Privacy Policy

Last Modified: March 13, 2024

ATTENTION:  PLEASE READ THIS PATHFINDER SOLUTIONS PBC (“PATHFINDER” OR “WE”) PRIVACY POLICY (“PRIVACY POLICY”) CAREFULLY. THIS PRIVACY POLICY PERTAINS TO YOUR (“YOU”) VISITS TO THE PFSBC.COM WEBSITE, OUR MOBILE APPS INCLUDING PATHFINDER COMPANION, OUR WEB-BASED APPLICATIONS, SUCH AS PATHFINDER BRIDGE, AND YOUR ACCESS TO ANY ASSOCIATED CONTENT INCLUDING EMAIL FEEDS, FEEDS THROUGH APPS, COMMUNICATIONS SYSTEMS, OR CONTENT PROVIDED BY PATHFINDER (COLLECTIVELY THE “SERVICE”). ANY TERMS DEFINED IN THE TERMS OF USE SHALL HAVE THE SAME MEANING IN THIS PRIVACY POLICY.

The Service is operated by Pathfinder Solutions PBC, 730 ½ N 1ST ST, # 537, Minneapolis, MN 55401. This Privacy Policy describes the information collected through Your use of the Service, how We use it, how We share it, how We protect it, and the choices You can make about Your information.

ATTENTION: PLEASE READ OUR PRIVACY POLICY CAREFULLY BEFORE ACCESSING OR USING THE SERVICE. ACCESSING OR USING THE SERVICE INDICATES THAT YOU ACCEPT THIS PRIVACY POLICY IN FULL. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, DO NOT ACCESS OR USE THE SERVICE. You acknowledge (a) that You have read and understood this Privacy Policy; (b) that You accept this Privacy Policy and consent to the collection, use, and sharing of Your information described in this Privacy Policy; and (c) that by consenting to this Privacy Policy, You consent to receive notifications regarding security incidents to the email address We have on file for You. Although this document is not a contract, please note that Your use of our Service is also subject to our Terms of Use

Unless explicitly stated otherwise, any new features that augment or enhance the current Service shall be subject to this Privacy Policy.

Please review the Privacy Policy each time You use the Service. BY USING THE SERVICE, YOU AGREE TO BE BOUND BY THE MOST RECENT VERSION OF THE PRIVACY POLICY. If We materially change this Privacy Policy, We will let You know by sending an email notifying You of the changes to the email address We have on file for You and posting an updated Privacy Policy on the Service.

I. Information We Collect

We collect information from You when You use the Service, contact or interact with us, and voluntarily provide us with Your comments and other content in connection with using the Service, as described in the following table and in the text that follows the table.

Categories of individuals

Categories of personal information

Purposes

Sources

Categories of third-party recipients

All users 

(Pathfinder members, Pathfinder Bridge users, and other users of our Service, such as website visitors and app users) 

  • Usage information (see below)
  • Demographic information
  • Device information, including device model, manufacturer, operating system version, browser version, and similar information
  • Location information
  • Interest information
  • Online behavior and email and message behavior
  • Service management and administration
  • Marketing
  • Customer service
  • Product development
  • Personalization of user experience
  • Analysis and improvement of Service
  • Fraud and abuse prevention
  • Legal compliance
  • Technical services such as hosting and data      migration
  • Academic and research purposes (anonymized personal information only)
  • Indirectly by monitoring individuals’ activities or behavior
  • From analytics providers
  • System monitoring partners
  • Analytics providers
  • Research partners (anonymized personal information only)

All users who log in with a username and password to access the Service

(Pathfinder members and Pathfinder Bridge users)

  • Name and contact information, including telephone number and email address
  • Gender identification
  • Age/date of birth 
  • Credentials (login name and password)
  • Organization, program, and group affiliations
  • Activity on Service
  • Service management and administration
  • Marketing communications
  • Text messaging
  • Account verification
  • Alerts and communications
  • Directly from individual
  • Treatment providers and healthcare providers
  • Treatment programs and healthcare providers
  • Other Service users, as You direct
  • Messaging providers

Pathfinder members including Companion application users

(not including users of Pathfinder Bridge)

  • Current treatment provider (if applicable)
  • Association with other members who have accepted Your invitation to connect 
  • Habits and goals
  • Additional volunteered information
  • Calendar entries created or stored within the Service
  • IP address
  • Search terms
  • Location
  • To allow users to send messages and share resources with others in the user community
  • To enable users to journal about how they are feeling 
  • To allow users to communicate with and provide information to the healthcare providers and others in their recovery team 
  • To allow the Service to administer badges and other rewards for achievements
  • To recommend and save helpful resources
  • To communicate with other members who have accepted a connection request
  • Personalization
  • Service management and administration
  • Meeting organization and mapping and directions to locations
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • Treatment providers and healthcare providers
  • Analytics providers
  • Your treatment programs and healthcare providers
  • Other Service users, as You direct
  • Messaging providers
  • Rewards providers
  • Mapping provider
  • Video platform provider

Pathfinder Bridge users (treatment program and healthcare provider users of the Service)

  • Gender identification
  • Additional volunteered information
  • IP address
  • Activity on Service
  • To access and maintain records, including records relating to Pathfinder members, for members in the program’s or provider’s care
  • To communicate with members, healthcare providers, and other users associated with treatment programs
  • Personalization
  • Service management, administration, and improvement
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • Administrators at treatment providers or healthcare providers
  • Analytics providers
  • Other users of the Service, as You direct
  • Messaging providers
  • Administrators of Service

Administrative users of the Service

(including admins and super admins)

  • Access control information with regard to associated organizations, programs, groups, and individuals
  • Personalization
  • Service management and administration
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • None

Individuals that use mapping/direction capabilities integrated with the Service

  • Search terms
  • Precise location information
  • To allow users to see locations on a map and obtain directions
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • From mapping providers
  • Mapping providers

Individuals who send us correspondence or other volunteered information via the Service

  • Contents of such messages, including any supplied contact information and volunteered information
  • Responding to correspondence
  • Marketing communications
  • Directly from individual
  • Messaging providers

Individuals who request a demonstration

  • Contact information
  • Contents of accompanying message, if any
  • Information about referral source
  • Responding to request
  • Marketing communications
  • Directly from individual
  • Messaging providers


2. Personal Information Sharing

Information may be disclosed to third parties in accordance with our Privacy Policy. Please note that a user may choose not to share certain information as described in the Analytics providers section below. We may use third-party service providers and business partners to perform functions in connection with the Service, such as website hosting, marketing, site analytics, relationship management, functions related to analyzing and improving the Service usefulness, reliability, user experience, and operation, storing data, and as otherwise described in this Privacy Policy. We also may share personal information with these providers and partners for their direct marketing and promotional purposes and so they can provide services to You. We do not share personal information with any third parties in exchange for monetary compensation.

  • System monitoring partners. We use system monitoring partners to help us discover, triage, and correct bugs and errors in our Service. These partners process usage information, as defined above, to deliver these services. We currently use Sentry as our monitoring partner, and more information about Sentry’s data processing is available at sentry.io/privacy.
  • Analytics providers. We use third-party analytics tools to better understand who is using the Service and how people are using it. These tools may use cookies and other technologies to collect information about Your use of the Service and Your preferences and activities. These tools collect information sent by Your device or the Service and other information that assists us in improving the Service. This information may be used to analyze and track data, determine the popularity of certain content, and better understand Your online activity, among other things.

We use Google Analytics and Google Tag Manager to better understand who is using the Service and how people are using it. Google Analytics and Google Tag Manager use cookies to collect and store information, such as Service pages visited, places where users click, time spent on each Service page, Internet Protocol address, type of device and operating system used, language preference, location-based data, device ID, search traffic, gender, and age. We use this information to improve the Service and as otherwise described in this Privacy Policy. Please see: https://policies.google.com/technologies/partner-sites for information about how Google Analytics uses this information, and visit: https://tools.google.com/dlpage/gaoptout for information about the Google Analytics Opt-out Browser Add-on. Google may track Your activity over time and across websites.We may also work with third-party      companies that deliver advertisements or other content to You. To learn more about third-party online advertising and to opt out of certain types of advertising, please see: http://optout.networkadvertising.org/?c=1.

  • Messaging providers. We use messaging providers to enable us to send You messages and track Your activity in connection with such messages. At present, we use two providers, PubNub and Mailgun. We use PubNub, a service provider that provides text messaging and other communication services for account verification or alert purposes. Further information related to PubNub, including how messages are sent, is available at www.pubnub.com/privacy-policy.  We also use Mailgun, an email-processing platform provided by Mailgun Technologies. We use Mailgun to send email to users. In the course of providing its email processing services, Mailgun processes Your email address and other personal information as explained in Mailgun’s privacy policy at www.mailgun.com/privacy-policy/.
  • Mapping providers. We presently integrate services from Google Maps to enable You to obtain directions and other map-based information in connection with our Service. The personal information we share with Google Maps includes search terms, IP address, and precise location information to facilitate Your use of Google Maps. Use of Google Maps features and content is subject to the current versions of the: (1) Google Maps/Google Earth Additional Terms of Service at https://maps.google.com/help/terms_maps.html; and (2) Google Privacy Policy at https://www.google.com/policies/privacy/.
  • Rewards providers. We use third parties to provide both recognition and rewards for Pathfinder members to recognize their achievements and milestones. We provide these partners with personal information to enable members to retrieve and use the rewards that they have earned.
  • Service providers. We share Your personal information with third parties that provide services to us. These kinds of third parties provide business, professional, administrative, or technical support functions for us, such as payment processing, backups, hosting, billing, data storage, quality assurance, and marketing.
  • Legal compliance recipients. We disclose personal information to the courts, the government, law enforcement agencies, litigants, and similar recipients when required by law.
  • Successors. If We become involved in a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction, or if the ownership of all or substantially all of our business otherwise changes, We may transfer Your information to a third party or parties in connection therewith.
  • Administrative users. Treatment programs designate administrative users to help them manage the accounts of staff, healthcare providers, and their associated Pathfinder members.

HIPAA.  Please note that, in addition to protecting Your personal information set forth in this Privacy Policy, we also comply with HIPAA (the Health Insurance Portability and Accountability of 1996, as amended, and the associated implementing regulations) with respect to protected health information. As required by HIPAA, You may also receive notices of privacy practices from treatment programs or healthcare providers who use our Service. Your affiliated treatment center or healthcare provider’s Notice of Privacy Practices describes in detail how they—and we, acting on their behalf—use and disclose Your protected health information.

Aggregated and Anonymized Information.  We may share aggregated or anonymized information relating to users of the Service with affiliated or unaffiliated third parties, including academic and research institutions.  This aggregated or anonymized information does not contain personal information about any user.

3. Personal Information Security and Retention

We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession. While we make every effort to help ensure the integrity and security of our network and systems, You should understand that no data storage system or transmission of data over the internet or any other public network is completely secure. Please keep Your account password secure to help ensure the safety of Your personal information.  

We retain personal information only for long as we have a legitimate business or legal need to retain the information.  Please note that some or all of the information We have collected may be required in order for the Service to function properly.  In some circumstances we may anonymize Your personal information (so that it can no longer be associated with You) in which case we may use this information indefinitely without further notice to You.

To the extent required by law or our agreements with treatment programs and healthcare providers, we also ensure that we employ the safeguards required under HIPAA.

While We take reasonable measures to protect the information You submit via the Service against loss, theft, and unauthorized use, disclosure, or modification, We cannot guarantee its absolute security. No Internet, email, or mobile application transmission is ever fully secure or error free.  Email or other messages sent through the Service may not be secure. You should use caution whenever submitting information through the Service and take special care in deciding with which information You provide us.

It is Your responsibility to safeguard the devices You use to access the Service (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access Your account and Your personal information using those devices. If You log into the Service using a public computer or device, or the computer or device of another person, You should affirmatively log out of Your account (i) prior to ending Your session, or (ii) if You will be inactive on the Service for more than a few minutes otherwise, the next user of that computer or device may be able to access Your account and the Information in Your account if Your session has not ended.

You agree that we are not responsible for any harm that may result from someone accessing Your account or personal information on a lost, stolen or misplaced device or on a public computer or kiosk where You do not for any reason take the necessary steps to log out of Your account prior to ending a session on such public computer or kiosk.

WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD-PARTY ACCESS, OR CAUSES BEYOND OUR CONTROL.

4. Links to Other Websites or Applications

This Privacy Policy applies only to the Service. The Service may contain links to other websites or apps, or may forward users to other websites or apps, that We may not own or operate. The links from the Service do not imply that We endorse or have reviewed these websites or apps. The policies and procedures We describe here do not apply to these websites or apps. We neither can control nor are responsible for the privacy practices or content of these websites or apps. We suggest contacting these website or app providers directly for information on their privacy policies. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party. Nonetheless, We seek to protect the integrity of the Service, and welcome any feedback about these linked websites and mobile applications.

5. Your Choices Regarding Your Information

You have choices regarding the use of information by the Service:

  • Changing Your Information. You may request to review, update, or delete any personal information collected from You through the Service by contacting Your treatment program.  However, we reserve the right to retain personal information as necessary for our business purposes, and to comply with laws.
  • Closing Your Account. You may close Your account by contacting us at info@pfsbc.com. If the email address or telephone number associated with Your account is not active, We may close Your account without notice.

6. Information Collected From Other Websites and Mobile Online Applications, and Do Not Track Policy

Through cookies We place on Your browser or device, We may collect information about Your online activity after You leave the Service. Just like any other usage information We collect, this information allows us to improve the Service and customize Your online experience, and otherwise as described in this Privacy Policy. Your browser may offer You a “Do Not Track” option, which allows You to signal to operators of websites and mobile applications and services (including behavioral services) that You do not wish such operators to track certain of Your online activities over time and/or across different websites and mobile applications and services. The Service does not support Do Not Track requests at this time, which means that We may collect information about Your online activity both while You are using the Service and after You leave the Service.

7. Children

We welcome members under the age of 13 to use the Pathfinder Service with the consent of their parents or legal guardians. When such individuals seek to enroll in a treatment program or with a healthcare provider that offers our Service, we will collect the consent of the individual’s parent or legal guardian to the collection of personal information about the individual as described in this privacy policy before granting the individual access to our Service. Except in such circumstances, we do not knowingly collect personal information from an individual under age 13. If You are under the age of 13, our Terms of Use do not allow You to submit any personal information through the Service unless Your parent or legal guardian provided consent in tandem with Your enrollment as described above. If You have reason to believe that we may have accidentally received personal information from an individual under age 13 without receiving parental/guardian consent, please contact us immediately at info@pfsbc.com.

8. How to Contact Us

Please feel free to contact us by email at info@pfsbc.com if You have any questions about this Privacy Policy.

9. California Privacy Rights

Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has shared with third parties for those third parties’ direct marketing purposes, and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year.  You may make one request each year by emailing us at info@pfsbc.com.

10. Nevada Privacy Rights

The Nevada Revised Statutes (NRS 603A.300 et seq.) permit a Nevada consumer to direct an operator of an Internet website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by emailing us at info@pfsbc.com.  We will provide further information about how We verify the authenticity of the request and Your identity.

11. Consumer Health Data Privacy Policy

The law in the state of Washington requires that we provide residents with additional rights and information with regard to their Consumer Health Data. The term “Consumer Health Data” refers to any personal information that is linked or reasonable linkable to a consumer and that identifies an individual’s past, present, or future health status. However, data that is protected under HIPAA is not considered Consumer Health Data under Washington law.

Nevada residents, please note that, because we are required to comply with HIPAA, the personal information we collect and use falls outside the scope of Nevada’s consumer health data privacy law.

A. Consumer Health Data Privacy Policy

We collect, use, and share Consumer Health Data as described in the following table:

Categories of Individuals

Categories of Consumer Health Data

Purposes of Collection

Sources

Third parties with Which Consumer Health Data is Shared

Pathfinder members including Companion application users

(not including users of Pathfinder Bridge)

  • Association with other members who have accepted Your invitation to connect
  • Habits and goals
  • Additional volunteered information
  • Calendar entries created or stored within the Pathfinder Service
  • Location
  • Usage information

 

  • To allow users to send messages and share resources with others in the user community
  • To enable users to journal about how they are feeling
  • To allow the Service to administer badges and other rewards for achievements
  • To recommend and save helpful resources
  • To communicate with other members who have accepted a connection request
  • Personalization
  • Service management and administration
  • Meeting organization and mapping and directions to locations

 

  • Directly from user
  • Indirectly by monitoring users’ activities or behavior
  • Analytics providers
  • Other Service users, as You direct
  • Messaging providers
  • Rewards providers
  • Mapping provider
  • Video platform provider
  • Government or other entities in connection with legal matters


We do not presently share Consumer Health Data with any affiliates. All other health information we process is subject to HIPAA and therefore outside the scope of Washington’s My Health My Data Act.

B. Your Rights Regarding Consumer Health Data

Under the Washington State My Health My Data Act, Washington State residents and natural persons whose Consumer Health Data is collected in Washington may have the following rights, subject to verification, exceptions, and limitations:

  • Right to Confirm/Access/Know. Up to twice annually, you have the right to (a) confirm whether we are collecting, sharing, or selling your Consumer Health Data, and (b) access such data, including a list of all third parties and affiliates with whom we have shared or sold the consumer health data and an active email address or other online mechanism that you may use to contact these third parties.
  • Right to Delete. You have the right to request deletion of the Consumer Health Data held by us and our affiliates, processors, contractors, and other third parties.
  • Right to Withdraw your Consent/Opt-Out. You may withdraw any consent you have provided at any time. The consequence of your withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
  • Right to Non-Discrimination. You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the My Health My Data Act.

How to Exercise Your Rights

You may submit requests as follows (please our review verification requirements below).

  • You may call us at: 888-807-5251 (toll free). You will be directed to leave a voicemail where you will provide your email address, phone number, or address, along with your request.
  • You may send an email to info@pfsbc.com with your email address, phone number, or address on file, along with your request.

If you have any questions or wish to appeal any refusal to take action in response to a MHMDA rights request, contact us at info@pfsbc.com. We will respond to any request to appeal within the period required by law.

Washington Residents: If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General here.

Verification of Consumer Health Data Rights Requests

If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, to reduce fraud, and to ensure the security of Consumer Health Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

We may require that you match Consumer Health Data we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Consumer Health Data to you if prohibited by law.