Privacy

1. Introduction

MentalHappy, Inc. ("MentalHappy," "we," "us," or "our") operates the MentalHappy website and platform (collectively, the "Service"), a digital platform that enables mental health and wellness professionals ("Group Leaders") to create, manage, and facilitate virtual psychoeducational support groups for participants ("Members").

This Privacy Policy explains how we collect, use, share, and protect personal information when you access or use our Service.

By accessing or using MentalHappy, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of information described herein. If you do not agree with this policy, please discontinue your use of the Service.

We may update this Privacy Policy periodically. We will notify you of material changes by posting the revised policy on our website and, where appropriate, by sending an email to the address associated with your account. Your continued use of the Service following any update constitutes acceptance of the revised policy.

2. Who We Are and Scope of This Policy

MentalHappy provides a software-as-a-service (SaaS) platform that allows licensed and unlicensed wellness professionals—including coaches, therapists, counselors, social workers, peer support specialists, and other practitioners—to host virtual, psychoeducational support groups.

The Service is not a healthcare provider, and use of the Service does not create a clinician-patient relationship between MentalHappy and any user.

This Privacy Policy applies to:

Group Leaders: Professionals who register accounts, create groups, and managegroup participants.
Members: Individuals who join support groups hosted on the platform.
Visitors: Anyone who visits www.mentalhappy.com without creating an account.

MentalHappy is headquartered in San Francisco, California.

This Privacy Policy is governed by applicable California law, as well as relevant U.S. federal and international data protection regulations.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you provide when you register for an account, create or join a support group, make a payment, or contact us. This includes:

Account Information: Full name, email address, password (stored in encrypted form), professional credentials or role, and profile photo (if provided).
Group Leader Information: Professional title, licensure information (if applicable), organization name, and payment account details (processed by Stripe — see Section 6).
Member Information: Information provided when joining a group, including name, contact details, and any intake forms completed at the direction of a Group Leader.
Communications: Messages sent to our support team, feedback, survey responses, and any other content you voluntarily submit.

3.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain technical information, including:

Log Data: IP address, browser type and version, operating system, pages visited, time and date of visits, time spent on pages, and referring URLs.
Device Information: Device type, unique device identifiers, and mobile network information.
Usage Data: Features used, groups joined or created, session duration, and interaction patterns within the platform.
Cookies and Similar Technologies: Session cookies, persistent cookies, and similar tracking technologies (see Section 8 for details).

3.3 Information from Third Parties

We may receive information about you from third parties, including:

Social Networks: If you choose to connect your MentalHappy account to a social network (e.g., Facebook, LinkedIn), we may receive information from that platform in accordance with your privacy settings on that platform.
Payment Processors: Stripe provides us with transaction confirmation data and, where applicable, payout information. MentalHappy does not store full payment card numbers.
Analytics Partners: We may receive aggregated or de-identified analytics data from third-party service providers.

3.4 Sensitive Information

Our platform may incidentally involve discussions related to mental health, wellness, and personal experiences within the context of support groups. MentalHappy does not knowingly collect, process, or store protected health information (PHI) as defined under HIPAA, and does not operate as a HIPAA-covered entity or business associate. Group Leaders who are licensed healthcare providers are solely responsible for ensuring their use of the platform complies with all applicable clinical, professional, and regulatory obligations.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To create and manage accounts, facilitate support group sessions, process payments, and provide customer support.
Platform Improvement: To analyze usage patterns, diagnose technical issues, develop new features, and improve the overall user experience.
Communications: To send transactional emails (account confirmation, receipts, password resets), platform updates, and, where you have consented, marketing communications about new features or offerings.
Safety and Security: To detect, prevent, and respond to fraud, abuse, unauthorized access, and other security threats.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
Personalization: To personalize your experience, recommend relevant groups, and tailor content to your preferences.
Research and Analytics: To conduct internal research using aggregated, de-identified data to understand platform trends and user needs.

We will not use your personal information for purposes materially different from those described above without providing notice and obtaining consent as required by applicable law.

5. Support Groups and User-Generated Content

MentalHappy facilitates virtual psychoeducational support groups. When you participate in a support group on our platform, you should be aware of the following:

Group Privacy: Content shared within a support group (e.g., messages, responses to prompts, shared materials) is visible to the Group Leader and other Members of that group. MentalHappy does not guarantee confidentiality of content shared within groups.
Group Leader Access: Group Leaders can access, export, and manage data associated with their groups, including Member participation information, to the extent permitted by our platform features. Group Leaders are independently responsible for maintaining confidentiality standards consistent with their professional obligations.
Platform Storage: Communications, posts, and materials submitted through the platform may be stored on MentalHappy servers. Archived copies may persist for a period after deletion, as technically necessary.
Not a Confidential Clinical Setting: Use of MentalHappy does not establish a therapist-client or counselor-client relationship with MentalHappy. Confidentiality protections applicable to licensed clinical relationships are the responsibility of the individual Group Leader, not MentalHappy.

6. Payment Processing

MentalHappy uses Stripe, Inc. ("Stripe") as its third-party payment processor for all financial transactions, including subscription payments, group fees, and payouts to Group Leaders. When you provide payment information through our platform:

Your payment card details (credit/debit card numbers, expiration dates, CVVs) are transmitted directly to and stored by Stripe. MentalHappy does not store full payment card numbers on its servers.
Stripe processes payments in accordance with Payment Card Industry Data Security Standards (PCI-DSS). For more information, please review Stripe's Privacy Policy at https://stripe.com/privacy.
MentalHappy retains limited transaction records for billing, payout reconciliation, tax reporting, and fraud prevention purposes.
Group Leaders who collect fees from Members through the platform acknowledge that they are independently responsible for any applicable tax reporting obligations.

7. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

7.1 Service Providers

We engage trusted third-party vendors to assist in operating the Service, including hosting providers, analytics platforms, email service providers, payment processors (Stripe), video session infrastructure (third-party Video SDK provider), and customer support tools. These service providers access your information only as necessary to perform their contracted functions and are obligated to protect it. Please note that MentalHappy does not share personal account information with the Video SDK provider — see Section 17 for details.

7.2 Group Leaders

If you are a Member, the Group Leader of your support group may have access to your name, contact information, and participation data as provided through the platform, in order to manage and facilitate the group.

7.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other governmental or legal process, or if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal process; (b) protect the rights, property, or safety of MentalHappy, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Use.

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will provide notice prior to any such transfer and the opportunity for you to delete your account if the new privacy practices differ materially from this policy.

7.5 With Your Consent

We may share your information in additional ways with your express consent.

8. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., pixel tags, web beacons, local storage) to operate and improve the Service, analyze usage, and personalize content. Cookies are small text files stored on your device. We use the following types of cookies:

Strictly Necessary Cookies: Required for the Service to function. These cannot be disabled.
Functional Cookies: Enable features like remembering your preferences and login status.
Analytics Cookies: Help us understand how users interact with the Service (e.g., Google Analytics or similar tools).
Marketing Cookies: Used to deliver relevant advertising and track the effectiveness of campaigns. You may opt out of these cookies through your browser settings or via industry opt-out mechanisms.

Most browsers allow you to refuse or delete cookies through your browser settings. Doing so may affect the functionality of the Service.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account:

We will delete or anonymize your personal information within 30 days, unless retention is required by law or legitimate business necessity.
Certain information may be retained in backup archives for up to 90 days before being permanently deleted.
Transaction records may be retained for up to 7 years as required for financial compliance and tax purposes.
Content you shared within a support group may persist in the Group Leader's account or exports if the Group Leader separately retains it.

10. Security

We implement administrative, physical, and technical safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration, and destruction. Our security measures include:

SSL/TLS encryption for data in transit between your device and our servers.
Encryption of sensitive data fields (e.g., passwords) at rest.
Access controls that restrict employee access to personal information on a need-to-know basis.
Regular security assessments and vulnerability reviews.

Despite our efforts, no system is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach that is likely to result in a risk to your rights or freedoms, we will notify you and applicable regulatory authorities as required by law, within the timeframes prescribed by applicable regulations.

11. International Data Transfers

MentalHappy is based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the U.S. and potentially other countries where our service providers operate. Data protection laws in these countries may differ from those in your home country.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we transfer personal data to the U.S. on the basis of Standard Contractual Clauses (SCCs) or other appropriate transfer mechanisms recognized under applicable data protection law. By using our Service, you acknowledge and consent to such transfers.

12. Children's Privacy

The Service is intended for users who are at least 18 years of age. MentalHappy does not knowingly collect, solicit, or process personal information from individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a person under 18, we will promptly delete it from our records. If you believe we may have information from or about a minor, please contact us immediately at Support@MentalHappy.com.

13. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.

13.1 Categories of Personal Information We Collect

We collect the following categories of personal information as defined by the CCPA:

Identifiers (name, email address, IP address, account ID)
Commercial information (transaction records, subscriptions, payment history)
Internet or other electronic network activity (browsing and usage data)
Geolocation data (general location inferred from IP address)
Professional or employment-related information (for Group Leaders)
Inferences drawn from the above to create a profile about preferences and behavior

13.2 Your California Rights

As a California resident, you have the right to:

Know: Request information about the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom it is shared.
Delete: Request deletion of your personal information, subject to certain exceptions.
Correct: Request correction of inaccurate personal information we maintain about you.
Opt Out of Sale or Sharing: We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.
Limit Use of Sensitive Personal Information: Request that we limit the use of sensitive personal information to purposes necessary to provide the Service.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, please contact us at Support@MentalHappy.com. We will verify your identity before processing requests and respond within 45 days, with an extension of up to 90 days where necessary.

15. Your Account and Data Choices

You have the following choices regarding your personal information:

Account Updates: You may review and update your account information by logging into your account settings.
Account Deletion: You may delete your account by contacting us at Support@MentalHappy.com. Upon deletion, we will process your request within 30 days, subject to retention requirements described in Section 9.
Marketing Opt-Out: You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us. Transactional emails (e.g., receipts, security notices) will continue to be sent as needed.
Cookie Preferences: You may manage cookie preferences through your browser settings or via opt-out tools (see Section 8).

16. Third-Party Links and Integrations

The Service may contain links to third-party websites, services, or integrations. MentalHappy's inclusion of a link does not constitute an endorsement, authorization, or affiliation with the linked third party. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party service you access through links on our platform.

17. Video Session Technology

Live virtual support group sessions on the Platform are powered by a third-party video software development kit ("Video SDK") provided by an independent third-party video infrastructure provider (the "Video Provider"). We want to be transparent about how this service is used:

No personal account data shared: MentalHappy does not share your personal account information (such as your name, email address, or payment details) with the Video Provider. The Video SDK is used solely to facilitate the live video connection between session participants.
Technical connection data: The Video Provider may collect limited technical data necessary to operate the video connection, such as IP addresses, device type, and connection quality metrics, solely in its capacity as a technical infrastructure provider. This data is subject to the Video Provider's own privacy policy, not MentalHappy's.
No session recording by MentalHappy: MentalHappy does not record video sessions through the Video SDK. Our no-recording policy applies to all participants. Any recording made without the express consent of all participants is a violation of our Terms of Use.

We encourage you to review the Video Provider's privacy policy for full details on how technical session data is handled on their end.

18. Referral Program

If you choose to invite others to MentalHappy through our referral feature, you may provide us with the email address of the person you wish to invite. We will send a one-time invitation email to that address on your behalf. We store this email address only to send the invitation and track referral success, and will not use it for any other purpose without the recipient's consent.

19. Do Not Track

Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. Because there is currently no widely accepted standard for responding to DNT signals, the Service does not respond to DNT browser signals at this time. However, you may opt out of analytics cookies as described in Section 8.

20. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. We will provide notice of material changes by posting the updated policy on our website with a new "Last Updated" date and, where required by law or where appropriate, by sending an email notification to the address associated with your account. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
MentalHappy, Inc.
2193 Fillmore Street
San Francisco, CA 94109
Email: Support@MentalHappy.com
Website: www.mentalhappy.com
If you are located in the EEA or UK and have an unresolved privacy complaint that we have not addressed satisfactorily, you may have the right to contact your local data protection supervisory authority.