Flourish Labs, Inc. Privacy Policy

Last updated: December 4, 2024

This Privacy Policy explains how Flourish Labs, Inc. (“Flourish Labs”, “we”, “us” or “our”) collects information about you when you use our websites Peers.net and FlourishLabs.net (our “Websites”), when you receive peer support from us, contact our customer service team, engage with us on social media, or otherwise interact with us (collectively, our “Services”). It also explains how we use and process your information, how we may share it, and the choices you have with the information we collect, including how you can update or request to delete your information. It does not address our privacy practices relating to Flourish Labs job applicants, employees, and other personnel.

Please take a moment to review this Privacy Policy. By using our Services, you are agreeing to the terms of this Privacy Policy, so it's important that you understand it. If you have any questions or concerns about this Privacy Policy, you may contact us at any time.

Who are Flourish Labs and Divisadero Health?

Flourish Labs is a healthcare company on a mission to scale professional peer support with technology to address the youth mental health crisis. We expand the mental health workforce by hiring and training young adults with diverse backgrounds and past experience of mental health challenges or addiction to become certified Peer Support Specialists. On Peers.net, our HIPAA-compliant telehealth platform, teenagers and young adults can book a 1 on 1 session with a professional peer supporter of their choice, within 24 hours.

Flourish Labs is not a medical group and does not provide medical advice, care, and/or treatment. All peer support services are provided by trained Peer Support Specialists (each, a “ Provider” or “ Peer Supporter”) that are overseen by a licensed clinician practicing within independently owned and operated professional practices. In California, this is known as “Divisadero Health Services of California, P.C.” In New Jersey, this is known as Divisadero Health Services of New Jersey, P.C.” In all other states, this is known as “Divisadero Health Services, P.A.” Flourish Labs, Inc. does not directly provide any peer support services.

Flourish Labs provides you with access to Providers who offer emotional support, teach skills, and share their knowledge and personal experiences dealing with depression, anxiety, eating disorders, trauma, stress, LGBTQ+ questions, and more.

Key terms & definitions

Let's start by explaining some of our key terms and definitions used in this Privacy Policy.

Key TermDefinition

“Personal Information”

Any information relating to an identified or identifiable individual and any information listed here.

“Platform”

Our Websites and supporting telehealth partners (e.g., third party electronic health record system).

“Privacy Policy”

This privacy policy.

“Services”

Any services provided through our Platform.

“Terms of Service”

Our terms of service located here.

“Website(s)”

Our websites, including:

“Flourish Labs”, “we”, “us”, or “our”

Flourish Labs, Inc.

When does our Privacy Policy apply?

This Privacy Policy describes the types of information we may collect from you when:

  • You visit, use, and/or input any information into our Website(s);
  • We communicate asynchronously via email, text message, and/or other electronic messages; and
  • We communicate synchronously, such as on the phone or through a telehealth visit.
  • When does our Privacy Policy not apply?

    This Privacy Policy does not apply to information collected by any other website operated either by us or by a third party, unless the website is listed above or links to this Privacy Policy. It also does not apply to any website that we may provide a link to or that is accessible from our Platform.

    This Privacy Policy does not apply to information collected from users who log in to the password-protected and secure portions of our Platform (“ Secure Platform”). The Secure Platform allows users (“ Users”) to perform certain functions or obtain the Services. All information collected and stored by us or added by Users into such Secure Platforms is considered Protected Health Information (“ PHI”) and/or medical information and is governed by applicable state and federal laws that apply to that information, for example the Health Insurance Portability and Accountability Act (“ HIPAA”). We will not use or disclose information collected from the Secure Platform or your Provider for advertising, marketing, or other use-based data mining purposes except as otherwise permitted by HIPAA and other applicable law. We will not sell any PHI in violation of HIPAA.

    Our Privacy Policy and Terms of Service

    This Privacy Policy is incorporated into our Terms of Service, which also apply when you use our Services.

    Personal information

    What is personal information?

    When we use the term “Personal Information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked directly or indirectly to an individual. It does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual (“ Non-Personal Information”).
    What types of personal information do we collect?

    We may collect and use the following personal information (hereinafter, collectively referred to as “Personal Information”):

    Categories of Personal InformationTypes of Personal Information Collected

    Personal Identifiers

    A real name, birth date, e-mail address, postal address, or alias.

    Information that identifies, relates to, describes, or is capable of being associated with a particular individual

    Physical characteristics or description, telephone number, credit card number, debit card number, or any other financial information, education, signature, insurance policy number, medical conditions, and psychological trends.

    Characteristics of protected classifications under California or federal law.

    Race, Color, Age, National origin, Sex/sexual orientation, Veteran or military status, or Disability.

    Biometric information

    Voiceprints.

    Internet or other electronic network activity information

    IP address, OS version, device language, operating system, browser type, log file information, traffic data, mobile network information, and information regarding a consumer’s interaction with an internet website, application, or advertisement.

    Professional and employment related information

    Specifically for applicants, includes training history and certifications, background checks, and current or past job history.

    Health information

    Some Personal Information we collect may constitute PHI under HIPAA. As a part of Peers.net onboarding, we will provide you with a HIPAA Notice of Privacy Practices describing their collection and use of your health information, not Flourish Labs. We will only collect and use PHI for the purposes of providing the Services and we only collect the minimum amount necessary to fully perform and provide the Services on our Platform. We may combine your PHI with Personal Information that we have either obtained from you or through a third-party, such as your Provider, health insurer, employee benefits program, or other health care providers. PHI will only be used and disclosed as outlined in the HIPAA Notice of Privacy Practices and as permitted by HIPAA and other applicable law.

    Flourish Labs or Divisadero Health may de-identify your information such that it is no longer considered protected health information or personally identifiable information. Flourish Labs or Divisadero Health may disclose, aggregate, sell, or otherwise use such de-identified information to third parties for analytics, research, or other purposes.

    Our collection of personal information

    We collect information from three sources: if and when you provide information to us, automatically through operating our Services, and from outside sources.

    Information you provide to us

    We collect information when you create an account, fill out a form or survey, communicate with us via email or social media sites, make a payment through the Platform, and/or by contacting customer support. The information you might provide includes your name, email, phone number, demographic information, payment information, your responses to forms and surveys, feedback, and other information about you included within your messages to us.

    When you make payments through the Platform, we do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.

    We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.

    Information we collect automatically as you use our services

    When you use our Services, we collect the following information about you:

    Usage information. For example, we log the pages you visit on our Websites.

    Information about the browsers and devices you use to access our Services. This includes the type of web browser you use, access times and dates, pages and screens viewed, your IP address, and the page you visited before navigating to our Websites. It includes information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information (like your connection type, carrier and region).

    We and our third party analytics provider use various technologies to collect and store information, including cookies, pixel tags/beacons, local storage, such as browser web storage or application data caches, databases, and server logs. For more information about these practices and your choices regarding these data collection technologies, please see our Cookie Policy.

    We generate some information about you based on other information we have collected. For example, our third party analytics provider may use your IP address to derive the approximate location of your device, such as the city or state you are accessing the Services from. This location data is aggregated and de-identified, it is not tied to your personal information.

    Information we get from others

    We may receive information about you from third parties; which we combine with Personal Information we collect either automatically or directly from you.

    Our vendors that perform services solely on our behalf, such as user research and marketing providers, collect Personal Information and share some or all of this information with us.

    Our use of personal information

    We may use your Personal Information for the following purposes
    • To provide our Services.
    • To customize your experience of our Services. For example, when you return to our Website having filled out our quiz, we will show you the results of the quiz.
    • To communicate with you. For example, we send you booking confirmations and reminders about your upcoming appointments, respond to your customer service requests, and other administrative messages.
    • To market our Services, evaluate and improve the effectiveness of our marketing. For example, we may send you messages by email or text. You can see information about your choices regarding marketing communications in the “ Your choices regarding your personal information ” section below.
    • To understand who is using our Services. For example, if you choose to give us demographic information, this helps us understand the diversity of our User base.
    • To improve our Services, and develop new products or services. For example, we analyze data about how you use our Website to improve the design and make it easier to use. We also use feedback data to create new features that we think you will find useful.
    • To diagnose or fix technical problems. For example, by monitoring, debugging, repairing, and preventing issues.
    • To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of Flourish Labs and others, which may result in us terminating Services.
    • To comply with legal obligations.
    • To facilitate contests, sweepstakes, and promotions; process and deliver entries and rewards.
    • To notify you about changes to our Platform and/or the Services we offer.
    • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
    • To administer surveys and feedback questionnaires.
    • Any other purpose with your consent.

    Our sharing of personal information

    We share information about you in limited circumstances, and with appropriate safeguards on your privacy.

    We do not sell your Personal Information.

    We do not share your Personal Information with your academic institution or employer.

    We may share your Personal Information with companies, organizations, or individuals outside of Flourish Labs as follows:
    • Our business purposes. We share information for business purposes with those who need it to do work for us to deliver or improve the Services. This might include our affiliates, independent contractors and third party vendors of customer service, infrastructure and hosting, analytics, user research, email and SMS/text communication, engineering services, marketing services, law firms, auditors, accounting firms and others.
    • Your healthcare providers or family. With your consent, we may share your information, including information collected from your use of our Platform, with your health care providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.
    • With your consent. We may share your Personal Information if you request or direct us to do so.
    • In case of an emergency. We may share information in an emergency. This includes protecting the health and safety of you, our employees and agents, our customers, or any person.
    • Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
    • Business transfer. We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose Personal Information to a third party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal Information may also be disclosed in the event of insolvency, bankruptcy or receivership.
    • To enforce our rights. We may share your Personal Information to enforce any applicable terms and conditions and Terms of Use, and to ensure the safety and security of our Services and our users.
    • With our partners. We may share information between and among Flourish Labs and our current and future partners, affiliates, subsidiaries, and other companies under common control and ownership.

    Your choices regarding your personal information

    You have several choices available when it comes to information about you:

    Reviewing, updating and deleting your information

    You can review and change your Personal Information by logging into the Account section of our Website. You may also contact us to inform us of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible, or to delete your account.

    We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect. We also retain cached or archived copies of information about you for a certain period of time.

    Marketing communications

    If we send you marketing communications such as emails or text messages (SMS), you can opt out by following the instructions in those communications. It may take up to a week for the opt-out to take effect. If you opt out of marketing communications, we may still send you other communications, such as appointment reminders, notices about your account or legal notices. 

    Text messages

    By providing your mobile number to us, you are agreeing to be contacted by or on behalf of Flourish Labs at the mobile number you have provided, including calls and text messages, to receive informational messages and communications relating to the Services. These calls and text messages may include booking confirmations, appointment reminders, notifications about messages from your Provider, etc.

    You can stop us sending you text messages by replying to our message with STOP.

    We will use text messages to send you account verification codes when you log into the Website, instead of passwords. If you create an account on the Website, you hereby consent to receive one-time-passcode (OTP) text messages to the phone number provided in order to access the Services. You cannot opt out of OTP text messages for logging into the Website.

    You may opt in to receive additional text messages from Flourish Labs, such as promotional or marketing text messages, on our Websites at your discretion.

    Please also see our Terms of Service for more details on emails and text messages.

    Cookies

    For information about our and our third-party partners’ use of cookies and related technologies, and choices you have in relation to cookies, please see our Cookie Policy.

    We do not control the collection and use of your information collected by third parties. These third parties may aggregate the information they collect with information from their other customers for their own purposes. You can opt out of third parties collecting your Personal Information for targeted advertising purposes in the United States by visiting the National Advertising Initiative's (NAI) opt-out page and the Digital Advertising Alliance's (DAA) opt-out page.

    Keeping your information secure

    We work hard to keep your Personal Information secure. We implement what we believe to be appropriate and reasonable technical and organizational measures to protect the Personal Information we collect and store from loss, misuse, unauthorized use, access, inadvertent disclosure, change or destruction.

    For example:
    • We use encryption to keep your data private while in transit.
    • We restrict access to Personal Information to those employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

    However, no network, server, database or Internet or email transmission is ever fully secure or error free. Please keep this in mind when giving us any Personal Information.

    Health record retention policy

    Any health record data collected as a part of your engagement with Peers.net, including peer support session recordings, will be retained by Divisadero Health Services in compliance with your state requirements.

    Please note that health record retention requirements vary by state, and we reserve the right to retain your records for additional periods of time if deemed necessary or medically appropriate.

    If you have questions about how long your health records will be retained by Divisadero Health Services, please reach out to hello@peers.net.

    International data transfer

    Flourish Labs is based in the United States and processes information in the United States, which may not provide equivalent levels of data protection as your home jurisdiction. The Personal Information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States. 

    Links to third-party services

    This Privacy Policy applies only to our Services. Our Services may include links to third-party websites, plug-ins and applications (“ Third-Party Services”). This Privacy Policy does not apply to Third-Party Services, and we are not responsible for any personal information practices of Third-Party Services. To learn about the personal information practices of third parties, please visit their respective privacy policies.

    Children’s personal information

    Our Services are not directed to children under the age of 12, and we do not intend to or knowingly collect Personal Information from children under 12. If you are under the age of 12, do not use our Platform or Services, or provide any information on or to the Platform or through any of its features. If we learn we have collected or received Personal Information from a child under the age of 12, we will delete it. If you are the parent or guardian of a child under 12 years of age whom you believe might have provided us with their Personal Information, you may contact us to request the Personal Information be deleted.

    California’s Shine the Light Law

    California Civil Code Section 1798.83 (California’s “Shine the Light” law) permits users of our Platform and/or the Services that are California residents and who provide Personal Information in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Information to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared your Personal Information with for the immediately prior calendar year (e.g. requests made in 2024 will receive information regarding such activities in 2023). You may request this information once per calendar year. To make such a request, please contact us using the information below.

    Updates to our Privacy Policy

    We may update this Privacy Policy from time to time. When we make changes to this Privacy Policy, we will change the date at the beginning of this Privacy Policy. If we make material changes to this Privacy Policy, we will notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

    Contact us

    We welcome your feedback on this Privacy Policy. If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on the Website.

    How to contact us:

    Flourish Labs, Inc.
    530 Divisadero St.#108
    San Francisco, CA 94117
    Telephone: (415) 349-3901
    E-mail: hello@peers.net