Privacy Compliance Certification
Canopie follows all relevant HIPAA policies and guidelines.
In order to better provide you with products and services offered, Canopie may collect personally identifiable information, such as your:
- First Name
- E-mail Address
- Phone Number
We collect and use this information to personalize your program and communicate with you.
If you purchase Canopie's products and services, we collect billing and credit card information. This information is used to complete the purchase transaction.
Canopie may also collect anonymous demographic information, which is not unique to you, such as your age, gender, ethnicity and location e.g. zip code.
This data is not required to be provided to use the program.
We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products or services. These may include: (a) registering for an account; (b) entering a sweepstakes or contest sponsored by us or one of our partners; (c) signing up for special offers from selected third parties; (d) sending us an email message; (e) submitting your credit card or other payment information when ordering and purchasing products and services. To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.
We may collect information about the devices you use to access the System, including (but not limited to) IP address, mobile device UDID and IMEI numbers, operating system, browser type, and screen size. This information is used to provide you with customer support, for system administration, to tailor your experience, to report aggregate information internally, and to assist communication (e.g., push notifications).
We may store cookies (small text files managed by your web browser) on your computer in order to improve your experience with Canopie. Example uses of these cookies include: recognizing you when you return to the Canopie web app or website, maintaining data you've entered across multiple sessions, and storing information about your personal preferences.
You may refuse to accept cookies by changing the settings on your device to prevent cookies from being set or rejecting cookies when you visit the website.
We may include your data in aggregated data sets shared with our research partners. In these sets, your data is not personally identifiable, and would be used for supporting generalized statements (e.g., "over half of new mothers experience anxiety").
Processing your data
We process your data in order to provide you with a personalized program. By signing up to Canopie and sharing your data you consent to Canopie processing your data. This consent can be withdrawn at any time. You have the right to restrict use of your personal data, portability of your personal data and to object to the processing of your personal data. You also have the right to request that you are not subject to a decision based solely on automated processing, including profiling. You can opt out of all processing of your data by contacting us.
We collect and use information like your name, email address, and phone number to personalize the course and communicate with you. You're able to opt out of any external communications (i.e., emails, phone calls, and SMS messages) at any time.
You may also be presented the opportunity to provide us with information such as age and ethnicity - this data is used for internal analysis and reporting, and is not required to be provided to use the program.
We collect information about your mental health (including, but not limited to the Edinburgh Postnatal Depression Scale, Anxiety Scales, and a self-reported evaluation of your mental health) in order to deliver you with a personalized program.
We also collect general information about your mental wellbeing in order to evaluate progress against your self-defined goals.
Sharing Information with Third Parties
Canopie does not sell, rent or lease its customer lists to third parties.
Canopie may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Canopie, and they are required to maintain the confidentiality of your information.
We follow a Minimum Necessary Access Policy so any required disclosure of your personal information and identifiable health information is minimized.
Canopie may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Canopie or the site; (b) protect and defend the rights or property of Canopie; and/or (c) act under exigent circumstances to protect the personal safety of users of Canopie, or the public.
Content on this Services is directed at individuals over the age of 18 and is not directed at children under the age of 13. We do not knowingly collect personally identifiable information from children under the age of 13.
E-mail and Phone Communications
From time to time, Canopie may contact you via email, SMS or phone call for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. In order to improve our Services, we may receive a notification when you answer a call or open an email or SMS from Canopie or click on a link therein.
If you would like to stop receiving marketing or promotional communications via email, SMS or phone call from Canopie, you may opt out of such communications by Managing settings/preferences within the app.
Storing your data
Information you provide to us is stored in encrypted form on secure servers located in the US, which are owned and operated by Amazon Web Services (AWS). All sensitive traffic is transmitted securely via SSL by default. AWS are industry leaders in the provision of hosting services and take security very seriously - you can find out more about their security policies and processes in their Security Whitepapers: https://aws.amazon.com/security/security-resources/. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA), which allows us to comply with GDPR contractual obligation
We store your data for as long as you use the Canopie app. After this, we will delete your data at your request.
We retain personal information about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. We do not retain personal information longer than is necessary for us to achieve the purposes for which we collected it. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
Users of the System have certain specific rights with regard to their information. As with all queries to us, we will aim to respond within 2 working days.
Right to access
A user of the System has the right to view all personal information that Canopie has collected about them, as well as the disclosure of this data. In order to receive this data, please make a request using the Canopie Privacy Center. The first copy of this information is provided free of charge, and in a portable / common electronic form (e.g., CSV file).
Right to accuracy
A user of the System has the right to ensure that the data we have stored is accurate. In most cases, the system allows you to directly modify your own information. However, if there is incorrect data within our system that you are not able to change, please make a request using the Canopie Privacy Center and we will work directly with you to update this information.
Right to Deletion
A user of the System has the right to request deletion of all data within the system.Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
• Delete your personal information from our records; and
• Direct any service providers to delete your personal information from their records.
To request your data be deleted, please make a request using the Canopie Privacy Center. In most cases, this request will be completed within 30 days. If circumstances require a delay to this deletion, Canopie will notify you directly explaining the reason for the delay.
Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:
• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
• Debug to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act;
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
• Comply with an existing legal obligation; or
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right to withdraw consent
A user of the System has the right to withdraw their consent at any time by contact the Data Protection Officer. Please note that without consent to process your data, we will be unable to deliver the Canopie program.
Right to notification of disclosure
In addition to the right to request disclosures of your data specified in the "right to access" above, we will notify you as required by law if there has been a breach of the security of your identifiable health information.
Concerns or complaints
If you believe that any of your rights with respect to your or others’ identifiable health information have been violated by us, our employees or agents, please communicate with Canopie’s Data Protection Officer. You also have the right to complain to your Local Supervisory Authority or the Information Commisioner’s Office should you suspect a breach of this policy.
Changes to this Statement
Canopie welcomes your questions or comments regarding this Statement of Privacy. If you have any questions about this policy you can contact our Data Protection Officer (Claire Seaver) by following this link.
Effective as of April 27, 2022