Privacy Policy for EmEase

1. Introduction

Effective Date: 04/21/2025

Welcome to EmEase

This Privacy Policy explains how Underdog Club LLC (“we,” “us,” or “our”) collects, uses, shares, and protects your information when you use our EmEase application and website (collectively, the “Service”). EmEase is a Self EMDR (Eye Movement Desensitization and Reprocessing) application designed to provide therapeutic support through digital platforms.

About Us

EmEase is owned and operated by Underdog Club LLC, a Delaware corporation with operations based in Maryland. We are committed to protecting your privacy and ensuring the security of your personal and health information.

Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Underdog Club LLC
2833 Smith Avenue, Suite 305
Baltimore, MD 21209
Email: [email protected]
Website: https://EmEase.com

Scope of This Policy

This Privacy Policy applies to information we collect through:

  • Our EmEase mobile applications for iOS and Android
  • Our website at https://EmEase.com
  • Our web application at https://app.EmEase.com
  • Customer support communications
  • Other related services and communications

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

HIPAA Compliance

EmEase is designed to be compliant with the Health Insurance Portability and Accountability Act (HIPAA). We implement appropriate safeguards to protect the privacy and security of protected health information as required by law. More details about our HIPAA compliance measures are provided in Section 3 of this Privacy Policy.

2. Information Collection

Types of Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you register for EmEase, including:

  • Name
  • Email address
  • Phone number (optional)
  • Account credentials
  • Billing information when you purchase a subscription

Health Information

As a Self EMDR application, EmEase may collect sensitive health information, including:

  • Self-reported mental health concerns or symptoms
  • Therapy goals and progress
  • EMDR session data and responses
  • Self-assessment results
  • Journal entries or notes
  • Treatment preferences

Technical Information

We automatically collect certain information about your device and how you interact with EmEase:

  • Device information (type, model, operating system)
  • IP address
  • Browser type and version
  • App usage statistics
  • Session duration and frequency
  • Feature utilization
  • Crash reports and performance data
  • Time zone and language settings

Location Information

We collect limited location information based on:

  • IP address geolocation (country/region level)
  • Time zone settings
  • We do not track precise GPS location unless explicitly permitted

How We Collect Information

Direct Collection

Information you provide directly when you:

  • Create an account
  • Complete profile information
  • Use the EMDR therapy features
  • Record session notes or journal entries
  • Communicate with our support team
  • Respond to surveys or provide feedback

Automated Collection

Information collected automatically through:

  • Cookies and similar technologies
  • Analytics tools
  • Application monitoring software
  • Error and crash reporting tools

Third-Party Sources

We may receive information about you from:

  • Authentication services (if you choose to sign in using third-party login)
  • Payment processors
  • App stores (Apple App Store, Google Play)
  • Marketing partners (with your consent)

We collect and process your information based on:

  • Your explicit consent
  • The necessity to perform our contract with you (providing the EmEase service)
  • Our legitimate interests in maintaining and improving our service
  • Compliance with legal obligations

Minimization Principle

We strive to collect only the information necessary to provide, maintain, and improve the EmEase service. You may choose not to provide certain information, though this may limit your ability to use specific features of our application.

3. HIPAA Compliance Statement

Our Commitment to HIPAA

EmEase is designed and operated in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We recognize the sensitive nature of the health information you entrust to us and are committed to maintaining the privacy and security of your Protected Health Information (PHI).

Our Role Under HIPAA

Underdog Club LLC, as the provider of EmEase, functions as a Business Associate under HIPAA when users utilize our application for health-related purposes. This means we are legally obligated to:

  • Implement appropriate safeguards to protect your PHI
  • Limit uses and disclosures of PHI to those permitted by law
  • Report security incidents involving PHI
  • Maintain appropriate documentation of our privacy practices

Safeguards Implemented

To protect your health information, we have implemented comprehensive administrative, physical, and technical safeguards:

Administrative Safeguards

  • Regular risk assessments and management procedures
  • Designated privacy and security officials
  • Workforce training on privacy and security
  • Documented policies and procedures for PHI handling
  • Regular review of information system activity

Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Access controls and authentication requirements
  • Audit controls to record and examine activity
  • Integrity controls to prevent unauthorized PHI alteration
  • Transmission security to guard against unauthorized access

Physical Safeguards

  • Secure data centers with controlled access
  • Hardware and media controls
  • Workstation security protocols
  • Facility access and security measures

Business Associate Agreements

When we engage third-party service providers who may have access to PHI, we enter into Business Associate Agreements (BAAs) that contractually bind these entities to:

  • Use appropriate safeguards to protect PHI
  • Report security incidents
  • Comply with the same restrictions that apply to us

Breach Notification

In the unlikely event of a breach of unsecured PHI, we will:

  • Notify affected users without unreasonable delay (and no later than 60 days following discovery)
  • Provide information about what happened, what information was involved, steps individuals should take, what we are doing to investigate and mitigate, and contact procedures
  • Notify relevant authorities as required by law

HIPAA Rights

As a user of EmEase, you maintain certain rights regarding your PHI, including:

  • The right to access your PHI
  • The right to request corrections to your PHI
  • The right to receive an accounting of certain disclosures of your PHI
  • The right to request restrictions on certain uses and disclosures

To exercise these rights, please contact us at [email protected].

Limitations

While EmEase is designed to be HIPAA-compliant, please note that your own handling of information outside our application (such as sharing screenshots or discussing your therapy through non-secure channels) may not be protected under HIPAA.

4. Use of Information

Primary Uses of Your Information

We use the information we collect primarily to provide, maintain, and improve the EmEase service. Specifically, we use your information to:

Deliver Core Functionality

  • Create and manage your EmEase account
  • Provide personalized Self EMDR therapy sessions
  • Track your progress and therapy outcomes
  • Store your session history and personal notes
  • Enable you to access your information across devices
  • Facilitate your therapeutic journey through the application

Service Operation and Support

  • Authenticate your identity and maintain account security
  • Process payments and manage subscriptions
  • Provide customer support and respond to your inquiries
  • Send service-related notifications and updates
  • Troubleshoot problems and optimize performance
  • Fulfill your requests for specific features or information

Secondary Uses of Information

With your consent or where permitted by law, we may also use your information for:

Service Improvement

  • Analyze usage patterns to enhance user experience
  • Identify trends and areas for improvement
  • Develop new features and functionality
  • Test and debug application performance
  • Conduct research on EMDR effectiveness (using de-identified data)

Communication

  • Send you information about new features or services
  • Provide educational content related to EMDR therapy
  • Deliver promotional offers or discounts (only with explicit opt-in)
  • Request feedback on your experience with EmEase
  • Invite participation in surveys or research (optional)

Business Operations

  • Generate aggregated, non-identifying analytics and statistics
  • Protect against fraudulent or unauthorized activity
  • Enforce our Terms of Service
  • Comply with legal obligations

We process your information based on one or more of the following legal grounds:

  • When you explicitly agree to the processing of your information for specific purposes
  • You may withdraw your consent at any time by contacting us at [email protected]

Contract Performance

  • When processing is necessary to fulfill our contractual obligations to you
  • This includes providing the core EmEase service you have subscribed to

Legitimate Interests

  • When we have a legitimate business interest in processing your information
  • Examples include improving our services, preventing fraud, and ensuring network security
  • We balance our interests against your privacy rights and expectations
  • When we need to process your information to comply with a legal obligation
  • This may include responding to legal processes or government requests

Automated Decision-Making

EmEase may use algorithms to personalize your therapy experience based on your inputs and progress. However, we do not make solely automated decisions that would have legal or similarly significant effects on you without human oversight.

Data Retention for These Purposes

We retain your information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Different types of information may be kept for different periods based on their purpose and sensitivity.

5. Information Sharing and Disclosure

Overview

We understand the highly sensitive nature of the information you share with EmEase. We are committed to maintaining your privacy and will not sell your personal information. We limit sharing of your information to specific circumstances outlined below.

Third-Party Service Providers

We may share your information with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only for the purposes of providing these services to us and are required to maintain the confidentiality and security of your information.

These service providers may include:

  • Cloud storage and hosting providers
  • Payment processors for subscription management
  • Customer support and communication platforms
  • Analytics and performance monitoring tools
  • Authentication and security services

All service providers with access to Protected Health Information (PHI) are bound by Business Associate Agreements (BAAs) in compliance with HIPAA requirements.

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). Circumstances may include:

  • Responding to a subpoena, court order, or legal process
  • Protecting our rights, privacy, safety, or property
  • Preventing or investigating possible wrongdoing related to our services
  • Protecting against legal liability

When possible and permitted by law, we will notify you of such disclosures.

Business Transfers

If Underdog Club LLC is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

De-identified Data Sharing

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. This information may be used for:

  • Research purposes to advance understanding of EMDR therapy effectiveness
  • Industry benchmarking and analysis
  • Service improvement and development
  • Marketing and promotional materials (showing general statistics, not individual data)

We may share your information with third parties when you explicitly consent to such sharing. For example:

  • If you choose to integrate EmEase with other health applications
  • If you opt to share your progress with a healthcare provider
  • If you participate in research studies (with separate informed consent)

No Sale of Personal Information

We do not sell, rent, or lease your personal information to third parties. We do not share your information with third parties for their direct marketing purposes without your explicit consent.

International Data Transfers

If we transfer your information to service providers located outside your country of residence, we implement appropriate safeguards to ensure your information receives an adequate level of protection, including:

  • Standard contractual clauses approved by relevant data protection authorities
  • Privacy Shield certification (where applicable)
  • Binding corporate rules for transfers within our corporate group
  • Other legally approved mechanisms

Limitations on Sharing Health Information

We treat your health information with the highest level of confidentiality. Any sharing of health information is conducted in compliance with HIPAA and other applicable healthcare privacy laws, with appropriate safeguards in place.

6. Data Storage and Security

Data Storage

Storage Locations

EmEase stores your personal and health information on secure servers located in the United States. We use industry-leading cloud service providers that maintain robust physical security measures at their data centers.

Backup and Redundancy

To prevent data loss, we implement regular backup procedures and maintain redundant storage systems. These backups are encrypted and protected with the same level of security as our primary systems.

Data Retention Periods

We retain different types of data for varying periods:

  • Account information: For as long as your account remains active, plus a retention period after account closure (typically 30 days)
  • Health information: For as long as necessary to provide services and comply with legal obligations
  • Usage data: Typically retained for 12-24 months to support service improvement
  • Payment information: As required by financial regulations and tax laws

You may request deletion of your data at any time, subject to legal retention requirements.

Security Measures

Encryption

  • Data in transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
  • Data at rest: All stored data is encrypted using industry-standard AES-256 encryption
  • End-to-end encryption is implemented for particularly sensitive health information

Access Controls

  • Role-based access controls limit employee access to user data
  • Multi-factor authentication is required for administrative access
  • Principle of least privilege is enforced for all system access
  • Regular access reviews and privilege audits

Infrastructure Security

  • Firewalls and intrusion detection systems
  • Regular vulnerability scanning and penetration testing
  • Automated threat monitoring and alerting
  • Regular security patches and updates

Application Security

  • Secure development practices and code reviews
  • Regular security testing throughout the development lifecycle
  • Third-party security audits and assessments
  • Bug bounty program to identify and address vulnerabilities

Breach Notification Procedures

In the unlikely event of a data breach affecting your personal information, we will:

  1. Investigation: Promptly investigate the nature and scope of the incident
  2. Containment: Take immediate steps to contain the breach and mitigate potential harm
  3. Notification: Notify affected users without unreasonable delay, typically within 72 hours of discovery, unless a longer period is permitted by law
  4. Details Provided: Our notification will include:
    • Description of the incident
    • Types of information involved
    • Steps you can take to protect yourself
    • Measures we are taking to address the breach
    • Contact information for questions
  5. Regulatory Reporting: Report to relevant authorities as required by applicable laws, including HIPAA breach notification requirements
  6. Remediation: Implement corrective actions to prevent similar incidents in the future

Employee Training and Policies

Our security measures include:

  • Comprehensive security and privacy training for all staff
  • Background checks for employees with access to sensitive systems
  • Confidentiality agreements
  • Documented security policies and procedures
  • Regular security awareness updates

Continuous Improvement

We regularly review and enhance our security practices by:

  • Conducting periodic risk assessments
  • Staying current with industry best practices
  • Monitoring for emerging threats
  • Updating our security controls as technology evolves

Your Role in Security

While we implement robust security measures, the security of your account also depends on:

  • Keeping your login credentials confidential
  • Using strong, unique passwords
  • Being cautious about the networks you use to access EmEase
  • Logging out of your account when using shared devices
  • Promptly reporting any suspicious activity to [email protected]

7. User Rights

Your Privacy Rights

As an EmEase user, you have certain rights regarding your personal information. We are committed to respecting these rights and providing you with control over your data.

Right to Access Your Information

You have the right to request access to the personal information we hold about you. This includes:

  • Confirmation that we are processing your personal information
  • Access to a copy of your personal information
  • Information about how we use and process your data

To request access to your information, please email [email protected]. We will respond to your request within 30 days, though we may extend this period by up to an additional 60 days if necessary, with notice.

Right to Correct Inaccurate Information

You have the right to request that we correct any inaccurate or incomplete personal information we maintain about you. You can:

  • Update certain information directly through your account settings
  • Contact us at [email protected] to request corrections to information you cannot modify yourself

We will respond to correction requests promptly, typically within 30 days.

Right to Deletion

You have the right to request deletion of your personal information in certain circumstances. This is sometimes called the “right to be forgotten.” Upon receiving a verified deletion request, we will:

  • Delete your personal information from our active systems
  • Ensure it is removed from backups during our regular backup rotation
  • Confirm deletion has been completed

Exceptions may apply if we need to:

  • Complete the transaction for which the information was collected
  • Comply with legal obligations
  • Detect security incidents or protect against fraud
  • Debug products to identify and repair errors
  • Exercise free speech or ensure another’s right to exercise free speech
  • Comply with the California Electronic Communications Privacy Act
  • Engage in public or peer-reviewed research with appropriate safeguards
  • Enable solely internal uses aligned with your expectations
  • Comply with a legal obligation

Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another service provider. Upon request, we will:

  • Provide your data in a compatible format (typically JSON or CSV)
  • Transmit your data directly to another provider if technically feasible

Right to Restrict Processing

In certain circumstances, you have the right to request that we restrict the processing of your personal information, such as:

  • When you contest the accuracy of your personal information
  • When the processing is unlawful and you oppose deletion
  • When we no longer need the information but you need it for legal claims
  • When you have objected to processing pending verification of legitimate grounds

Right to Object to Processing

You may object to our processing of your personal information in certain circumstances, particularly when processing is based on our legitimate interests or for direct marketing purposes.

Where we process your information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: [email protected]
  • Mail: Underdog Club LLC, 2833 Smith Avenue, Suite 305, Baltimore, MD 21209

Please include:

  • Your name and email address associated with your EmEase account
  • Clear description of the right you wish to exercise
  • Any relevant details to help us respond appropriately

Verification Process

To protect your privacy, we may need to verify your identity before processing your request. We will use information you have previously provided to verify your identity, and may request additional information if necessary.

Response Timeline

We will respond to all legitimate requests within 30 days. If your request is particularly complex or if you have made multiple requests, it may take us longer. In this case, we will notify you and keep you updated.

No Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not:

  • Deny you goods or services
  • Charge you different prices or rates
  • Provide you with a different level or quality of services
  • Suggest you will receive different prices or services

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require verification of your agent’s authorization and may still require you to verify your identity directly with us.

8. Children’s Privacy

Age Restrictions

EmEase is designed for adults and is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If you are under 18, please do not use or provide any information on our Service, including registering for an account, making purchases, or providing any personal information about yourself.

No Intentional Collection from Children

We do not:

  • Specifically target our marketing or Service to children under 18
  • Knowingly collect or solicit personal information from children under 18
  • Allow children under 18 to create accounts or use our Service

If a parent or guardian becomes aware that their child has provided us with personal information without their consent, they should contact us immediately at [email protected]. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Discovery of Child Data

If we learn that we have collected personal information from a child under 18, we will:

  1. Promptly delete the information from our records
  2. Terminate the child’s account immediately
  3. Take reasonable measures to ensure the data is removed from our systems
  4. Notify the parent or guardian if we have contact information

Special Considerations for Teens (13-17)

While our Service is not intended for anyone under 18, we recognize that EMDR therapy may be beneficial for adolescents. In cases where a healthcare provider recommends EmEase for a minor:

  1. The account must be created and managed by the parent or legal guardian
  2. The parent or guardian must provide verifiable consent
  3. The parent or guardian maintains the right to:
    • Review their child’s personal information
    • Request deletion of their child’s personal information
    • Refuse further collection or use of their child’s information

Educational or Therapeutic Use

If EmEase is used in educational or therapeutic settings with minors, it must be:

  1. Administered by qualified professionals
  2. Used with appropriate parental/guardian consent
  3. Managed in compliance with applicable laws regarding minors’ privacy

Compliance with Children’s Privacy Laws

We comply with the Children’s Online Privacy Protection Act (COPPA) and similar state and international laws protecting children’s privacy. Our data collection practices are designed to comply with these regulations.

Reporting Concerns

If you believe a child under 18 has provided personal information to EmEase, or if you have questions or comments about our Children’s Privacy practices, please contact us immediately at:

Email: [email protected] Mail: Underdog Club LLC, 2833 Smith Avenue, Suite 305, Baltimore, MD 21209

We take children’s privacy seriously and will respond promptly to any concerns.

9. Cross-Border Data Transfers

International Operations

EmEase is operated by Underdog Club LLC, based in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and central database are located.

Data Transfer Mechanisms

When we transfer personal information from one jurisdiction to another, particularly from regions with comprehensive data protection laws (such as the European Economic Area, United Kingdom, Switzerland, or Canada) to the United States, we implement appropriate safeguards to ensure your information receives an adequate level of protection. These safeguards may include:

  • Standard Contractual Clauses (SCCs): We use European Commission-approved standard contractual clauses in our agreements with service providers and partners to ensure adequate protection for data transferred internationally.

  • Data Processing Agreements: We enter into data processing agreements with our service providers that include provisions for appropriate data protection.

  • Privacy Shield: While the EU-US Privacy Shield framework has been invalidated, we continue to honor its principles as a matter of good practice.

  • Binding Corporate Rules: For transfers within any future corporate group, we may implement binding corporate rules approved by data protection authorities.

Compliance with International Regulations

We strive to comply with applicable data protection laws in the jurisdictions where we operate, including:

  • General Data Protection Regulation (GDPR): For users in the European Economic Area, United Kingdom, and Switzerland
  • Personal Information Protection and Electronic Documents Act (PIPEDA): For users in Canada
  • Lei Geral de Proteção de Dados (LGPD): For users in Brazil
  • Other applicable international data protection laws

International Data Storage

Your information may be stored on servers located in:

  • The United States (primary storage)
  • Other countries where our service providers maintain facilities

We select our storage providers based on their ability to provide adequate technical and organizational security measures.

Impact of Local Laws

The privacy laws in the United States and other countries where your data may be stored or processed might be different from those in your country of residence. Government authorities in these countries may have lawful access to your information under certain circumstances. By using EmEase, you acknowledge and consent to these potential cross-border transfers of your information.

Data Localization Requirements

For users in regions with data localization requirements, we make efforts to comply with such requirements by:

  • Working with local data storage providers where required
  • Implementing technical measures to ensure compliance
  • Adapting our practices to meet local legal requirements

Your Rights Regarding International Transfers

Regardless of where your information is stored or processed, you retain the rights outlined in Section 7 (User Rights) of this Privacy Policy. If you have concerns about international transfers of your data, please contact us at [email protected].

Changes to Our International Transfer Mechanisms

If we change the mechanisms we use to transfer data internationally, we will update this Privacy Policy and, where appropriate, notify you directly of significant changes.

Additional Information for EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal information does not comply with applicable law.

10. Cookies and Tracking Technologies

What Are Cookies and Tracking Technologies?

EmEase uses various technologies to collect and store information when you use our Service:

  • Cookies: Small text files placed on your device that allow us to recognize your browser or device across sessions and visits.
  • Web Beacons: Small graphic images (also known as “pixel tags” or “clear GIFs”) that may be included on our sites and services.
  • Local Storage: Technologies like HTML5 localStorage and indexedDB that provide similar functionality to cookies but can store larger amounts of data.
  • Analytics Tools: Software that collects data about how users interact with our Service.
  • Session Replay Tools: Technologies that help us understand how users navigate through our application.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the Service to function properly. They enable core functionality such as security, network management, and account authentication. You cannot opt out of these cookies as the Service cannot function properly without them.

Functional Cookies

These cookies enhance the functionality of our Service by storing your preferences. They may be set by us or by third-party providers whose services we have added to our pages.

Analytics Cookies

These cookies collect information about how you use our Service, helping us understand which features are most popular and how users navigate through the site. This helps us improve our Service.

Performance Cookies

These cookies collect information about system performance and error detection to help us improve the quality and speed of our Service.

Specific Tracking Technologies Used

TechnologyPurposeData CollectedDuration
Google AnalyticsAnalyze usage patternsPages visited, time spent, user journeyUp to 26 months
Firebase AnalyticsMobile app performanceApp usage, feature interactionUp to 14 months
Session cookiesMaintain user sessionSession identifiersUntil browser is closed
Authentication cookiesKeep users logged inAuthentication tokensUp to 30 days
Local storage dataStore user preferencesApp settings, theme choicesUntil manually cleared

How We Use This Information

Information collected through cookies and tracking technologies is used to:

  • Remember your preferences and settings
  • Keep you logged in between sessions
  • Understand how you use our Service
  • Identify and resolve errors
  • Improve the performance of our Service
  • Develop new features based on user behavior
  • Ensure the security of our Service

Your Control Over Cookies

Browser Settings

Most web browsers allow you to control cookies through their settings preferences. You can typically:

  • Delete existing cookies
  • Block cookies from being set
  • Set your browser to notify you when a cookie is being set
  • Browse in “private” or “incognito” mode

Mobile Device Settings

On mobile devices, you can adjust your privacy settings to limit tracking:

  • iOS devices: Settings > Privacy > Tracking
  • Android devices: Settings > Privacy > Ads

When you first visit our website, you’ll see a cookie banner that allows you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize your cookie preferences
  • Access more information about our cookie practices

You can change your preferences at any time by clicking on “Cookie Preferences” in the footer of our website.

Do Not Track Signals

Some browsers have a “Do Not Track” feature that signals to websites that you do not want to have your online activities tracked. Our system may not respond to Do Not Track signals, so your selection of the “Reject non-essential cookies” option from our cookie banner is the most effective way to prevent tracking by our website.

Third-Party Tracking

Some content or applications on our Service are served by third parties, including content providers and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you use our Service. We do not control these third parties’ tracking technologies or how they may be used.

Cookies and HIPAA Compliance

Our use of cookies and tracking technologies is designed to be compatible with our HIPAA compliance obligations. We do not use cookies to collect Protected Health Information (PHI) unless necessary for providing our Service, and any PHI collected is handled in accordance with our HIPAA policies.

We may update our use of cookies and tracking technologies from time to time. Any significant changes will be reflected in this Privacy Policy, and we may also notify you through the Service or via email.

10. Cookies and Tracking Technologies

What Are Cookies and Tracking Technologies?

EmEase uses various technologies to collect and store information when you use our Service:

  • Cookies: Small text files placed on your device that allow us to recognize your browser or device across sessions and visits.
  • Web Beacons: Small graphic images (also known as “pixel tags” or “clear GIFs”) that may be included on our sites and services.
  • Local Storage: Technologies like HTML5 localStorage and indexedDB that provide similar functionality to cookies but can store larger amounts of data.
  • Analytics Tools: Software that collects data about how users interact with our Service.
  • Session Replay Tools: Technologies that help us understand how users navigate through our application.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the Service to function properly. They enable core functionality such as security, network management, and account authentication. You cannot opt out of these cookies as the Service cannot function properly without them.

Functional Cookies

These cookies enhance the functionality of our Service by storing your preferences. They may be set by us or by third-party providers whose services we have added to our pages.

Analytics Cookies

These cookies collect information about how you use our Service, helping us understand which features are most popular and how users navigate through the site. This helps us improve our Service.

Performance Cookies

These cookies collect information about system performance and error detection to help us improve the quality and speed of our Service.

Specific Tracking Technologies Used

TechnologyPurposeData CollectedDuration
Google AnalyticsAnalyze usage patternsPages visited, time spent, user journeyUp to 26 months
Firebase AnalyticsMobile app performanceApp usage, feature interactionUp to 14 months
Session cookiesMaintain user sessionSession identifiersUntil browser is closed
Authentication cookiesKeep users logged inAuthentication tokensUp to 30 days
Local storage dataStore user preferencesApp settings, theme choicesUntil manually cleared

How We Use This Information

Information collected through cookies and tracking technologies is used to:

  • Remember your preferences and settings
  • Keep you logged in between sessions
  • Understand how you use our Service
  • Identify and resolve errors
  • Improve the performance of our Service
  • Develop new features based on user behavior
  • Ensure the security of our Service

Your Control Over Cookies

Browser Settings

Most web browsers allow you to control cookies through their settings preferences. You can typically:

  • Delete existing cookies
  • Block cookies from being set
  • Set your browser to notify you when a cookie is being set
  • Browse in “private” or “incognito” mode

Mobile Device Settings

On mobile devices, you can adjust your privacy settings to limit tracking:

  • iOS devices: Settings > Privacy > Tracking
  • Android devices: Settings > Privacy > Ads

When you first visit our website, you’ll see a cookie banner that allows you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize your cookie preferences
  • Access more information about our cookie practices

You can change your preferences at any time by clicking on “Cookie Preferences” in the footer of our website.

Do Not Track Signals

Some browsers have a “Do Not Track” feature that signals to websites that you do not want to have your online activities tracked. Our system may not respond to Do Not Track signals, so your selection of the “Reject non-essential cookies” option from our cookie banner is the most effective way to prevent tracking by our website.

Third-Party Tracking

Some content or applications on our Service are served by third parties, including content providers and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you use our Service. We do not control these third parties’ tracking technologies or how they may be used.

Cookies and HIPAA Compliance

Our use of cookies and tracking technologies is designed to be compatible with our HIPAA compliance obligations. We do not use cookies to collect Protected Health Information (PHI) unless necessary for providing our Service, and any PHI collected is handled in accordance with our HIPAA policies.

We may update our use of cookies and tracking technologies from time to time. Any significant changes will be reflected in this Privacy Policy, and we may also notify you through the Service or via email.

12. State-Specific Privacy Rights

California Privacy Rights

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Your California Rights

As a California resident, you have the right to:

  1. Know what personal information we collect about you and how it is used and shared
  2. Delete personal information collected from you (with certain exceptions)
  3. Correct inaccurate personal information that we maintain about you
  4. Opt-out of the sale or sharing of your personal information
  5. Limit the use and disclosure of your sensitive personal information
  6. Non-discrimination for exercising your privacy rights

Categories of Information We Collect

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email address, IP address)
  • Customer records information (billing details)
  • Protected characteristics (only if voluntarily provided)
  • Commercial information (subscription details)
  • Internet activity information (browsing history, app usage)
  • Geolocation data (general location based on IP address)
  • Audio/electronic information (if you provide voice notes)
  • Professional information (if voluntarily provided)
  • Inferences drawn from other personal information
  • Sensitive personal information (health information related to EMDR therapy)

How to Exercise Your California Rights

To exercise your rights under California law:

  • Email: [email protected]
  • Form: Available in your account settings under “Privacy”
  • Toll-free number: [Insert toll-free number when available]

We will respond to verifiable consumer requests within 45 days.

Authorized Agent

You may designate an authorized agent to submit requests on your behalf. We may require verification of your agent’s authorization and may still require you to verify your identity directly.

Shine the Light Law

California’s “Shine the Light” law permits users who are California residents to request a list of third parties to whom we disclosed personal information for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Virginia Privacy Rights

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act (VCDPA).

Your Virginia Rights

As a Virginia resident, you have the right to:

  1. Access your personal data
  2. Correct inaccuracies in your personal data
  3. Delete personal data provided by or obtained about you
  4. Obtain a copy of your personal data in a portable format
  5. Opt out of processing for targeted advertising, sale of personal data, or profiling

How to Exercise Your Virginia Rights

To exercise your rights under Virginia law, contact us at [email protected]. We will respond to your request within 45 days.

Appeal Process

If we decline to take action on your request, you may appeal our decision by emailing [email protected]. We will review your appeal and respond within 60 days.

Colorado Privacy Rights

If you are a Colorado resident, you have rights under the Colorado Privacy Act (CPA).

Your Colorado Rights

As a Colorado resident, you have the right to:

  1. Access your personal data
  2. Correct inaccuracies in your personal data
  3. Delete your personal data
  4. Obtain a copy of your personal data in a portable format
  5. Opt out of processing for targeted advertising, sale of personal data, or profiling

How to Exercise Your Colorado Rights

To exercise your rights under Colorado law, contact us at [email protected]. We will respond to your request within 45 days.

Connecticut Privacy Rights

If you are a Connecticut resident, you have rights under the Connecticut Data Privacy Act (CTDPA).

Your Connecticut Rights

Similar to Colorado, Connecticut residents have rights to access, correct, delete, and obtain a copy of their personal data, as well as opt out of certain processing.

How to Exercise Your Connecticut Rights

Contact us at [email protected] to exercise your rights under Connecticut law.

Utah Privacy Rights

If you are a Utah resident, you have rights under the Utah Consumer Privacy Act (UCPA).

Your Utah Rights

Utah residents have the right to access, delete, and obtain a copy of their personal data, as well as opt out of the sale of personal data or processing for targeted advertising.

How to Exercise Your Utah Rights

Contact us at [email protected] to exercise your rights under Utah law.

Other States

As additional states enact comprehensive privacy legislation, we will update this section to reflect any new rights and how to exercise them. We are committed to respecting the privacy rights of all our users, regardless of their state of residence.

Verification Process

To protect your privacy and security, we may need to verify your identity before processing your request. We will use information you have previously provided to verify your identity and may request additional information if necessary.

13. Contact Information

How to Reach Us

We welcome your questions, comments, and requests regarding this Privacy Policy and our privacy practices. You can contact us through any of the following methods:

Primary Contact Information

Email: [email protected]
Postal Address:
Underdog Club LLC
2833 Smith Avenue, Suite 305
Baltimore, MD 21209
United States

Additional Contact Methods

Website Contact Form: Available at https://EmEase.com/contact
In-App Support: Access through the “Help” or “Support” section in the EmEase application

Privacy Officer

For specific privacy-related inquiries or concerns, you can contact our designated Privacy Officer:

Privacy Officer
Email: [email protected]
Phone: [Insert phone number when available]

Our Privacy Officer is responsible for overseeing compliance with this Privacy Policy and applicable privacy laws.

For questions specifically related to HIPAA compliance or to report potential violations of health information privacy:

HIPAA Compliance Officer
Email: [email protected]

How to Submit Specific Requests

Data Subject Rights Requests

To exercise any of your rights described in Section 7 (User Rights), please email [email protected] with the subject line “Privacy Rights Request” and include:

  • Your full name
  • Email address associated with your EmEase account
  • The specific right you wish to exercise
  • Any additional information that might help us process your request

Breach Notifications

If you believe your personal information has been compromised, please contact us immediately at [email protected].

Complaints

If you have a complaint about our privacy practices:

  1. Email [email protected] with details of your concern
  2. We will acknowledge receipt within 3 business days
  3. We aim to provide a substantive response within 30 days

Response Times

We strive to respond to all legitimate inquiries within the following timeframes:

  • General inquiries: 3-5 business days
  • Data rights requests: Within 30 days (with possible extension if necessary)
  • Urgent security concerns: Within 24 hours
  • Complaints: Initial acknowledgment within 3 business days; substantive response within 30 days

Escalation Process

If you are not satisfied with our response to your inquiry or request, you may:

  1. Ask for your concern to be escalated to senior management
  2. Contact your local data protection authority
  3. For US residents, file a complaint with the Federal Trade Commission (www.ftc.gov)
  4. For health information concerns, file a complaint with the Office for Civil Rights at the Department of Health and Human Services (www.hhs.gov/ocr)

Changes to Contact Information

If our contact information changes, we will update this Privacy Policy and may also notify you through the Service or via email for significant changes.

Accessibility

If you have a disability and need this Privacy Policy in an alternative format, please contact us at [email protected], and we will provide you with the information in a format that meets your needs.

Business Hours

Our team is available to respond to privacy inquiries during the following hours: Monday - Friday: 9:00 AM - 5:00 PM Eastern Time (excluding US federal holidays)

For urgent matters outside of business hours, please indicate “URGENT” in your email subject line.