Privacy Policy

Last Modified: March 13, 2024

ATTENTION:  PLEASE READ THIS PATHFINDER SOLUTIONS PBC (“PATHFINDER” OR “WE”) PRIVACY POLICY (“PRIVACY POLICY”) CAREFULLY. THIS PRIVACY POLICY PERTAINS TO YOUR (“YOU”) VISITS TO THE PFSBC.COM WEBSITE, OUR MOBILE APPS INCLUDING PATHFINDER COMPANION, OUR WEB-BASED APPLICATIONS, SUCH AS PATHFINDER BRIDGE, AND YOUR ACCESS TO ANY ASSOCIATED CONTENT INCLUDING EMAIL FEEDS, FEEDS THROUGH APPS, COMMUNICATIONS SYSTEMS, OR CONTENT PROVIDED BY PATHFINDER (COLLECTIVELY THE “SERVICE”). ANY TERMS DEFINED IN THE TERMS OF USE SHALL HAVE THE SAME MEANING IN THIS PRIVACY POLICY.

The Service is operated by Pathfinder Solutions PBC, 730 ½ N 1ST ST, # 537, Minneapolis, MN 55401. This Privacy Policy describes the information collected through Your use of the Service, how We use it, how We share it, how We protect it, and the choices You can make about Your information.

ATTENTION: PLEASE READ OUR PRIVACY POLICY CAREFULLY BEFORE ACCESSING OR USING THE SERVICE. ACCESSING OR USING THE SERVICE INDICATES THAT YOU ACCEPT THIS PRIVACY POLICY IN FULL. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, DO NOT ACCESS OR USE THE SERVICE. You acknowledge (a) that You have read and understood this Privacy Policy; (b) that You accept this Privacy Policy and consent to the collection, use, and sharing of Your information described in this Privacy Policy; and (c) that by consenting to this Privacy Policy, You consent to receive notifications regarding security incidents to the email address We have on file for You. Although this document is not a contract, please note that Your use of our Service is also subject to our Terms of Use

Unless explicitly stated otherwise, any new features that augment or enhance the current Service shall be subject to this Privacy Policy.

Please review the Privacy Policy each time You use the Service. BY USING THE SERVICE, YOU AGREE TO BE BOUND BY THE MOST RECENT VERSION OF THE PRIVACY POLICY. If We materially change this Privacy Policy, We will let You know by sending an email notifying You of the changes to the email address We have on file for You and posting an updated Privacy Policy on the Service.

1. Information We Collect

We collect information from You when You use the Service, contact or interact with us, and voluntarily provide us with Your comments and other content in connection with using the Service, as described in the following table and in the text that follows the table.

Categories of individuals

Categories of personal information

Purposes

Sources

Categories of third-party recipients

All users 

(Pathfinder members, Pathfinder Bridge users, and other users of our Service, such as website visitors and app users) 

  • Usage information (see below)
  • Demographic information
  • Device information, including device model, manufacturer, operating system version, browser version, and similar information
  • Location information
  • Interest information
  • Online behavior and email and message behavior
  • Service management and administration
  • Marketing
  • Customer service
  • Product development
  • Personalization of user experience
  • Analysis and improvement of Service
  • Fraud and abuse prevention
  • Legal compliance
  • Technical services such as hosting and data      migration
  • Academic and research purposes (anonymized personal information only)
  • Indirectly by monitoring individuals’ activities or behavior
  • From analytics providers
  • System monitoring partners
  • Analytics providers
  • Research partners (anonymized personal information only)

All users who log in with a username and password to access the Service

(Pathfinder members and Pathfinder Bridge users)

  • Name and contact information, including telephone number and email address
  • Gender identification
  • Age/date of birth 
  • Credentials (login name and password)
  • Organization, program, and group affiliations
  • Activity on Service
  • Service management and administration
  • Marketing communications
  • Text messaging
  • Account verification
  • Alerts and communications
  • Directly from individual
  • Treatment providers and healthcare providers
  • Treatment programs and healthcare providers
  • Other Service users, as You direct
  • Messaging providers

Pathfinder members including Companion application users

(not including users of Pathfinder Bridge)

  • Current treatment provider (if applicable)
  • Association with other members who have accepted Your invitation to connect 
  • Habits and goals
  • Additional volunteered information
  • Calendar entries created or stored within the Service
  • IP address
  • Search terms
  • Location
  • To allow users to send messages and share resources with others in the user community
  • To enable users to journal about how they are feeling 
  • To allow users to communicate with and provide information to the healthcare providers and others in their recovery team 
  • To allow the Service to administer badges and other rewards for achievements
  • To recommend and save helpful resources
  • To communicate with other members who have accepted a connection request
  • Personalization
  • Service management and administration
  • Meeting organization and mapping and directions to locations
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • Treatment providers and healthcare providers
  • Analytics providers
  • Your treatment programs and healthcare providers
  • Other Service users, as You direct
  • Messaging providers
  • Rewards providers
  • Mapping provider
  • Video platform provider

Pathfinder Bridge users (treatment program and healthcare provider users of the Service)

  • Gender identification
  • Additional volunteered information
  • IP address
  • Activity on Service
  • To access and maintain records, including records relating to Pathfinder members, for members in the program’s or provider’s care
  • To communicate with members, healthcare providers, and other users associated with treatment programs
  • Personalization
  • Service management, administration, and improvement
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • Administrators at treatment providers or healthcare providers
  • Analytics providers
  • Other users of the Service, as You direct
  • Messaging providers
  • Administrators of Service

Administrative users of the Service

(including admins and super admins)

  • Access control information with regard to associated organizations, programs, groups, and individuals
  • Personalization
  • Service management and administration
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • None

Individuals that use mapping/direction capabilities integrated with the Service

  • Search terms
  • Precise location information
  • To allow users to see locations on a map and obtain directions
  • Directly from individual
  • Indirectly by monitoring individuals’ activities or behavior
  • From mapping providers
  • Mapping providers

Individuals who send us correspondence or other volunteered information via the Service

  • Contents of such messages, including any supplied contact information and volunteered information
  • Responding to correspondence
  • Marketing communications
  • Directly from individual
  • Messaging providers

Individuals who request a demonstration

  • Contact information
  • Contents of accompanying message, if any
  • Information about referral source
  • Responding to request
  • Marketing communications
  • Directly from individual
  • Messaging providers

In addition to the purposes described in the table above, we may use personal information to defend our legal rights, defend ourselves from legal claims, or in other ways as required by law.

In the table above:

2. Personal Information Sharing

Information may be disclosed to third parties in accordance with our Privacy Policy. Please note that a user may choose not to share certain information as described in the Analytics providers section below. We may use third-party service providers and business partners to perform functions in connection with the Service, such as website hosting, marketing, site analytics, relationship management, functions related to analyzing and improving the Service usefulness, reliability, user experience, and operation, storing data, and as otherwise described in this Privacy Policy. We also may share personal information with these providers and partners for their direct marketing and promotional purposes and so they can provide services to You. We do not share personal information with any third parties in exchange for monetary compensation.

We use Google Analytics and Google Tag Manager to better understand who is using the Service and how people are using it. Google Analytics and Google Tag Manager use cookies to collect and store information, such as Service pages visited, places where users click, time spent on each Service page, Internet Protocol address, type of device and operating system used, language preference, location-based data, device ID, search traffic, gender, and age. We use this information to improve the Service and as otherwise described in this Privacy Policy. Please see: https://policies.google.com/technologies/partner-sites for information about how Google Analytics uses this information, and visit: https://tools.google.com/dlpage/gaoptout for information about the Google Analytics Opt-out Browser Add-on. Google may track Your activity over time and across websites.We may also work with third-party      companies that deliver advertisements or other content to You. To learn more about third-party online advertising and to opt out of certain types of advertising, please see: http://optout.networkadvertising.org/?c=1.

HIPAA.  Please note that, in addition to protecting Your personal information set forth in this Privacy Policy, we also comply with HIPAA (the Health Insurance Portability and Accountability of 1996, as amended, and the associated implementing regulations) with respect to protected health information. As required by HIPAA, You may also receive notices of privacy practices from treatment programs or healthcare providers who use our Service. Your affiliated treatment center or healthcare provider’s Notice of Privacy Practices describes in detail how they—and we, acting on their behalf—use and disclose Your protected health information.

Aggregated and Anonymized Information.  We may share aggregated or anonymized information relating to users of the Service with affiliated or unaffiliated third parties, including academic and research institutions.  This aggregated or anonymized information does not contain personal information about any user.

3. Personal Information Security and Retention

We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession. While we make every effort to help ensure the integrity and security of our network and systems, You should understand that no data storage system or transmission of data over the internet or any other public network is completely secure. Please keep Your account password secure to help ensure the safety of Your personal information.  

We retain personal information only for long as we have a legitimate business or legal need to retain the information.  Please note that some or all of the information We have collected may be required in order for the Service to function properly.  In some circumstances we may anonymize Your personal information (so that it can no longer be associated with You) in which case we may use this information indefinitely without further notice to You.

To the extent required by law or our agreements with treatment programs and healthcare providers, we also ensure that we employ the safeguards required under HIPAA.

While We take reasonable measures to protect the information You submit via the Service against loss, theft, and unauthorized use, disclosure, or modification, We cannot guarantee its absolute security. No Internet, email, or mobile application transmission is ever fully secure or error free.  Email or other messages sent through the Service may not be secure. You should use caution whenever submitting information through the Service and take special care in deciding with which information You provide us.

It is Your responsibility to safeguard the devices You use to access the Service (such as laptops, tablets and mobile devices), and to use appropriate security settings on those devices. If those devices are lost, stolen or misplaced, others may be able to access Your account and Your personal information using those devices. If You log into the Service using a public computer or device, or the computer or device of another person, You should affirmatively log out of Your account (i) prior to ending Your session, or (ii) if You will be inactive on the Service for more than a few minutes otherwise, the next user of that computer or device may be able to access Your account and the Information in Your account if Your session has not ended.

You agree that we are not responsible for any harm that may result from someone accessing Your account or personal information on a lost, stolen or misplaced device or on a public computer or kiosk where You do not for any reason take the necessary steps to log out of Your account prior to ending a session on such public computer or kiosk.

WE ASSUME NO LIABILITY FOR DISCLOSURE OF YOUR INFORMATION DUE TO TRANSMISSION ERRORS, THIRD-PARTY ACCESS, OR CAUSES BEYOND OUR CONTROL.

4. Links to Other Websites or Applications

This Privacy Policy applies only to the Service. The Service may contain links to other websites or apps, or may forward users to other websites or apps, that We may not own or operate. The links from the Service do not imply that We endorse or have reviewed these websites or apps. The policies and procedures We describe here do not apply to these websites or apps. We neither can control nor are responsible for the privacy practices or content of these websites or apps. We suggest contacting these website or app providers directly for information on their privacy policies. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party. Nonetheless, We seek to protect the integrity of the Service, and welcome any feedback about these linked websites and mobile applications.

5. Your Choices Regarding Your Information

You have choices regarding the use of information by the Service:

6. Information Collected From Other Websites and Mobile Online Applications, and Do Not Track Policy

Through cookies We place on Your browser or device, We may collect information about Your online activity after You leave the Service. Just like any other usage information We collect, this information allows us to improve the Service and customize Your online experience, and otherwise as described in this Privacy Policy. Your browser may offer You a “Do Not Track” option, which allows You to signal to operators of websites and mobile applications and services (including behavioral services) that You do not wish such operators to track certain of Your online activities over time and/or across different websites and mobile applications and services. The Service does not support Do Not Track requests at this time, which means that We may collect information about Your online activity both while You are using the Service and after You leave the Service.

7. Children

We welcome members under the age of 13 to use the Pathfinder Service with the consent of their parents or legal guardians. When such individuals seek to enroll in a treatment program or with a healthcare provider that offers our Service, we will collect the consent of the individual’s parent or legal guardian to the collection of personal information about the individual as described in this privacy policy before granting the individual access to our Service. Except in such circumstances, we do not knowingly collect personal information from an individual under age 13. If You are under the age of 13, our Terms of Use do not allow You to submit any personal information through the Service unless Your parent or legal guardian provided consent in tandem with Your enrollment as described above. If You have reason to believe that we may have accidentally received personal information from an individual under age 13 without receiving parental/guardian consent, please contact us immediately at info@pfsbc.com.

8. How to Contact Us

Please feel free to contact us by email at info@pfsbc.com if You have any questions about this Privacy Policy.

9. California Privacy Rights

Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, certain information about the types of personal information the business has shared with third parties for those third parties’ direct marketing purposes, and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year.  You may make one request each year by emailing us at info@pfsbc.com.

10. Nevada Privacy Rights

The Nevada Revised Statutes (NRS 603A.300 et seq.) permit a Nevada consumer to direct an operator of an Internet website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by emailing us at info@pfsbc.com.  We will provide further information about how We verify the authenticity of the request and Your identity.

11. Consumer Health Data Privacy Policy

The law in the state of Washington requires that we provide residents with additional rights and information with regard to their Consumer Health Data. The term “Consumer Health Data” refers to any personal information that is linked or reasonable linkable to a consumer and that identifies an individual’s past, present, or future health status. However, data that is protected under HIPAA is not considered Consumer Health Data under Washington law.

Nevada residents, please note that, because we are required to comply with HIPAA, the personal information we collect and use falls outside the scope of Nevada’s consumer health data privacy law.

A. Consumer Health Data Privacy Policy

We collect, use, and share Consumer Health Data as described in the following table:

Categories of Individuals

Categories of Consumer Health Data

Purposes of Collection

Sources

Third parties with Which Consumer Health Data is Shared

Pathfinder members including Companion application users

(not including users of Pathfinder Bridge)

  • Association with other members who have accepted Your invitation to connect
  • Habits and goals
  • Additional volunteered information
  • Calendar entries created or stored within the Pathfinder Service
  • Location
  • Usage information

 

  • To allow users to send messages and share resources with others in the user community
  • To enable users to journal about how they are feeling
  • To allow the Service to administer badges and other rewards for achievements
  • To recommend and save helpful resources
  • To communicate with other members who have accepted a connection request
  • Personalization
  • Service management and administration
  • Meeting organization and mapping and directions to locations

 

  • Directly from user
  • Indirectly by monitoring users’ activities or behavior
  • Analytics providers
  • Other Service users, as You direct
  • Messaging providers
  • Rewards providers
  • Mapping provider
  • Video platform provider
  • Government or other entities in connection with legal matters

We do not presently share Consumer Health Data with any affiliates. All other health information we process is subject to HIPAA and therefore outside the scope of Washington’s My Health My Data Act.

B. Your Rights Regarding Consumer Health Data

Under the Washington State My Health My Data Act, Washington State residents and natural persons whose Consumer Health Data is collected in Washington may have the following rights, subject to verification, exceptions, and limitations:

How to Exercise Your Rights

You may submit requests as follows (please our review verification requirements below).

If you have any questions or wish to appeal any refusal to take action in response to a MHMDA rights request, contact us at info@pfsbc.com. We will respond to any request to appeal within the period required by law.

Washington Residents: If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General here.

Verification of Consumer Health Data Rights Requests

If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, to reduce fraud, and to ensure the security of Consumer Health Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

We may require that you match Consumer Health Data we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Consumer Health Data to you if prohibited by law.