“A Privacy Policy is a legal document that outlines how a company collects, uses, discloses, and protects the personal information of its users or customers. It's essential for building trust with your audience and demonstrating your commitment to protecting their privacy.
Effective Date: 5-26-2025
1. Your privacy matters to us. At Tribal Playbook, we are committed to protecting your personal information and your right to privacy. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website TribalPlaybook.com, including any other media form, media channel, mobile website, or mobile application related or connected to it.
We understand the information you share with us is sensitive-especially when it comes to your health and well-being. That is why we handle your data with care, transparency, and in compliance with applicable privacy laws and regulations. Please read this policy carefully to understand our practices regarding your information. By using our website, services, or providing your information to us, you consent to the practices described in this Privacy Policy.
2. Types of Information Collected: Specify the types of personal information you collect from users. This might include:
Full Name
Email address
Phone Number
Mailing address (if applicable)
Health History- Health Related Information (e.g., lifestyle, habits, wellness, goals, or other details you choose to share during coaching intake forms or consultations)
Payment Information (collected and processed securely through third-party providers)
Automatically Collected Information- we may collect certain information when you visit our website including:
IP address
Browser type and version
Pages visited and time spent on the siteReferring website or source
Device type and operating system
The data helps us understand how visitors use our website and improve its functionality and user experience.
3. Methods of Collection: Information from Third Parties
We may receive information about you from third-party tools or services we use, such as:
Scheduling Platforms
Payment Processors
Email Marketing Platforms
These third parties may collect and process information according to their own privacy policies.
Methods of Collection: This might include:
Information provided directly by users (e.g., through registration forms, surveys, or contact inquiries).
Information collected automatically through cookies, tracking technologies, or analytics tools.
Information obtained from third-party sources, if applicable.
4. Purpose of Collection: This might include:
Providing and improving your products or services.
Communicating with users and responding to inquiries.
Personalizing user experience and content.
Marketing and promotional activities.
Legal compliance and protection of rights.
5. Use of Information: HIPAA Compliance and Protected Health Information (PHI)
As part of our health coaching services, we may collect and store personal health information that you voluntarily share with us. We recognize the sensitive nature of this information and are committed to protecting your privacy in accordance with the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
What is Protected Health Information (PHI) PHI included any information related to your physical or mental health, health care services, or payment for those services that can be used to identify you.
Our Responsibilities Under HIPAA:
We do not share your PHI without your explicit consent, unless required by law.
We implement appropriate administrative, physical, and technical safeguards to protect your information from unauthorized access, disclosure, or misuse.
We ensure any third-party service providers we use (e.g., scheduling or payment platforms) are also HIPAA-compliant or do not access PHI.
Your Rights Regarding PHI:
You have the right to access, amend, or request deletion of you health information
You may request restrictions on certain uses or disclosures of your PHI.
You can request a record of disclosure we’ve made of your PHI, if applicable
Please note: While we strive to follow HIPAA guidelines, not all coaching services are classified as covered entities under HIPAA. If you have any concerns about how your information is handled, we encourage you to contact us directly.
6. Sharing of Information: We value your privacy and are committed to protecting your personal information. We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following limited circumstances.
With your consent- We may share personal information with third parties if you have given us your explicit consent to do so.
Service Providers- We may share your information with trusted third-party services providers who perform services on our behalf, such as hosting, analytics, email delivery, customer service, and marketing assistance. These service providers are contractually obligated to keep your information secure and use it only for the purpose specified by us.
Legal Requirements- We may disclose your information if required to do so by law or in response to valid legal requests, such as subpoenas or court orders, or to comply with applicable laws and regulations.
Protection of Rights and Safety- We may disclose information to enforce our Term and Conditions, to protect our rights and property or to protect the safety of our users or others.
Business Transfer- In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to a successor or affiliates as part of that transaction.
Aggregated or De-Identified Information- We may share aggregated or de-identified information that cannot reasonably be used to identify you. This information may be used for research, analytics, or improving our services.
Service providers and business partners involved in delivering your products or services.
Legal or regulatory authorities in compliance with applicable laws or regulations.
Other third parties with user consent or as otherwise permitted by law.
7. Data Security Measures: We take the security of your personal and health information seriously and implement a range of technical, administrative, and physical safeguards to protect it in compliance with Health Insurance Portability and Accountability Act (HIPAA)
HIPAA Compliance- We follow industry best practices and comply with applicable HIPAA regulations to protect your Protected Health Information (PHI). This includes secure data handling, storage and transmission procedures.
Secure Storage- All personal and health-related data is stored using HIPAA- compliant cloud services with strong encryption standards. Access is restricted to authorized personnel only.
Data Encryption- We use strong encryption (such as AES-256) to protect your information during transmission (TLS/SSL) and at rest.
Access Controls- Access to PHI is strictly limited to trained staff who require it to perform their duties. We implement role-based access controls, strong password policies, and session timeouts.
Audit Logs and Monitoring- We maintain log of access to PHI and regularly monitor systems for unauthorized access or suspicious activity.
Secure Communication- Any communication containing PHI(e.g., emails, messages, telehealth, sessions) is conducted through HIPAA- compliant platforms.
Breach Notification- In the unlikely event of a data breach involving PHI, we will notify affected individuals and relevant authorities in accordance with HIPAA Breach Notification Rule.
8. User Rights: Inform users of their rights regarding their personal information, such as:
Rights to Amend- If you believe that any information we have about you is incorrect or incomplete, you may request that we correct or update it.
Right to an Account of Disclosure- You have the right to request a list of certain disclosures of your health information we’ve made, other than for treatment, payment, or operational purposes.
Right to Confidential Communications- You can ask us to communicate with you in a specific way (for example, only by email or at a different address) to help protect your privacy.
Right to Revoke Authorization- If you have given us permission to use or share your information, you may revoke that permission at any time in writing. This will not affect information already shared with your consent.
Right to File a Complaint- If you believe your privacy rights have been violated, you have the right to file a complaint with us or the U.S Department of Health and Human Services (HHS). We will not retaliate against you for filing a complaint.
Right to Receive a Coptof this Policy- You may request a printed copy or electronic copy of this Privacy Policy at any time.
The right to access and review their personal information.
The right to request corrections, updates, or deletions of their information.
The right to opt-out of certain data processing activities, such as marketing communications.
9. Data Retention: We retain Protected Health Information (PHI) for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. Typically, PHI is retained for a minimum of six (6) years from the date of its creation or the date it was last in effect, whichever is later in accordance with HIPAA regulations.
Purpose of Retention
Your PHI may be retained for purposes included but not limited to:
Providing ongoing health coaching services
Meeting legal, regulatory, or contractual requirements
Defending against potential legal claims
Internal analytics and recordkeeping (when de-identified)
Data Security and Storage
All PHI is stored securely using industry standard encryption and access controls. We take appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and availability of PHO during its retention period.
Destruction of PHI
When PHI is no longer required to be retained it will be securely destroyed or de-identified in accordance with HIPPA guidelines and our internal data disposal policies.
10. International Data Transfers: As part of providing our health coaching services, your personal information, including any health-related data or Protected Health Information (PHI), may be transferred to, stored, and processed in countries outside of your country of residence. This includes transfer to the United States, where our servers and data processing facilities are located.
Legal Basis for Transfer
We take steps to ensure that international data transfers are conducted in accordance with applicable data protection laws, including:
The General Data Protection Regulation (GDPR)- for users in the European Economic Area (EEA) and the UK.
The Health Insurance Portability and Accountability Act (HIPAA) for users in the United States.
When we transfer data internationally, we rely on legal mechanisms such as:
Standard Contractual Clauses (SCCs)- approved by the European Commission
Data processing agreement- with our vendors and partners
User consent, when required
Data Safeguards
We implement appropriate safeguards to protect your information, including:
Encryption during transmission and storage
Access controls and authentication
Periodic audits of our security practices
Ensuring third-party processors follow data protection standards equal to those in your jurisdiction.
Your Rights
If you are located in the EEA, UK or other region with data protection laws governing the transfer of your personal information, you may have the right to:
Request a copy of the data transfer mechanism we rely on
Withdraw your consent at any time, where consent is the legal basis for processing
Lodge a complaint with your local data protection authority.
11. Changes to the Privacy Policy: Reserve the right to update or modify the Privacy Policy at any time. We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal obligations, or other operational needs. When we make changes, we will revise the “Last Updated” date at the top of this page.
Notification of Changes- If we make material changes to how we collect, use, or share your personal information we will provide notice by:
Posting a prominent notice on our website
Sending an email notification (if you have provided us with your contact information)
Updating this Privacy Policy with a clear explanation of the changes.
Continued Use of Services
Your continued use of our service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the changes, you may discontinue use of our services and request deletion of your personal data, subject to applicable laws and our data retention obligations.
12. Contact Information: Questions, concerns, or requests related to their privacy rights or the Privacy Policy, contact [email protected]