Privacy Policy

Last Updated: 23 Sep, 2025

Privacy Policy
This Privacy Policy explains how Bilateral Mind (EMDR Tappers) (“we”, “us”) collects, uses, and shares information about you when you use our websites, mobile and wearable applications, and related services (the “Services”).
 
1. Who we are and contact
Bilateral Mind (EMDR Tappers)
1014 Broadway #1420
Santa Monica, CA 90403
Email: contact@emdrtappers.com
 
2. Scope
This Policy applies to the Services we operate. It does not apply to third‑party websites, apps, or services, even if accessed via our Services.
 
3. Information we collect
  • Account identifiers: email, role (consumer/therapist), and related account metadata.
  • Session activity: session settings, history entries, device identifiers, app version, and crash/diagnostics logs.
  • Optional therapist inputs: name, title, practice, and BAA acceptance metadata (version/date).
  • Payments: processed by app stores or Stripe; we do not store full payment instrument details.
  • Communications: messages you send to us (support, feedback) and your preferences.
We do not require you to submit patient identifiers. If you are a therapist, avoid entering unnecessary patient identifiers in free‑text fields.
 
4. How we use information
  • Provide, maintain, and improve the Services
  • Authenticate users and secure accounts
  • Sync sessions between devices
  • Process subscriptions and entitlements (via third parties)
  • Communicate with you about updates, security, and support
  • Create de‑identified/aggregate data to improve the Services and for other purposes not prohibited by law (we will not attempt to re‑identify)
  • Comply with legal obligations and enforce our terms

 

5. Legal bases (where applicable)
  • Contract (providing the Services)
  • Legitimate interests (security, improvements)
  • Consent (where required by law for certain communications/cookies)
  • Legal obligations

 

6. Sharing
  • Service providers/subprocessors (hosting, analytics, crash reporting, email, payments) who are bound to protect information.
  • App stores and payment processors to manage subscriptions.
  • Legal/disclosure: to comply with law, respond to lawful requests, or protect rights, safety, and security.
Upon written request, we will provide a current list of subprocessors within 10 business days.

We do not sell or share personal information with third parties for their marketing purposes.
 
7. Data retention
We retain information for as long as necessary to provide the Services and for legitimate business needs (e.g., security, compliance), then delete or de‑identify it. Specific retention periods may vary based on account type and applicable law.
 
  • Account data: retained while the account is active; core records may be retained for up to 3–7 years to meet legal/operational needs.
  • Logs/diagnostics: typically retained 30–180 days unless needed for security or compliance.
  • Session history: retained while your account is active, subject to storage limits and product settings; not a medical record.

 

8. Security
We use administrative, technical, and physical safeguards designed to protect information. No system is perfectly secure; we cannot guarantee absolute security.
 
9. Your choices and rights
  • You can access and update certain account information within the app.
  • You can opt out of some marketing communications by following instructions in emails.
  • Depending on your region, you may have rights to access, correct, delete, or port your information, or object to/limit certain processing. Contact us to exercise rights.
  • California residents: you may have additional rights under California law.
  • EEA/UK residents: you may have rights under GDPR, including the right to lodge a complaint with a supervisory authority.
  • Account deletion: You can delete your account in Settings → My Profile. We aim to fulfill verified deletion requests within 30 days, subject to legal retention obligations.

 

10. HIPAA and professional use
For therapists/clinics onboarded under a signed BAA, handling of Protected Health Information (PHI) is governed by the BAA and applicable HIPAA/HITECH rules. For consumer/self‑guided use, HIPAA typically does not apply to your use of the Services.
 
11. Children
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.
 
12. International transfers
Information may be processed in the United States and other countries with different privacy laws. Where required, we implement appropriate safeguards for international transfers.
 
13. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified as required by law, and the “Last Updated” date will be revised.
 
14. Contact
Questions about this Policy? Contact: contact@emdrtappers.com