Last Updated: December 1, 2023
- We updated our list of Third-Party Subprocessors.
- We added clarifying language to our HIPAA Compliance section.
- We added clarifying language on our compliance with FERPA and New York State’s Education Law Section 2-D.
Welcome to Frenalytics! Think Group Holdings, Inc. (dba Frenalytics) (“us”, “we”, or “our”) operates the Frenalytics website and application (the “Website”, “Service”, “Frenalytics”,
“FrenalyticsMED”, “FrenalyticsEDU”, the “Platform”).
Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
While using Frenalytics, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- The name of your healthcare organization or school and/or school district
- Other personally identifiable information
- Cookies and Usage Data
We may receive Personal Data from you directly. Keep in mind, we may also receive Personal Data from another user without your knowledge. We call this “cross-sharing” of Personal Data.
For example: If you are a family member, another family member may have entered Personal Data on the Frenalytics platform to create an account for you. We may have your email address, first and last name, phone number, and address to create an account for you.
If you would like to know what Personal Data we currently have stored on our servers, please contact us at anytime. It may take up to 30 business days to process your request. You may also request that this Personal Data be removed from our servers if you were the user who provided it.
We may also collect information how Frenalytics is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s IP address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can configure your web browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Use of Data
We use the collected data for various purposes:
- To provide and maintain Frenalytics;
- To notify you about changes to Frenalytics;
- To allow you to participate in interactive features of Frenalytics when you choose to do so;
- To provide customer support;
- To provide analysis or valuable information so that we can improve Frenalytics;
- To monitor the usage of Frenalytics;
- To detect, prevent and address technical issues.
Transfer Of Data
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.
We take your privacy seriously. In compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we take all steps reasonably necessary to ensure that your data is treated securely.
The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). PHI can include patient name, date of birth, address, social security number, and other personally-identifiable information, depending on how the information is stored and what is presented. For example, disclosing a patient’s date of birth may not be PHI by itself, but displaying a patient’s full name and date of birth may be identifiable enough to qualify as PHI under HIPAA. To understand the implications of sharing PHI with a covered entity such as Think Group Holdings, Inc., we encourage you to read your rights and responsibilities under HIPAA, available at: https://www.hhs.gov/hipaa/for-individuals/index.html
We take your privacy seriously. In compliance with the Family Educational Rights and Privacy Act (FERPA), we take all steps reasonably necessary to protect the privacy of student data from unauthorized disclosure.
FERPA protects the privacy of individually identifiable student information as it relates to their education records, called personally identifiable information (PII). PII includes a student’s name, or the name or nickname of a family member, their address, any personal identifiers that are directly tied to one individual (like photos, phone numbers, medical records), any identifiers that are indirectly associated with an individual (like date of birth, disability), and any other information through which a “reasonable person within the school community” could identify the student, depending on how the information is stored and what is presented and whether an exemption under FERPA is applicable. To understand the implications of sharing PII with an online educational service such as FrenalyticsEDU, we encourage you to read your rights and responsibilities under FERPA, available at https://tech.ed.gov/wp-content/uploads/2014/09/Student-Privacy-and-Online-Educational-Services-February-2014.pdf
Compliance with New York State’s
In early 2020, The New York State Department of Education adopted a new law focused on the privacy and security of student and staff PII, known as Educational Law Section 2-d (“EdLaw 2-d”).
To help a New York school district’s comply with EdLaw 2-d, in the state of New York, Think Group Holdings, Inc.:
- Will, upon request, submit a Data Security and Privacy Plan for each contract to demonstrate how we protect PII;
- Uses encryption technology in FrenalyticsEDU to protect data while in motion or in its custody from unauthorized disclosure using technologies and methodologies specified by the secretary of the United States Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5;
- Will, upon request, document how we ensure that persons or entities that we share student data or teacher or principal data with, if any, will abide by the school district’s data protection and security requirements;
- Does not sell PII; and
- Will sign a contract that affirms its obligations as a third-party contractor pursuant to Ed-Law 2-d.
We use third-party subprocessors to offer our products, services, and customer support more effectively.
For our client offerings of FrenalyticsMED and FrenalyticsEDU, in accordance with HIPAA and FERPA, we take all steps reasonably necessary to ensure that your data is treated securely, including executing Business Associate Agreements (BAA) with subprocessors in which we store or share confidential protected health information (PHI) as defined by HIPAA or or personally identifiable information (PII) as defined by FERPA, and storing records without PHI in subprocessors whose organizations cannot execute a BAA.
We use the below subprocessors:
- Mailchimp: To automate marketing emails, including welcome emails. This improves your overall experience in the quality, quantity, and consistency of communications you receive from us.
- Close CRM: To automate the internal tracking of new account signups, and to send automated and manual emails. This improves your overall experience in the quality, quantity, and consistency of communications you receive from us.
- Zapier: To facilitate the automated account creation process for FrenalyticsMED and FrenalyticsEDU accounts.
- Phone.com: To provide phone support by voice and SMS. This improves the consistency and timeliness of our responses to inquiries made by phone and SMS to our customer support phone numbers, (516) 399-7170 and (877) 977-0958.
- Slack: To provide automated notifications of new account signups and customer support inquiries to our internal staff.
For our client offerings, because our new account signup process does not collect patient or student data, we do not intentionally share PHI or PII with our subprocessors. For FrenalyticsEDU specifically, some PII is transmitted to Intercom for the above-named purposes.
Please keep in mind that it is possible that one or more of our subprocessors receive PHI or PII by you or users within your organization, either intentionally or inadvertently, if a user decides to share this data with us and our subprocessors. For example, in a customer support inquiry, a user may include a patient’s name and/or DOB, which results in the data being stored in Intercom and Slack. By policy, we do not share PHI in any systems in which we have an executed BAA, and we encourage your organization to do the same.
As of June 2022, guidance published by HHS indicates that identifying information alone, such as personal names, residential addresses, or phone numbers, would not necessarily be designated as PHI. As such, for our family offering of FrenalyticsMED and FrenalyticsEDU, by providing your loved one’s name in our signup process, you agree that we will transmit this non-PHI data to our subprocessors to process your account signup request.
Reviewing Stored Data
Depending on the type of Personal Data you or a relevant party are looking to review, you may do the following:
- Log into the Frenalytics application and view/modify/delete the Personal Data; or
- Contact us via email to find out what information we have collected about you, and to request any changes.
European Union & GDPR Compliance
Do Not Track (DNT)
We do not track our customers over time on the Frenalytics application and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.
Embedded Content from Other Websites
Parts of this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Disclosure Of Data
We may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation;
- To protect and defend the rights or property of Think Group Holdings, Inc.;
- To prevent or investigate possible wrongdoing in connection with the Service;
- To protect the personal safety of users of the Service or the public; and
- To protect against legal liability.
Security Of Data
The security of your data is important to us. It’s important to remember, however, that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. If there is an exposure to sensitive data that HIPAA, FERPA, a duly executed services agreement (as defined in Transfer of Data), or another legal obligation requires us to report, we will do so expeditiously.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service. Detailed information about such third-party Service Providers will be provided here for your convenience.
Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
In compliance with the Children’s Online Privacy Protection Rule (COPPA):
- For our client offering of FrenalyticsEDU, because Frenalytics limits the use of personal information collected of users under the age of 13 (“Child”, “Children”) to the educational context authorized by the school, by signing up for FrenalyticsEDU on behalf of a school or district, you agree that this authorization granted by the school is based on parent consent to disclose data under COPPA for each Child you register within FrenalyticsEDU.
- For our family offering of FrenalyticsMED and FrenalyticsEDU, Frenalytics seeks the verifiable parental consent for the collection or use of any Child’s personal information.
With the noted exceptions above, we do not knowingly collect personally identifiable information from anyone under the age of 13. However, we may unknowingly collect and retain information about Children on our servers provided by users over the age of 13. For example, if a family member uploads a family photo and identifies an individual in the photo to be under the age of 13, we may have collected their name and age, and our Service may be able to identify them through facial recognition.
If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.
If you are an educator, you may also contact us once the personal information of Children you have entered into FrenalyticsEDU is no longer needed for its educational purpose.
If your School or District has a duly executed services agreement (as defined in Transfer of Data), this may govern our requirement to delete or destroy PII and will supersede the terms in this section in the event of an inconsistency.
Thanks for reading!
We told you it wouldn’t be that bad. Maybe you learned something, too.
- By email: email@example.com
- By phone: (516) 399-7170