Privacy Policy

1. Introduction

Welcome to BetterStep ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

About BetterStep

BetterStep is a wellness coaching mobile application designed to support individuals in addiction recovery as a post-rehabilitation companion. We provide Cognitive Behavioral Therapy (CBT) exercises and evidence-based techniques to support your recovery journey.

Important: BetterStep is a wellness and self-help tool, not a medical service. We do not provide medical advice, diagnosis, treatment, or therapy. We do not employ healthcare professionals or provide clinical consulting services. If you need medical assistance or are experiencing a crisis, please contact a healthcare provider or emergency services immediately.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) for users in the European Union and the California Consumer Privacy Act (CCPA) for users in California, as well as other applicable US state privacy laws. Given the sensitive nature of addiction recovery and health data, we take extra precautions to protect your information.

Contact Information:
Business Name: BetterStep
Address: 13 M. Tamarashvili, Tbilisi, Georgia
Email: info@betterstep.io

By using BetterStep, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our application.

2. Information We Collect

Personal Information You Provide to Us

We collect personal information that you voluntarily provide to us when you use our mobile application, including:

Email Addresses: Used for account creation, communication, and service delivery
‍Names: Used to personalize your experience and identify your account
‍Social Media Information: When you choose to connect your social media accounts
Location Data: To provide location-based features and services (with your permission)

Health and Wellness Data

As a wellness app supporting addiction recovery, we collect the following health-related information to provide our services:

Physical Activity Data: Steps, exercise routines, and activity levels
Biometric Data: Heart rate (if you connect compatible devices or manually enter)
Sleep Data: Sleep patterns and quality
Recovery Progress: Information related to your recovery journey, CBT exercise completion, and wellness goals

Important: This data is used solely to provide wellness support and is not used for medical diagnosis or treatment. We treat all health and recovery-related data as highly sensitive and apply enhanced security measures.

Information Automatically Collected

When you use our application, we may automatically collect certain information, including:

Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our application and hold certain information
Usage Data: Information about how you use our application, including features accessed and actions taken
Device Information: Information about your mobile device, including device type, operating system, and unique device identifiers
Analytics Data: We use Firebase and Google Analytics to understand how users interact with our application

Push Notifications

With your consent, we may send you push notifications regarding your account, updates, and other relevant information. You can opt-out of receiving push notifications by changing your device settings.

3. How We Use Your Information

We use the information we collect for the following purposes:

To Provide Wellness Services: To deliver our addiction recovery support features, CBT exercises, and wellness coaching
To Track Progress: To help you monitor your recovery journey, physical activity, sleep patterns, and overall wellness
To Personalize Experience: To customize content, exercises, and recommendations based on your needs and progress
To Improve User Experience: To understand how users interact with our application and improve functionality
To Communicate: To send you updates, motivational notifications, and respond to your inquiries
Legal Compliance: To comply with applicable laws, regulations, and legal processes
Security: To protect against fraudulent, unauthorized, or illegal activity
Analytics: To analyze usage patterns and improve our services using Firebase and Google Analytics

We Do Not Use Your Health or Recovery Data For:

Medical diagnosis or treatment
Sharing with healthcare providers (unless you explicitly request)
Marketing purposes unrelated to wellness support
Selling to third parties

4. Third-Party Services

We use the following third-party services that may collect information used to identify you:

Firebase

Firebase provides backend services including authentication, database, and analytics. Firebase may collect device information, usage data, and other information as described in their privacy policy.

Google Analytics

Google Analytics helps us understand how users interact with our application. It collects information such as how often users visit the app, what features they use, and aggregate usage data.

Important: These third-party services have their own privacy policies. We encourage you to review:
• Firebase Privacy Policy: https://firebase.google.com/support/privacy
• Google Privacy Policy: https://policies.google.com/privacy

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: With Firebase and Google Analytics as described above, solely for providing and improving our services
Legal Requirements: When required by law, regulation, legal process, or governmental request
Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users or the public
Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business

6. Your Privacy Rights

You have the following rights regarding your personal information:

General Rights

Access Your Data: You can request access to the personal information we hold about you
Update/Correct Your Data: You can update or correct inaccurate information at any time
Delete Your Data: You can request deletion of your personal information
Opt-Out of Communications: You can opt-out of receiving marketing communications from us
Disable Cookies: You can manage cookie preferences through your device settings

GDPR Rights (For EU Residents)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access: Obtain confirmation of whether we process your personal data and access to such data
Right to Rectification: Request correction of inaccurate personal data
Right to Erasure: Request deletion of your personal data under certain circumstances
Right to Restriction: Request restriction of processing under certain circumstances
Right to Data Portability: Receive your personal data in a structured, commonly used format
Right to Object: Object to processing of your personal data for certain purposes
Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data
Right to Lodge a Complaint: File a complaint with a supervisory authority in your country

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Consent: You have given clear consent for us to process your personal data for specific purposes
Contract: Processing is necessary for the performance of our services
Legal Obligation: Processing is necessary to comply with the law
Legitimate Interests: Processing is necessary for our legitimate interests, provided these do not override your rights

Legal Basis for Processing (GDPR)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt-out of the sale or sharing of personal information (Note: We do not sell your personal information)
Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive personal information to only what's necessary to provide our services
Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights

Categories of Personal Information We Collect (CCPA)

Identifiers (name, email address)
Internet or network activity (app usage, cookies)
Geolocation data (with your consent)
Social media profile information (when connected)
Sensitive Personal Information: Health data (steps, heart rate, sleep patterns, exercise data), information revealing addiction recovery status

Business Purpose for Collection

We collect this information to provide our wellness and addiction recovery support services, improve user experience, communicate with users, and comply with legal obligations.

We do NOT sell your personal information. We do not share your sensitive health or recovery data with third parties except as necessary to provide our services (e.g., Firebase for secure storage) or as required by law.

Special Note for California Residents

Under CCPA, health information related to substance use disorder is considered "sensitive personal information" and receives heightened protection. We limit the use of this data solely to providing our wellness services and do not use it for any other purpose without your explicit consent.

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@betterstep.io. We will respond to your request within:

30 days for GDPR requests (EU residents)
45 days for CCPA requests (California residents), with possible 45-day extension if needed

You may designate an authorized agent to make requests on your behalf. We may require verification of your identity before processing your request.

7. Data Retention

We retain your personal information until you request deletion of your data. When you request deletion, we will delete or anonymize your personal information within 30 days, unless we are required to retain it for legal compliance purposes.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Given the sensitive nature of addiction recovery and health data, we apply enhanced security measures:

Security Measures Include

Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls: Strict authentication and role-based access limitations
Secure Storage: All data stored securely through Firebase with additional security layers
Regular Security Audits: Periodic assessment of security protocols and vulnerabilities
Data Minimization: We collect only the data necessary to provide our services
Employee Training: Limited personnel access with confidentiality agreements
Incident Response: Procedures in place for potential security breaches

Special Protection for Recovery and Health Data

Your recovery status and health data are treated as highly sensitive
We apply the same level of confidentiality as protected health information, even though we're not HIPAA-covered
Recovery-related data is segregated from general user data
We never sell, share, or disclose your recovery journey information to third parties
Anonymization is used for any analytics or research purposes

Important Limitation: However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information using industry-standard measures, we cannot guarantee absolute security. You use our services at your own risk.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

Notify you within the timeframe required by applicable law
Inform you of what information was compromised
Explain the steps we're taking to address the breach
Provide guidance on protective measures you can take

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country, state, or other governmental jurisdiction where data protection laws may differ. If you are located in the EEA, your data may be transferred to countries outside the EEA. We ensure appropriate safeguards are in place for such transfers in compliance with GDPR requirements.

10. US State Privacy Laws

In addition to CCPA (California), we comply with privacy laws in other US states. Many of these laws provide enhanced protections for health data, which is particularly relevant for BetterStep users.

States with Comprehensive Privacy Laws

Virginia (VCDPA) - Effective January 1, 2023
Colorado (CPA) - Effective July 1, 2023
Connecticut (CTDPA) - Effective July 1, 2023
Utah (UCPA) - Effective December 31, 2023
Montana (MCPA) - Effective October 1, 2024
Oregon (OCPA) - Effective July 1, 2024
Texas (TDPSA) - Effective July 1, 2024

Your Rights Under State Privacy Laws

Residents of the above states have rights similar to those outlined in the GDPR and CCPA sections, including:

Right to access your personal data
Right to delete your personal data
Right to correct inaccurate data
Right to opt-out of targeted advertising (we don't engage in this)
Right to opt-out of sale of personal data (we don't sell data)
Right to data portability

Special Protections for Health Data

Several US states provide enhanced protections for health data:

Washington My Health My Data Act (MHMDA) - Effective March 31, 2024

This law provides specific protections for "consumer health data," which includes data related to mental health and substance use disorder. Under MHMDA:

We obtain your affirmative consent before collecting health data
We do not sell health data
We do not share health data with third parties except as necessary to provide our services
You can withdraw consent at any time

Nevada (SB 260) - Enhanced protections for health data

Nevada law prohibits the sale of certain health-related information and requires enhanced security measures.

How to Exercise Your State Privacy Rights

To exercise your rights under your state's privacy law, please contact us at info@betterstep.io. Please specify your state of residence in your request. We will:

Verify your identity
Respond within the timeframe required by your state's law (typically 45 days)
Not discriminate against you for exercising your rights

How to Exercise Your State Privacy Rights

Illinois Biometric Information Privacy Act (BIPA)

If you are an Illinois resident and we collect biometric data (such as heart rate from wearable devices), we will:

Obtain your written consent before collection
Inform you of the purpose and duration of collection
Not sell or profit from your biometric data
Store it securely and delete it when no longer needed

42 CFR Part 2 Awareness

While BetterStep is not subject to federal substance use disorder confidentiality regulations (42 CFR Part 2) as we are not a healthcare provider, we recognize the sensitivity of addiction recovery information and apply similar protective principles, including:

Treating all recovery-related information as highly confidential
Not disclosing your use of our app or recovery status to third parties
Obtaining your consent before any disclosure beyond what's necessary for app functionality

11. Children's Privacy

Our application is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@betterstep.io, and we will delete such information from our systems.

12. Location Data

We collect and use location data to provide location-based features and services within our application. You can enable or disable location services at any time through your device settings. Please note that disabling location services may limit certain features of our application.

13. Medical Disclaimer and Crisis Resources

BetterStep is NOT a substitute for professional medical care, therapy, or emergency services.

Important Information

Not Medical Advice: BetterStep provides wellness support and self-help tools based on CBT principles. It does not provide medical advice, diagnosis, or treatment.
Not a Crisis Service: If you are experiencing a medical emergency, mental health crisis, or are in danger of harming yourself or others, please contact emergency services immediately.
No Healthcare Professionals: We do not employ licensed healthcare providers, therapists, or medical professionals. Our app provides educational content and wellness tools only.
Supplement, Not Replacement: BetterStep is designed to supplement, not replace, professional treatment and support systems.

Important Information

United States

National Suicide Prevention Lifeline: 988 or 1-800-273-8255
SAMHSA National Helpline (Substance Abuse): 1-800-662-4357
Crisis Text Line: Text HOME to 741741
Emergency Services: 911

International

Emergency Services: Contact your local emergency number
International Association for Suicide Prevention: https://www.iasp.info/resources/Crisis_Centres/

If you are in recovery and experiencing cravings, urges, or feel at risk of relapse, please reach out to your sponsor, counselor, support group, or healthcare provider immediately.

13. Medical Disclaimer and Crisis Resources

We use cookies and similar tracking technologies to track activity on our application and provide certain functionality. You can manage your cookie preferences through your device settings.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email:
info@betterstep.io
Address:
13 M. Tamarashvili, Tbilisi, Georgia