Privacy Policy

Last Updated: May 16, 2026

Introduction

NamedClearly and related experiences (together with NamedClearly technology, “we,” “us,” or “our”) respect your privacy. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our websites, applications, and services (the “Service”).

Consumer / member offering (not HIPAA): The member experience—including the website, progressive web app (PWA), and native mobile apps that load our site—is offered for personal growth, journaling, relationships, and psychoeducation. NamedClearly is not a HIPAA-covered entity for that consumer offering, and we do not represent the member Service as HIPAA-compliant. Do not use the member Service to store or transmit information you are required to protect only under HIPAA unless you have obtained appropriate legal advice and a separate written agreement with us that says otherwise.

Other use: Some professionals or practices may use separate parts of the Service under different agreements. If you are a patient or client of a provider who uses the Service, that provider’s notice and practices also apply to information they hold.

Information We Collect

Information you provide

• Account and profile: Name, email, password (hashed), and preferences you choose to save.
• Content you create: Journal entries, reflections, goals, check-ins, messages (where applicable), exercise responses, questionnaire answers, and similar inputs you submit to features you use.
• Practice or professional details (if applicable): Practice name, role, billing or scheduling information, NPI or business identifiers, and content you enter as part of practice workflows.
• Payment information: Processed by payment processors; we generally do not store full card numbers on our servers.

Information collected automatically

• Device and connection: IP address, browser or app type, operating system, and approximate location derived from IP.
• Usage: Pages or screens viewed, features used, timestamps, and diagnostic or performance data.
• Cookies and similar technologies: Described in our Cookie Policy.

Native mobile apps (App Store / Google Play)

If you install the NamedClearly app from the Apple App Store or Google Play, the app is a shell that loads our website (

namedclearly.com

or your deployment host) in a secure WebView. We collect the same categories of information as in the browser, plus:

• App and OS metadata: App version, device model, and OS version when needed for support or compatibility.
• Push tokens (if enabled): If you opt in to push notifications in a future release, we store a device token linked to your account so we can deliver operational notices you request. Push is not required to use the Service.

We do not sell app usage data to advertisers. Store listings describe the member product only; practice-management features are not the subject of the consumer store apps.

Optional Android SMS companion (separate app)

A separate optional Android app (Google Play package

com.namedclearly.smsscompanion

) may register your device, sync SMS thread content you choose to upload, and request draft reply text from our API. You send messages only after you review and confirm on the device (human-in-the-loop).

If you use that companion, we may process:

• Device binding: Device identifier, app version, and consent version you accept in the app.
• SMS mirror data: Thread key, message direction, message body, timestamps, and deduplication identifiers you sync for draft suggestions.
• Hashed peer identifiers where the app supplies them instead of raw phone numbers.

SMS content is sensitive. Use the companion only if you understand it uploads selected message text to our servers under this Policy. The companion is not HIPAA-compliant and is not for emergency or crisis use.

How We Use Information

We use information to:

• Operate the Service (authenticate you, sync content, show your data back to you, and provide features you request).
• Improve reliability and security (debug, prevent abuse, detect fraud, and protect accounts).
• Communicate with you (service announcements, responses to support, security alerts, and—where permitted—product updates).
• Comply with law and enforce our Terms of Service.
• AI-powered features: When you use AI-assisted tools, we send relevant prompts and context to third-party AI providers to generate responses, as described below.

We do not sell your personal information as a term of art in applicable U.S. state laws (e.g. “sale” for targeted advertising); we do not use your journal content to run third-party behavioral ads.

AI and Third-Party Processing

• Providers: We use third-party AI and infrastructure vendors. Their processing is governed by our agreements with them and, where applicable, Business Associate Agreements (BAAs) when they handle PHI on our behalf.
• PHI: If a feature could involve PHI, we apply HIPAA-aligned safeguards and contractual requirements consistent with your relationship with us (e.g. BAA with a covered entity).
• Training: Use of data for model training, if any, is described in product settings or separate notices; you may have opt-out or control where we offer it.
• Accuracy: AI outputs are automated; do not rely on them as medical or legal advice. Safety Check severity scores (0–100) reflect pattern reflection only—not clinical diagnosis, legal findings, or crisis assessment.

HIPAA and PHI (limited scope)

Member / consumer apps and accounts: As stated above, we do not offer the member Service as a HIPAA-compliant or covered-entity product. We do not enter Business Associate relationships solely because you use journaling, AI chat, Safety Check, or similar member features.

Practice or professional use: If a separate written agreement (for example, a Business Associate Agreement) applies between you and us for specific practice features, that agreement controls PHI for those features. Unless such an agreement exists, do not assume HIPAA protections apply to your use of the Service.

How We Share Information

We may share information:

• With service providers who host, secure, analyze, email, or process payments on our instructions (including AI vendors), under contracts that require protection and permitted use.
• With your direction (e.g. sharing you initiate, exports you request, or integrations you enable).
• For legal reasons if we believe disclosure is required by law, regulation, legal process, or to protect rights, safety, or security.
• In connection with business transfers (e.g. merger or acquisition), subject to continued protection of your information.

We do not share your journal or therapeutic-style content with advertisers.

Security

We use industry-standard measures that fit the nature of the Service, including encryption in transit (TLS), encryption at rest for stored data where implemented, access controls, monitoring, and least-privilege access for personnel and systems. No method is 100% secure; you should use a strong password and protect your device.

Where MFA or additional controls are offered or required (for example, for certain practice roles), enabling them reduces account risk.

Retention

We retain information as long as your account is active, as needed to provide the Service, and as required by law (for example, longer retention for certain healthcare or billing records where applicable). When you delete content or close an account, we delete or de-identify it subject to legal retention obligations and secure backup rotation. Specific retention schedules for PHI-heavy deployments may be described in internal or practice-facing documentation.

Your Rights and Choices

Depending on where you live, you may have the right to:

• Access or export a copy of your information.
• Correct inaccurate account information.
• Delete your account or certain data (subject to legal exceptions).
• Restrict or object to certain processing where applicable law provides.
• Withdraw consent where processing is consent-based.

U.S. state privacy laws: Residents of certain states (e.g. California, Virginia, Colorado) may have additional rights. Contact us using the information below; we will verify your request as required by law.

HIPAA: For PHI held under a BAA, exercise rights through the covered entity or as our processes and BAAs allow.

International Users

The Service is operated from the United States. If you access the Service from elsewhere, you consent to transfer and processing in the U.S. and other countries where we or our vendors operate, which may have different data protection rules than your country.

Children’s Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, contact us and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy. We will post the new version and change the Last Updated date. For material changes, we may provide additional notice (e.g. email or in-app). Continued use after the effective date constitutes acceptance of the updated Policy where permitted by law.

Contact Us

NamedClearly / NamedClearly

• Address: 8585 Clark Street, Clive, IA 50325, United States
• Privacy & support: [email protected]

For HIPAA-related inquiries tied to a specific practice relationship, you may also contact your healthcare provider or our support with enough detail to route your request.

Compliance and Assurance

We design the Service with security and privacy in mind using measures such as encryption in transit, access controls, and monitoring appropriate to a consumer wellness product. We do not claim HIPAA compliance for the member Service or the SMS companion. Marketing references to future audits or certifications (e.g. SOC 2) describe goals or in-progress work unless we state a specific attestation is complete in a separate notice.

Related: Terms of Service · Cookie Policy · Compliance (BAA and practice resources where available)