Privacy Notice

Introduction and Scope
This Privacy Notice (“Notice”) describes how the Rethink Benefits and RethinkCare divisions of Rethink Autism, Inc. (“Rethink,” “we,” “us,” or “our”) collect, use, disclose, secure, and eventually dispose of (collectively “process”) your personal information. Personal information is any information that does, or could, identify you.

Rethink values the privacy of individuals who use our websites, mobile apps, technology platforms, and related services. When you access these services, you trust us with your personal data, and we are committed to keeping that trust and being transparent about our privacy practices.  This includes This includes Consultants (“Consultants”), who are third-party Consultants, Coaches (“Coaches”), who are third-party Coaches, and Caregivers (“Caregiver”), who are third-party Caregivers, or applicants seeking to become a Consultant, Coach or Caregiver (“ Applicants”).

This Notice applies to personal information collected on:

• our websites (including rethinkbenefits.com/eb/ and rethinkcare.com),
• our mobile apps (Rethink Benefits and RethinkCare),
• the associated technologies and communications media,
• RethinkCare application, websites, and technology platform, and
• any offline interactions with you

(collectively, the “services”).
Our websites include public and subscription-only sections, and our mobile apps and platform components are part of subscription-only services.

The Privacy Notice explains how we collect, use, and share information from individuals who use the services. Users covered by this Notice include, without limitation:

• individuals accessing the services to learn about or use the offerings;
• employees of corporate customers of Rethink or of corporate customers of Rethink channel partners;
• parents using the services on behalf of or for the benefit of their children;
• members of a child’s “support team” such as family members or teachers who are invited to participate;
• visitors to public websites;
• Consultants, coaches or caregivers who access relevant components of the services;
• applicants seeking to become a consultant, coach or caregiver; and
• anyone else who accesses the services.

For parents and legal guardians, the definition of “your personal information” includes your child’s personal information if you have entered it into the services. A “primary user account holder” is the employee of a corporate customer of Rethink, or a corporate customer of a Rethink channel partner, who enrolls in the services.

Rethink channel partners are intermediaries selected or approved by your organization through which you may access the services. This Notice does not cover the personal information processing of channel partners. If you are uncertain whether you access the services through a channel partner, please consult your organization.

RethinkCare currently provides access to digital tools, content, and related services across multiple subscription-based libraries and solution areas, including those focused on family support (formerly known as ‘Rethink Benefits at Home;’ ‘Parental Success’), professional and workplace development (formerly known as ‘Rethink Benefits at Work’; Professional Resilience), and personal wellbeing. These libraries and offerings may be renamed, expanded, consolidated, or otherwise modified over time.

Rethink is the data controller in relation to the services. Rethink Benefits and RethinkCare are part of the Rethink group of businesses. This Notice applies only to the Rethink Benefits and RethinkCare divisions and applies to uses of the RethinkCare platform as part of the services.

This Notice is an important part of the agreement between you and RethinkCare. Any capitalized terms not defined in this Notice have the meaning given to them in the agreement or in other referenced policies.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time at our sole discretion. Any changes will be posted in the services, including on applicable platforms, indicating the date on which the Notice was last updated and posted on the footer. Material changes will be communicated to you through an appropriate channel (for example, via a notice in our services). Any changes will be effective upon the date of posting unless explicitly stated otherwise.

As long as you use the services, you are agreeing to this Privacy Notice and any updates made to it. If you disagree with an updated Privacy Notice, you may terminate this agreement with immediate effect by discontinuing your use of the services. Your continued use of the services following the effective date of any modified terms indicates your acceptance of the modified Notice.

Personal Information We Collect

We collect personal information from you and about you in several ways, including information you provide directly, information provided by your employer or channel partner, information provided by other users, information collected through your use of the services, information collected automatically through technologies such as cookies, and information collected from third parties or third-party services. This includes information collected directly from Users that sign up for an account, apply to become a Consultant, Coach, Caregiver, or contact us through the Platform. When we collect personal information directly from you, you will know the details of that information.

1. Information You Provide Directly for All Subscription Environments

Personal information you may provide includes:

Login credentials (username and password).

Name, job role, e-mail address, telephone number; country, state, and city of location.

Sessions and courses you “like.”

Ratings and feedback about the services.

Information provided in surveys, assessments, or questionnaires.

Information you choose to provide in surveys, assessments, or questionnaires.

Any personal details you reveal through free-form use of the services (e.g., discussing activities during a consultation, responding to survey questions, Training module information, such as quiz scores or uploading photos/documents).

There is information you provide only if you register for specific areas:

For Coaching and Consultations and Navigator, the information collected includes: Your schedule of appointments with consultants.

Information you choose to provide when creating a profile for your child (optional), including:

name, date of birth, school grade, photo, developmental disabilities or concerns.

Information you choose to provide about your child in written, phone, or video consultations.

2. Public Websites

You may provide personal information through:

“Contact Us” or similar forms,

Chat features,

“Email Us” or comparable features.

Rethink Platform User Information

When using the services, you may provide:

Registration and profile information (name, email address, password, phone number).

Profile photos.

User ratings and feedback (including ratings of consultants, coaches, caregivers, or service providers).

Testimonials, feedback, or other submissions.

Communications through audio, video, or chat tools.

Other information not specifically listed here but provided by you.

3. Consultants, Coaches, Caregivers, and Applicants

In addition to the above, personal information may include:

Name, location, business contact information.

Professional certifications, experience, licensing details.

Date of birth, Social Security number or other government ID, government-issued ID, insurance information, and other documentation handled through third-party providers.

Profile photos.

Payment-related information (e.g., bank routing numbers, tax information) for those who receive payments.

User ratings, feedback, and survey responses.

User Comments submitted to areas viewable by users or personnel.

4. Information We Receive from Employers or Channel Partners

This may include:

Your name and email address.

Additional information selected by your employer for service usage reporting (e.g., work location, department).

Your employee number or similar unique identifier.

Channel partner processing is not covered by this Notice. If unsure whether you access the services via a channel partner, consult your organization.

5. Information Collected Through Your Use of the Services

Usage Tracking

We collect information about:

Time spent interacting with subscription-only content.

Which sessions and courses you complete.

Routine monitoring and recording of usage for security and user support.

Wearable or Connected Device Data

If you connect a device or product integrated with the services, we may receive:

Fitness data (e.g., steps),

Heart rate, blood oxygen level, sleep activity,

Device identifiers (serial number, Bluetooth address, UPC, etc.).

Data from Third-Party Services

If you choose to share information from third-party services (e.g., Apple HealthKit, Fitbit):

It is used to provide services such as recommending content.

Such recommendations are not medical advice and not for diagnostic purposes.

We do not use this data for marketing or advertising.

We do not share this data with third parties.

6. Information Collected Automatically Through Technology

We use cookies and similar technologies to recognize your device and collect information such as:

Pages visited, features used, and duration of visits.

Navigation patterns and login facilitation.

Device information including IP address, browser type, operating system version, manufacturer, application installations, device identifiers.

Crash and error event data.

Communication metadata (e.g., date and time of calls, messages, content sent through the platform).

Cookies and Similar Technologies Include:

Cookies (browser cookies) — may be refused by adjusting browser settings; refusal may limit access to parts of the services.

Flash cookies — store preferences and navigation information; managed separately from browser cookies.

Web beacons / pixel tags / clear GIFs — used to count visitors, analyze popularity of content, verify system integrity, and track engagement.

Third-party providers may also use these technologies for the purposes described.

7. Information Collected from Third Parties

We may collect personal information from:

Publicly available sources.

Social media platforms (e.g., SSO via Google or Apple ID) where you permit connection.

Third-party websites or applications you use to access or interact with the services (e.g., Zoom, Indeed, LinkedIn), including information collected or provided by third-party data providers.

Other users, including updates from calls, emails, or sessions.

We do not control third-party information collection. Their use of your personal information is governed by their own terms and privacy policies.

How We Use Your Personal Information

We will never sell your personal information.

We use the personal information we collect from you and from other sources to provide the services and for other purposes described in this Privacy Notice. These purposes include:

1. To Provide, Operate, and Improve the Services

We use personal information:

to provide our services, including managing log-ins and maintaining security and confidentiality of data contained in the services;

to schedule and hold consultations with consultants, including behavioral, neurodiversity, caregiving, or coaching interactions as applicable;

to connect users with coaches, caregivers, consultants, or other users;

to make connection recommendations and enable communication between users through audio, video, or chat features;

to communicate essential service information;

to provide customer support;

to monitor, maintain, and improve the quality and integrity of the services and platform;

to monitor compliance with our Terms of Use;

to personalize the user experience;

to recommend content;

to respond to your requests or questions, including through forms and chat features.

2. For Research, Development, and Service Improvement

We use personal information:

to analyze and improve the services and user experience, including identifying which components you find useful or difficult to use;

to develop and improve products and services;

to publish and share information and content to engage with users and potential users;

to build, onboard, and support a diverse community of service providers such as consultants, coaches, or caregivers.

Usually, the information used for these purposes does not directly identify you as an individual.

3. For Marketing Purposes

Where permitted by applicable law, we may:

send marketing messages for products or services we believe may interest you;

communicate about our services with users and potential users;

measure the effectiveness of our marketing communications.

You may opt out at any time (see “Your Rights and Choices”).

4. To Create Anonymous, Aggregated, or De-identified Data

We may create anonymous, aggregated, or de-identified data from personal information by removing information that makes the data personally identifiable. Such data may be used for any lawful purpose, including research and service improvement. De-identified information cannot reasonably be reconnected to an individual.

5. For Compliance, Fraud Prevention, and Safety

We may use personal information:

to protect the rights, property, or safety of us, users, or the public;

to investigate misuse, enforce agreements, or ensure compliance with applicable policies.

6. To Comply with Law

We may use personal information to comply with legal requirements, regulations, or processes, including civil or criminal subpoenas, court orders, or other compulsory disclosures.

7. With Your Consent

We will use your personal information whenever you consent to such use. You may withdraw consent at any time (see “Your Rights and Choices”).

8. Lawfulness of Processing (GDPR and Other Jurisdictions Requiring Legal Bases)

Where required by applicable law, such as the EU/EEA, UK, or China, the legal basis for processing your personal data depends on the purpose:

Disclosure of Your Personal Information

Your personal information is only disclosed or shared where authorized by You or the law. Who we disclose your personal information to depends on the specific items of information and the purposes for which we use them. We may share or disclose personal information as needed to provide the services and as otherwise described in this Privacy Notice. Your personal information may be disclosed to the following categories of recipients:

1. Employees and Contractors

We may disclose personal information to Rethink employees and contractors who have a role requiring access to your information (“need to know”) to provide the Services. These personnel are bound by employment or contractor terms requiring confidentiality and security and are trained in applicable laws governing confidentiality of personal health information.

2. Service Providers (“Processors”)

We use third-party service providers to perform tasks on our behalf, such as hosting services, secure video calling, engineering, candidate recruitment, payment processing, research, marketing, and other support functions.

Service providers:

• process your information only on our behalf and according to our instructions,
• are contractually bound to protect your information, and
• are prohibited from using it for their own purposes.

3. Professional Advisors

We may disclose personal information to professional advisors such as lawyers, bankers, auditors, and insurers where necessary in the course of the professional services they provide to us.

4. Other Third Parties (De-identified Information)

We may disclose de-identified information to third parties, including business partners and research organizations. De-identified information has been stripped of attributes that tie it to a particular individual and cannot reasonably be reconnected to that individual.

5. Service Usage Reporting

Channel Partners

We may provide:

• Aggregate, non-personal utilization data to channel partners.
• Identifiable content usage information (e.g., courses started or completed, login frequency) for the purpose of administering employer programs.

For any educational tools, identifiable usage information is limited to confirmation that you completed a course—not the specific content you viewed. We do not disclose your or your child’s profile information or consultation interactions.

Employers

We may provide:

• Aggregate, non-personal utilization data to your employer.
• We may disclose identifiable information about the number of courses you completed (but not specific content) for employer incentive program administration.

6. Disclosures
   
   1. Personal information collected in coaching/consultation sessions may be disclosed voluntarily by You to other authorized users of the services, as the primary user account holder determines who is authorized and their level of access.
   2. Employers providing RethinkCare as a benefit are not users of the services and do not receive your personal information except as described above under employer reporting.

7. Information We Have Disclosed to Service Providers in the Last 12 Months

We have disclosed the following categories of personal information to service providers:

• Identifiers such as name, email address, username, and IP address.
• Personal information defined under certain US state laws, including address and telephone number.
• Internet activity and usage information from websites and applications.
• Protected classification characteristics and special categories of data (e.g., gender, health information).

8. Corporate Transactions

Personal information may be disclosed or transferred to third parties as part of any:

• merger,
• acquisition,
• financing,
• sale of assets, or
• similar corporate event.

9. Legal and Compliance-Related Disclosures

We may disclose personal information to:

• government agencies,
• law enforcement,
• courts,
• other authorities, or
• third parties (including sponsors),

when required to comply with applicable law, legal obligations, court orders, or other legal processes.

Information provided to consultants may not be protected by physician-patient privilege.

10. Safety and Vital Interests

If we reasonably believe that the safety or vital interests of any individual are at risk, we will disclose personal information to relevant parties as necessary to assist the individual.

11. Protection of Business Interests

Where permitted by applicable law, we may disclose personal information to our professional advisors or other qualified parties when reasonably necessary to protect our essential business interests.

How do Users share information with one another?

The RethinkCare Platform offers opportunities for connection between Users.  By accessing Services you may share information with other Users, including: Expert Consultants, Coaches & Caregivers. The Platform makes Consultants, Coaches’ and Caregivers’ profile information – including name, photo, quotes, videos, ratings, and professional details – available to other Users. Users. When Users communicate using the audio, video, or chat features of the Platform, the User’s name and photo are displayed to the Consultant, Coach, or other User(s). The User may also choose to share additional personal information using the audio, video, or chat features of the Platform.  Additionally, when you participate in a program together with other participants, your personal information may be visible to other participants.

Information security

We employ technical, physical, and administrative security measures appropriate to the categories of personal information processed in our services. These measures include, for example: encryption at rest and in transit, roles-based access, firewalls, and anti-virus software. For more details of our practices, please consult our Information Security Standards statement.

We protect information about individual’s diagnoses, treatments, and outcomes with particular care. Rethink is HITRUST CSF certified. HITRUST CSF is a security and privacy framework that covers, among others, HIPAA and National Institute for Standards and Technology (NIST) standards.

No matter how carefully we safeguard your information, it is unfortunately not possible to guarantee that it will never be accidentally or illegally breached. We also cannot protect against any misuse, loss, or alteration of any user-editable content. You also have an important role in in protecting Personal Information. You should not share your username and password with anyone, and you should not re-use passwords across more than one site. If you have any reason to believe that your username or password has been compromised, please contact us [email protected].

Data retention

We will retain your personal information as long as necessary to fulfill the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes or enforce our Terms of Use.

Your rights are described below to request deletion of your data outside of our normal data retention schedule and to withdraw your previously given consent to our processing of your data.

International transfer

Rethink is based in the United States. Your personal information is stored on our systems in the US.

If you live in the European Union, European Economic Area, or UK, note that the European Commission has not issued an unlimited adequacy decision for the US.

As set out in this Notice, Rethink strives to protect your data and your rights regardless of any international transfer.

We obtain your explicit consent to transfer your information to the US and cannot provide our services without that consent.

Should we disclose your personal information to a Rethink service provider (see the Section on Service Providers in this Notice) located outside the US, we will put in place appropriate legal safeguards (for example, standard contractual clauses) that are designed to protect your personal information in the new jurisdiction.

Your Rights and Choices

US and international laws give you various rights over your personal information and, where applicable, your child’s personal information. These may include the right to:

• access personal information held about you;
• correct inaccurate or out-of-date personal information;
• request deletion of your personal information;
• restrict processing of your personal information;
• data portability: receive your personal information in a readily usable format;
• object to processing when the legal basis is our legitimate interests.

Notice of withdrawal of consent and all requests to exercise privacy rights should be addressed using the contact information provided in Section below “Options for Limiting the Use of Your Information” of this Notice.

When a Consultant, Coach, or Caregiver terminates their account, we remove the Consultant’s or Coach’s profile from the Platform. However, Users will continue to have access to their communications with former Consultant, Coaches, and Caregivers.

If you believe your privacy rights have been infringed, please contact us so we may attempt to resolve the issue. If you are an EU/EEA/UK resident, you have the right to lodge a complaint with your EU/EEA supervisory authority or, in the UK, with the ICO.

Marketing Communications

• You may opt out of our marketing communications at any time, including through “unsubscribe” links in emails or by replying “STOP” to text messages.
• Where required by local law, we will obtain your prior consent before sending marketing communications. You may withdraw that consent at any time using opt-out mechanisms in marketing messages or by contacting us using the information below.
• If you are a user of subscription-only services, you may continue to receive service-related communications even after opting out of marketing. These service communications contain important information about the services you use.

Options for Limiting the Use of Your Information

You may use the following options to change or limit how your information is used:

• Profile Information: You may review, request an update, or request the deletion of certain information in your profile.
• Communications Preferences:
  • You may opt out of receiving text messages by replying “STOP” or by contacting us.
  • You may opt out of marketing-related emails by using the unsubscribe instructions or by contacting us.

Do Not Track

We do not currently respond to “Do Not Track” signals from web browsers. To learn more about “Do Not Track,” please visit:
http://www.allaboutdnt.com

Account Deletion Requests

Consultants, Coaches and Caregivers 

When a Consultant, Coach or Caregiver terminates their account, we remove the profile from the platform. However, users will continue to have access to their communications with former Consultants, Coaches, or Caregivers.

Other Users

When a User who is not a Consultant, Coach or Caregiver terminates their account, we delete the User’s profile. For compliance purposes, we will retain any communications between the User and any Consultants, Coaches, or Caregivers.

All Users

We retain personal information after an account is canceled to the extent reasonably necessary to:

• comply with legal obligations;
• meet payment or financial requirements;
• satisfy regulatory requirements;
• respond to law-enforcement requests;
• resolve disputes;
• maintain security;
• prevent fraud and abuse; and
• enforce the Terms of Service.

We also retain de-identified information.

Other Sites and Services

The RethinkCare Mobile Apps, websites, other technologies and other communications may be accessible through or contain links to other websites or platforms (e.g., Zoom, YouTube) operated by third parties. We also may use third-party websites (e.g., LinkedIn, Indeed, Handshake, Stripe) to recruit Consultant or Coach candidates, process applications, pay Consultants and Coaches, process payments, or otherwise operate our services.  These links are not an endorsement of or representation of any third party that we are affiliated with. We do not control third-party websites and are not responsible for their actions. Other websites and services follow different rules regarding collecting, using, and sharing your personal information. Any exchange of data or other interaction between a User and any third-party provider is solely between the User and that third-party provider and is governed by their terms and conditions.  We encourage Users to read the privacy policies of the other websites and online services they use.

To access, correct, update, or delete certain of your personal information, click on the edit button (pen symbol) in the app. Alternatively, you may email us [email protected] to request access to, correct, or delete certain personal information you provided us. If you close your RethinkCare account, we will remove your name, contact, and identifiable information from our publicly viewable database.

Artificial Intelligence

At RethinkCare, we are committed to ensuring that our AI-driven tools and technology are developed and deployed responsibly, with a focus on transparency and security. Transcription services are being used during consultations and coaching sessions and leveraged to generate session notes for Consultants and Coaches to review and approve/edit. RethinkCare also leverages AI to support “Guided Journey’s” within the platform to quickly connect members to the right content, resources, or tools. See our AI Code of Ethics.

Children’s Privacy

RethinkCare is not intended for anyone under thirteen (13) years of age, and the 13-18 years old must use the product under direct parental supervision.  We do not request any information regarding our users’ age, and we do not knowingly collect personal information from children under thirteen (13) years of age. If we learn we have collected or received personal information from a child under thirteen (13) years of age without verification of parental consent, we will delete that information. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us at [email protected].

Servers Located in the United States

We are headquartered in the United States, and the servers and other technology supporting RethinkCare operations are located in the United States.  If you submit any personal information to RethinkCare (for example, if you provide your email to sign up for an email newsletter), you understand that you are voluntarily consenting to the transmission of such information to an organization in the United States and your information will be stored and processed in the United States.   

Your California Privacy Rights

California residents have the rights listed below under the CCPA. However, these rights are not absolute, and in some instances, we may decline your request as permitted by law.

Information. You can request information about how we have collected, used, and shared your Personal Information during the past 12 months. We have made this information available to California residents without having to request it by including it in this notice in the above chart.

Access. You can request a copy of the Personal Information we collected about you during the past 12 months.

Deletion. You can ask us to delete the Personal Information we collected from you.

Opt-out of sales. You can opt out of any sale of your Personal Information.

Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA. Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you. You are entitled to exercise the rights described above free from discrimination.

How to Submit a Request

To request access to or deletion of personal information, email [email protected].

Identity Verification

The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request.

Authorized Agents

California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.

Contact us

Data Protection Officer: Click to send an email [email protected] or (800) 708-2154

Rethink Autism, Inc.

49 West 27th Street, 8th Floor

New York, NY 10001

USA

EU Representative:

MyEDPO Ltd,

Unit 3d North Point House,

North Point Business Park,

New Mallow Road,

Cork, Ireland

Click to send an email [email protected] or +44 203 870 3376.