Reflective Training Privacy Policy

1. Introduction

Reflective Training (“RT,” “we,” “us,” or “our”) is committed to protecting the privacy of our users, who are healthcare providers, healthcare students, corporate trainees, and other legitimate human learners aged 18 and older. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (the “Site”). By accessing or using the Site, you agree to this Privacy Policy.

2. How We Protect Your Privacy

We use the following measures to safeguard your information:

• User Verification: We verify that all users are eligible learners to maintain a secure community.
• Data Security: We use industry-standard encryption, secure servers (hosted in the U.S. via Bluehost and AWS), and access controls to protect your data from unauthorized access, disclosure, alteration, or destruction. Video roleplays are hosted securely to prevent unauthorized copying.
• De-identification: We remove personally identifiable information (PII) from data used for educational research to ensure your privacy.
• Limited Access: Only authorized personnel (e.g., licensed psychotherapists, university researchers) access identifiable data for educational purposes.
• Data Breach Notification: If a data breach occurs, we’ll notify affected users within 72 hours, as required by applicable laws (e.g., GDPR, CCPA).

3. Information We Collect

We collect:

• Personal Information: Name, email address, professional credentials, and user ID provided during registration or Site interaction.
• Educational Data: Feedback Forms, video roleplays (mock sessions), recorded training sessions, and other training content you submit. Training sessions are recorded for educational purposes.
• Usage Data: Aggregated data on Site usage (e.g., login times, pages visited, feature interactions) collected via cookies and similar technologies.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

• Types: Essential cookies (for Site functionality), analytics cookies (to track usage), and third-party cookies (from services like AWS).
• Purpose: Enhance Site performance, analyze usage, and personalize content.
• Control: You can manage cookies via browser settings or our cookie consent banner. Disabling cookies may limit Site functionality.
• Compliance: For EU users, we obtain explicit consent per GDPR. California users can opt out per CCPA.

5. How We Use Your Information

We use your information to:

• Improve Learning: Analyze de-identified Feedback Forms and session recordings to enhance training effectiveness.
• Conduct Educational Research: Use de-identified data for educational research to advance psychotherapy training. Reports never identify RT learners.
• Manage Video Roleplays: Your mock video roleplays may be viewed by:
  • Authorized researchers (psychotherapists or university staff) for quality assessment or educational research.
  • Other RT learners for collaborative learning, under strict confidentiality. Users agree not to capture, reproduce, or distribute others’ roleplays, as per the Terms of Service.
• Deliver Services: Provide Site access, manage accounts, and communicate about training.

6. Third-Party Sharing

We don’t sell or rent your personal information. We share data as follows:

• Third-Party Services: We use WooCommerce, Stripe, PayPal, LearnDash, and AWS/S3 to deliver services. These providers may access limited data (e.g., payment details, video storage) under strict agreements. See their privacy policies: Stripe, PayPal, AWS.
• Educational Research Partners: De-identified data may be shared with academic partners for educational research, ensuring no identification.
• Legal Requirements: We may disclose data to comply with laws or protect our rights.

7. International Data Transfers

Our servers are in the U.S. (Bluehost, AWS). For users outside the U.S.:

• Safeguards: We use Standard Contractual Clauses (SCCs) to protect data transfers per GDPR.
• Rights: EU users have GDPR rights (e.g., data portability). California users have CCPA rights (e.g., opt-out of data sales).
• Contact: Email robertsd5@uthscsa.edu for international data concerns.

8. Data Retention

We retain:

• Personal Information: 7 years after account closure, unless you request earlier deletion.
• Educational Data: Video roleplays, session recordings, and Feedback Forms are retained indefinitely for educational research and platform improvement, unless you request removal. De-identified data may be retained indefinitely.
• Usage Data: Aggregated data is retained indefinitely for analytics, unless you opt out. You may request earlier deletion, processed within 30 days, subject to legal requirements.

9. Your Rights

You have the following rights:

• Access/Correction: Request access to or correction of your data by emailing robertsd5@uthscsa.edu.
• Deletion: Request deletion of your account, roleplays, or other data. We’ll process requests within 30 days, subject to legal obligations.
• Opt-Out: Opt out of analytics cookies or de-identified data use for educational research via email.
• GDPR/CCPA: International users may request data portability or restrict processing per applicable laws.

10. Video Roleplay Control

• Retention: Mock video roleplays are stored securely on AWS for educational purposes.
• Removal: If you would like your roleplays removed from website accessibility after you complete your course, please email robertsd5@uthscsa.edu. We’ll confirm removal from public access within 30 days. De-identified data may be retained for educational research unless you opt out.

11. Legal Compliance

RT does not collect or store Protected Health Information (PHI) subject to HIPAA. All training materials are educational and do not involve real patients. We comply with applicable laws, including GDPR and CCPA, and maintain high confidentiality standards for educational settings.