Privacy Policy for Psychologists and Independent Contractors at NVOX

This Privacy Policy for Psychologists and Independent Contractors (“Policy”) describes how NVOX, Inc. (“Company,” “we,” “our,” or “us”) collects, uses, processes, stores, and protects personal data related to psychologists, therapists, and independent contractors (“Contractors”) who provide professional services through the NVOX platform.

By registering as a Contractor and using our services, you agree to the terms outlined in this Policy. If you do not agree, you must stop using our platform and notify us at [privacy@nvox.com].

1. DATA WE COLLECT ABOUT PSYCHOLOGISTS

We collect and process the following categories of personal data about Contractors:

1.1 Personal Identifying Information (PII)

  • Full name, date of birth, gender, and nationality
  • Contact details (email address, phone number, home address)
  • Government-issued identification (passport, driver’s license) for identity verification

1.2 Professional and Licensing Information

  • Educational background and certifications
  • Professional licenses, board certifications, and license numbers
  • NPI (National Provider Identifier) or equivalent professional registration numbers
  • State licensing details and expiration dates

1.3 Employment and Work History

  • Previous work experience and professional affiliations
  • Disciplinary actions, malpractice claims, or legal complaints related to professional conduct
  • Training and professional development records

1.4 Financial and Payment Information

  • Bank account details for payments and tax processing
  • Taxpayer identification numbers (SSN, EIN, VAT, or equivalent)
  • Payment history and invoices for services rendered

1.5 Usage and Activity Data on the Platform

  • Logins, session durations, and interactions with the platform
  • Messages and communications with users (where applicable)
  • Reports generated and assessments completed
  • Feedback, ratings, and performance metrics

1.6 Audio, Video, and Biometric Data

  • Video or voice recordings of therapy or diagnostic sessions (only with prior consent)
  • AI-analyzed behavioral and facial recognition data (if applicable)

1.7 Communications and Support Requests

  • Emails, messages, and support requests sent to NVOX
  • Customer service interactions, inquiries, and complaints

2. HOW WE USE YOUR DATA

NVOX processes Contractor data only for legitimate business purposes, including:

2.1 Providing and Managing Your Work on the Platform

  • Verifying identity, qualifications, and licensing status
  • Credentialing and compliance verification
  • Facilitating scheduling and appointment management
  • Generating psychologist reports and assessments

2.2 Payment and Tax Compliance

  • Processing payments for completed assessments
  • Generating 1099 tax forms (for U.S.-based Contractors)
  • Complying with financial reporting obligations

2.3 Platform Safety and Regulatory Compliance

  • Ensuring Contractors meet state, federal, and international health regulations
  • Monitoring session quality, ethical compliance, and user feedback
  • Detecting and preventing fraud or misuse of the platform

2.4 Research, AI Training, and Product Improvement

  • With explicit consent, anonymized assessment data may be used to improve AI models
  • Conducting analytics to enhance assessment accuracy and service efficiency

2.5 Legal and Contractual Obligations

  • Complying with HIPAA, GDPR, and other privacy laws
  • Responding to subpoenas, audits, or government investigations

3. DATA SHARING AND DISCLOSURE

We do not sell Contractor data. However, we may share it under the following conditions:

3.1 Internal Use Within NVOX

  • With administrative staff to verify and approve applications
  • With customer support teams to handle disputes or complaints

3.2 Third-Party Service Providers

  • Payment Processors (e.g., Stripe, PayPal) – for secure compensation transactions
  • Background Check Services – to verify credentials before approval
  • Cloud Storage and Security Providers – to protect Contractor data

3.3 Legal and Regulatory Disclosures

  • If required by law or regulatory authorities
  • If necessary to comply with court orders or government subpoenas

3.4 With User Consent

  • If a psychologist agrees to share session details or recommendations with a client’s school, workplace, or medical provider

4. DATA SECURITY AND RETENTION

4.1 How We Protect Contractor Data

We take reasonable steps to protect Contractor data, including:

  • Encryption – All personal data is encrypted in transit and at rest.
  • Access Controls – Only authorized personnel can access sensitive data.
  • Security Audits – Regular penetration testing and compliance checks.

4.2 Data Retention Policy

  • Professional records (licenses, credentials): Retained for [X] years after termination.
  • Assessment reports: Retained for regulatory compliance or as long as legally required.
  • Payment records: Retained for tax and accounting purposes (up to 7 years).
  • Anonymized research data: Retained indefinitely for AI training and research.

When retention periods expire, we securely delete or anonymize data.

5. PSYCHOLOGIST RIGHTS & CHOICES

As an independent contractor providing services through the NVOX platform, you have certain rights regarding your personal data. These rights depend on your jurisdiction and may include the following:

5.1 Right to Access and Update Information

  • You have the right to review, correct, or update your personal and professional information at any time by logging into your NVOX account or by contacting [contractors@nvox.com].
  • If your professional credentials, licensing status, or tax information changes, you are required to update this information promptly.

5.2 Right to Data Portability

  • Upon request, we can provide a structured, machine-readable copy of your professional and financial data (such as earnings reports and service history).

5.3 Right to Request Deletion of Data (“Right to Be Forgotten”)

You may request deletion of your personal data under the following conditions:

  • If you stop providing services through the NVOX platform and wish to have your data removed.
  • If you withdraw consent for data processing where consent was required.
  • If you believe your data is being processed unlawfully.

Exceptions to Data Deletion:

We may be unable to delete certain data immediately if:

  1. Regulatory compliance: We must retain licensing, tax, or payment records for a legally mandated period (typically up to 7 years).
  2. Ongoing legal or financial obligations: If there is an open dispute, investigation, or unpaid invoice, we may retain your data until resolved.
  3. Security and fraud prevention: Limited anonymized data may be retained to detect and prevent fraudulent activity.

To request deletion, email [privacy@nvox.com] with your request, and we will process it within 30 days, unless a legal exemption applies.

5.4 Right to Restrict Processing

  • If you object to how your data is being used, you may request that we limit its processing while an investigation is conducted.
  • This applies if you contest the accuracy of your data, object to AI-based processing, or believe processing is unlawful.

5.5 Right to Object to Automated Decision-Making

  • If NVOX uses automated tools to analyze performance metrics, session effectiveness, or ranking for user referrals, you may request manual review of decisions affecting your ranking, compensation, or access to users.

6. INTERNATIONAL DATA TRANSFERS & STORAGE

6.1 Secure Cloud Storage

All contractor data is stored in a secure, encrypted cloud environment using enterprise-grade security measures.

  • Data is encrypted in transit and at rest using AES-256 encryption.
  • We use multi-factor authentication (MFA) and role-based access controls (RBAC) to prevent unauthorized access.
  • NVOX regularly undergoes security audits, penetration testing, and compliance checks.

6.2 Data Residency & Transfer Policies

NVOX operates internationally, and your data may be stored or processed in multiple regions, including:

  • United States (primary data center)
  • European Union (for GDPR-compliant processing)
  • Other secure third-party cloud servers as needed

When transferring personal data across jurisdictions, we ensure:
GDPR Compliance – If data is transferred outside the EU, it is protected under Standard Contractual Clauses (SCCs) or equivalent safeguards.
HIPAA Compliance – Data related to healthcare interactions is protected under U.S. healthcare regulations.
Local Data Laws – We comply with regional data protection laws wherever applicable.

6.3 Retention and Secure Deletion of Data

We follow strict data retention and deletion policies to minimize exposure:

  • Financial records (invoices, payments, 1099 forms): Retained for 7 years for tax and accounting compliance.
  • Professional records (licenses, credentials, background checks): Retained for the duration of your work with NVOX and up to 5 years post-termination for compliance audits.
  • Anonymized session data and AI research contributions: Retained indefinitely only if anonymized.
  • All other personal data (contact info, preferences): Deleted within 30 days of account closure.

If deletion is requested, NVOX follows secure data destruction protocols to permanently erase sensitive data from all active databases and backups.

7. RESPONSIBILITIES OF CONTRACTORS REGARDING USER PRIVACY

As a psychologist, therapist, or independent contractor on the NVOX platform, you are required to adhere to strict confidentiality and data protection responsibilities when handling user data, session records, and diagnostic reports.

7.1 Confidentiality Obligations

  • You must maintain strict confidentiality about user data and session details.
  • You must not share user data (session details, reports, assessments) with third parties unless legally required or authorized by the user.
  • You must not use AI or external tools (such as ChatGPT or third-party AI systems) to process, summarize, or analyze user data without explicit approval from NVOX.

7.2 Secure Handling of Client Records

  • Store session notes and reports within the NVOX platform only – do not download, print, or transfer them to external systems.
  • Access user data only as needed for legitimate purposes (diagnostics, reporting, or authorized follow-ups).
  • Report any suspected data breaches immediately to [security@nvox.com].

7.3 Legal and Ethical Compliance

You agree to comply with:
HIPAA (for U.S. users) – Protecting user health data in compliance with U.S. regulations.
GDPR (for EU users) – Ensuring proper handling, security, and legal basis for processing user data.
State and National Licensing Laws – Adhering to professional ethics and confidentiality obligations.

7.4 Handling Requests from Users

Users have the right to request access, correction, or deletion of their data. If a user makes a request:

  • Do not respond directly – Instead, refer them to NVOX support at [privacy@nvox.com] for proper handling.
  • Continue maintaining confidentiality unless legally required to disclose data.

7.5 Restrictions on External Communication

Contractors must not:
❌ Discuss user cases outside the NVOX platform.
❌ Save user details on personal devices or systems.
❌ Share session content with unauthorized parties, including supervisors unless required by law.

8. ENFORCEMENT OF PRIVACY POLICY AND DISCIPLINARY ACTIONS

NVOX takes violations of its Privacy Policy seriously. Any failure to adhere to the terms outlined in this Policy may result in disciplinary actions. The nature and severity of these actions will depend on the specifics of the violation and may include one or more of the following:

8.1 Types of Violations

Violations may include, but are not limited to:

  • Unauthorized sharing of personal or sensitive user data with third parties, including other psychologists, organizations, or AI tools without explicit user consent or legal authorization.
  • Failure to secure confidential user data, including leaving records exposed, storing session notes outside the NVOX platform, or using unsecured devices.
  • Using AI, third-party applications, or unauthorized tools to process, summarize, or analyze user data without prior approval.
  • Attempting to collect, retain, or use user data for personal, academic, or business purposes outside the scope of NVOX services.
  • Failure to report a known or suspected data breach involving user information.
  • Repeated non-compliance with NVOX’s security and confidentiality procedures.

8.2 Consequences of Violations

Depending on the severity of the violation, NVOX may take one or more of the following actions:

  1. Warning and Remediation – A written notice requiring immediate corrective action.
  2. Temporary Suspension – Restriction of access to the NVOX platform until the issue is resolved.
  3. Permanent Removal – Termination of the psychologist’s contract with NVOX, banning future participation.
  4. Legal Action – If necessary, legal action may be taken for data breaches, unauthorized use of sensitive information, or violations of applicable privacy laws.
  5. Reporting to Licensing Authorities – In cases of serious ethical or legal violations, NVOX may report the incident to relevant professional licensing boards or regulatory bodies.

8.3 Incident Reporting & Investigation

  • If a privacy concern, suspected breach, or unauthorized data use is detected, NVOX will conduct a thorough investigation.
  • Psychologists are expected to fully cooperate with investigations related to privacy or security breaches.
  • Any violations confirmed through an investigation may result in immediate corrective action.

8.4 Reporting Privacy Concerns

If you suspect a data breach, unauthorized access, or inappropriate handling of user data, you must report it immediately to [security@nvox.com].

  • Reports should include a description of the incident, the type of data involved, and any corrective actions taken.
  • NVOX will investigate all reports within 48 hours and take necessary action to mitigate risks.

9. CHANGES TO THIS PRIVACY POLICY

NVOX reserves the right to modify or update this Privacy Policy at any time to reflect changes in legal requirements, best practices, or business operations.

9.1 Notification of Changes

  • If changes are made that materially affect your rights or responsibilities, we will notify you by:
    Email notification to the address associated with your NVOX account.
    Posting a notice on the NVOX platform.
    Updating the “Last Updated” date at the bottom of this document.

9.2 Your Responsibility to Review Changes

  • You are responsible for reviewing any updates and ensuring ongoing compliance.
  • Continued use of the NVOX platform after an update constitutes acceptance of the revised Privacy Policy.
  • If you disagree with any updates, you may request account closure by contacting [privacy@nvox.com].

10. CONTACT INFORMATION AND QUESTIONS

For any questions, concerns, or requests regarding this Privacy Policy, you may contact us through the following:

Privacy & Data Protection Concerns: [privacy@nvox.com]
Security Issues or Suspected Breaches: [security@nvox.com]
General Inquiries: [contractors@nvox.com]

NVOX is committed to protecting the privacy of its psychologists and users while maintaining the highest standards of security and compliance.

📅 Last Updated: February 17, 2025