Privacy Policy


Privacy Policy

Last Updated: June 11, 2022


What’s changed?

  • We added a section on Third-Party Subprocessors.
  • We added clarifying language to our HIPAA Compliance section.
  • We modified our Children’s Privacy to align with our FrenalyticsEDU offering and our compliance with COPAA.


Welcome to Frenalytics! Think Group Holdings LLC (“us”, “we”, or “our”) operates the Frenalytics website and application (the “Website”, “Service”, “Frenalytics”, the “Platform”).

We’ve made this Privacy Policy easy to read, and we hope you’ll take the time to read it all. It informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. By using the Service, you agree to the collection and use of information in accordance with this policy.


Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.


Types of Data Collected

Personal Data

While using Frenalytics, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Other personally identifiable information
  • Cookies and Usage Data

We may receive Personal Data from you directly. Keep in mind, we may also receive Personal Data from another user without your knowledge. We call this “cross-sharing” of Personal Data.

For example: If you are a family member, another family member may have entered Personal Data on the Frenalytics platform to create an account for you. We may have your email address, first and last name, phone number, and address to create an account for you.

All Personal Data, regardless of the source, will be stored, processed, used, and transferred in strict adherence of our Privacy Policy.

If you would like to know what Personal Data we currently have stored on our servers, please contact us at anytime. It may take up to 30 business days to process your request. You may also request that this Personal Data be removed from our servers if you were the user who provided it.

Usage Data

We may also collect information how Frenalytics is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s IP address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can configure your web browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.


Use of Data

We use the collected data for various purposes:

  • To provide and maintain Frenalytics;
  • To notify you about changes to Frenalytics;
  • To allow you to participate in interactive features of Frenalytics when you choose to do so;
  • To provide customer support;
  • To provide analysis or valuable information so that we can improve Frenalytics;
  • To monitor the usage of Frenalytics;
  • To detect, prevent and address technical issues.


Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.


HIPAA Compliance

We take your privacy seriously. In compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we take all steps reasonably necessary to ensure that your data is treated securely.

The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). PHI can include patient name, date of birth, address, social security number, and other personally-identifiable information, depending on how the information is stored and what is presented. For example, disclosing a patient’s date of birth may not be PHI by itself, but displaying a patient’s full name and date of birth may be identifiable enough to qualify as PHI under HIPAA. To understand the implications of sharing PHI with a covered entity such as Think Group Holdings LLC, we encourage you to read your rights under HIPAA, available at:


Third-Party Subprocessors

We use third-party subprocessors to offer our products, services, and customer support more effectively.

For our client offerings of FrenalyticsMED and FrenalyticsEDU, in accordance with HIPAA and FERPA, we take all steps reasonably necessary to ensure that your data is treated securely, including executing Business Associate Agreements (BAA) with subprocessors in which we store or share confidential protected health information (PHI) as defined by HIPAA, and storing records without PHI in subprocessors whose organizations cannot execute a BAA.

We use the below subprocessors:

  • Mailchimp: To automate marketing emails, including welcome emails. This improves your overall experience in the quality, quantity, and consistency of communications you receive from us.
  • Close CRM: To automate the internal tracking of new account requests, and to send automated and manual emails. This improves your overall experience in the quality, quantity, and consistency of communications you receive from us.
  • Zapier: To facilitate the automated account creation process for FrenalyticsMED and FrenalyticsEDU accounts.
  • Jira Service Desk by Atlassian: To facilitate customer support inquiries. This improves the consistency and timeliness of our responses to emails you send to


For our client offerings, because our signup process does not collect patient or student data, we do not intentionally share PHI or PII with our subprocessors.

Please keep in mind that it is possible that one or more of our subprocessors receive PHI or PII by you or users within your organization, either intentionally or inadvertently, if a user decides to share this data with us and our subprocessors. For example, in a customer support inquiry, a user may include a patient’s name and/or DOB, which results in the data being stored in Jira Service Desk. By policy, we do not share PHI or PII in any systems in which we have an executed BAA, and we encourage your organization to do the same.

As of June 2022, guidance published by HHS indicates that identifying information alone, such as personal names, residential addresses, or phone numbers, would not necessarily be designated as PHI. As such, for our family offering of FrenalyticsMED and FrenalyticsEDU, by providing your loved one’s name in our signup process, you agree that we will transmit this non-PHI data to our subprocessors to process your account creation request.


Reviewing Stored Data

Depending on the type of Personal Data you or a relevant party are looking to review, you may do the following:

  • Log into the Frenalytics application and view/modify/delete the Personal Data; or
  • Contact us via email to find out what information we have collected about you, and to request any changes.


European Union & GDPR Compliance

At the time of this last Privacy Policy update, which can be found at the top of this page, Frenalytics does not comply with the newly-enacted General Data Protection Regulation (GDPR) protocols and therefore prohibits users from the European Union from using our Website and Service.


Do Not Track (DNT)

We do not track our customers over time on the Frenalytics application and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.


Embedded Content from Other Websites

Parts of this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


Disclosure Of Data

Legal Requirements

We may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation;
  • To protect and defend the rights or property of Think Group Holdings LLC;
  • To prevent or investigate possible wrongdoing in connection with the Service;
  • To protect the personal safety of users of the Service or the public;
  • To protect against legal liability.


Security Of Data

The security of your data is important to us. It’s important to remember, however, that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. If there is an exposure to sensitive data that HIPAA or another legal obligation requires us to report, we will do so expeditiously.


Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.



We may use third-party Service Providers to monitor and analyze the use of our Service. Detailed information about such third-party Service Providers will be provided here for your convenience.


Links To Other Sites

This site may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.


Children’s Privacy

In compliance with the Children’s Online Privacy Protection Rule (COPPA):

  • For our client offering of FrenalyticsEDU, because Frenalytics limits the use of personal information collected of users under the age of 13 (“Child”, “Children”) to the educational context authorized by the school, by signing up for FrenalyticsEDU on behalf of a school, you agree that this authorization granted by the school is based on parent consent to disclose data under COPPA for each Child you register within FrenalyticsEDU.
  • For our family offering of FrenalyticsMED and FrenalyticsEDU, Frenalytics seeks the verifiable parental consent for the collection or use of any Child’s personal information.

With the noted exceptions above, we do not knowingly collect personally identifiable information from anyone under the age of 13. However, we may unknowingly collect and retain information about Children on our servers provided by users over the age of 13. For example, if a family member uploads a family photo and identifies an individual in the photo to be under the age of 13, we may have collected their name and age, and our Service may be able to identify them through facial recognition.

If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.

If you are an educator, you may alsocontact us once the personal information of Children you have entered into FrenalyticsEDU is no longer needed for its educational purpose.


Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We recommend you review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


Thanks for reading!

We told you it wouldn’t be that bad. Maybe you learned something, too.

If you have any questions about this Privacy Policy, please contact us:

  • By email:
  • By phone: (516) 399-7170