Privacy Policy

Hello, It's Me® is an assistive technology platform built for adults with intellectual and developmental disabilities. We take your privacy seriously, and we hold your information to the standards required of a healthcare technology provider. This policy explains what we collect, why we collect it, and the rights you have over it.

1. Who this policy covers

This policy applies to everyone who uses Hello, It's Me®, including members who access the platform directly, members enrolled through a Medicaid waiver or a direct support professional agency, family members, care coordinators, and the coaches and agency staff who use the platform to support members.

When a Medicaid agency or care provider enrolls you, that organization also handles some of your information under its own privacy practices. This policy covers how Hello, It's Me® handles your information.

2. What data we collect

Information you give us

• Account details, such as your name, email address, phone number, and date of birth.
• Profile information you choose to add, such as your goals, interests, and communication preferences.
• Messages and content you create on the platform, including group chats and coaching session notes.
• Information your care coordinator or agency provides when they enroll you, such as your individual support plan goals.

Information we collect automatically

• Device and usage data, such as the type of device you use, your app activity, and the features you use.
• Technical data needed to keep the platform secure and working, such as log data and error reports.

We do not sell your personal information. We do not allow advertisers to pay to reach you on our platform.

3. Health information and HIPAA

Some of the information we handle is protected health information under the Health Insurance Portability and Accountability Act, known as HIPAA. When we deliver services that a Medicaid program funds, we act as a business associate of the agencies and providers we work with, and we sign a business associate agreement with each one.

We use and disclose protected health information only as our business associate agreements and HIPAA allow, or as you direct. Our HIPAA Notice of Privacy Practices explains your rights over your health information in detail. Read it at our HIPAA Notice of Privacy Practices.

4. How we use your information

We use the data we collect only for purposes connected to delivering and improving the service, as described below.

• To provide the platform and deliver coaching aligned to your goals.
• To match you with a coach when you are enrolled through a waiver or agency.
• To track progress against your support plan and document outcomes for your agency and care coordinator.
• To keep the platform safe, including protecting members from exploitation and abuse.
• To improve the platform and develop new features.
• To communicate with you about your account and the service.
• To meet our legal, regulatory, and contractual obligations.

5. Business associate agreements and subprocessors

When we handle protected health information on behalf of a Medicaid agency or care provider, we act as a business associate under HIPAA. We enter into a written business associate agreement (BAA) with each covered entity before we access or process member health information for that relationship.

We use carefully selected subprocessors, such as cloud hosting, secure messaging, analytics for operations, and payment processors where applicable. Each subprocessor that may access protected health information is bound by a BAA or equivalent contractual protections that require them to safeguard information, use it only to provide services to us, and report security incidents as the law requires.

We maintain an inventory of subprocessors and can provide a current list to agencies and partners upon request. Contact us using the details at the end of this policy if you need subprocessor information for your compliance review.

6. How we share your information

We share your information only in these situations:

• With your care coordinator and the agency that enrolled you, so they can support you and document your care.
• With subprocessors who help us run the platform, each bound by a written agreement that protects your information.
• When you ask us to, or give us your permission.
• When the law requires it, or to protect the safety of a member or another person.

We do not share your information with anyone who would use it to advertise to you.

7. How we protect your information

We protect your information with encryption in transit and at rest, role-based access controls, and audit logging of access to sensitive data. We limit access to your information to the people who need it to support you. We review our security practices regularly. No system is perfectly secure, and we will notify you and the relevant authorities if a breach affects your protected health information, as the law requires.

8. Your data rights and choices

Depending on where you live and the nature of the information, you have the right to:

• Ask to see the information we hold about you.
• Ask us to correct information that is wrong.
• Ask us to delete information, subject to our legal and contractual obligations.
• Ask for a copy of your information in a portable format.
• Object to or limit certain uses of your information.

To exercise any of these rights, contact us using the details below. We will respond within the time the law requires. For protected health information, your rights are described in our HIPAA Notice of Privacy Practices.

9. Adults-only service

Hello, It's Me® is built for adults aged 18 and older. We do not knowingly collect information from anyone under 18. If you believe a minor has given us information, contact us and we will delete it.

10. How long we keep information

We keep your information for as long as your account is active and for as long as we need it to deliver services, meet our legal and contractual obligations, resolve disputes, and enforce our agreements. When we no longer need it, we delete it or remove the details that identify you.

11. Changes to this policy

We may update this policy as our service and the law change. When we make a material change, we will update the date at the top and, where appropriate, tell you directly. Your continued use of the platform after a change means you accept the updated policy.

12. How to contact us

If you have questions about this policy or how we handle your information, contact us:

Focus EduSolutions, Inc.
Attention: Privacy Officer
50 Milk Street, 16th Floor, Boston, MA 02109
Email: hello@hello-itsme.com