Privacy Policy

Effective Date: Dec 3, 2025

At NPSN, we’re committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you:

  • Use the NPSN Services: App (mobile) or NPSN Platform (web-based version) as a User,
  • Visit the NPSN website,
  • Register for or participate in NPSN sponsored webinars, events, or marketing activities,
  • Interact with NPSN’s marketing communications, or
  • Otherwise, share your personal information with NPSN or NPSN Services .

This Privacy Policy applies exclusively to situations where NPSN acts as a Data Controller (as defined under applicable privacy laws and regulations) in our direct relationship with individual users. If you are accessing NPSN Services through an organization that has contracted with us (a “Customer“), NPSN’s role as a Data Processor is governed by our Data Processing Agreement (“DPA“) with that Customer.

By using NPSN Services, you acknowledge this Privacy Policy and consent to the practices described.

NPSN Services are not a substitute for professional care, licensed therapy, or crisis support. Users should not use NPSN Services for any of the Prohibited Topics listed in the Terms & Condition including but not limited to: obsession with another person, isolation, stalking, threats disguised as concern or love, emotional dysregulation, detachment from reality, suicidal ideation, psychosis, extreme paranoia, self-neglect, or cumulative or escalating behaviors indicating danger. If you use NPSN Services to discuss any of these topics, your access may be suspended or terminated and you will be directed to seek help from a licensed therapist, doctor, or emergency services.

Definitions:

  • Inputs: The words, messages, or content you write or upload to the NPSN Services, or NPSN website.
  • Outputs: The responses, messages, or content generated by NPSN’s Services in response to your Inputs.
  • User Data: All Inputs, Outputs, and other information you provide directly as an individual user.
  • Customer Data: Information provided by organizations (such as your employer or school) to set up and manage your account, such as your name, email, and admin data. Customer Data is governed by our Data Processing Addendum (DPA), not this Privacy Policy.

Important: NPSN services are not a covered entity under HIPAA and do not provide medical or clinical services. Please do not include any Protected Health Information (PHI) or sensitive medical information in your interactions with our Service.

By using NPSN Services, you acknowledge this Privacy Policy and consent to the practices described.

Information We Collect

We collect different types of information depending on how you interact with NPSN as a user of the NPSN Services, as a website visitor, or as a participant in our marketing activities.

User Data (Inputs and Outputs)

  • Inputs: The words, messages, or content you write or upload to the NPSN Services, or website (for example, your questions, messages, or prompts).
  • Outputs: The responses, messages, or content generated by NPSN Services in response to your Inputs.
  • Conversation Data: The content of your interactions with NPSN Services , including both your Inputs and the Outputs generated for you.

Account and Profile Information

  • Account Information: Name, email address, phone number, and payment details when you create an account.
  • Profile Information: Optional demographic information, preferences, and goals you choose to provide.

Service Usage and Device Information

  • Usage Data: How you interact with NPSN’s services, including features used, session duration, frequency of use, and engagement patterns.
  • Device Information: Device type, operating system, browser type, IP address, and mobile device identifiers.
  • Location Information: General location based on IP address (not precise GPS location).

Website Visitors and Marketing Activities

  • Contact Information: Name, email address, company, job title, and any information you provide when registering for webinars, downloading resources, or subscribing to marketing communications.
  • Website Analytics: Information about your interactions with our website and emails (such as IP address, browser type, device, and engagement with marketing content).

How We Use Your Information

Service Provision and Improvement

  • Delivering personalized AI conversations and support (generating Outputs in response to your Inputs)
  • Analyzing Inputs, Outputs, and usage patterns to enhance and personalize your experience
  • Developing and training our AI models using anonymized and aggregated Inputs and Outputs to improve service quality. If NPSN ever uses non-anonymized data for AI training, we will require explicit user opt-in and describe this clearly in the in-app privacy settings.Creating and using synthetic data derived from anonymized user interactions
  • Generating aggregated insights to improve our support strategies

Account Management

  • Creating and maintaining your account
  • Processing subscription payments and managing billing
  • Communicating about your account, service updates, and support
  • Providing technical support and responding to your inquiries

Website and Marketing Activities

  • Operating and improving our website and marketing communications
  • Sending you marketing emails or event invitations (if you opt in)
  • Understanding how visitors use our website and marketing materials

Legal and Security Purposes

  • Protecting the security and integrity of our Services
  • Detecting and preventing fraudulent activity
  • Complying with legal obligations
  • Enforcing our Terms and Conditions, including the Acceptable Use Policy and Prohibited Topics. NPSN may suspend or terminate accounts for violations of Acceptable Use or if required by law, and may remove content that violates policies or indicates the need for professional care.

Information Sharing and Disclosure

We treat your information with the utmost confidentiality and do not sell your personal information.

We may share your information in the following limited circumstances. NPSN may also disclose personal information as required to comply with applicable laws, regulations, legal processes, subpoenas, or governmental requests.

Service Providers (Sub-processors). We work with trusted third-party service providers (“sub-processors”) who perform services on our behalf, such as:

  • Cloud storage and hosting providers
  • Payment processors
  • Analytics services
  • Customer support tools

All service providers are contractually required to use your information only to provide services to NPSN and must comply with this Privacy Policy and applicable privacy laws.

Business Transfers. If NPSN is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. If this happens, we will notify you by email and/or a prominent notice on our website about any change in ownership or how your information is used.

Legal Requirements and Safety. We may disclose your information if required by law, legal process, or a government request, or if we believe it is necessary to protect our rights, address fraud, or protect your safety or the safety of others.

Your Privacy Rights

These rights apply to your User Data, including your Inputs and Outputs, and to any personal information you provide directly to NPSN or NPSN Services as a user, website visitor, or marketing contact. Your privacy rights vary based on your location. Below, we outline rights available under major privacy frameworks:

All Users

Applies to user located in:

  • United States (general consumer privacy rights-not state-specific)
  • Canada (PIPEDA and equivalent provincial principles)

Regardless of location, you can:

  • Access and review your personal information
  • Update or correct inaccurate information
  • Request deletion of your account and personal information
  • Opt out of marketing communications
  • Download your Inputs and Outputs (where available)
  • Request deletion of your Inputs and Outputs (where available)

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@npsn.org. We will respond to your request within the timeframe required by applicable law. For verification purposes, we may request additional information to confirm your identity before fulfilling your request.

These rights apply to your User Data, including your Inputs and Outputs, and to any personal information you provide directly to NPSN as a user, website visitor, or marketing contact.

Data Retention and Deletion

Account Information

  • We retain your account information for as long as your account is active
  • After account termination or subscription cancellation, we will delete your personal information within 30 days. If your account was created through an organization, certain Customer Data may be retained as required by our agreement with your organization.

Conversation Data

  • Conversation Data includes your Inputs and the Outputs generated by NPSN’s Services.
  • Active Users conversation history is retained to provide personalized service.
  • After account termination, conversation data is deleted within 30 days unless retention is required by law or legitimate business purposes (such as legal defense or compliance).
  • If an account is terminated for Acceptable Use violations, NPSN may retain certain information as required by law or for legitimate business purposes.

Anonymized and Aggregated Data

  • We may retain anonymized and aggregated data indefinitely. Anonymized and aggregated data may include anonymized Inputs and Outputs.
  • This data cannot be used to identify you personally
  • We use this data for service improvement, research, and analytics

Usage Data

  • Basic usage statistics may be retained for up to 24 months
  • After this period, data is fully anonymized or deleted
  • Anonymized usage patterns may be retained indefinitely for service improvement

Requesting Deletion

You may request deletion of your Inputs, Outputs, and other User Data at any time using these methods:

Security Measures

We implement robust security measures to protect your information:

Technical Safeguards

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Continuous monitoring for unauthorized access

Organizational Controls

  • Employee training on privacy and security
  • Background checks for employees with data access
  • Documented security policies and procedures
  • Incident response plan for potential data breaches

Third-Party Assessments

  • Regular third-party security assessments
  • Compliance verification with industry standards
  • Vendor security reviews

Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify you in accordance with applicable laws
  • Provide information about the breach and our response
  • Offer guidance on protecting yourself from potential harm

International Data Transfers

As a global service, your information may be transferred to and processed in countries other than your country of residence:

Transfer Mechanisms

  • For other jurisdictions, we implement appropriate safeguards as required by local law
  • We assess the privacy laws of recipient countries to ensure adequate protection

Data Localization

  • Where required by law, we may store certain data within specific geographic regions.
  • We work with cloud providers that maintain global infrastructure to support regional data storage requirements.

Cross-Border Transfer Safeguards

  • Technical safeguards, including encryption and access controls
  • Contractual commitments from service providers regarding data protection
  • Regular assessment of cross-border transfer risks

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements:

  • Material changes will be notified via email or through the Service
  • Updates will be posted on our website with a revised “Last Updated” date
  • Continued use of the Service after changes constitutes acceptance of the updated policy
  • For significant changes, we may request renewed consent

Contact Information

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us at: privacy@npsn.org.

Important Information About Our Service

Non-Medical Nature of Service

  • NPSN services provides conversational support through an AI chatbot, not medical advice or clinical therapy
  • Our AI is not a licensed therapist, counselor, or healthcare provider
  • The Service is not a substitute for professional advice, diagnosis, or treatment
  • Conversations with NPSN services are processed automatically by our AI systems, not reviewed by human staff except in limited circumstances for service improvement

Automated Processing

  • Our Service operates primarily through automated processing
  • We do not routinely monitor or review the content of individual conversations
  • Automated systems may analyze conversations to improve the AI’s responses and functionality
  • Any human review of data is conducted on anonymized or aggregated data sets for service improvement purposes

Data Sensitivity

We process this information in accordance with applicable privacy laws

While not classified as medical data under most regulations, we recognize the personal nature of conversations

We implement security measures appropriate to the sensitivity of the information