Last Updated September 12, 2025
MINDYRA PRIVACY POLICY
Overview
Mindyra is a behavioral care technology company that partners with healthcare and risk bearing organizations across the continuum of care, supporting the healthcare industry’s ability to stratify behavioral health patient risk in a population and optimize the care delivered by their healthcare professionals to each patient. Mindyra also assists employers, schools, universities and large municipal organizations to support the mental health needs of their employees, students and citizens. Each organization which subscribes to Mindyra Services is referred to as a “Client Organization.”
Mindyra collects electronic health, claims, social determinants, social media, audio, visual, bio marker, digital phenotype, stand alone user testing and other data, as available and approved by the Client Organization, to determine the mix of illness(es) affecting each patient, estimate the future health risk associated with each patient, and suggest the optimal care pathway for each individual. This integrated service capability assists management and clinicians to gain a more clear understanding of how best to optimize deployment of human resources and technology to meet the needs of their organization’s patients.
Mindyra’s data and analysis services are integrated into the Client Organization’s EHR, or proprietary care system(s), if and as applicable, or can be delivered on a stand alone basis through a Mindyra API, or through its proprietary mobile application called the Mind Health Navigator™(the “App”). All of the services referenced above, together with any other services provided by Mindyra, are collectively referred to in this Privacy Policy as the “Services.”
This Privacy Policy (“Policy”) describes the information Mindyra collects and how it uses and shares that information. This Policy applies to general users of the Website, and the users of the data, analysis and App Services, (healthcare management, practitioners, approved support personnel, patients, employers and educational institutions and their constituents (each a “User” and, collectively, the “Users”)), who are authorized to use the Services. Any use must be approved by the Client Organization and its clinical management prior to use. In using the Website, the data and analysis Services, and the App Services, and/or other Mindyra Services (& third party services selected by the User’s organization) delivered through Mindyra through an API or through the APP, the User consents to the collection, use, and sharing of clinical and patient information under this Policy. If using the Mindyra Services, the Client Organization and all of its Users also agree to Mindyra’s Terms of Use.
What Information Do We Collect?
A) Information the Client Organization Provides to Mindyra in Connection with Use of Services
Mindyra collects information that the firm’s Client Organizations and their Users (clinicians, medical support professionals, patients, employees and students and others) voluntarily provide Mindyra when the organization subscribes for its personnel or patients to use Mindyra Services. (We note that this section of the Policy does not apply to those who are general users of the Website only.) Mindyra asks each User to register and provide information to Mindyra before any Client Organization Users can be granted access and use the Services. This information will include at a minimum - full name, gender, e-mail address, text preferences, User ID, mailing address (incl zip code) and telephone number. Finally, as referred to above, Mindyra will collect sufficient personnel and patient data to compile an accurate holistic picture of each User (described in the Overview).
If the Client Organization, or one of its Users, shares information that is provided to Mindyra with someone else, whether an organization, a practitioner or any other individual, the Client Organization and User acknowledge and accept responsibility for that decision to provide such individual with access to potentially sensitive or confidential information. Mindyra is not responsible for the information the Client Organization or User decides to share with others.
B) Other Information Mindyra Collects
When the Client Organization or User uses the Website, data and analysis Services and/or the App Services and/or third party services delivered through Mindyra Services, Mindyra may track information on how the Client Organization or User interacts with and uses the Website, data and analysis Services, the App and/or other Services through server log information, cookies and other similar tools of Internet tracking.
Server Log Information (IP Addresses). An IP address is a number automatically assigned to any computer whenever a User accesses the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. Mindyra collects IP addresses in order to conduct system administration, report Aggregate/De-identified Data (as defined below) to Mindyra affiliates, partners and/or clients and to conduct analysis of the Website, data and analysis Services and/or App Services. Mindyra will also use IP addresses to identify any Users of the Services who refuse to comply with the Terms of Use, and to identify Users who threaten the Website, the data and analysis Services, the App, other Services, Users, Mindyra clients or others.
Cookies and Web Analytics. Mindyra may place a text file called a ‘cookie’ in the browser files of a User’s computer or electronic device. Cookies are pieces of information that a website transfers to an individual's hard disk for record-keeping purposes. Mindyra uses cookies during the Users’ utilization of the platform to determine whether the User is logged on or not, and to improve the performance of the Website, data and analysis and App Services. Mindyra does not use cookies to store passwords or sensitive information. These cookies do not contain any personal information. Users may disable cookies in their browser, but doing so may restrict access to only public pages and the User may no longer be able to access many of the features on the Website, data and analysis Services and App Services. In addition to cookies, Mindyra uses some web analytics tools to place a single-pixel GIF file on a computer as a tracking indicator.
How Does Mindyra Use Client Organization User Information?
Mindyra uses the information it collects to optimize the Client Organization’s personnel and patient experience with the Website, data and analysis Services, the App and other Services provided. Specifically, Mindyra uses the information in the following manner:
Internal Purpose Mindyra may use a Client Organization’s or User’s information for various internal purposes. Mindyra will store data for as long as it is necessary to provide the Services, provide for legal protections, or as otherwise required by applicable laws and regulations.
De-identified Information. Mindyra may provide de-identified information about Users and others, such as usage information and trends, to health care organizations, risk bearing organizations and other third parties. This information, commonly referred to as “Aggregate Data,” or “De-identified Data,” is pooled information of many individuals and is stripped of any data that could potentially identify someone individually. This information is also commonly used for research purposes.
Algorithms/Analytics. Mindyra may use Users’ information to develop certain analytic or algorithmic information to better understand illness and the optimal means to care for each individual in a given population for our current and future use.
Customer Support. Mindyra may use a Client Organization’s or User’s information to provide, improve and develop its Website, its data and analysis Services and its App Services and/or other third party services delivered in partnership with Mindyra based on its client’s selections, as well as responding to any issues the Client Organization and its Users may have while using the Website, data and analysis Services and App Services and/or other their party services.
Communications with the Client Organization. Mindyra may use a Client Organization’s or User’s information to respond to communications from the Client Organization or to communicate with the Organization about the Services, other products, promotions, studies, surveys, news, updates, events, and updates to this Policy and the Terms of Use.
Research. Mindyra may use a Client Organization’s or User’s information to monitor and analyze trends and usage of the Website, data and analysis Services and App Services and/or other third party Services selected by the Client Organization delivered as a convenience for the client.
To Enforce Mindyra’s Privacy Policy and Terms of Use. Mindyra may use a Client Organization’s or User’s information to enforce our Policy and/or Terms of Use.
Legal Purposes. Mindyra may use the information it collects to investigate or address claims or disputes relating to the use of the Website, data and analysis Services and App Services and/or third party Services selected by the Client Organization delivered as a convenience for the client or as otherwise allowed by applicable law.
How is Client Organization and User Information Shared?
Business Affiliates, Vendors and Consultants. Mindyra may share Client Organization and User information (including de-identified patient information) with any business affiliates, vendors, consultants, marketing partners, research firms, and other service providers or business partners as necessary to provide the Website, data and analysis Services and App Services.
Potential New Owner. Mindyra may share Aggregate/De-identified Data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Legal Purposes. Mindyra may share Client Organization or User information if Mindyra management believes an applicable law, regulation, legal process or governmental request requires it or, in certain limited situations, allows it. This includes sharing Client Organization or User information with law enforcement officials, government authorities, or other third parties as necessary to enforce our Policy, Terms of Use, user agreements, or other policies, to protect our rights or property or the rights or property of others, to protect the User’s safety or the safety of others, or in the event of a claim or dispute relating to a User’s use of the Website, the App and/or the Services. We store all User information on a cloud server, and such information is encrypted both in transit and at rest.
How Does a Client Organization Update, Disable, or Delete Information?
Mindyra wants its Client Organizations to be in control of their identified information. If a client’s administrative Users utilize the Services, they can manage the information that the Client Organization provides to Mindyra by updating the organization profile at any time under their account settings.
If the Client Organization has been using any of the Mindyra Services and wishes to no longer use the Services, it may contact Mindyra to disable its account; however, the Client Organization should be aware that if a patient has been using the Services at the recommendation of or by referral to an approved practitioner, the practitioner may retain information about the patient in the practitioner’s medical record.
Disabling a Client Organization’s account does not notify Mindyra that the Client Organization no longer wishes to receive communications from Mindyra. Additionally, the Client Organization should be aware that it is not always possible to completely remove or modify information in Mindyra’s databases. If the Client Organization no longer wishes to receive communications from Mindyra, please unsubscribe and opt-out of receiving these communications by using the link in an email communication. Please understand that the ability to opt out from receiving marketing and promotional communications does not change Mindyra’s right to contact a Client Organization or User regarding their use of the Website, data and analysis Services or the App Services.
How Is Client Organization and User Information Maintained?
Mindyra stores all User information on a cloud server, and all such information is encrypted both in transit and at rest.
Links to Third Party Services. The Website, data and analysis Services and App Services may contain links to third-party websites and other services (the “Third Party Services”). For example, in certain situations, the Website, data and analysis Services and App Services may contain links to Third Party Services to aid a practitioner or better serve a patient. If Client Organization management and its Users decide to visit and submit any information to a Third Party Service, that Client Organization and/or User is subject to such Third Party Service’s privacy policy and practices and not this Privacy Policy. Mindyra encourages each Client Organization to carefully review the legal and privacy notices of all other digital services that it visits.
Security. Mindyra recognizes the importance of the privacy of Client Organization and User information and strives to protect the security of that information. In so doing, Mindyra takes reasonable technical safeguards to protect the confidentiality, integrity and availability of such information. Moreover, Mindyra’s employees are educated on the importance of the firm’s privacy and security policies and must comply with them. However, despite Mindyra’s efforts, there is always some risk that an unauthorized party may inappropriately infiltrate security systems that are in place or that electronic transmissions of information may be intercepted. Please keep this in mind when using the Website, data and analysis Services and App Services.
Children and Adolescent Personal Information. The Website, data and analysis Services and App Services may only be directed to and used by children 13 years old or younger upon the request of a Client Organization, with parental permission and in the presence of the parent or guardian if the Service is delivered through the App. Mindyra also provides Services to adolescents upon the request of the Client Organization and with the permission of the parent or guardian of the adolescent.
HIPAA. As a provider of data and web based Services and technology to the healthcare industry, Mindyra is often a business associate of covered entities (health care providers, health plans/payers, risk bearing organizations and/or health care clearinghouses). Under HIPAA, each covered entity is required to provide its patients with a Notice of Privacy Practices. To the extent that an affiliate of Mindyra is a covered entity, a Notice of Privacy Practices should be provided to each User or made available to each User. Hwever, any such Notice of Privacy Practices is not related to any practice described in this Policy.
Notification of Changes to Mindyra Privacy Policy
Our Policy may change from time to time. Mindyra’s management encourages you to periodically review this policy to see if any changes affect your organization and its Users.
Mindyra will always post an up-to-date version on its Website, with the latest revision {dated} and link for ease of use.
Mindyra regularly reviews its compliance with this Policy. If your organization or its Users have any questions, please contact Mindyra at: info@mindyra.com.