Services, personal information such as billing name, address and credit card payment information will be collected to process payment.


• From surveys. This information is used to improve the content of our web pages, the quality of our Platform.


• When you sign up to receive news and other content about new and existing products and services related to the Platform – you will be asked to provide personal information, including your name, and an email address.


• When you use our Platform – we will store, process, and transmit information such as your computer, Internet Protocol address, pages that you visit, and the amount of time spent on those pages, actions you take, and other statistics


• Occasionally to review the chat transcripts between users and experts to conduct quality control, address potential safety issues, and prevent misuse of our Platform, if certain suspicious or potentially harmful activity is detected. We may also use aggregated data from chat transcripts to conduct research and development. In reviewing this information, we will maintain all applicable confidentiality/HIPAA/privacy standards.


• If you need technical support related to the Platform. When you contact us, we keep a record of your email address, description of the issue, email, and chat communications to address and resolve any issues you are facing.


• By using cookies to identify Platform users and to customise user experiences on the Platform. To learn more about our cookie policy, click here. Additionally, we may use, and may allow third parties to use, web beacons and other technologies to monitor the effectiveness of advertising or for other legitimate purposes.

Use of Collected Information

We use the personal information we collect:

• To create and log into your Account and to use the Platform


• To manage your Account, provide you with customer support, and ensure you are receiving quality service.


• To send you emails pertaining to our verification process and our policies.


• To respond to any questions, problems or complaints, or request feedback.


• To investigate and help prevent potentially unlawful or fraudulent activity or activity that threatens the network or otherwise violates the Agreement.


• To contact you or provide you with information, alerts and suggestions that are related to the Platform and Service.


• For billing-related purposes.


• To reach out to you, either ourselves or using the appropriate authorities, if either we or a expert have a good reason to believe that you or any other person may be in danger or may be either the cause or the victim of a criminal act.


• To match you with a expert.


• To provide, support, develop, enable, facilitate, supervise, administer, monitor, measure, and improve the quality and effectiveness of the Platform and the Services.


• Market the Platform and services to you.


• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.


• To comply with applicable state and federal laws, including, but not limited to laws related to protecting client and public health and safety.


• To personalise your Platform experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Platform, third-party sites, and via email or text message (with your consent, where required by applicable law).

Disclosure of Information

We do not rent, sell or disclose personal information to third parties without your prior consent, except as described in this Privacy Policy. We may share personal information when we have your consent to do so, when required by law, when required to protect our rights or property, as necessary to complete a transaction you have requested, or for marketing purposes. We may disclose personal information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this Privacy Policy. We reserve the right to use and disclose any non-personal or Aggregate Information that we collect. We may use third party service providers to assist us with the administration of the Platform or to perform other services for us, including transaction processing and sending emails.

We may employ third party companies and individuals to facilitate our Platform, to perform certain tasks which are related to the Platform, or to provide audit, legal, operational or other services for us. These tasks include, but not limited to, customer service, technical maintenance, delivering ads, monitoring, email management and communication, database management, billing and payment processing, reporting, and analytics. We will share with them only the minimum necessary information to perform their task for us and only after entering into appropriate confidentiality agreements.

Your Choice and Acces

• Cookies, Web Beacons, and Other Technologies: If you want to disable cookies, web beacons, and other technologies please refer to our Cookie Policy here.


• Marketing Communications: If you receive marketing communications from us and would no longer like to be contacted by us, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by sending us an email request to be opted out of marketing communications to info@nibouapp.com.


• Access and Correction: If you would like to access, correct, amend or delete any of your personal information collected or held by us through the Platform, you may do so through your account settings, if applicable, or by sending us an email to info@nibouapp.com. We will respond to such requests within thirty (30) days of receipt or as otherwise required by applicable law.

International Transfers

We may provide the Platform and Services globally. As a result, we may, at all times subject to applicable law, transfer and store your personal information, in connection with the Platform and Services, to countries where data protection standards may differ from those in the country where you reside. By using the Platform, you understand, acknowledge, and agree that we may transfer your personal information globally. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries will be entitled to access your personal information. However, our transfer, storage, and processing of your personal data will at all times be in accordance with this Privacy Policy.

User of the Platform by Minors

We do not intend, and the Platform is not designed, to knowingly collect personal information from anyone under the age of 18. If you are under the age of 18 you should not register with or otherwise provide personal information on our Platform.

Data Protection and Security

Protecting the privacy and integrity of your data is an absolutely critical priority for us. We use reasonable security measures in an effort to prevent loss, misuse and alteration of information under our control. We have taken the following steps to demonstrate and execute on this commitment:

• Control of Processing
  Our customers have control over the types of data that we can collect and access on their behalf. All sensitive data is always treated with the utmost care.
  
  We comply with international data protection laws and principles outlined in the General Data Protection Regulation(“GDPR”) which means that data will be:
  a. Used lawfully, fairly and in a transparent way.
  b. Collected only for valid purposes and not used in any way that is incompatible with those purposes.
  c. Accurate and kept up to date.
  d. Maintained only for as long as necessary.
  e. Kept securely and protected against unauthorised or unlawful processing and against loss or destruction using appropriate technical and organisational measures.
  


• Access Control and Authentication
  We use industry best practices for authentication and authorisation. Further, data access is governed by the principle of least privilege, and strict controls are in place to limit access.


• Encryption and Data protection
  We follow industry best practices to deploy encryption for data in transit and at rest, to ensure that data is protected at all times.


• Vulnerability Management
  We conduct regular assessments on critical systems with the intent of finding system and application vulnerabilities. This proactive approach to security allows us to mitigate weaknesses before they are attacked.


• Breach Detection and Response
  We use a managed solution for safeguarding applications running on our Platform and a threat detection service that continuously monitors for malicious activity and unauthorised behavior. We also log access requests and usage of the Platform to further facilitate security incident monitoring and response
  
  In the event that a security incident is detected, the we will act promptly to identify, contain, mitigate, and recover any ill-effects of the incident. We use every incident as an opportunity to improve our systems and to be proactive in mitigating future ones.


• Infrastructure and Security by Design
  Our Platform has been designed with the security of our end-user’s data in mind, and a defence in depth approach has been adopted, which provides multiple layers of security controls to protect data each step of the way.


• Data Minimisation and Pseudonymisation
  We only collect the least amount of data that is necessary to operate our Platform and deliver the Services. Data anonymisation is implemented where appropriate in order to further protect it.


• Data Privacy
  We keep sensitive data strictly confidential and subject to confidentiality obligations by our staff. We do not permit any person to process sensitive data who is not under such a duty of confidentiality.

We cannot, however, guarantee protection of all information against interception, misappropriation, misuse, or alteration, or that your information may be not be disclosed or accessed by accidental circumstances or by the unauthorised acts of others. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform or in your operating system. Furthermore, we have no control over the security of other sites you might visit, interact with or do business with.

Retention of Personal Information

We retain personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.

Compliance with Law and Law Enforcement

We cooperate with government and law enforcement officials to enforce and comply with applicable law. We may disclose information necessary or appropriate to protect the safety of the public or any person, to respond to claims and legal process (including but not limited to subpoenas), to initiate, render, bill, and collect for amounts owed to us, to protect our rights or property, and to prevent or stop activity that may be illegal or dangerous. You should also be aware that experts may be obliged to disclose information to law enforcement or other authorities to conform to their professional and legal responsibilities. Specifically, and without limitation, you should be aware that the law requires mental health professionals to disclose information and/or take action in the following cases: (a) reported or suspected abuse of a child or vulnerable adult; (b) serious suicidal potential; (c) threatened harm to another person; (d) court-ordered presentation of treatment.

General Data Protection Regulation (GDPR) Notice

If you are from the European Union and you are using our Platform or services, it is necessary for us to use your personal information:

• To perform our obligations in accordance with any contract that we may have with you.
  
• It is in our legitimate interest or a third party's legitimate interest to use personal information in such a way to ensure that we provide the Platform in the best way that we can.
  
• It is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
  

You can view and edit any personal data that you have provided to us using this website. Automated processing of your Personal Information is necessary to operate the Platform effectively and to provide counseling and related services.

DigitalOcean is the controller with respect to your personal information. You can contact us with questions, concerns, or objections about this Privacy Policy or about your personal information by sending an email to hello@nibouapp.com.

Changes to this Privacy Policy

We may update this Privacy Policy at our sole discretion. We will notify you of such changes only by posting the new policy on our Platform and indicating at the top of the Privacy Policy the date it was last updated. We encourage you to review the Privacy Policy each time you visit or use our Platform to see if it has been updated since your last visit to make sure you understand how personal information you provide will be used.

Contacting Us

If you have any questions or concerns about this Privacy Policy or our privacy-related practices, please contact us by sending an email to hello@nibouapp.com.