Privacy Policy
Last updated: February 15th, 2025
INTRODUCTION
The Privacy Policy is intended to help you understand what data ASD.me, including its website and apps, collects, stores, and uses, how and why we use it, and your rights related to the data that ASD.me collects. For purposes of this Policy and unless otherwise specified, “data” includes information that is linked to one person or household, including things like name, email address, phone numbers, device ID, Third Party identifiers, contact information, and communications with Therapists using our digital communication platform (the “Platform”) to provide services (“Therapists”). Some jurisdictions might consider this to be “personal data,” “personally identifiable information,” or “sensitive personal data” in certain circumstances.
TERMS AND DEFINITIONS
When the terms “we”, “us”, “our”, “ASD.me” or similar wording are used in this Privacy Policy, these terms refer to ASD.me, which owns and operates this Platform. The term “You” or “you” refers to the user of our platform. The term “Practitioner” refers to the state-licensed therapist conducting the diagnostic screening and evaluation for autism. The term “website or Site” refers to the ASD.me homepage.
For purposes of the Privacy Policy, we will refer to the collection, storing, and use of data as “Processing” or “Process.” We Process data to operate our Platform and make sure you can use our services successfully. We may also Process data to send you regular emails or text messages to help provide services. Other times, we may collect, store, and use data for marketing communications. You can opt out of receiving texts or marketing communications at any time.
ASD.ME POSITION ON DATA SECURITY
Protecting and safeguarding any information you provide to ASD.me is taken very seriously by us. Your privacy and confidentiality is very important to us, so we want you to know how we collect, use, share, and protect your information. Information about our security and privacy practices can be found in our Privacy Policy (The ‘Privacy Policy’) below:
THE PRIVACY POLICY CONSENTS
If you access our Website and/or use our Services and Platform, you consent to our collection, use, and disclosure of your information as described in The Privacy Policy.
ASD.me may update The Privacy Policy at our sole discretion. When we make significant changes to our Policy, we will notify you via our website or apps when you request access to our Platform by logging into your account. We welcome you to review the latest information in the Privacy Policy.
BY ACCESSING OUR PLATFORM, YOU NOT ONLY AGREE WITH THE TERMS OF USE BUT ALSO AGREE TO THE TERMS OF THE PRIVACY POLICY OF OUR PLATFORM. THE PRIVACY POLICY IS INCORPORATED INTO AND DEEMED A PART OF THIS AGREEMENT. THE SAME RULES THAT APPLY REGARDING CHANGES AND REVISIONS OF THIS AGREEMENT ALSO APPLY TO CHANGES AND REVISIONS OF THE PRIVACY POLICY.
THE PRIVACY POLICY APPLICATIONS
The Privacy Policy applies to any visitors who access the public portions of our website, ASD.me, including our web pages, current and future apps for use on a mobile device, users who create accounts for use on our Platform, ASD.me Practitioners, and any independent contractors who we retain to conduct autistic diagnostic screenings and evaluations who are using our Platform to deliver services.
The Privacy Policy also applies to personal information processed by us during the course of business, including on our website (“Site”) and other online or offline offerings (collectively, the “Services”). Any personal information that is provided to us for purposes of rendering clinical services, also referred to as “Protected Health Information” or “PHI,” is any information that identifies you individually; More specifically, it is demographic information that relates to your past, present, or future physical or mental health condition and any related healthcare services. Our Privacy Practices describe how ASD.me can use and share your PHI, and describe your rights concerning this information.
STANDARD USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION
To provide you with the most effective level of services, ASD.me will have to acquire your personal health information. We understand how delicate and vital this information is and want to reassure you that we will preserve it with the highest degree of integrity by taking all rational safeguards to ensure that your PHI is shielded from any inappropriate disclosures. That said, there may be circumstances from time to time throughout the services we provide via our Telehealth Platform, which will require us to share some of your personal information with other parties, both inside and outside of ASD.me. The purpose of The Privacy Policy is to ensure that you have a complete understanding of these circumstances and the recourse you have in deciding how and when your PHI is used.
WHAT SPECIFIC DATA IS PROCESSED
What data we process depends on how you’re using our website, apps, and our Platform or Services. Types of data collected include:
- VISITS: When you visit the ASD.me Site, apps, or Platform, we Process information like the pages you visited or which features of the Site you interacted with, the amount of time on the Site, information about the type of device and browser you’re using, and IP address.
- REGISTRATION: To establish an account with our Platform, the user provides us with some personally identifiable information. We Process the information to complete the registration, including the intake questionnaire.
- ACCOUNTS: When a user establishes an account with the ASD.me Platform, we Process data such as the account name for each user, other demographic data, and contact information, such as email, phone number, emergency contact details, and whether a user verifies their email address.
- USER PIN: ASD.me gives every user who establishes an account a User PIN. User PINs are individual to each account and are required to access the functionality of our Platform.
- TRANSACTIONS: ASD.me Processes transactional data about payment, such as whether a user completed payment for our services, signed up for services using a trial offer, canceled or ended a trial, or received a discount or any extensions or refunds. Also, data on whether a visitor has registered to create an account is processed by us.
- PRACTITIONER DATA: ASD.me Processes written communications and related information between users and their Practitioner conducting the diagnostic evaluation for autism. The data processed includes messages between users and Practitioners as well as Practitioner notes around the diagnostic evaluation.
- USER FEEDBACK: ASD.me Processes user feedback about their Practitioner, including being able to rate the quality of the services they received from their Practitioner from a low of 1 to a high of 5. We also Process data on Practitioner session availability, session cancellations, and no-shows. We also process data on user experience with our Platform, including the level of difficulty in navigating and using our Platform.
- CLINICAL DOCUMENTATION: ASD.me Processes data on “Clinical Health Documentation | Records,” which is a documented record containing the minimum information your Practitioner would need to identify you individually and document the services you received. This Record includes your Practitioner’s internal notes, dates you received services, and these specific data subsets: Registration Data, User Account Data, and Practitioner Data (Dates of service, messages with Practitioner, and Practitioner internal notes).
SERVICE PROVIDERS AND THIRD PARTIES
In addition to processing data, we also share some data with Service Providers that are necessary to operate the ASD.me Platform, eg, the performance of needed Site and application functionality. Additionally, when you opt-in, we share certain data with Third Parties.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; This information will not be shared with any third parties.
From time to time, entities or individuals known as Service Providers may have access to and collect data on our behalf. For purposes of The Privacy Policy, when the term Service Provider is used, we mean “a person or company that we have a legal agreement with to collect data collected by us or on our behalf.” Data that is processed on our behalf is required to be done only at our direction – no other person or company can authorize it.
Our Service Providers are not permitted to disclose data that is individually identifiable to any other person or company, other than to us or the Service Providers’ subcontractors, provided that they’re bound to data processing terms that are no less restrictive than the terms of the Service Provider, which should reflect ASD.me Privacy Practices. Additionally, provided you opt-in, we may process and share some data with Third Parties for advertising purposes. ASD.me will define “Third Party” as a person(s) or an organization entity for the purposes of this Policy. A Third Party means “an entity that is not ASD, not a Service Provider as defined by ASD.me, not a Practitioner, or any other parties that are specifically called out in The Privacy Policy.” Messages between you and your Practitioner are protected from, and not shared with, any Third Party. Your information will not be shared with third parties unless you opt-in to have your information shared.
The data obtained by Service Providers from their relationship with us must only be used for performing the services specified in our agreement with them, or as reasonably necessary to perform one or more of the following:
- Comply with applicable law, regulation, or legal process;
- Detect, prevent, or mitigate fraud or security vulnerabilities;
- Debug to identify and repair errors impairing existing intended practicalities; and/or
- Conduct internal research for technological development and demonstration of our products or services, if such use is reasonably necessary and proportionate to achieve the purpose for which the data was shared.
WHY IS DATA USED
There are reasons why ASD.me collects your data, including the following:
- We Process Visitor Data, Account and Registration Data, User PIN, Transaction Data, User Feedback.
- Practitioner Data, and Clinical Health Documentation | Record Data to:
- Connect you with our diagnostic screening and evaluation services.
- Promote the exchange of information between you and your Practitioner.
- Determine the State, Province, or Country you reside in to connect you with an appropriate Practitioner, based on licensure and/or certification requirements.
- To the extent possible, expedite a successful diagnostic screening and experience and outcome.
- Affirm your identity, and secure your account.
- Oversee and safeguard the security of our Platform.
- Monitor possible abuse or impermissible activity on our Platform.
- Address concerns about accessing or using our Platform.
- Monitor the quality of the services rendered by Practitioners and if need be, implement quality improvement initiatives.
- Comply with federal and state laws and regulations.
DATA RETENTION
ASD.me assures you that all data we process is kept only for the time that is needed for the amount to offer our services, and observing all applicable legal requirements.
Certain categories of data are maintained for a period of time after you no longer access our Platform either through no longer needing our services or inactivity. These categories of data, which are maintained by us, allow a smooth reactivation process in the case that you start utilizing our Platform and Services in the future. The retained data also allows Practitioners to have a historical record of patient information. ASD.me data retention policies are grounded in what data is being Processed, whether or not the User Member has engaged in the diagnostic screening and evaluation of their child, and additionally, took action to request removal of their information or deletion of their data is prompted because of their inactivity on our Platform.
USER RIGHTS
Under data protection laws, ASD.me Users have certain rights, including the right to ask that we erase the personal information that we have processed and the right to request a copy of it. The exercise of your rights is explained below:
DATA ERASURE RIGHTS AND PROCEDURES
In the Privacy Policy, ASD.me defines “data erasure” (deletion, removal, or similar term) to mean “the permanent removal of personally identifiable information so that it can no longer be accessed by or visible to anyone. We have a process in place that allows users of our Platform and Services without a process for all members (regardless of where they live) to receive and process, without delay, requests to delete their information, notwithstanding their residency.
To request data erasure, please log in to your account and go to Menu > My Account (or Account Settings) > My Personal Information, where you will see a link to request the total deletion of your account information. Click the link and follow the instructions to start the data erasure process. You will know if this is a success because you will receive a confirmation email from us within 24 hours of your request.
If you do not have access to your account or are having trouble accessing the link to begin the data deletion process, you can contact ASD.me at hello@asd.me and we will assist you with the process for data removal. Again, you can expect a confirmation email within 24 hours of your request.
DATA COPYRIGHTS AND PROCEDURES
To receive a copy of your data, please log in to your account and go to Menu > My Account (or Account settings) > My Personal information, where you will see an option to request a copy of your data. The data you will receive as part of this request includes the contact information that you input on the site, questionnaire answers, emergency contact information, messages to your Practitioner, and other personal information.
DATA SECURITY
ASD.me strives to apply industry standards and best practices to prevent any unauthorized access and disclosure. While Internet-based services and Telehealth Platforms have unique security risks and these Platforms and Services are especially vulnerable to data breaches, our systems infrastructure, encryption technology, operations, and procedures are all equipped, built, and maintained to keep your information secure, private, and confidential. ASD.me has a dedicated and experienced team of IT and data security professionals whose job is to make sure we use secure technology to protect your data, test our internal security, anticipate threats to your personal information, and proactively put in place processes and infrastructures before breaches occur. Our Platform also uses SimplePractice, a HIPAA-compliant practice management telehealth software for Practitioners.
PRIVACY AND CONFIDENTIALITY STATEMENT
ASD.me takes privacy and protection of all Protected Health Information (PHI) eg, patient-clinician communications, healthcare records, and documentation very seriously. As mentioned above, we use SimplePractice, a HIPAA-compliant practice management telehealth software for state-licensed Practitioners. ASD.me ensures the confidentiality, integrity, and availability of all electronic and paper PHI created, received, maintained, or transmitted, and will identify and protect against all reasonably anticipated threats to the security or integrity of the information, impermissible uses, or disclosures. ASD.me will not release any information regarding an individual’s diagnosis or condition without the informed written consent of the patient or his or her family or under the compulsion of legal process. To safeguard the confidentiality of individuals with disabilities, evaluators may withhold or redact any portion of the documentation that is not directly relevant to ASD.me criteria for establishing a diagnosis of a disability as defined by the Americans with Disabilities Amendments Act (ADAA). If a section of a report has been redacted, the evaluator should provide an acknowledgment and rationale for this action.
GPS DATA
ASD.me Processes your IP address to determine your rough location so that we can uniquely customize our platform for you.
Processing your rough location allows us to improve your user experience when using our platform. Using rough location data, we can also populate your state information and country (if applicable) when completing our registration questionnaire. We Process your address information when you provide it as part of your emergency contact information.
WHAT ARE COOKIES AND WEB BEACONS AND WHAT ARE THEY USED FOR
A “cookie” is a small data file, available in a data folder on a computer, and it is used for record-keeping purposes, eg, browsing histories. Cookies are used to enhance the performance of the ASD Platform, personalize the user experience, and assist you by allowing you to log into certain platforms and websites quicker by bypassing your login credentials.
A “web beacon” or “pixel” is a tiny and very small, almost invisible image or embedded code, placed on a web page or email that can report your visits. In general, these tools can be used to monitor the activity of users for web analytics, advertising, and search engine optimization.
SALE OF PERSONAL INFORMATION
ASD.me does not sell personal information to or is paid for personal information by anyone. That said, California law defines “sale” broadly to “include the sharing of personal information in exchange for anything of value. If you opt into our use of Advertising cookies and web beacons, this use may be considered a “sale” of personal information under California law.
APPLICABLE PRIVACY LAWS FOR CALIFORNIA RESIDENTS
Compliance with California’s Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (“CPRA”) of 2023 supplements the ASD.me Privacy Policy.
The CCPA and the CPRA are California laws that provide its residents with certain rights over information about them, including notice about the categories of personal information we have collected from them in the preceding twelve (12) months and the purposes for which the information is used or disclosed, and correction of personal information. For purposes of The Privacy Policy, in California, ASD.me will comply with the above California statutes governing consumer rights about their personal information.
QUESTIONS?
If you have any questions concerning The Privacy Policy, contact ASD.me at hello@asd.me .