Privacy Policy

Your privacy and security are our top priorities. Learn how we protect your protected health information in compliance with HIPAA regulations.

HIPAA Compliant Data Encryption Privacy First

Effective Date: September 24, 2025

Last Updated: September 24, 2025

Mental Gymnastics Corporation ("we," "us," or "our") is committed to protecting the privacy and security of your personal information, including Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our HIPAA-compliant AI chatbot ("Chatbot"). By using the Chatbot, you agree to the terms of this Privacy Policy.

1. Information We Collect

We may collect the following types of information when you interact with the Chatbot:

  • Personal Information: Information that identifies you, such as your name, email address, phone number, or other identifiers provided during account creation or interaction with the Chatbot.
  • Protected Health Information (PHI): Health-related information you share with the Chatbot, such as medical history, symptoms, mental health details, or other health-related data, which is considered PHI under HIPAA.
  • Usage Data: Non-identifiable information about how you interact with the Chatbot, such as session duration, features used, or preferences, which may be collected to improve the Chatbot's functionality.
  • Technical Data: Information such as IP addresses, device type, browser type, and operating system, collected automatically when you access the Chatbot.

2. How We Use Your Information

We use your information, including PHI, to:

  • Provide Services: Deliver personalized responses, mental health support, or other services through the Chatbot.
  • Improve the Chatbot: Analyze usage patterns and feedback to enhance the Chatbot's performance, functionality, and user experience.
  • Comply with Legal Obligations: Ensure compliance with HIPAA and other applicable laws, including maintaining the security and confidentiality of PHI.
  • Communicate with You: Respond to inquiries, provide updates about the Chatbot, or send administrative notifications (e.g., account verification or password resets).

We process PHI only as necessary to provide the services you request and in accordance with HIPAA regulations.

3. How We Protect Your Information

Mental Gymnastics Corporation implements robust technical, administrative, and physical safeguards to protect your information, including PHI, as required by HIPAA:

  • Data Encryption: All data, including PHI, is encrypted both in transit (using TLS/SSL) and at rest (using AES-256 encryption).
  • Access Controls: Access to PHI is restricted to authorized personnel who have signed Business Associate Agreements (BAAs) and are trained in HIPAA compliance.
  • Secure Storage: Data is stored on secure servers hosted by HIPAA-compliant third-party providers with whom we have executed BAAs.
  • Regular Audits: We conduct regular security assessments and audits to ensure compliance with HIPAA standards.
  • Incident Response: We maintain a breach notification process to promptly notify affected individuals and authorities in the event of a data breach, as required by HIPAA.

4. Disclosure of Your Information

We do not sell, trade, or otherwise disclose your PHI or personal information except as described below:

  • Business Associates: We may share PHI with third-party service providers (e.g., cloud hosting or data analytics providers) who are HIPAA-compliant and have signed BAAs with us. These providers are contractually obligated to protect your PHI.
  • Legal Requirements: We may disclose your information, including PHI, if required by law, such as in response to a court order, subpoena, or other legal process, provided it complies with HIPAA regulations.
  • De-Identified Data: We may use and share de-identified data (data stripped of identifiers in accordance with HIPAA's de-identification standards) for research, analytics, or other purposes.
  • With Your Consent: We may disclose your PHI to third parties if you provide explicit consent, such as to share information with a healthcare provider.

5. Your Rights Under HIPAA

As a user of our Chatbot, you have the following rights regarding your PHI:

  • Access: You may request access to your PHI to review or obtain a copy of it.
  • Amendment: You may request corrections to inaccurate or incomplete PHI.
  • Accounting of Disclosures: You may request a list of disclosures we have made of your PHI, excluding certain disclosures permitted under HIPAA (e.g., for treatment, payment, or healthcare operations).
  • Restriction: You may request restrictions on how we use or disclose your PHI, though we are not always required to agree to such restrictions.
  • Confidential Communications: You may request that we communicate with you about your PHI in a specific way (e.g., via a secure email address).
  • File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights.

To exercise these rights, please contact us using the information in Section 10 below.

6. Data Retention and Deletion

We retain your personal information and PHI only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Upon account termination or your request to delete your data, we will securely delete or de-identify your PHI in accordance with HIPAA requirements, unless we are required to retain it for legal or regulatory purposes.

7. Third-Party Links and Services

The Chatbot may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Chatbot.

8. Children's Privacy

Our Chatbot is not intended for use by individuals under the age of 18. We do not knowingly collect personal information or PHI from minors. If we learn that we have collected such information, we will take steps to delete it in accordance with applicable laws.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website or through the Chatbot, and we will indicate the effective date at the top of the policy. Your continued use of the Chatbot after such changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your HIPAA rights, or have concerns about your privacy, please contact us at:

Mental Gymnastics Corporation
Email: [email protected]
Address: 1309 Coffeen Ave STE 1200, Sheridan, WY 82801

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at:

HHS Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll-Free: (800) 368-1019

Thank you for trusting Mental Gymnastics Corporation with your information. We are committed to maintaining the privacy and security of your data.

Questions About Our Privacy Policy?

We're here to help you understand how we protect your information

Contact Us Back to Home