Privacy Policy
We believe privacy is a human right. This policy explains plainly how we collect, use, and protect your information.
Last updated: 15 January 2026 · Effective: 15 February 2026
This policy applies to all users of ThriveMatch — seekers, clinicians, and visitors. It covers our web platform and mobile applications. We are a HIPAA-covered entity and a business associate to our clinician network.
Information We Collect
Information you provide
When you create an account, we collect your name, email address, and password. During onboarding and intake, we may collect demographic information, mental health history, preferences, and wellness goals. Clinicians also provide professional credentials, licensure details, and practice information.
Information from your use of the platform
We collect information about how you interact with ThriveMatch, including session logs, messages sent within the platform, journal entries, milestone records, and usage patterns. We do not sell or share this content with third parties outside of what is described in this policy.
Technical information
We automatically collect technical data including your device type, browser, operating system, IP address, and referring URL. This information is used solely for security, fraud prevention, and platform improvement.
How We Use Your Information
Providing our services
We use your information to create and manage your account, match you with clinicians or peers, facilitate secure communications, process payments, and deliver the features of the ThriveMatch platform.
Improving the platform
Aggregated and de-identified data is used to improve matching algorithms, develop new features, and measure the effectiveness of our services. No individual data is used in this process without your explicit consent.
Communications
We may send you service-related emails such as account confirmations, password resets, session reminders, and important updates. We will not send you marketing communications without your opt-in consent.
Information Sharing
With your clinician
Your matched clinician has access to the information you have explicitly shared in your profile and during intake. You control what is visible. Clinicians are bound by professional confidentiality obligations and our platform agreements.
With service providers
We share data with trusted third-party processors who assist us in operating the platform, including cloud infrastructure, payment processing, and analytics. All processors operate under strict data processing agreements and are prohibited from using your data for any other purpose.
Legal requirements
We may disclose information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the safety of any person or to prevent fraud or illegal activity.
We do not sell your data
ThriveMatch does not sell, rent, or trade your personal information to any third party for commercial purposes. This is a core commitment, not a contingent policy.
Data Security
Encryption
All data in transit is encrypted using TLS 1.3. Session communications are end-to-end encrypted. Data at rest is encrypted using AES-256. Our encryption practices exceed HIPAA technical safeguard requirements.
Access controls
Access to your data within ThriveMatch is strictly controlled on a need-to-know basis. Platform staff are subject to background checks, comprehensive privacy training, and are bound by confidentiality agreements.
Incident response
We maintain a formal incident response plan. In the event of a data breach affecting your Protected Health Information, we will notify you within the timeframes required by HIPAA and applicable law.
Your Privacy Rights
Access and portability
You have the right to request a copy of all personal data we hold about you in a structured, machine-readable format. Submit a request through your account settings or email privacy@thrivematch.com.
Correction
If any information we hold is inaccurate or incomplete, you have the right to request correction. Most account information can be updated directly in your profile settings.
Deletion
You may request deletion of your account and associated data at any time. Note that some information may be retained for legal, regulatory, or legitimate business purposes, such as billing records. Medical records may be subject to minimum retention requirements under state law.
Opt-out
You may opt out of non-essential communications at any time via account settings. You may also withdraw consent for specific data processing activities where consent is the legal basis.
Children's Privacy
Age restriction
ThriveMatch is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact privacy@thrivematch.com immediately and we will delete it promptly.
Changes to This Policy
Notification of changes
We will notify you of material changes to this Privacy Policy via email and a prominent notice on our platform at least 30 days before the changes take effect. Continued use of ThriveMatch after the effective date constitutes acceptance of the updated policy.
Contact Us
Privacy enquiries
For any questions, requests, or concerns about your privacy or this policy, contact our Privacy Officer at privacy@thrivematch.com or write to: ThriveMatch Privacy Officer, 100 Market Street, Suite 300, San Francisco, CA 94105.
Related policies: