Daybreak Health Privacy Policy

Daybreak Health is devoted to safeguarding our customers, patients, and employee personal information and ensuring confidentiality of records. This Privacy Policy describes the personal information we collect, how we use it, and the standards and procedures in place to safeguard your personal information. At the bottom of this Privacy Policy is the Provider Group’s HIPAA Notice of Privacy Practices, which describes how the Providers and we treat your protected health information under HIPAA. Defined terms in this Privacy Policy may refer to the terms in our Terms of Use.

1. Information we Collect

Daybreak Health collects PI/PHI from customers to include the following:

  • The information that's required when you sign up for the site, as well as the information you choose to share.
  • Required information such as your name, email address, birthday, and gender. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
  • Usernames and User IDs, which are a way to identify you on Daybreak Health. A User ID is a string of numbers and a username generally is some variation of your name.
  • Information posted to a group chat or moderated session and information kept within a one on one session.
  • “Contact Information” is personal information and or family/friend/relation that Daybreak Health stores confidentially for your Therapist to access in case of an emergency or mental health crisis.
  • Information Daybreak receives on forms, including, but not limited to, identifying information such as address, telephone number, e-mail address related to customer projects
  • Banking information for billing purposes; such as account # and routing information for invoicing purposes

We may also receive personal information from our partner schools, which is subject to the terms of our agreements with those schools and applicable laws, such as FERPA.

2. How We Use Your Personal Information

We use your personal information for various purposes described below, including to:

  • provide the Platform to you;
  • provide products and services to you;
  • provide you with information you request from us;
  • enforce our rights arising from contracts;
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • notify you about changes;
  • to contact you in response to a request;
  • to fulfill any other purpose for which you provide it;
  • provide you with newsletters, advertisements, and other promotional communications (with your consent); 
  • for any other purpose with your consent; and
  • provide you with notices about your Account.

3. How We Disclose Your Personal Information

We do not share, sell, or otherwise disclose your personal information for purposes other than those outlined in this Privacy Policy. 

We may disclose personal information that we collect or you provide as described in this Privacy Policy:

  • to service providers and other third parties we use to support our business (the services provided by these organizations include providing IT and infrastructure support services, and ordering, marketing, and payment processing services);
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Daybreak about the Site users are among the assets transferred;
  • to fulfill the purpose for which you provide it (for example, we may disclose your personal information to a health care provider);
  • for any other purpose disclosed by us when you provide the information; and
  • with your consent.

We may also disclose your personal information:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; and
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Daybreak, our customers, or others (this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

In addition, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

4. Service Providers

We may employ third party companies and individuals to facilitate our Platform, to perform certain tasks which are related to the Platform, or to provide audit, legal, operational or other services for us. These tasks include, but not limited to, customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing, reporting and analytics. We will share with them only the minimum necessary information to perform their task for us and only after entering into appropriate confidentiality agreements.

‍

5. How We Protect Personal Information

We restrict access to information about you to those individuals who need to know that information as part of their job responsibilities. We also educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, special training programs, and our Code of Conduct. We take appropriate disciplinary measures to enforce privacy responsibilities. We have developed precautions that comply with applicable law to ensure the security and confidentiality of customer records and information, to guard against any anticipated threats or hazards to the security or integrity of such records, and to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to our customers or our employees.

We protect personal information by:

  • Restricting access to customer information to only those personnel for whom the information is necessary
  • Entering into written confidentiality/non-disclosure agreements with third party service providers for certain disclosures
  • Maintaining physical, electronic, and procedural safeguards that comply with the relevant laws and regulations
  • Conducting a Security Training and Awareness training program to communicate and educate employees about information security policies and procedures in order to make them aware of their roles and responsibilities in safeguarding information resources.
  • Daybreak Health uses firewall barriers and digital certifications to maintain the security of your online session and information.

Information transmitted over the Internet is not completely secure, but we do our best to protect your personal information. You can help protect your personal information and other information by keeping your password to the Platform confidential. We ask you not to share your password with anyone.

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through the Platform.

6. Children's Privacy

We do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to become our user without parental consent per COPPA. The Platform is not directed and not intended to be used by children under the age of 13 without parental consent. If you're aware that we have collected Personal Information from a child under age 13 without parental consent please let us know by contacting us and we will delete that information.

‍

HIPAA Privacy Statement

Last updated: September 4, 2025

Overview

This Notice of Privacy Practices (“Notice”) describes how the Provider Groups — including Daybreak Medical, P.C., Daybreak Medical, P.A., and AS Medical of NY, P.C. — may use and disclose your Protected Health Information (PHI) for treatment, payment, business operations, and other purposes allowed by law.

It also explains your rights to access and control your PHI.

Your Rights

You have the right to:

  • Get a copy of your medical record
    • Request electronic or paper copies of your medical record and health information.
    • Provided within 30 days (a reasonable cost-based fee may apply).
  • Request corrections to your medical record
    • Ask us to correct inaccurate or incomplete information.
    • We may deny, but must explain in writing within 60 days.
  • Request confidential communications
    • Choose how we contact you (e.g., home/office phone, alternative address).
    • We will honor all reasonable requests.
  • Limit what we use or share
    • Ask us not to use/share PHI for treatment, payment, or operations.
    • We may deny if it impacts your care.
    • If you pay out-of-pocket in full, you can request we don’t share that info with your insurer.
  • Get a list of disclosures
    • Request a list of PHI disclosures (last six years).
    • Excludes treatment, payment, operations, and disclosures you authorized.
    • One free per year; fees apply for additional requests.
  • Get a copy of this privacy notice
    • Request a paper copy anytime, even if you agreed to electronic delivery.
  • Choose someone to act for you
    • A person with medical power of attorney or legal guardianship can act on your behalf.
  • File a complaint

Your Choices

You can tell us your preferences for PHI sharing in certain cases:

  • With your authorization
    • Share info with family, friends, or others involved in your care
    • Share info in disaster relief situations
    • Include your information in a hospital directory
    • Contact you for fundraising efforts (you can opt out)
  • Requires written permission
    • Marketing purposes
    • Sale of your information
    • Most sharing of psychotherapy notes
  • If you cannot express a preference (e.g., unconscious)
    • We may share info if in your best interest.
    • We may also share to prevent serious and imminent threats to health/safety.

Our Uses and Disclosures

Typical Uses

  • Treatment: Share PHI with professionals involved in your care.
  • Operations: Use PHI to run our practice, improve care, and contact you.
  • Billing: Use/share PHI to bill and receive payment.

Other Uses (allowed/required by law)

  • Public health & safety: Prevent disease, product recalls, adverse reactions, suspected abuse/violence, or threats to safety.
  • Research: For approved health research.
  • Legal compliance: Share as required by state/federal law or oversight.
  • Organ/tissue donation: With procurement organizations.
  • Medical examiner/funeral director: As needed when someone dies.
  • Workers’ comp & law enforcement: For claims, official requests, oversight, or government functions (military, national security, protective services).
  • Legal actions: In response to court orders, subpoenas, or administrative processes.

Our Responsibilities

  • Maintain the privacy and security of your PHI.
  • Notify you promptly if a breach occurs.
  • Follow the practices described in this Notice and provide a copy upon request.
  • Not use/share your PHI beyond this Notice unless you authorize in writing (you may revoke at any time).
  • Comply with applicable state laws that may provide additional privacy protections beyond HIPAA.

Changes to This Notice

  • Terms may be updated and will apply to all PHI we maintain.
  • Updated versions will be available upon request, in our office, and on our website.

Additional Daybreak Health Disclosures

  • No hospital directory management.
  • Clinicians may contact your emergency contact, crisis services, or law enforcement if there is suspicion of imminent harm.
  • PHI may be disclosed to comply with legal processes or to protect the rights, property, or safety of Daybreak, customers, or others.
  • May exchange information with companies for fraud protection and credit risk reduction.
  • May disclose aggregated or non-identifiable data without restriction.
  • Do not knowingly collect data from children under 13 without parental consent (per COPPA).

Contact Information

Privacy Officer: Christine Cauwels, LCMHC, LCPC, LMHC, LPC, NCC

christinecauwels@daybreakhealth.com

447 Sutter St, Suite 405, San Francisco, CA 94108

www.daybreakhealth.com