Give Me Five is committed to protecting your privacy and ensuring that your personal and health information is handled safely, securely, and in compliance with applicable privacy laws, including:
Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
Indian regulations (including the IT Act 2000, IT Rules 2011)
General Data Protection Regulation (GDPR) for EU users
Health Insurance Portability and Accountability Act of 1996 (HIPAA) for US users
This Privacy Policy explains how we collect, use, store, and share your information when you use our mental health and wellness application ("App") and related services.
1. Information We Collect
1.1 Personal Information:
Name
Email address
Contact details
Account login credentials
1.2 Sensitive Information (Special Category Data / PHI):
As a mental health and wellness app, we may collect sensitive information, including Protected Health Information (PHI) under HIPAA, such as:
Self-reported mental health and wellness information
Mood tracking entries
Journal notes
Goals, habits, and progress data
Health-related information you choose to share
Any information transmitted to or from a covered healthcare provider
We only collect sensitive information with your explicit consent and/or as permitted under HIPAA, GDPR, India law and Australian law.
1.3 Usage & Technical Data:
IP address
Device type, operating system, and browser information
App usage patterns, crash reports, and analytics data
2. How We Collect Your Information
We collect information through:
Information you provide directly (e.g., account setup, journal entries, mood tracking)
Passive collection via cookies, analytics tools, and device settings
Third-party integrations you choose to connect (e.g., wearables, fitness trackers)
Data received from covered entities or healthcare providers, when applicable
3. HIPAA Compliance Statement
If you are a US-based user or your data is processed by/for a US covered entity:
We treat all health-related data as Protected Health Information (PHI) under HIPAA when applicable.
We will enter into a Business Associate Agreement (BAA) with any covered healthcare provider before handling PHI on their behalf.
We will only use and disclose PHI as permitted or required under the BAA, HIPAA Privacy Rule, and applicable law.
All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256).
You have the right to request an Accounting of Disclosures of your PHI.
4. How We Use Your Information
We use your information to:
Provide and improve our App and services
Personalise your experience and recommendations
Monitor and analyse usage to improve features
Communicate with you about updates, resources, or support
Ensure safety, security, and compliance with legal obligations
Fulfil HIPAA and other privacy law requirements when handling PHI
We will never sell your personal information or PHI.
5. Legal Basis for Processing
We process your personal data under:
Your consent (for sensitive and optional data)
Contractual necessity (to provide the services you requested)
Legitimate interests (improving our app and protecting our systems)
Legal obligations (when required by law, including HIPAA compliance)
6. How We Store and Protect Your Information
Data is stored on secure servers located in India Australia / US / other applicable locations.
PHI and other sensitive data are encrypted using industry-standard security protocols.
Access to PHI is strictly limited to authorised personnel with HIPAA training.
We maintain audit logs of PHI access as required under HIPAA.
We perform regular risk assessments and implement administrative, physical, and technical safeguards in line with HIPAA's Security Rule.
7. Sharing Your Information
We may share your information only:
With service providers who assist in operating the App (under strict confidentiality and HIPAA-compliant agreements if PHI is involved)
With covered entities under a BAA when required to deliver services
When required by law, regulation, or legal proceedings
With your explicit consent for integrations or third-party services
8. Data Retention
We retain personal data and PHI only for as long as necessary for the purposes outlined in this Privacy Policy or as required by applicable law.
You may request deletion of your account and data (subject to legal and HIPAA retention requirements).
9. Your Rights
Depending on your location and applicable law, you may have the right to:
Access your personal data or PHI
Request correction or deletion of your data
Withdraw your consent at any time
Request data portability
Request an Accounting of Disclosures (HIPAA)
Lodge a complaint with a relevant privacy authority (OAIC, OCR, ICO, or EU supervisory authority)
10. Managing & Deleting Your Data
You can:
Access and update your information via App settings
Request account deletion by contacting privacy@gm5.io
Opt out of marketing communications at any time
11. Children's Privacy
Our App is not intended for children under the age of 16 without parental/guardian consent.
If we learn that we have inadvertently collected personal information from a child without appropriate consent, we will delete it promptly.
12. Data Breach Notification
In the event of a data breach involving your personal information or PHI:
We will comply with the Australian Notifiable Data Breaches (NDB) scheme, GDPR breach notification requirements, and HIPAA Breach Notification Rule.
We will notify affected individuals and relevant authorities within legally mandated timeframes.
Notifications will include details of the breach, information involved, potential impacts, and recommended protective actions.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
Significant changes will be communicated via the App or email before they take effect.
14. Contact Us
Give Me Five
Email: privacy@gm5.io
Address: C/- GMP Partners, Tower 2, Suite 2201, Level 22
101 Grafton St, BONDI JUNCTION AUSTRALIA 2022
For HIPAA-related matters (US users):
HIPAA Compliance Officer
Email: privacy@gm5.io