Date of Last Amendment: January 5, 2025
DiveThru respects and endorses your rights to privacy and to understand how and why we collect, use, safeguard, and disclose personal information.
The DiveThru App (the “App”) is owned by DiveThru Inc. (“DiveThru,” “we,” “us,” “our”). Our head office is at Bell Tower, 2100, 10104 103 Ave NW, Edmonton, AB T5J 0H8. DiveThru includes affiliated, related, or subsidiary companies, and our shareholders, directors, officers, employees, contractors (including our therapists), subcontractors, freelancers, agents, representatives, successors, and assigns.
The App provides App Users and Clients with:
In this Policy (the “App Privacy Policy”), we use the terms:
DiveThru collects and stores App Users’ personal identifying information and may collect personal information and personal health information (as those terms as defined in this Policy) from App Users.
DiveThru collects and stores personal identifying information, personal information, and personal health information from Clients.
This App Privacy Policy explains how we collect, store, use, disclose, safeguard, and dispose of App Users and Clients’ (1) personal identifying information, (2) personal information, (3) personal health information, and (4) in Section P, App Users and Clients’ rights regarding that information.
This App Privacy Policy does not apply to our Website. Our privacy commitments to you regarding the Website are outlined in the DiveThru Website Privacy Policy. Your contract with us when using the App is the DiveThru App Terms & Conditions; when using our Website, the DiveThru Website Terms & Conditions. |
Content is Not Mental Health Counselling
The content on the App, including Solo Dives, Articles, Courses, Journal Bundles, and Mindfulness Exercises, is informational/educational only. The content on the App is not, and should not be considered as or substituted for mental health counselling. The App content and an App User’s use of that content do not constitute the practice of mental health counselling or any other professional mental health service, advice, diagnosis, or treatment. If you are not sure if mental health counselling will benefit you, you can connect with our team by reaching out to hello@divethru.com.
There are two versions of the App:
This App Privacy Policy applies to both the Browser and Mobile versions of the App.
On the DiveThru website, there are CTA (Call to Action) buttons/links marked “Find a Therapist,” “Download the app,” “Take me to the app,” Apply Now,” “Log In,” “Sign In,” and “Sign Up.” App Users access the Browser App by clicking on one of those buttons/links.
An App User will know they have left the Website and begun the process of accessing the Browser App when:
App Users may be able to access the DiveThru App Terms & Conditions and this App Privacy Policy before entering their personal identifying (contact) information. If an App User uses a link to the Browser App that does not provide that access, they will have an opportunity to review the DiveThru App Terms & Conditions and this App Privacy Policy once they enter the data requested and access the DiveThru App.
If an App User reviews the DiveThru App Terms & Conditions and this App Privacy Policy after entering personal identifying and/or contact information and decides they do not wish to use the Browser App, the Mobile App, or our services, contact us at privacyofficer@divethru.com and we will delete the information you entered.
The Browser App has limited utility. It can be used to manage elements of your journey utilizing our services, including features like taking our matching tool, selecting a therapist and booking an appointment
App Users are encouraged to download the App to their mobile devices without cost from the Apple App Store and Google Play Store.
The Mobile App helps App Users and Clients manage elements of their journey utilizing our services, including features like our matching tool, selecting a therapist and booking an appointment, and accessing our library of psychoeducational resources and exercises.
Personal identifying information is information that identifies a specific individual. Personal identifying information is subject to privacy rights.
An individual’s name alone can be personal identifying information. An individual’s name combined with a second piece of information is almost always personal identifying information. Home address, email address, telephone number, social media handle, age, nickname, a detailed description of physical features, the neighbourhood in which the person lives, and where they went to school are examples of information that would be personal identifying information when combined with a name or another identifier.
Personal information, i.e., information about an identifiable individual, is subject to privacy rights.
Examples of personal information include:
We also use the term “Personal Information” in a general sense in this App Privacy Policy, i.e., to include personal identifying and personal health information.
Personal health information is subject to stringent privacy rights. Personal health information can include personal identifying or personal information.
Personal health information includes:
We collect and store from App Users personal identifying information, personal information, and personal health information, including:
We collect information from App Users so that:
More generally, we collect information from App Users to operate our business, our Website, our App, and our physical locations. We require this information to ensure that our services and service delivery modalities meet the evolving needs of our App Users and that the design and navigability of our Website and App are optimized for the best experience.
We only collect information from App Users for the purposes outlined in this Policy. By creating an account and accessing the App, App Users consent to our collection and use of information as outlined in this Policy.
A prospective App User who does not wish to provide the personal information necessary to create an account and access the App may wish to consider alternative service providers. Alternatively, that prospective App User may contact our Privacy Officer (PCO) at privacyofficer@divethru.com to discuss if and how this can be accomplished. When contacting our PCO, please indicate “Privacy Inquiry” in the subject line.
Should we wish to use an App User’s information for any purpose other than as outlined in this Policy, we will first obtain their consent.
We use or may use App Users’ information for our internal security audit log, usage and trend analysis, system administration, and to gather aggregate demographic information about our App User base for market identification and related purposes, including how App Users use the App (pages viewed, services used, etc.).
We share or may share Section H information with third parties that provide services to us, including analysis, storage, and data aggregation, data organization. Please note that we only use Section H information for legitimate purposes related to the operation of our business and advancing our commercially reasonable business objectives, including understanding how App Users use our App. We do not use it for any other purpose, and we do not share it except as described in this Policy.
We collect and store from Clients personal identifying information, personal information, and personal health information, including:
We only collect information from Clients for the purposes outlined in this Policy, i.e. to facilitate their therapy journey. We do not collect information from Clients for any other purpose.
By booking their first appointment with one of our therapists, Clients consent to our collection and use of personal information, including personal health information and non-personal information, as outlined in this Policy.
Should we wish to use any of the information we collect and store, we will first obtain their consent.
We use or may use Clients’ information for our internal security audit log, usage and trend analysis, system administration, and to gather aggregate demographic information about our Client base for market identification and related purposes.
We share or may share Section H information with third parties that provide services to us, including analysis, storage, and data aggregation, data organization. Please note that we only use Section H information for legitimate purposes related to the operation of our business and advancing our commercially reasonable business objectives, including understanding how Clients use our App. We do not use it for any other purpose, and we do not share it except as described in this Policy.
Cookies
Cookies are small text files that are placed on users’ computers by websites. They are widely used to allow websites to work properly and be more user-friendly, remember user preferences, improve user experience, and provide website owners with information they use for legitimate business purposes. A description of what cookies are and how they work can be found here.
We use or may use cookies for all of the reasons listed.
Some cookies that are placed or may be placed by our Website are from third-party companies that provide us with analytics and other services. The information collected helps us understand how users interact with our Website so that we may make improvements to it.
We use the Google Analytics suite of tools (or another provider’s substantially identical tools). Google (Alphabet Inc.) uses cookies to provide us with data that helps us better understand how our Website is being used, including the number of users, session statistics (the pages visited, how long users stay on the site), approximate geolocation, and browser and device information.
In particular, we use Google Tag Manager, a Google Analytics tool (or another provider’s substantially identical tool), to manage tags. Marketing tags are segments of code on a website that track user actions and collect data. Specific actions on a website trigger tags to collect data about the activity and send it to an analytics tool. Different tags serve different functions: Pageview Tags monitor visits to pages on a website; Conversion Tags track, for example, each time a form is filled out.
We use the Google Search Console (or another provider’s substantially identical tool) to obtain search-engine-related data to help us optimize traffic to our Website. Examples of search-engine-relate data include user queries and the number of times our site’s URLs appear in search results (impressions), along with post-click data about site engagement, including bounce rates and e-commerce conversion rates.
Google policies require that no data be passed to Google that Google could use or recognize as personal information. More information about Google’s policies is here.
Ad Services
We use Google Ads to highlight our Website when users use Google’s search engine. We do not disclose personal information when we use Google Ads.
We use Meta Ads (Meta Platforms, Inc.) to advertise on, for example, Facebook and Instagram. We may disclose aggregate, anonymous data about visitors and visits to our Website to Meta, but we do not disclose personal information.
Other Service Providers
In addition to Google and Meta, the following companies provide services to us:
We provide these service providers with the information described in Section G. We acknowledge that such information could be used, in a very limited number of scenarios, to identify individual App Users or Clients and that we are ultimately responsible for the security of personal information provided to us. We are satisfied that these providers properly protect and lawfully use information in their possession. Clients can access each company’s privacy policy by clicking on their names.
We provide Klaviyo with personal identifying information and personal information about Clients. We acknowledge that we are ultimately responsible for the protection of the personal identifying information and personal information provided to us. We are satisfied that Klaviyo properly protects and lawfully uses information in their possession.
Other User-Tracking Technologies
We may use web beacons (sometimes called trackers). Web beacons allow the owner of a website/app to count the number of users who click on an advertisement for its product or service on a third-party site (to assess the value of advertising on that third-party site). Web beacons collect only specific information, such as a cookie number, time and date of visit, and a description of the page on which the web beacon is installed. Personal information is not collected.
It is not possible to opt out of web beacons used on web pages. However, because web beacons are used together with cookies, their use can be limited by deleting cookies or changing browsers’ cookie settings.
Managing Cookies Settings
Cookie settings can be managed to clear or block specific cookies or all cookies. However, a User who blocks all of the cookies that we use may find their user experience affected or that our Website/App lose most or all of their functionality. Cookie settings are accessed via browser settings. Please keep in mind that by clearing all cookies, all website/app preferences will be lost.
Therapists have wide (but not unrestricted access) to their Client’s information stored by DiveThru. They need this information to provide their therapeutic services.
Administrative staff have limited access to Client information they need to facilitate the provision of services and manage billing and related matters.
Clinical leads have wide access to Client information to manage DiveThru’s business from clinical and operational perspectives.
Our Privacy & Data Security Officer has access to Client information as needed to respond to requests and queries by Client and to audit and ensure the privacy of Client information is maintained.
We do share de-identified data for research purposes, but we ensure the data is not re-identifiable or shared in ways that could reveal a Client’s identity.
We may share Section H Information with companies affiliated with DiveThru. If we do, we will require those companies to adhere to this Policy or a materially identical privacy policy. Affiliate companies include a parent company of DiveThru and any subsidiary companies, joint venture partners, and any other companies we control or that are under common control with us.
If a third-party contractor has or could have access to Section H Information, we require that contractor to treat it as confidentially as we do. An IT contractor providing system maintenance is an example of a third party that may have access to Section H Information in the course of providing services to us. Other third-party services that will or may involve access to Section H Information include payment processing, customer services (e.g., contact centre services), data analysis, hosting services, marketing, and product development. Specific third-party contractors to which we provide personal information are identified in this Policy.
We do not share Client Information outside DiveThru unless required to do so by law or with the Client’s consent.
We do not sell Clients’ personal information or personal health information
We use medical-industry-standard administrative, electronic (HTTPS over TLS encryption), and physical security measures that meet the standards set by applicable health records privacy laws to prevent unauthorized access to Clients’ personal information. Our Privacy & Data Security Officer (see section L) is responsible for monitoring and maintaining the measures we take to protect the security of Website Users’ personal (and non-personal) information and to conduct periodic audits of our security measures to ensure that they are up-to-date and continue to meet medical industry standards.
We retain App Users’ personal information, including personal health information, for ten (10) years from the date they create their account.
We retain Clients’ personal information, including personal health information, for ten (10) years after the date of their last appointment with one of our therapists.
When we dispose of personal information, we do so in a way that prevents a privacy breach and meets medical industry standards, i.e., by securely shredding paper files and completely and permanently deleting electronic records. Any data retained purely for statistical or research purposes will be rendered anonymous and no longer personal data.
If instructed to do so by an App User or Client, and unless legally prevented from doing so, we will dispose of personal data. App Users and Clients may contact our Privacy Compliance Officer (PCO) at privacyofficer@divethru.com if they wish to have their personal data deleted from our records. When contacting our PCO, please indicate “Privacy Inquiry” in the subject line.
While we take industry-standard steps to secure all information of whatever nature, no security measures are perfect or impenetrable, and no method of data storage or transmission can be guaranteed against any interception or other misuse. In particular, information stored online is vulnerable to interception and misuse by unauthorized parties.
Section H Information is anonymous to us. For that reason, we cannot contact Website Users whose Section H information may have been obtained by unauthorized parties. We would, however, post a notice with respect to the unauthorized access to Section H Information.
In the event of a data breach involving the DiveThru App and App User or Client information that posed a risk of significant harm to them, we would directly inform affected/potentially affected App Users and Clients by email.
DiveThru has designated an appropriate official as its Privacy & Data Security Officer (PO). The PO is empowered to ensure compliance with DiveThru’s confidentiality of personal information, including personal health information, obligations and commitments.
Contact our Privacy Compliance Officer at privacyofficer@divethru.com. When contacting our PO, please indicate, as applicable, “Website Privacy Inquiry” or “DiveThru App Privacy Inquiry” in the subject line.
Contact our Privacy Compliance Officer at privacyofficer@divethru.com with any questions you have about this App Privacy Policy or our data security practices. When contacting our PO, please indicate “DiveThru App Privacy Inquiry” in the subject line. Please note that to maintain their efficacy, we do not provide detailed information about our data security technology and practices.
DiveThru offers its services to Clients in some Canadian provinces. For that reason, the App is intended for the use of individuals resident in those Canadian provinces.
This Privacy Policy complies with all applicable Canadian (federal and provincial) privacy laws in force on the Date of Last Amendment, including laws that specifically address the privacy of personal health information. We have made every reasonable effort to create a Privacy Policy that is also generally consistent with the spirit and intent of the laws in other (international) jurisdictions, but we do not claim that our Policy strictly complies with all privacy regulations in the world.
If you believe we are not handling your personal information or your personal health information as required by Canadian privacy law, please address your concern in the first instance to our PO at privacyofficer@divethru.com. When contacting our PO, please indicate, as applicable, “Website Privacy Inquiry” or “DiveThru App Privacy Inquiry” in the subject line.
You have the right to have your concern reviewed fairly and impartially by our PO and to be advised of the outcome of the review and any steps taken to address your concern, including any amendments to this Policy or any changes to our practices.
DiveThru accords App Users and Clients all rights regarding the personal information we collect that they have as a matter of law in connection with personal health information, whether or not any particular piece of personal information meets the legal definition of personal health information.
App Users’ and Clients’ rights regarding their personal information are:
We amend this App Privacy Policy from time to time. If the Date of Last Amendment is later than the last time you read it, please review this Policy again. Continued use of the App constitutes consent to its terms.
