Book a Demo

Privacy Policy

Effective Date: Jan 1, 2021, Last Updated: Apr 3, 2023

Empathy Rocks, Inc. (DBA “” or “mpathic”; referred to the “Company”) maintains the website as a service to the Internet community. The website (the “Site”) has been designed to provide general information about the products and services and the services of its affiliated companies.​

Review these and Terms of Use carefully before using the Site. By using and or visiting the Site, you signify your assent to both these Terms and the Privacy Statement. If you do not agree to these terms, do not use this website.

This policy describes the types of information we may collect from you or that you may provide (i) when you visit the website link (the “Site”), or (ii) from using our online and mobile software (collectively, the website and the software are our “Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

  • That you may provide when you access or use the Services.
  • In email, text, and other electronic messages between you and the Company.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is to not use our Services. By accessing or using the Services, you agree to this privacy policy. This policy may change from time to time. Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

User Restrictions

Our Services are not directed to people under the age of 18, and we do not intentionally gather personal information from visitors who are under the age of 18, without their parental or guardian’s consent or in some cases, the child’s assent or consent if the legal age of consent for health services is younger than age 18 according to state law. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at  We will attempt to delete such information in accordance with the law.

Information We Collect About You and How We Collect It

We may collect the following information from you, for the following purposes:

​Contact Information

When you use our Services, including a free trial, we may ask you for your name, address, telephone number, email address, or other contact details in order to respond to your request or inquiry or to verify your identity.

​Business Information

When you seek services from us in the course of contractual or customer relationships between you and/or your organization and us, we collect business contact information and other personal information in order to provide you with the services you have requested.

Computer and Internet Information

When you visit our Site or use our Services, we collect information about your computer and internet connection, including your IP   address, operating system, browser type, cookies, and data about the pages you visit.  This information may be collected automatically from your browser or your mobile device and is used to understand how you interact with the Services.

​Location Information

When you use our Services, we collect information about your use of and interaction with our Services in order to (a) serve you the content and functionality you request, and (b) to maintain the privacy and security of the Services.  Location information collected includes your Internet Protocol (IP) address or unique device identifier.


When you visit or use our Services, we use cookies to securely authenticate users to our servers, to improve our marketing efforts,   and for usage analytics purposes (e.g., page response times, download errors, length of visit, webpages visited, etc.). Because cookies are required for secure authentication of our  Services, our Services cannot operate without them.  If you don’t accept cookies, you cannot use our Services.  Please see’ cookies policy here. 

Feedback / Support / Inquiries

If you provide us with feedback or contact us for support or to ask us questions, we will collect your name, email address, other contact information, and other information needed to respond to your feedback, provide the requested support, or to answer your question.

Financial and Payment Information

If you choose to purchase Services from us, you will need to give personal information and authorization for us to obtain information from various credit services. We may collect your bank account and other data necessary to process payments, including credit card numbers, security codes,   expiration dates, and other related billing information.  For example, you may need to provide the   following information:

  • Name
  • Mailing address
  • Email address
  • Credit card number
  • Home and business phone number

We do not store your payment information. By submitting your payment card information, you expressly consent to the sharing of your information with third-party payment processors and other third-party services   (including but not limited to vendors who provide fraud detection services to us and other third parties).


We use various third-party vendors for risk analytics and compliance purposes, to track and analyze usage and volume statistical information of our Services and to process commercial transactions.  We may use services provided and / or hosted by third parties, such as analytics services, to assist in providing our services and to help us understand how you use the Services.  This information about your use of Services   (including your IP address) may be transmitted to and stored at, our data warehouses or our vendors.

​Web Beacons

Pages of our Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Third-Party Services

Some content or applications, including advertisements, available with our Services are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. We may also use the services of third-parties for completing tasks related to the provision of our Services (e.g. processing of payments, execution of agreements).  Where confidential information, such as information about our users, may be exchanged with third-party service providers, these providers are bound by confidentiality requirements at least as restrictive as those set forth herein. If you leave our Services to visit another website or use the services of a third-party, you should review the privacy policies of each third-party that you visit before using their sites or services. 

These third parties may provide you with ways to choose not to have your information collected or used. For example, you can opt out of receiving targeted ads from members of the Network Advertising Initiative (NAI) on the NAI’s website.

These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

We are not responsible, or liable to you or any third party, for the materials, goods, or services provided by any third parties.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

  • To present our Services and its contents to you.
  • To provide you with information, products, or services that you request from us.
  • To fulfill any other purpose for which you provide it.
  • To provide you with notices about your account and subscription, including expiration and renewal notices.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • To notify you about changes to our Services or any products or services we offer or provide though it.
  • To conduct research and analysis.
  • To validate the accuracy of existing products.
  • To develop new products and services.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

Disclosure of Your Information does not sell your information to third parties. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect or you provide as described in this privacy policy:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by about our Website users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.
  • We may also disclose your personal information:
  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our subscription agreements, and other agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of, our customers, or others (e.g., exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

  • Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

California residents may have additional personal information rights and choices. Please see Your California Residents for more information.

​California Residents

If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit

​California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our System that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to

Accessing and Correcting Your Information

If you sign-up for an product you can review and change your personal information by visiting your account profile page.

Data Security

Any data access is logged by the user with time-stamping and IP information.  User access is controlled with strong passwords.  The server uses algorithms to identify and block any malicious users. conducts regular system security audits using outside security professionals.  Further information can be found in’s Data Security Statement.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted via our Services. Any transmission of personal information is at your own risk. Except as otherwise set forth in this privacy policy or in a separate agreement between you and Company, we are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Information Received as Business Associate

Some of our US-based customers (such as healthcare providers) may be subject to laws and regulations governing the use and disclosure of the health information they create or receive, including the Health Insurance Portability and Accountability Act  (HIPAA) and the regulations adopted thereunder. will only use or disclose such information as permitted by the controlling business associate agreement (BAA) or as otherwise permitted by law. limits access to “protected health information” in accordance with HIPAA.’s workforce members are trained on the privacy and security requirements applicable to protected health information, and’s “business associates” are required, pursuant to the terms of their agreements with us, to implement required safeguards.


Mpathic uses some subprocessors and subcontractors to deliver its subscription services. Under GDPR, a sub-processor is any business or contractor customer data may pass through as a side effect of using Mpathic’s services. This is a very broad definition and covers a number of areas of Mpathic’s business including the delivery of its services, supporting customers and the general operations of doing business. The following provides a description of those subprocessors Mpathic uses, where they are located and what they are used for.

Safeguards for Subprocessors

Mpathic uses a commercially reasonable selection process in its choice of subprocessors that cover the security of any personal data. This includes due diligence on the information security practices and data protection compliance of all third party sub-processors.

Updates to Subprocessors

Our business needs may change over time. For example, we may remove a Sub-processor to consolidate subprocessors or we may add a subprocessor if we believe that doing so will improve our ability to deliver services. Periodically we will update this page to reflect additions and removals to our list of Sub-processors.

​Infrastructure Subprocessors

  • AWS, Amazon Web Services, Inc., Infrastructure and Cloud Service Provider
  • Auth0, Infrastructure and Data Processor for authentication and authorization
  • Github, Code repository

​​Business Operations Tools

  • Atlassian, Feature management, bug tracking, and other operations information
  •, Infrastructure and Data Processor
  • Google LLC, Productivity tools, email and file Storage, meetings; Infrastructure and Cloud Service Provider
  • DocSend, Legal contract storage and tooling
  • Hubspot, Customer relationship management and support services
  • Slack Technologies, Communications and messaging for internal and customer support operations.
  • Breezy HR, Tracking job applicants

Important Information

Mpathic collects, holds, and processes certain personal data about our customers (“data subjects”). As a data subject, you have a legal right, under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) to find out about our use of your personal data as follows:

  • Confirmation that your personal data is being processed by us;
  • Access to your personal data;
  • How we use your personal data and why;
  • Details of any sharing or transfers of your personal data;
  • How long we hold your personal data;
  • Details of your rights under the GDPR including, but not limited to, your rights to withdraw your consent to our use of your personal data at any time and/or to object to our processing of it.

No fee is payable under normal circumstances. We reserve the right to charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive. Such charges will be based only on the administrative cost that we will incur in order to respond. After receiving your subject access request, we may contact you to request additional supporting information and/or proof of your identity.

This helps us to safeguard your privacy and personal data. We will respond to all subject access requests within one month of receipt and will aim to provide all required information to you within the same period. If we require more information from you, or if your request is unusually complicated, we may require more time and will inform you accordingly.

If you are making a subject access request on someone else’s behalf, please use the same contact details above.

Representation for data subjects in the EU and the UK

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website.

Exercise your data subject rights under GDPR

We provide you with an easy way to submit to us a privacy related request like a request to access or erase your personal data. If you want to make use of your data subject rights, please visit our public privacy landing page:

Amendment may revise these Terms of Use from time to time by updating this posting. You should visit this page from time to time to review the current terms.

We may also, at our option, email you at the address you provide with your account to notify you the privacy policy has been updated. If we make material changes to how we treat our users’ personal information, we will notify you by the email address specified in your account.  

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at

PrighterUKRep certificate of Art 27 representation
Prighter certificate of Art 27 representation