← Back to Home
Privacy Policy
Novobeing VR Therapy Platform for Mental Health Professionals
Effective Date: January 8, 2025
Our Privacy Commitment: Novobeing is committed to protecting your privacy and the privacy of your clients. We have designed our platform with privacy-by-design principles, ensuring that we do not collect, store, or have access to your clients' personal health information (PHI) or personally identifiable information (PII).
1. Introduction
This Privacy Policy explains how Novobeing Inc. ("Novobeing," "we," "us," or "our") collects, uses, protects, and shares information when you use our virtual reality therapy platform. This policy applies to mental health professionals and practices who use our CORE Plan services.
By using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our services.
2. Information We Collect
2.1 Information We DO NOT Collect
Important: Novobeing does not collect, store, process, or have access to:
- Personal Health Information (PHI) of your clients
- Personally Identifiable Information (PII) of your clients
- Therapy session content or recordings
- Client names, contact information, or demographics
- Medical records or treatment notes
- Financial or payment information of your clients
2.2 Information We Do Collect
We collect limited information necessary to provide and improve our services:
| Information Type |
What We Collect |
Purpose |
| Account Information |
Your name, email, practice information, billing address |
Service delivery, billing, support |
| Device Information |
Device ID, software version, hardware specifications |
Technical support, updates, security |
| Usage Analytics |
Session duration, experience types used, technical performance |
Platform improvement, research |
| Technical Data |
IP address, browser type, operating system |
Security, troubleshooting |
3. How We Use Information
We use the information we collect for the following purposes:
- Service Delivery: Providing access to VR therapy experiences and platform features
- Technical Support: Troubleshooting issues and providing customer assistance
- Platform Improvement: Analyzing usage patterns to enhance user experience
- Security: Protecting against unauthorized access and maintaining system integrity
- Billing and Administration: Processing payments and managing your account
- Legal Compliance: Meeting regulatory requirements and legal obligations
- Research and Development: Improving therapeutic VR experiences (using anonymized data only)
4. Data Sharing and Disclosure
4.1 Third-Party Service Providers
We may share limited information with trusted third-party service providers who assist us in operating our platform:
- Meta/Facebook: VR platform services and device management
- Google Workspace: Email and productivity services
- Feeling Digital: Software development and technical services
- Payment Processors: Billing and payment processing
- Cloud Hosting Providers: Secure data storage and platform hosting
4.2 Legal Requirements
We may disclose information when required by law, including:
- Compliance with legal process or court orders
- Protection of our rights and property
- Investigation of potential violations of our Terms of Service
- Protection of the safety of users or the public
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to confidentiality agreements.
5. Data Security
Enterprise-Grade Security: We implement comprehensive security measures to protect your information and maintain the integrity of our platform.
5.1 Technical Safeguards
- Encryption: Data encrypted in transit and at rest using industry-standard protocols
- Access Controls: Multi-factor authentication and role-based access restrictions
- Network Security: Firewalls, intrusion detection, and secure network architecture
- Regular Updates: Timely security patches and software updates
- Monitoring: Continuous security monitoring and threat detection
5.2 Organizational Safeguards
- Employee Training: Regular security awareness training for all staff
- Background Checks: Security screening for employees with data access
- Incident Response: Comprehensive procedures for security incident management
- Vendor Management: Security requirements for all third-party providers
5.3 Compliance Standards
Our security program aligns with HIPAA Security Rule requirements to ensure appropriate safeguards for healthcare technology environments.
6. Data Retention
We retain information only as long as necessary to provide services and comply with legal obligations:
- Account Information: Retained during active subscription plus 7 years for legal compliance
- Usage Analytics: Anonymized data retained indefinitely for research purposes
- Technical Logs: Retained for 90 days unless required for security investigations
- Billing Records: Retained for 7 years as required by law
7. Your Rights and Choices
7.1 Access and Correction
You have the right to:
- Access information we have about you
- Correct inaccurate or incomplete information
- Request deletion of your account and associated data
- Receive a copy of your data in a portable format
7.2 Communication Preferences
You can control communications from us by:
- Updating your email preferences in your account settings
- Unsubscribing from marketing emails (service-related emails will continue)
- Contacting us directly to modify communication preferences
7.3 Analytics Opt-Out
While we collect minimal usage analytics, you may request to opt out of non-essential data collection by contacting our support team.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers, including:
- Standard contractual clauses approved by regulatory authorities
- Adequacy decisions by relevant data protection authorities
- Certification under recognized privacy frameworks
9. Children's Privacy
Our services are designed for use by licensed mental health professionals and are not intended for direct use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Email notification to your registered email address
- Prominent notice on our platform
- Updated effective date at the top of this policy
Your continued use of our services after notification constitutes acceptance of the updated policy.
11. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us.
12. State-Specific Privacy Rights
12.1 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect and how it's used
- Right to delete personal information (subject to certain exceptions)
- Right to opt-out of the sale of personal information (we do not sell personal information)
- Right to non-discrimination for exercising your privacy rights
12.2 European Residents (GDPR)
If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to data portability, rectification, and erasure.
Questions or Concerns? We are committed to addressing any privacy concerns you may have. Please don't hesitate to contact us using the information provided above.
