Privacy Policy for TheraLink Solutions

Last Updated: 10/17/25

TheraLink Solutions (“we,” “our,” or “us”) is committed to protecting the privacy of our users, including children and families participating in ABA therapy services. This Privacy Policy explains how we collect, use, disclose, and safeguard personal and health information through our software, websites, and mobile applications (collectively, the “Services”).

By using our Services, you agree to the practices described in this Policy.

1. Information We Collect

We collect personal, health, and usage information necessary to provide our therapy management and communication services.

a. Personal Information

We may collect:

Parent/guardian name, contact information, and relationship to the child

Child’s name, date of birth, and identifying information (only as required for therapy)

Account credentials (username, password)

Payment or billing information (handled securely by third-party processors)

b. Health Information

We collect Protected Health Information (PHI) as defined by HIPAA, including:

Diagnostic information and treatment goals

Therapy session notes, behavioral data, and progress reports

Communication between caregivers, therapists, and clinicians

We treat all health information with the highest level of confidentiality and security as required under HIPAA.

c. Automatically Collected Data

When using our Services, we may collect:

Device information (model, OS, identifiers)

App usage data (session duration, features accessed)

Location data (only if permission is granted)

IP address and browser information (for web-based tools)

d. Cookies and Tracking Technologies

We may use cookies and analytics tools to improve app performance and experience. These do not track children across other websites or apps.

2. How We Use Information

We use information only for purposes directly related to therapy and app functionality, including:

Providing and managing ABA therapy sessions

Enabling communication between therapists, parents, and administrators

Personalizing and improving Services

Complying with legal, ethical, and professional obligations

Maintaining secure records for clinical and billing purposes

We do not use children’s information for marketing or advertising.

3. Legal Basis for Processing (for GDPR Regions)

If you are located in the European Union (EU) or other GDPR-covered regions, we process personal data based on:

The performance of a contract (e.g., therapy service agreement)

Legal obligations (e.g., health record-keeping)

Explicit consent from a parent or guardian

4. Parental Consent and COPPA Compliance

We comply fully with the Children’s Online Privacy Protection Act (COPPA).

We do not collect, use, or disclose personal information from a child under 13 without verifiable parental consent.

Parents or legal guardians can review, delete, or request correction of their child’s data at any time by contacting us at privacy@theralinksolutions.com

We use collected data only to support clinical and educational purposes consistent with therapy delivery.

5. Data Sharing and Disclosure

We never sell or rent personal or health information.

We may share information only in the following limited circumstances:

With healthcare providers and therapists: To facilitate care coordination.

With parents or authorized guardians: To communicate progress and updates.

With service providers: For hosting, analytics, or billing—each bound by strict confidentiality and HIPAA-compliant agreements.

For legal compliance: When required by law, regulation, or court order.

In case of business transfer: If TheraLink Solutions undergoes a merger or acquisition, your data will remain protected by this policy.

6. Data Security and HIPAA Compliance

We implement comprehensive safeguards to protect all user and health data, including:

Encryption of data in transit (TLS/SSL) and at rest (AES-256)

Role-based access control (RBAC) for staff and users

Audit logs and monitoring of system access

Regular HIPAA-compliance reviews and staff training

Despite these measures, no system is completely secure, and users are encouraged to maintain strong passwords and secure their own devices.

7. Data Retention

Health and therapy records are retained for the period required by law or therapy provider policy. When no longer needed, data is securely deleted or anonymized.

8. User Rights

Parents and authorized users have the right to:

Access or correct their data

Request deletion of personal or health information (subject to legal retention requirements)

Withdraw consent for data use

Request copies of stored records

To exercise these rights, please contact us at privacy@theralinksolutions.com

9. International Data Transfers

If you access our Services from outside the United States, please note that your data may be transferred to and processed in the U.S. or other jurisdictions where data protection laws may differ. We use appropriate safeguards, such as Standard Contractual Clauses, to protect your data.

10. Third-Party Integrations

Our Services may integrate with tools such as secure video conferencing or scheduling software. These partners are required to comply with HIPAA, COPPA, and applicable privacy laws.

11. Updates to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will notify users of any material updates through in-app notifications or email.