Privacy Policy
Last Updated: 1 September, 2025
IntroductionConfyde is a web application that allows organizations to check in on and support the mental health and wellbeing of their people.You will be required to share certain information with us when using our services. This privacy policy has been compiled to get a clear understanding of how we collect, use, protect or otherwise handle this information.After reading through this Privacy Policy, if you still have any questions or concerns regarding anything mentioned, please do not hesitate to contact us.
Information We Collect1. Account InformationWe collect the information that you and/or your organization chooses to provide us when your account is created. This includes your name, and email address, and may also include other information such as the team/department/squad that you are assigned to, along with your phone number should you choose to provide it.2. ActivityIn addition to the information above, we may also collect information about your activity. For example, the emotion which you have indicated during a mental check-in, insights into your selection, whether or not you requested to talk to another user, and messages shared to other users. Information will be shared with your organizations's designated mental health support persons, and administrators of an organization for data and analytical purposes only. Information that is intended to be kept private and confidential will be kept private and confidential, and will only be shared with a specific support person, or group of support persons, that you select to share it with in certain instances.
How We Use InformationWe may use the information we collect from you and/or your organization when an account is created or edited by you or for you in the following ways:To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.To develop, deliver and improve our service.To monitor and analyze trends in usage.To quickly process your responses.To send you communications, including through email.
How We Share InformationWe may share information about you to certain users at your request, however this information will be limited to your name, the emotion you have reported, the insight that corresponds with that emotion, and/or the message you have provided that specific user.
How We Protect Your InformationAll data is encrypted in transit using TLS 1.2 or higher and encrypted at rest with AES‑256 encryption on AWS storage managed by Bubble.io. Access to your information is strictly limited to authorized personnel through secure authentication processes. Our hosting platform undergoes regular malware scanning and third‑party audits to maintain SOC 2 compliance.
Information RetentionConfyde retains your information while your account is active. When an account is deleted we remove production‑system copies within 30 days and purge back‑up copies within 90 days. Certain business‑record data may be retained for up to three (3) years to meet legal or contractual requirements.To request to permanently delete your organization or user data, please contact us at [email protected]. We respond to requests to access, export, or delete your personal data within 30 days of verification.
MarketingWe may use your email address to respond to support inquiries and notify you of important information regarding your account, share information about our services, or provide you with promotional offers.In accordance with the CAN-SPAM Act, we agree to the following:Not use false or misleading subjects or email addresses.Identify the message as an advertisement in some reasonable way.Include the physical address of our business or site headquarters.Monitor third-party email marketing services for compliance, if one is used.Honour opt-out/unsubscribe requests quickly.Allow users to unsubscribe by using the link at the bottom of each email.
Cookies1. AppWe, like most applications, may use cookies to collect information about your activity and device. We use them to understand your preferences based on previous or current activity, which enables us to provide you with improved services, for security preferences, and for performance and analytics. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.2. Disabling CookiesPlease note that you are able to disable cookies via the settings section of your browser or device. You may be able to choose to have your device warn you each time a cookie is being sent, or choose to turn off all cookies. If you choose to disable cookies, some of the features that make your site or app experience more efficient may not function as effectively.
Third-Party Disclosure1. Personally Identifiable InformationWe do not sell, trade, or otherwise transfer your information to outside parties unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.2. Non-Personally Identifiable InformationNon-personally identifiable visitor information may however be provided to other parties for marketing, advertising, or other uses.3. Third-Party ServicesOur Services may also contain third-party links and search results or include third-party integrations. Our core sub‑processors are Bubble.io (hosting), Postmark (email), Stripe (payments), and Twilio (SMS). Each maintains SOC 2 or PCI‑DSS certifications. You may be providing information (including personal information) directly to the third party, us, or both as a result of accessing these third-party links, integrations, or services. You acknowledge and agree that we are not responsible for how those third parties collect or use your information. As always, we encourage you to review the privacy policies of every third-party service that you visit or use, including those third parties you interact with through our services.
Fair Information Practices1. Data BreachesIf a security breach affecting your personal data is confirmed, we will notify affected users and, where applicable, regulators within 72 hours and provide timely updates until remediation is complete.2. Individual Redress PrincipleWe agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
ChildrenWe do not specifically market to children under the age of 13 years old. Our services are not intended for anyone under the age of 13, and we therefore do not knowingly collect information from anyone under the age of 13.
Revisions to the Privacy PolicyWe may from time to time revise this policy and make necessary updates. If you use our services after an update, you consent to the updated policy. We encourage you to periodically review this policy for the latest information on our privacy practices.