Privacy Policy

Last Updated: December 1, 2023

Welcome to Frenalytics! Think Group Holdings, Inc. (dba Frenalytics) (“us”, “we”, or “our”) operates the Frenalytics website and application (the “Website”, “Service”, “Frenalytics”,
“FrenalyticsMED”, “FrenalyticsEDU”, the “Platform”).

We’ve made this Privacy Policy easy to read, and we hope you’ll take the time to read it all. It informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. By using the Service, you agree to the collection and use of information in accordance with this policy.

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using Frenalytics, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Address, State, Province, ZIP/Postal code, City
• The name of your healthcare organization or school and/or school district
• Other personally identifiable information
• Cookies and Usage Data

We may receive Personal Data from you directly. Keep in mind, we may also receive Personal Data from another user without your knowledge. We call this “cross-sharing” of Personal Data.

For example: If you are a family member, another family member may have entered Personal Data on the Frenalytics platform to create an account for you. We may have your email address, first and last name, phone number, and address to create an account for you.

All Personal Data, regardless of the source, will be stored, processed, used, and transferred in strict adherence of our Privacy Policy.

If you would like to know what Personal Data we currently have stored on our servers, please contact us at anytime. It may take up to 30 business days to process your request. You may also request that this Personal Data be removed from our servers if you were the user who provided it.

Usage Data

We may also collect information how Frenalytics is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s IP address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can configure your web browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Security Cookies for security purposes.

Use of Data

We use the collected data for various purposes:

• To provide and maintain Frenalytics;
• To notify you about changes to Frenalytics;
• To allow you to participate in interactive features of Frenalytics when you choose to do so;
• To provide customer support;
• To provide analysis or valuable information so that we can improve Frenalytics;
• To monitor the usage of Frenalytics;
  
• To detect, prevent and address technical issues.

Transfer Of Data

Unless we have signed a duly executed agreement (such as a Business Associate Agreement, Data Privacy Addendum, or other services agreement) that governs the location in which your Personal Data (as defined in this Privacy Policy) is stored, your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

HIPAA Compliance

We take your privacy seriously. In compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we take all steps reasonably necessary to ensure that your data is treated securely.

The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). PHI can include patient name, date of birth, address, social security number, and other personally-identifiable information, depending on how the information is stored and what is presented. For example, disclosing a patient’s date of birth may not be PHI by itself, but displaying a patient’s full name and date of birth may be identifiable enough to qualify as PHI under HIPAA. To understand the implications of sharing PHI with a covered entity such as Think Group Holdings, Inc., we encourage you to read your rights and responsibilities under HIPAA, available at: https://www.hhs.gov/hipaa/for-individuals/index.html

Student Privacy

FERPA Compliance

We take your privacy seriously. In compliance with the Family Educational Rights and Privacy Act (FERPA), we take all steps reasonably necessary to protect the privacy of student data from unauthorized disclosure.

FERPA protects the privacy of individually identifiable student information as it relates to their education records, called personally identifiable information (PII). PII includes a student’s name, or the name or nickname of a family member, their address, any personal identifiers that are directly tied to one individual (like photos, phone numbers, medical records), any identifiers that are indirectly associated with an individual (like date of birth, disability), and any other information through which a “reasonable person within the school community” could identify the student, depending on how the information is stored and what is presented and whether an exemption under FERPA is applicable. To understand the implications of sharing PII with an online educational service such as FrenalyticsEDU, we encourage you to read your rights and responsibilities under FERPA, available at https://tech.ed.gov/wp-content/uploads/2014/09/Student-Privacy-and-Online-Educational-Services-February-2014.pdf

Compliance with New York State’s Educational Law Section 2-d

In early 2020, The New York State Department of Education adopted a new law focused on the privacy and security of student and staff PII, known as Educational Law Section 2-d (“EdLaw 2-d”).

To help a New York school district’s comply with EdLaw 2-d, in the state of New York, Think Group Holdings, Inc.:

• Will, upon request, submit a Data Security and Privacy Plan for each contract to demonstrate how we protect PII;
• Uses encryption technology in FrenalyticsEDU to protect data while in motion or in its custody from unauthorized disclosure using technologies and methodologies specified by the secretary of the United States Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5;
• Will, upon request, document how we ensure that persons or entities that we share student data or teacher or principal data with, if any, will abide by the school district’s data protection and security requirements;
• Does not sell PII; and
• Will sign a contract that affirms its obligations as a third-party contractor pursuant to Ed-Law 2-d.

Third-Party Subprocessors

We use third-party subprocessors to offer our products, services, and customer support more effectively.

For our client offerings of FrenalyticsMED and FrenalyticsEDU, in accordance with HIPAA and FERPA, we take all steps reasonably necessary to ensure that your data is treated securely, including executing Business Associate Agreements (BAA) with subprocessors in which we store or share confidential protected health information (PHI) as defined by HIPAA or or personally identifiable information (PII) as defined by FERPA, and storing records without PHI in subprocessors whose organizations cannot execute a BAA.

We use the below subprocessors:

• Mailchimp: To automate marketing emails, including welcome emails. This improves your overall experience in the quality, quantity, and consistency of communications you receive from us.
  
• Close CRM: To automate the internal tracking of new account signups, and to send automated and manual emails. This improves your overall experience in the quality, quantity, and consistency of communications you receive from us.
• Zapier: To facilitate the automated account creation process for FrenalyticsMED and FrenalyticsEDU accounts.
• Intercom: To automate the internal tracking of new account requests, to analyze patterns in account usage, to send automated and manual service-related emails (including changes to our Terms of Service and this Privacy Policy), and to facilitate customer support inquiries. This improves the consistency and timeliness of our responses to emails you send to support@frenalytics.com.
• Phone.com: To provide phone support by voice and SMS. This improves the consistency and timeliness of our responses to inquiries made by phone and SMS to our customer support phone numbers, (516) 399-7170 and ‭(877) 977-0958‬.
• Slack: To provide automated notifications of new account signups and customer support inquiries to our internal staff. 

For our client offerings, because our new account signup process does not collect patient or student data, we do not intentionally share PHI or PII with our subprocessors. For FrenalyticsEDU specifically, some PII is transmitted to Intercom for the above-named purposes.

Please keep in mind that it is possible that one or more of our subprocessors receive PHI or PII by you or users within your organization, either intentionally or inadvertently, if a user decides to share this data with us and our subprocessors. For example, in a customer support inquiry, a user may include a patient’s name and/or DOB, which results in the data being stored in Intercom and Slack. By policy, we do not share PHI in any systems in which we have an executed BAA, and we encourage your organization to do the same.

As of June 2022, guidance published by HHS indicates that identifying information alone, such as personal names, residential addresses, or phone numbers, would not necessarily be designated as PHI. As such, for our family offering of FrenalyticsMED and FrenalyticsEDU, by providing your loved one’s name in our signup process, you agree that we will transmit this non-PHI data to our subprocessors to process your account signup request.

Reviewing Stored Data

Depending on the type of Personal Data you or a relevant party are looking to review, you may do the following:

• Log into the Frenalytics application and view/modify/delete the Personal Data; or
• Contact us via email to find out what information we have collected about you, and to request any changes.

European Union & GDPR Compliance

At the time of this last Privacy Policy update, which can be found at the top of this page, Frenalytics does not comply with the newly-enacted General Data Protection Regulation (GDPR) protocols and therefore prohibits users from the European Union from using our Website and Service.

Do Not Track (DNT)

We do not track our customers over time on the Frenalytics application and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.

Embedded Content from Other Websites

Parts of this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Disclosure Of Data

Legal Requirements

We may disclose your Personal Data in the good faith belief that such action is necessary to:

• To comply with a legal obligation;
• To protect and defend the rights or property of Think Group Holdings, Inc.;
• To prevent or investigate possible wrongdoing in connection with the Service;
• To protect the personal safety of users of the Service or the public; and
  
• To protect against legal liability.

Security Of Data

The security of your data is important to us. It’s important to remember, however, that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. If there is an exposure to sensitive data that HIPAA, FERPA, a duly executed services agreement (as defined in Transfer of Data), or another legal obligation requires us to report, we will do so expeditiously.

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service. Detailed information about such third-party Service Providers will be provided here for your convenience.

Links To Other Sites

This site may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

In compliance with the Children’s Online Privacy Protection Rule (COPPA):

• For our client offering of FrenalyticsEDU, because Frenalytics limits the use of personal information collected of users under the age of 13 (“Child”, “Children”) to the educational context authorized by the school, by signing up for FrenalyticsEDU on behalf of a school or district, you agree that this authorization granted by the school is based on parent consent to disclose data under COPPA for each Child you register within FrenalyticsEDU.
• For our family offering of FrenalyticsMED and FrenalyticsEDU, Frenalytics seeks the verifiable parental consent for the collection or use of any Child’s personal information.

With the noted exceptions above, we do not knowingly collect personally identifiable information from anyone under the age of 13. However, we may unknowingly collect and retain information about Children on our servers provided by users over the age of 13. For example, if a family member uploads a family photo and identifies an individual in the photo to be under the age of 13, we may have collected their name and age, and our Service may be able to identify them through facial recognition.

If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.

If you are an educator, you may also contact us once the personal information of Children you have entered into FrenalyticsEDU is no longer needed for its educational purpose.

If your School or District has a duly executed services agreement (as defined in Transfer of Data), this may govern our requirement to delete or destroy PII and will supersede the terms in this section in the event of an inconsistency.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. For changes to this policy that may impact a school or district’s adherence to FERPA, we will provide advance notice to our current users by email.

We recommend you review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Thanks for reading!

We told you it wouldn’t be that bad. Maybe you learned something, too.

If you have any questions about this Privacy Policy, please contact us:

• By email: info@frenalytics.com
• By phone: (516) 399-7170