We at Subtle Alliance know the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.
The Subtle Alliance website and all other products and services, including mobile applications, owned, controlled or offered by Subtle Alliance, and all content offered as part of those products, services, and applications, are collectively referred to herein as the “services.” By using or accessing our Services in any manner, you are acknowledging that you accept and are opting in to the practices and policies outlined in the Privacy Policy and Terms and conditions. By accessing the Services, you represent that you are over 13 years of age, and you hereby are giving full consent that Subtle Alliance will collect, use, and share your information as described below.
As noted in the Terms and conditions, Subtle Alliance does not knowingly collect or solicit Personal Information from anyone under the age of 13 in the United States, or under the age of 16 in the European Union without parental consent. If you do not meet the age requirements, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under the legal age of consent, we will delete that information as quickly as possible. If you believe that a child under the legal age of consent may have provided us with Personal Information, please contact us at info@subtlealliance.com.
Subtle Alliance gathers information from customers for multiple reasons. We use Personal Information (or PII) internally in connection with our Services, as a means of identifying you as a subscriber, to create an account and profile, to contact you, to help you fulfill rehabilitation requirements, to provide and improve the Services, and to learn more about how you use the Services. We may share some de-identified Information with third parties, who might help us learn how to provide better support to you and to make product improvements. Subtle Alliance will not access your camera, your contacts, your location, your files, or any other device content without your permission. Subtle Alliance will never contact others or post to social networks on your behalf without your permission. The following sections explain what information we collect and how we use it.
As part of HIPAA compliant covered entities, we are aware of our obligation to implement effective security and privacy policies that comply with these regulatory standards.
Subtle Alliance recognizes the necessity of secure, responsible custodianship of your data. More than that, we recognize that our relationship with our partners requires us to be compliant with federal privacy laws, such as HIPAA. We take these relationships seriously, and as an illustration of our commitment we have created this statement of compliance to provide an overview of how we protect your privacy.
Federal regulations demand a basic standard of data protection. The following processes have been implemented to meet and exceed these standards:
In addition, Subtle Alliance has instituted policies to ensure the following:
Consistent with Federal and State records laws, and with HIPAA, you have the right to request a copy of your data at any time. Your treatment center, if applicable, may request a copy of your data if authorized. We will not share these data with any unauthorized third party.
Access to our databases is restricted to those who are required to access it in the lawful course of their duties. Subtle Alliance has strict policies about employee passwords, workstations, and unnecessary access that prohibit behaviors that could put your privacy at risk. Access to your account is restricted to your unique user ID, and requires your password. We perform regular vulnerability assessments to ensure that we are employing the most current protections and the most relevant policies.
Each login session is given and managed by its associated access token, which is generated at the time of login. Once an access token expires, the user must login with their credentials again in order to receive a new access token to access and manage their data. In the event of a password reset, all previous & existing access tokens are invalidated immediately. Your password is never stored anywhere by us, and so cannot be obtained if our security is compromised. When you set your password, it is encrypted, salted, and stored as hash values as soon as it is created. There is no way for us to retrieve or access them. We do offer a way to reset passwords, which can be found in the login screen of our app.
When your account is deactivated, we provide both you and your treatment center (if applicable) the opportunity to request a copy of any information we may have stored on your behalf. At the expiration of that period, or as the end result of a negative or affirmative response, all identifiable data will be destroyed.