Effective Date: Jan 1, 2021, Last Updated: Apr 3, 2023
Empathy Rocks, Inc. (DBA “Mpathic.ai” or “mpathic”; referred to the “Company”) maintains the Mpathic.ai website as a service to the Internet community. The Mpathic.ai website (the “Site”) has been designed to provide general information about the Mpathic.ai products and services and the services of its affiliated companies.
This policy describes the types of information we may collect from you or that you may provide (i) when you visit the website www.mpathic.ai link (the “Site”), or (ii) from using our Mpathic.ai online and mobile software (collectively, the website and the Mpathic.ai software are our “Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- That you may provide when you access or use the Services.
- In email, text, and other electronic messages between you and the Company.
Our Services are not directed to people under the age of 18, and we do not intentionally gather personal information from visitors who are under the age of 18, without their parental or guardian’s consent or in some cases, the child’s assent or consent if the legal age of consent for health services is younger than age 18 according to state law. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at email@example.com. We will attempt to delete such information in accordance with the law.
Information We Collect About You and How We Collect It
We may collect the following information from you, for the following purposes:
When you use our Services, including a free trial, we may ask you for your name, address, telephone number, email address, or other contact details in order to respond to your request or inquiry or to verify your identity.
When you seek services from us in the course of contractual or customer relationships between you and/or your organization and us, we collect business contact information and other personal information in order to provide you with the services you have requested.
Computer and Internet Information
When you visit our Site or use our Services, we collect information about your computer and internet connection, including your IP address, operating system, browser type, cookies, and data about the pages you visit. This information may be collected automatically from your browser or your mobile device and is used to understand how you interact with the Services.
When you use our Services, we collect information about your use of and interaction with our Services in order to (a) serve you the content and functionality you request, and (b) to maintain the privacy and security of the Services. Location information collected includes your Internet Protocol (IP) address or unique device identifier.
Feedback / Support / Inquiries
If you provide us with feedback or contact us for support or to ask us questions, we will collect your name, email address, other contact information, and other information needed to respond to your feedback, provide the requested support, or to answer your question.
Financial and Payment Information
If you choose to purchase Services from us, you will need to give personal information and authorization for us to obtain information from various credit services. We may collect your bank account and other data necessary to process payments, including credit card numbers, security codes, expiration dates, and other related billing information. For example, you may need to provide the following information:
- Mailing address
- Email address
- Credit card number
- Home and business phone number
We do not store your payment information. By submitting your payment card information, you expressly consent to the sharing of your information with third-party payment processors and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties).
We use various third-party vendors for risk analytics and compliance purposes, to track and analyze usage and volume statistical information of our Services and to process commercial transactions. We may use services provided and / or hosted by third parties, such as analytics services, to assist in providing our services and to help us understand how you use the Services. This information about your use of Services (including your IP address) may be transmitted to and stored at, our data warehouses or our vendors.
Pages of our Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Some content or applications, including advertisements, available with our Services are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. We may also use the services of third-parties for completing tasks related to the provision of our Services (e.g. processing of payments, execution of agreements). Where confidential information, such as information about our users, may be exchanged with third-party service providers, these providers are bound by confidentiality requirements at least as restrictive as those set forth herein. If you leave our Services to visit another website or use the services of a third-party, you should review the privacy policies of each third-party that you visit before using their sites or services.
These third parties may provide you with ways to choose not to have your information collected or used. For example, you can opt out of receiving targeted ads from members of the Network Advertising Initiative (NAI) on the NAI’s website.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
We are not responsible, or liable to you or any third party, for the materials, goods, or services provided by any third parties.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Services and its contents to you.
- To provide you with information, products, or services that you request from us.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your account and subscription, including expiration and renewal notices.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Services or any products or services we offer or provide though it.
- To conduct research and analysis.
- To validate the accuracy of existing products.
- To develop new products and services.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
Disclosure of Your Information
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Mpathic.ai’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Mpathic.ai about our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
- We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our subscription agreements, and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Mpathic.ai, our customers, or others (e.g., exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
California residents may have additional personal information rights and choices. Please see Your California Residents for more information.
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://iapp.org/resources/article/california-consumer-privacy-act-of-2018/#1798.185
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our System that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.
Accessing and Correcting Your Information
If you sign-up for an Mpathic.ai product you can review and change your personal information by visiting your account profile page.
Any data access is logged by the user with time-stamping and IP information. User access is controlled with strong passwords. The server uses algorithms to identify and block any malicious users. Mpathic.ai conducts regular system security audits using outside security professionals. Further information can be found in Mpathic.ai’s Data Security Statement.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Information Received as Business Associate
Some of our US-based customers (such as healthcare providers) may be subject to laws and regulations governing the use and disclosure of the health information they create or receive, including the Health Insurance Portability and Accountability Act (HIPAA) and the regulations adopted thereunder. Mpathic.ai will only use or disclose such information as permitted by the controlling business associate agreement (BAA) or as otherwise permitted by law. Mpathic.ai limits access to “protected health information” in accordance with HIPAA. Mpathic.ai’s workforce members are trained on the privacy and security requirements applicable to protected health information, and Mpathic.ai’s “business associates” are required, pursuant to the terms of their agreements with us, to implement required safeguards.
Mpathic uses some subprocessors and subcontractors to deliver its subscription services. Under GDPR, a sub-processor is any business or contractor customer data may pass through as a side effect of using Mpathic’s services. This is a very broad definition and covers a number of areas of Mpathic’s business including the delivery of its services, supporting customers and the general operations of doing business. The following provides a description of those subprocessors Mpathic uses, where they are located and what they are used for.
Safeguards for Subprocessors
Mpathic uses a commercially reasonable selection process in its choice of subprocessors that cover the security of any personal data. This includes due diligence on the information security practices and data protection compliance of all third party sub-processors.
Updates to Subprocessors
Our business needs may change over time. For example, we may remove a Sub-processor to consolidate subprocessors or we may add a subprocessor if we believe that doing so will improve our ability to deliver services. Periodically we will update this page to reflect additions and removals to our list of Sub-processors.
- AWS, Amazon Web Services, Inc., Infrastructure and Cloud Service Provider
- Auth0, Infrastructure and Data Processor for authentication and authorization
- Github, Code repository
Business Operations Tools
- Atlassian, Feature management, bug tracking, and other operations information
- Open.ai, Infrastructure and Data Processor
- Google LLC, Productivity tools, email and file Storage, meetings; Infrastructure and Cloud Service Provider
- DocSend, Legal contract storage and tooling
- Hubspot, Customer relationship management and support services
- Slack Technologies, Communications and messaging for internal and customer support operations.
- Breezy HR, Tracking job applicants
Mpathic collects, holds, and processes certain personal data about our customers (“data subjects”). As a data subject, you have a legal right, under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) to find out about our use of your personal data as follows:
- Confirmation that your personal data is being processed by us;
- Access to your personal data;
- How we use your personal data and why;
- Details of any sharing or transfers of your personal data;
- How long we hold your personal data;
- Details of your rights under the GDPR including, but not limited to, your rights to withdraw your consent to our use of your personal data at any time and/or to object to our processing of it.
No fee is payable under normal circumstances. We reserve the right to charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive. Such charges will be based only on the administrative cost that we will incur in order to respond. After receiving your subject access request, we may contact you to request additional supporting information and/or proof of your identity.
This helps us to safeguard your privacy and personal data. We will respond to all subject access requests within one month of receipt and will aim to provide all required information to you within the same period. If we require more information from you, or if your request is unusually complicated, we may require more time and will inform you accordingly.
If you are making a subject access request on someone else’s behalf, please use the same contact details above.
Representation for data subjects in the EU and the UK
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/13068773930
Exercise your data subject rights under GDPR
We provide you with an easy way to submit to us a privacy related request like a request to access or erase your personal data. If you want to make use of your data subject rights, please visit our public privacy landing page: https://www.prighter.com/q/13068773930