Skip to main content

Privacy Policy

Version 2026-03-27 · Last updated March 27, 2026

This Privacy Policy explains how Bilateral Mind (EMDR Tappers) (“we”, “us”) collects, uses, and shares information about you when you use our websites, mobile and wearable applications, and related services (the “Services”).

1. Who we are and contact

Bilateral Mind (EMDR Tappers)
1014 Broadway #1420
Santa Monica, CA 90403
Email: help@emdrtappers.com

2. Scope

This Policy applies to the Services we operate. It does not apply to third-party websites, apps, or services, even if accessed via our Services.

3. Information we collect

  • Account identifiers: email, password hash, role (consumer/therapist), and related account metadata.
  • Session activity: session settings, history entries, device identifiers, IP address, app version, and crash/diagnostics logs.
  • Optional therapist inputs: name, title, practice, and BAA acceptance metadata.
  • Payments: processed by app stores or Stripe/RevenueCat; we do not store full payment instrument details.
  • Communications: messages you send to us (support, feedback) and your preferences.
  • Website analytics: pages visited, referral source, browser type, and device information, collected via Google Analytics on our marketing website (emdrtappers.com). You can opt out of analytics tracking via your browser settings or our cookie preferences.
  • Email communications: if you subscribe to our mailing list, we collect your email address and engagement metrics (opens, clicks) to improve our communications.

We do not require you to submit patient identifiers. If you are a therapist, avoid entering unnecessary patient identifiers in free-text fields.

4. How we use information

  • Provide, maintain, and improve the Services
  • Authenticate users and secure accounts
  • Sync sessions between devices
  • Process subscriptions and entitlements (via third parties)
  • Communicate with you about updates, security, and support
  • Create de-identified/aggregate data to improve the Services
  • Comply with legal obligations and enforce our terms

5. Legal bases (where applicable)

  • Contract (providing the Services)
  • Legitimate interests (security, improvements)
  • Consent (where required by law)
  • Legal obligations

6. Sharing

We share information with trusted service providers who help us operate the Services, including:

  • Authentication providers: to verify your identity and manage account access.
  • Payment processors: to process subscriptions and purchases.
  • Email delivery services: to send transactional and marketing emails.
  • Analytics: to understand website usage (marketing site only, not within the app).
  • Hosting and infrastructure: to store and serve application data.
  • Legal/disclosure: to comply with law, respond to lawful requests, or protect rights, safety, and security.

Upon written request, we will provide a current list of subprocessors within 10 business days. We do not sell or share personal information with third parties for their marketing purposes.

7. Data retention

  • Account data: retained while the account is active; core records may be retained for up to 3–7 years.
  • Logs/diagnostics: typically retained 30–180 days.
  • Session history: retained while your account is active, subject to storage limits; not a medical record.
  • Deleted accounts: upon account deletion, all personal data is removed immediately. A non-identifying record (no email, no name) is retained for audit and compliance purposes. Payment transaction records may be retained for up to 7 years for tax and legal obligations.

8. Security

We use administrative, technical, and physical safeguards designed to protect information. No system is perfectly secure; we cannot guarantee absolute security. In the event of a security breach affecting your personal information, we will notify affected users without unreasonable delay, as required by applicable law.

9. Your choices and rights

  • You can access and update certain account information within the app.
  • You can opt out of some marketing communications by following instructions in emails.
  • Depending on your region, you may have rights to access, correct, delete, or port your information. Contact us to exercise rights.
  • California residents may have additional rights under California law.
  • EEA/UK residents may have rights under GDPR, including the right to lodge a complaint with a supervisory authority.
  • Account deletion: You can delete your account in Settings → My Profile. All personal data is removed immediately upon deletion, including session history, client records, and account information.

10. HIPAA and professional use

For therapists/clinics onboarded under a signed BAA, handling of Protected Health Information (PHI) is governed by the BAA and applicable HIPAA/HITECH rules. For consumer/self-guided use, HIPAA typically does not apply to your use of the Services.

11. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

12. International transfers

Your information is processed and stored in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction. Where required, we implement appropriate safeguards for international transfers.

13. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified as required by law, and the “Last Updated” date will be revised.

14. Contact

Questions about this Policy? Contact: help@emdrtappers.com