Privacy Policy for Impact Family Inc.

Effective Date: January 1, 2024

This Privacy Policy describes how Impact Family Inc. ("Impact Family," "we," "us," or "our") collects, uses, and discloses your information when you use our website (the "Website").

Information We Collect:

We collect two types of information on the Website:

• Personal Information: This information can be used to identify you directly, such as your name, email address, phone number, and mailing address. We only collect Personal Information you voluntarily provide us, such as when you contact us through a form on the Website.
• Non-Personal Information: This information does not identify you directly, such as your browsing history, IP address, device type, operating system, and geographic location. We collect Non-Personal Information automatically through your use of the Website.

Use of Information:

We use the information we collect for the following purposes:

• To operate and maintain the Website;
• To respond to your inquiries and requests,
• To send you information about Impact Family, such as upcoming events and resources;
• To analyze how the Website is used; and
• To comply with applicable laws and regulations.

We will not sell, rent, or share your Personal Information with third parties for marketing purposes.

Sharing of Information:

We may share your information with third-party service providers who help us operate the Website and provide our services. These service providers are contractually obligated to keep your information confidential and use it only for the purposes we have disclosed it to them.

We may also disclose your information if we are required to do so by law, such as in response to a court order or subpoena.

Your Choices:

You can choose not to provide us with any Personal Information. However, this may limit your ability to use certain website features.

You can also opt out of receiving marketing emails from us by clicking the "unsubscribe" link in any email you receive.

Children's Privacy:

The Website is not directed to children under the age of 13. We do not knowingly collect Personal Information from children under 13. If you are a parent or guardian, believe your child is under 13, and have provided us with personal information, don't hesitate to contact us. We will delete the information from our records.

Data Security:

We take reasonable steps to protect your information from unauthorized access, disclosure, alteration, or destruction. However, no website or internet transmission is completely secure.

Changes to this Privacy Policy:

We may update this Privacy Policy from time to time. We will post any changes on the Website. We encourage you to review this Privacy Policy periodically for any updates.

Contact Us:

If you have any questions about this Privacy Policy, please get in touch with us at:

Florida Specifics:

Under Florida law, you have the right to access your Personal Information and to request that we correct any inaccuracies or delete it. To exercise these rights, please get in touch with us at the address above.

Federal Law:

This Privacy Policy is also subject to applicable federal laws, such as the Children's Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA). However, this Privacy Policy does not apply to information that HIPAA protects. If you seek counseling services from Impact Family, you will receive a separate HIPAA Notice of Privacy Practices.

Fireflies.ai HIPAA Compliance and Security Measures

Impact Family Inc. may sometimes utilize third-party applications such as Fireflies.ai to record audio only and transcribe meeting notes. These notes are shared with the client as part of our commitment to transparent and accessible communication. We ensure that all third-party applications are HIPAA compliant and adhere to strict industry standards to protect your PHI. By engaging in services with Impact Family Inc., you acknowledge and consent to using such third-party applications for note-taking and record-sharing purposes.

Fireflies.ai is HIPAA-compliant and adheres to strict measures to protect patient health information in the United States. To safeguard your health data, Fireflies implements the following security protocols:

• Private storage to ensure HIPAA compliance.
• Business Associate Agreements (BAA) with vendors such as OpenAI and ASR ensure they do not trade, train, or store your data.
• Zero-day retention policy: No data is stored on vendor systems, such as OpenAI, for any duration.

How Do Fireflies Manage Security Vulnerabilities?

Fireflies.ai is regularly scanned using industry-standard tools to monitor and detect vulnerabilities. To further enhance security, Fireflies runs a continuous bug bounty program with HackerOne to identify and address potential vulnerabilities. However, no security system is entirely impenetrable. In a security breach, Fireflies will take reasonable steps to investigate, notify affected individuals, and comply with all relevant laws and regulations.

Data Encryption and Security

Fireflies.ai ensures that all user data, including meeting transcripts, audio recordings, calendar events, emails, and user settings, is encrypted end-to-end, both at rest and in transit, using industry-standard encryption protocols. Specifically:

• Data encryption: 256-bit AES encryption for data at rest and TLS 1.2 encryption for data in transit.
• Backup snapshots: Metadata (calendar events, emails, user settings) is backed up every 4 hours and retained for a maximum of 1 year. No transcripts or audio recordings are stored in these snapshots.

Fireflies implement robust security practices to maintain the confidentiality and integrity of all data collected and shared with its service providers.