Privacy Policy for the Connections App.

We are CHESS Health, the company behind the Connections App for individuals in treatment for and/or recovery from substance use disorder and, sometimes, other behavioral health conditions. In this Privacy Policy, the company CHESS Health will be referred to as ‘CHESS’.

At CHESS, we don’t sell or give the Connections App to individuals directly; you’re getting the Connections App through a healthcare provider, treatment center, health plan, or other type of organization that has a contract with us for our eRecovery solution. Throughout the rest of this document, this other organization who is enabling your use of the Connections App and who will have access to almost everything about how you use it and almost all the data you enter into it, will be referred to as the “Provider” or “your Provider”. You’ll see the name of your Provider when you first onboard onto the app. At any other time, to see who your Provider is, go to My Providers in Settings.

If you’re like most people, you want your personal information protected, especially your health care information.

Please read this Privacy Policy closely and, if you have any more questions after reading this, please contact us at CHESS (privacy@chess.health) or discuss with your Provider.

This Privacy Policy will describe the following:

  • The data about you that will be stored by CHESS
  • Who has access to this data
  • Who else might get access to the data
  • What other individuals might know about you or find out about you
  • Optional notifications outside of the App
  • Where your data is stored
  • How we protect and secure your data
  • How long data is stored
  • What to do if you want your identifiable data erased or deleted
  • Our policy regarding children
  • Your consent
  • How you can contact us

Very important… If you use the Connections App, then we assume you’re giving us consent to store your data, to give access to this data to your Provider, and you consent to everything in the Privacy Policy. You will also have to accept our End User License Agreement (EULA) before you can start using the App. We will update the Privacy Policy from time to time; you can always read it on our website or from within the App (under Settings).

The data about you that will be captured and stored by CHESS

In the course of creating or getting an account, your use of the Connections App, and the Provider’s use of the eRecovery solution, personally identifiable information (“PII”) about you will be captured and stored by CHESS.

The PII that may be stored through your interactions with the Connections App and through the use of eRecovery by your Provider includes, without limitation, your name, username, alias name, email address, physical address, gender, date of birth, telephone numbers, photographs, names of personal contacts, medical information (health plan name, health plan identifier, level of care, primary substance of abuse, mental illness, current treatment facility, comorbidity, whether you are receiving medication-assisted therapy (MAT), whether you are pregnant), employment status, income range, the names of high risk locations you may enter, recovery goals, recovery tasks, answers to survey questions, community posts, comments, and replies, individual and group messages you might send using the Connections App to other individuals, to counselors, coaches, or other authorized users of eRecovery, including messages, text messages, or emails you might send to CHESS Health or its employees.

The Connections App and the eRecovery solution may also collect certain information automatically, including, without limitation, the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the App (“Automatically Collected Information”).

Some of the data you enter and some of the data about you will be stripped of any detail (e.g., name, birth date, etc.) that could identify you (hence called “De-identified Data”). This data is stored with de-identified data from many other individuals so that your Provider and other Providers can compare data about large populations to learn about addiction treatment outcomes and other useful analytics. No one performing this analysis will ever know what data in this large population is yours.

Who has access to this data

Your Provider has permission to access this PII; they may or may not actually view this data.

CHESS, which operates and supports the eRecovery solution for the Provider, has access to all the PII and the Automatically Collected Information.

Your Provider and other Providers can perform analytics and benchmarking on the de-identified data described above.

Who else might get access to the data

CHESS may disclose your data to other organizations when (1) required to by law, such as to comply with a subpoena or similar legal process; or (2) when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

What other individuals might know about you or find out about you

Your provider is also giving the Connections App to other individuals. If you are not careful, these individuals may be able to identify you through your use of the Connections App. Read carefully

  • When you first access the Connections App, you will be prompted to set up an alias name, which should be something different than your real name
  • You pick your alias name
  • You also chose your own profile image; a picture of yourself may make you recognizable to others in the app
  • Your Provider may assign you to a ‘Team’ – any individuals in your team will see your alias name, and any details you share about yourself on your ‘Wall’  
  • Your Provider will assign you to a ‘Community’ or ‘Group’ to participate in online discussions through messages. If you post any topics, comments, replies, messages, or achievements, then all individuals in the same Community or Group will be able to see your alias name and your profile image.
  • If you participate in the video support meetings through the app, then other individuals in the same meetings will see you if you have your camera on

CHESS and your Provider cannot promise that another individual also using the Connections App will not know your identity.  

Optional notifications outside of the App

The Connections App has an optional capability to push notifications to the home screen of your mobile device. This feature is optional. To be enabled, you must first allow notifications from Connections on your mobile device. At any time, notifications can be turned off through the settings within the Connections App and/or through the settings on your mobile device.

If enabled, a push notification is a message that pops up on a mobile device and can be sent at any time, even when you are not using the app. If you opt to allow push notifications from the Connections App, you will receive notifications such as, reminders, schedules, and message alerts, but never anything detailed or specific. Please be aware that these notifications will indicate that they are from the Connections App and may be seen by others who have access to your phone.

Where your data is stored

CHESS stores your data on secure Amazon Web Services (“AWS”) servers. You can learn more about AWS and how it helps us protect your information here: https://aws.amazon.com/compliance/hipaa-compliance/.

How we protect and secure your data

We are committed to safeguarding the confidentiality of your data. We provide physical, electronic, and procedural safeguards to protect the information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve the Connections App. In addition, CHESS employs a variety of technical safeguards to protect the confidentiality, integrity, and availability of your data including encryption of the data in transit and at rest and other industry best practices. Please be aware that, although we strive to provide reasonable security for the information we process and maintain, no security system can prevent all potential security breaches.

How long data is stored

Your data will be stored by CHESS as long as your Provider remains a customer of CHESS.

What to do if you want your identifiable data erased or deleted

If you have stopped using the Connections App, have deleted the app from all mobile devices, and want to be sure your identifiable data is cleared from all databases, you can reach out to your Provider to get your identifiable data erased or deleted from the CHESS servers.

Our policy regarding children

The Connections App is not for individuals under the age of thirteen. If a parent or guardian becomes aware that his or her child has entered their own personal data into the Connections App or somehow been given an account by a Provider, please contact us at support@chess.health.

Your consent

As stated earlier, your use of the Connections App is an acknowledgement that you understand and consent to this Privacy Policy. CHESS may modify this Privacy Policy at any time effective upon its posting. Your continued use of the Connections App constitutes your acceptance of this Privacy Policy and any updates.

You will also have to accept our End User License Agreement (EULA) before you can create an account and start using the App. Read it carefully too.

How you can contact us If you have any questions regarding the Privacy Policy, please contact us at privacy@chess.health.