1. Introduction to Privacy at Subtle Alliance
We at Subtle Alliance know the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.
The Subtle Alliance website and all other products and services, including mobile applications, owned, controlled or offered by Subtle Alliance, and all content offered as part of those products, services, and applications, are collectively referred to herein as the “services.” By using or accessing our Services in any manner, you are acknowledging that you accept and are opting in to the practices and policies outlined in the Privacy Policy and Terms and conditions. By accessing the Services, you represent that you are over 13 years of age, and you hereby are giving full consent that Subtle Alliance will collect, use, and share your information as described below.
As noted in the Terms and conditions, Subtle Alliance does not knowingly collect or solicit Personal Information from anyone under the age of 13 in the United States, or under the age of 16 in the European Union without parental consent. If you do not meet the age requirements, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under the legal age of consent, we will delete that information as quickly as possible. If you believe that a child under the legal age of consent may have provided us with Personal Information, please contact us at info@subtlealliance.com
Privacy Policy Overview
Subtle Alliance gathers information from customers for multiple reasons. We use Personal Information (or PII) internally in connection with our Services, as a means of identifying you as a subscriber, to create an account and profile, to contact you, to help you fulfill rehabilitation requirements, to provide and improve the Services, and to learn more about how you use the Services. We may share some de-identified Information with third parties, who might help us learn how to provide better support to you and to make product improvements. Subtle Alliance will not access your camera, your contacts, your location, your files, or any other device content without your permission. Subtle Alliance will never contact others or post to social networks on your behalf without your permission. The following sections explain what information we collect and how we use it.
Statement of HIPPA Compliance
As part of HIPAA compliant covered entities, we are aware of our obligation to implement effective security and privacy policies that comply with these regulatory standards.
Subtle Alliance recognizes the necessity of secure, responsible custodianship of your data. More than that, we recognize that our relationship with our partners requires us to be compliant with federal privacy laws, such as HIPAA. We take these relationships seriously, and as an illustration of our commitment we have created this statement of compliance to provide an overview of how we protect your privacy.
Federal regulations demand a basic standard of data protection. The following processes have been implemented to meet and exceed these standards:
- Support for encryption for all reports.
- Periodic review of passwords for all production accounts; any transition or potential breach requires immediate review and renewal or revocation of privileges.
- Restricted access to all servers.
- Automated data backups.
- Secure data storage in trustworthy data centers.
- Automated virus checking.
- Secure password guidelines.
In addition, Subtle Alliance has instituted policies to ensure the following:
- We report any unauthorized access, unauthorized behavior, violation of policies or failure to comply with relevant laws or regulations immediately.
- We recognize the right of the Secretary of the United States Department of Health and Human Services to audit our records and practices related to the use and disclosure of PHI to ensure compliance.
- Subtle Alliance employees must sign a confidentiality statement as a term of their employment.
Authorized Access to Your Data.
Consistent with Federal and State records laws, and with HIPAA, you have the right to request a copy of your data at any time. Your treatment center, if applicable, may request a copy of your data if authorized. We will not share these data with any unauthorized third party.
Unauthorized Access to Your Data.
Access to our databases is restricted to those who are required to access it in the lawful course of their duties. Subtle Alliance has strict policies about employee passwords, workstations, and unnecessary access that prohibit behaviors that could put your privacy at risk. Access to your account is restricted to your unique user ID, and requires your password. We perform regular vulnerability assessments to ensure that we are employing the most current protections and the most relevant policies.
Your Password.
Each login session is given and managed by its associated access token, which is generated at the time of login. Once an access token expires, the user must login with their credentials again in order to receive a new access token to access and manage their data. In the event of a password reset, all previous & existing access tokens are invalidated immediately. Your password is never stored anywhere by us, and so cannot be obtained if our security is compromised. When you set your password, it is encrypted, salted, and stored as hash values as soon as it is created. There is no way for us to retrieve or access them. We do offer a way to reset passwords, which can be found in the login screen of our app.
Disposal of Data.
When your account is deactivated, we provide both you and your treatment center (if applicable) the opportunity to request a copy of any information we may have stored on your behalf. At the expiration of that period, or as the end result of a negative or affirmative response, all identifiable data will be destroyed.
The Information Subtle Alliance Collects
Subtle Alliance collects both Personal Information and Anonymous information through the standard operation of the Services. This information is used to identify you as a Subtle Alliance subscriber, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services.
Information You Give Us
In order to use our services, you must sign up for an account. We will ask you for some personal information when you are activating this account, such as your name, your phone number, and your email address. We use this information to help tailor our service to you in the following ways:
- To verify your identity.
- To reach out to you in the event of a security incident.
- To assist in creating your account and populating the fields.
- To add events to your calendar.
- To connect to your recovery network.
- To verify your location for accountability and during scheduled check-ins.
We will ask for your permission before collecting or sharing this information, and we do not share this information with anyone.
Information We Get from Your Use of Our Services
We collect information about the services that you use and how you use them. For example, when you visit our website or log in, we may collect browser data, your IP address, or device specific information, such as the model of your device, your operating system, and your IP address. This helps us to improve the way our website is designed, and how people can search for us. We do not share this information with any unauthorized third party.
We also may use cookies when you visit our website on your computer or mobile device. Cookies may uniquely identify your browser or device, and give us insight into how you use our services. We use this information to improve the way we design our services. This information is not used to create commercial or advertising profiles for third parties. Individually identifiable information will never be shared without permission.
Location information and GPS tracking
The Subtle Alliance app can use location data to allow you to check-in to your activities and routines. The Subtle Alliance app will ask you to opt into this service when you sign up. When you check-in to an activity, we verify your location using the location services on your device, and the length of your stay. This helps you to stay accountable. Subtle Alliance will not collect or retain any location data not relevant to your routines or activities pertaining to recovery.
The Information Subtle Alliance Shares
Aggregate Data
Aggregate data are data that are no longer personally identifiable. Subtle Alliance may share these aggregate statistics with our associates to determine the ways in which our services are used, and how we can improve. We store aggregate and anonymized data indefinitely.
Personally Identifying Information
Subtle Alliance will share your personal information ONLY with those entities you have authorized to view it. Subtle Alliance stores this information as long as your profile is active.
The Information Subtle Alliance Retains
Once you have ended your Subtle Alliance App subscription, your identifying information will be removed from our database of active subscribers. Data that have been collected about you that have been anonymized cannot be removed from aggregate banks, but THESE DATA CANNOT BE USED TO IDENTIFY YOU. De-identified data such as usage history, location data, and other information stored in your account may continue to be used internally for quality improvement research to enhance efficacy, accuracy, development of features and customer experience. Data that are requisitely retained will be retained securely only for the duration of the retention requirement.
The Right to be Forgotten
Subtle Alliance recognizes that individuals have the right to ask that their personal information be excised from our records, and we respect that right. Please be aware that Subtle Alliance must retain some data (such as a record of consent) to meet regulatory obligations under and beyond the GDPR, and that when these separate regulatory and compliance obligations carry different lifetimes on collected and stored data, Subtle Alliance is required to observe the longest lifetime of the conflicting regulations.
Your Account Security
We make every effort to ensure that your data are retained confidentially and securely. We require an account to access our services. Each username is connected to a unique password which allows you to log in to your account. DO NOT SHARE YOUR PASSWORD AND USERNAME WITH ANYONE. You should never allow anyone to access our Services under your username, or share your account with another individual. You are responsible for the uses of the Service associated with your username. We reserve the right to revoke or deactivate your username and password at any time.
Subtle Alliance places a premium on protecting your information, but you should remain aware that any information you share online may be accessed by others. Subtle Alliance is not responsible for the actions of those who obtain your content in this manner. Subtle Alliance cannot guarantee your safety and security and you should be aware that submitting any information and using the Services is done at your own risk. DO NOT INCLUDE INFORMATION IN YOUR PUBLIC PROFILE THAT YOU WOULD PREFER TO KEEP PRIVATE. Subtle Alliance is not responsible for the voluntary disclosure of personal information or personally identifying information on any public forum.
Information stored or transferred electronically is never completely secure, so while we at Subtle Alliance do our best to protect you and your privacy, please be aware that absolute security cannot be guaranteed by Subtle Alliance.
Safety, Security, and Compliance with the Law
We may disclose any information, including personal information, we deem necessary to comply with any applicable law, regulation, legal process or governmental request, to enforce our rights, or to protect the safety and security of our Application or other subscribers.
Supplemental Private Notice for California Residents
This Supplemental Privacy Notice for California Residents supplements the information in our Privacy Policy above, and except as provided herein, applies solely to California residents. It applies to personal information we collect on or through the Service and through other means (such as information collected offline, in person, and over the telephone).
Summary of Information We Collect
California law requires us to disclose information regarding the categories of personal information that we have collected about California consumers, the categories of sources from which the information was collected, the business or commercial purposes (as those terms are defined by applicable law) for which the information was collected, and the categories of parties with whom we share personal information.
Rights
If you are a California resident, you may have certain rights. California law may permit you to request that we:
- Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
- Provide access to and/or a copy of certain information we hold about you.
- Delete certain information we have about you.
You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right to not be discriminated against for exercising certain of your rights.
Statement of GDPR Compliance
As of May 25th, 2018, The European Union required much stricter protections for individually identifiable data. These new laws are intended to provide individuals with greater transparency, access and control over how their data are collected and used.
Subtle Alliance believes that the data you share belong to you, and that you should be able to control what information we share about you. Consequentially, Subtle Alliance has adopted the requirements of the General Data Protection Regulation (GDPR), since we believe that all individuals have the right to control their own narratives. This belief is reflected in our consent, collection and storage practices. Our policies have been designed to meet this commitment. This privacy policy reviews the specific information we collect, from whom these data are collected, the purpose of collection and the use to which the information will be put, including how these data are shared and how you can request that data be corrected or destroyed.
Subtle Alliance is located in the United States, and uses cloud based storage. When you submit your personal information to our app, this information may be transferred to the United States in order for us to provide you with our services.
Changes to Our Privacy Policy
We reserve the right to change this privacy policy at any time. If Subtle Alliance decides to change this Privacy Policy, we will post those changes on our Website so our users are always aware of what information we collect, use, and disclose. In all cases, your continued use of our Website after any change to this Privacy Policy will constitute your acceptance of such change.
Contact Us
895 Dove Street, Suite 384,
Newport Beach, CA 92660
info@subtlealliance.com
888-948-4468
