CHIME Therapy’s Privacy Policy

This privacy policy (this “Policy”) was last updated on January 26, 2024.

CHIME Therapy LLC (“we”, “our”, “us”, “CHIME Therapy”) takes your privacy seriously, and we want you to know how we collect, use, share and protect your information.

1. Introduction

Our proprietary technology platform uses advanced data-driven tools to personalize your care, and to enhance evidence of care, care continuity, outcomes metrics and data-based learnings. We provide music therapists with insights and capabilities to drive improved and measurable clinical outcomes for clients receiving telehealth music therapy services (aka virtual music therapy, online music therapy) on our platform. You can access our platform via the website or through our Web application (“App”).

When you enroll, inquire about enrolling for or use of CHIME Therapy Services (as defined below), we keep a record of medical information that you provide to us or your therapist as well as any medical information that CHIME Therapy employees or independently contracted therapists provide to you via our platform (such as information on and related to your diagnosis).

Medical information means any information that:

This includes medical history, diagnoses, treatments, current medical condition, and use of prescription medications. If you are a US subscriber to CHIME Therapy services, your personal information in our possession is protected health information ("PHI") protected by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and the applicable provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. In addition to this Privacy Policy, the HIPAA Notices of Privacy Practices of CHIME Therapy or your CHIME Therapy Therapist apply to your PHI.

This Policy explains CHIME Therapy’s practices where we process “personal data”, which is information that relates to an identified or identifiable individual. To “process” or “processing” means the use of personal data including, collecting, recording, storing, using, analyzing, combining, transferring, disclosing, or deleting.

We reserve the right to change the terms of this Privacy Policy at any time by posting those changes in revisions to this Privacy Policy, so that you are always aware of our processes related to collection, use and disclosure of information. We urge you to check here for any updates to this Privacy Policy from time to time. Unless otherwise indicated, any changes to this Privacy Policy will apply immediately upon posting to the Website or the App.

2. What is included in this Policy?

The information on this page applies to the personal data we collect about your interactions, use, and experience with our website at www.heychime.com (our “Website”), our Webapp (our “App”), and in connection with the online therapy services we provide (the Website, App and our online therapy services are together, the “Services”). As noted below, our data practices depend on how you interact with our Services, and how you receive and pay for Services, for example whether purchasing Services as a consumer or receiving them through an employment-related benefit.

This Policy does not apply to any other websites that you visit before our Website or any third-party sites that may be accessible through the CHIME Therapy Services. Please read this Policy carefully so that you understand your rights in relation to personal data, and how we will process that personal data. This Policy supplements our Notice of Privacy Practices (for US clients) any other privacy related disclosures we may provide from time to time (including during your enrollment or management of your account with CHIME Therapy) and is not intended to override them.

If you do not want us to share personal data or feel uncomfortable with the ways we use information in order to deliver our Services, please do not use the Services.

3. Personal Data We Process & How We Use It

This table presents the types of information (whether legally classified as personal data or PHI under HIPAA), the sources, and the uses.

Types of Personal Data How We Get It What We Do With It

Log in and Registration

Information you provide when you create an account for yourself (or an authorized account for a minor), are matched to a therapist, or register yourself (or on behalf of a minor) as a patient may include:

  • Name (e.g. your name or the name of your parent/guardian)

  • Address

  • Country

  • Date of birth

  • Phone number

  • Gender and the preferred gender of therapist

  • Email

  • Relationship status

  • Organization/Employer (if applicable)

  • Payment information and transaction history

  • Information on the type of subscription you choose

  • Insurance information (including an image of that information)

  • Referral source

  • Information on why you are accessing our Services including what you are hoping to get from therapy

  • Notification preferences

You provide this when you go through the intake process
  • Provide you with the Services (including resubscription)

  • To match you to a therapist

  • Provide you with treatment information

  • Enroll you in services and administer your account

  • Provide you with support

  • Process insurance claims, billing, and payment information

  • Maintaining the safety and security of our users, our Services, and our business

  • Provide announcements and communicate with you, including for marketing purposes

  • Provide mandatory reporting to law enforcement or other governmental authorities, for example in instances of abuse, or ascertainable threats of violence to another person (See Notice of Privacy Practices for more information)

  • Respond to a valid legal request.

  • Process claims or insurance information

  • Provide you with and to evaluate, improve and develop the Services

  • Conduct therapist oversight

  • Control the quality of the Services

  • Permissive reporting of abuse; expressed threats of violence towards an ascertainable victim

Use of the Services

Data you provide when you use our therapy service, including:

  • Information you disclose in chat data and your chat sharing preferences (transcripts)

  • Audio/Video communication

  • Documents you share with your therapist via our chat functionality

  • Information collected via our symptom tracker and information on your clinical progress

  • Information collected via chat, telephone, or email support channels

  • Messages that you “star”

  • Information on friends you refer

  • Information you provide as part of treatment intake including emergency contact details, information on your health and mental health and medical history, images (optional)

  • If you use couples therapy, sharing of contact details and some communications will be conducted jointly.

  • If you choose to admit another individual to a therapy “room” for a session, their contact information will be collected and used for that purpose.

  • Information shared through the online chat support feature and your email address.

Through your use of the Services
  • To provide you with the Services

  • To build, modify, and develop new products, features, and Services.

  • To conduct clinical and other academic research, internally and with approved research partners and identify summary trends or insights for use in external communications (where direct identifiers such as name and contact details have been removed, or pursuant to explicit patient authorization). For more information see “Research” below. See Notice of Privacy Practices.

  • To address patient concerns or complaints

  • To carry out quality assurance and compliance activities

  • To provide you with assistance in the event of an emergency

  • To assist you with questions about the services.

  • To address patient concerns.

When Website visitors contact us

We collect information when you communicate with us via email or our online support service. This includes information that you provide when you contact us, any information you share through the online chat support feature as well as your email address.

You provide this information to us directly You provide this information to us directly

Technical Data

Technical information from software or systems hosting the Services, and from the systems, applications and devices that are used to access the Services, such as:

  • Information on the device operating system or Talkspace environment

  • Metrics on system or App feature use

Information on system events and status

Automatically through use of the Services
  • Create anonymized and/or aggregated data to improve and deliver our Services

  • Comply with legal obligations

  • Maintain the security of our infrastructure

  • Facilitate the delivery and optimization of Services

  • Monitor performance of our data centers and networks, systems and applications

  • Provide support to users (therapists and patients)

  • Administer our business continuity and disaster recovery plans and policies

  • Detect, investigate, and remediate stop fraudulent, harmful, unauthorized, or illegal activity (“fraud and abuse detection”) through automated and manual means

  • To provide you with and to evaluate, improve and develop the Services

  • To develop new products

Persistent Identifiers

Data collected via cookies, pixels and other tracking technologies (such as Google Analytics and Google Ads), such as:

  • Internet protocol (IP) addresses

  • Device ID

  • Browser type

  • Internet service provider (ISP)

  • Referrer URL

  • Geolocation information (derived from IP Address,

  • Exit pages, the pages and files viewed on our Website (e.g., HTML pages, graphics, etc.)

  • Operating system

  • Date/time stamp

NOTE: Once you become a patient the use of cookies, web beacons, pixels, and other processes are limited to ensure that we do not monitor or use patient information for other purposes without your consent.

Collected automatically when you use the Services
  • To provide you with and to evaluate, improve and develop the Services

  • To develop new products

  • Analyze how our Services are used so we can improve your experience

  • Evaluate the success of our marketing campaigns

  • Marketing, including tailoring advertising

4. Using the CHIME Therapy App

The CHIME Therapy Website and App includes third party software development kits (SDKs) from a number of other companies whom we engage as service providers, for identifying and logging code issues, errors and events; managing interactive communication within the App; compiling analytics on which features get used the most; facilitating customer service contacts regarding subscriptions and service; and processing device identifiers and event logs for ad attribution purposes (such as the initial login event, account creation, subscription events). These third parties process data as a service to CHIME Therapy only, pursuant to written agreements. CHIME Therapy does not sell client information to third parties.

5. Advanced Data Processing

The CHIME Therapy therapy experience is enhanced by advanced data processing activities, carried out in order to measure and improve clinical outcomes. During onboarding we ask you to provide information so that we can assess your condition and incorporate your preferences.

Optimizing Servcies. Throughout your experience, your provider uses the CHIME Therapy Services to manage your treatment plan. These services may include advanced machine learning features of our proprietary technology to provide the therapist with insights on client needs and behaviours and offer techniques and suggestions that we believe are likely to maximize clinical outcomes.

6. Research

Separate and apart from the music therapy services and quality assurance activities undertaken for the purpose of delivering and optimizing client care on the platform, from time to time, CHIME Therapy conducts or participates in research studies internally and/or with select resersach institutions. You may be offered the opportunity to participate in these studies. If your protected health information will be disclosed as part of these studies, your information will only be included with your written authorization. You will be asked to review and accept terms and enrollment separately from the information included in this Policy. Information from these studies may be published by third parties including through various media platforms/academic journals.

See our Notice of Privacy Practices.

7. What choices do you have about how we collect or use your information?

When you create a CHIME Therapy account or otherwise use the CHIME Therapy Services, we collect (or you may provide us with) your email address, and you have the choice to receive newsletters or promotional material about our services at this address. These messages may be tailored to your responses to onboarding surveys so that you receive information relevant to you. You can further manage your email preferences by unsubscribing from emails (via the link in the message), support@heychime.com.

In addition to your rights as a patient as set out in the Notice of Privacy Practices, you can ask us to:

To ask us about these choices, contact support@heychime.com.

8. How can I access, delete, or modify my personal data?

You may request access to or deletion of your Personal Information. We will honor your request regardless of where you live or are physically located unless a legal requirement prevents us from doing so or a legal exception applies. Please email us at support@heychime.com.

9. Your California Privacy Rights

If you are a resident of the State of California, this privacy policy is supplemented by our California Privacy Rights Statement that explains certain California privacy rights and how affected parties can exercise these rights.

10. EU/EEA/UK Privacy Rights

If you are located in the European Union, the European Economic Area, or the United Kingdom, this Policy is supplemented by our Additional Privacy Statement for EU, EEA and UK Users which explains your privacy rights and how you can exercise these rights (among other matters).

11. Retention

We will retain your information in accordance with the appropriate statutory limitation periods as required by local law, in line with our legitimate business purposes for as long as your account is active or for as long as needed to provide you with the Services, as required in order to comply with our legal obligations, a court order or to defend or pursue legal claims, in line with industry codes of practice, to resolve disputes and enforce our agreements.

12. CHIME Therapy and Minors

In the United States, CHIME Therapy may collect information and may provide Services to minors ages 13 – 17 with the written authorization of a parent or guardian. CHIME Therapy does not provide therapeutic services to minors outside of the US.

13. Other Mobile Applications and Services

This Policy does not apply to any third-party applications or software that you download, or any other third-party websites, mobile applications, or online products, services, or businesses you may access from the CHIME Therapy Website or App.

14. Applying for a Job at CHIME Therapy

Please see our statement on Candidate Privacy for more information on the personal data we process in connection with recruiting.

15. Security

We take commercially reasonable steps to protect the integrity and confidentiality of personally identifiable and health information that you may share with us. We have complied with the HIPAA security rule for administrative, technical, and physical security safeguards and have third party assessments of our controls performed annually. However, please be aware that no security measures are perfect or impenetrable and we cannot guarantee the absolute security of your information.

We will do our part to protect your information, but it is important for you to protect your information as well. In addition, we do not control the actions of anyone with whom you or any other CHIME Therapy user may choose to share information. As such, you should be cautious about the access you provide to others when using CHIME Therapy, and the information you choose to share when using the CHIME Therapy Website or App.

16. How to Contact Us

If you have any privacy-related questions or comments related to this Policy, please send an email to support@heychime.com.

17. Additional Information for EU, EEA and UK Users

Please see our Additional Privacy Statement for EU, EEA and UK Users for further details on your privacy rights, how we share your personal data, international transfers of personal data and retention of personal data.

We process the personal data described above in accordance with the following legal basis:

We are a limited liability company established in New Jersey, USA, with a registered office at

Five Greentree Centre, 525 Route 73 North, STE 104, Marlton, NJ 08053, and, if you are based in the EU, EEA, or UK for the purpose of the EU and UK General Data Protection Regulation, we are the data controller.

This document was last updated on January 26, 2024. CHIME Therapy’s policies may be created, eliminated, changed or amended from time to time, and at any time, at the sole discretion of CHIME Therapy.