Product
TheraLinkBrainScriberBea
Solutions
Solo TherapistsClinicsEnterprise
Partnership
Resources
Pricing
About
Request Demo
← BetterBeing

Privacy Policy

Effective date: March 21, 2026Last updated: May 27, 2026
This Privacy Policy describes how BetterBeing Inc. (“BetterBeing”, “we”, “us”, or “our”) collects, uses, and discloses information in connection with BetterBeing, our mental health practice management platform, including its integration with third-party services such as Zoom.

1. Overview

BetterBeing is a role-based practice management platform designed for mental health professionals, clinics, and healthcare organizations. It enables therapists, clinic managers, and enterprise administrators to manage client care, documentation, scheduling, and telehealth sessions.

We are committed to protecting the privacy of our users and any personal information processed through our platform. This policy applies to all users of BetterBeing, including practitioners, clinic administrators, and enterprise users. It does not apply to end clients of practitioners, whose information is held by the practitioner or clinic in its capacity as the health information custodian; end clients should refer to their practitioner’s or clinic’s own privacy notice for information about how their personal health information is collected, used, and disclosed.

1.1 Our Role Under Healthcare Privacy Legislation

BetterBeing Inc. is not itself a custodian of personal health information. We process health information solely on behalf of, and under the documented instructions of, the regulated healthcare custodian who is our customer. Our role under the principal Canadian frameworks is:

  • Ontario PHIPA s.10: Agent / electronic service provider — we process personal health information on behalf of the custodian under a written agreement and subject to the custodian’s instructions.
  • Alberta HIA s.66: Information Manager — we process health information on behalf of the custodian under a written Information Manager Agreement (IMA) as required by HIA s.66 and Regulation s.7.
  • British Columbia PIPA: Service provider acting on behalf of an organization.
  • Quebec Law 25: Person to whom personal information is disclosed for performance of mandate.
  • Federal PIPEDA: Service provider — we process personal information on behalf of an organization that remains accountable to the individual.

We do not own, sell, license, or use customer health information for any purpose other than operating the contracted service.

By using BetterBeing, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for BetterBeing, we collect your name, email address, professional role, and organization affiliation. For clinic and enterprise accounts, we may also collect billing information and organization details.

2.2 Usage Data

We collect information about how you interact with our platform, including pages visited, features used, session duration, IP address, browser type, and device identifiers. This data is used to improve the platform and troubleshoot issues.

2.3 Zoom Integration Data

When you connect your Zoom account to BetterBeing, we request authorization through Zoom’s OAuth 2.0 protocol. Through this authorization, we access and process the following information solely to provide the integration features:

  • Your Zoom account profile information (name, email address) to associate your Zoom account with your BetterBeing account.
  • Meeting creation permissions to automatically generate unique Zoom meeting links for scheduled therapy sessions.
  • Calendar data to synchronize session schedules between BetterBeing and your connected calendar.
  • Meeting metadata (meeting IDs, join URLs, scheduled times) to display and manage sessions within BetterBeing.
  • OAuth authorization tokens (access token and refresh token) issued by Zoom upon your authorization. These tokens are stored securely in encrypted form and are used solely to make API calls to Zoom on your behalf. You may revoke this authorization at any time through your account settings or directly through your Zoom account.

We do not access, store, or process the content of Zoom sessions, including video, audio, transcripts, or recordings, unless explicitly enabled by you as a separate feature with your informed consent.

2.4 Clinical Documentation Data

BetterBeing includes AI-assisted documentation features powered by artificial intelligence models deployed and processed within Canada. Session notes, summaries, and related clinical content generated within the platform are stored securely and associated with your practitioner account. We do not use clinical content to train AI models.

3. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain BetterBeing and its features.
  • Create and manage your account and organization.
  • Process and display Zoom meeting links and calendar events associated with scheduled sessions.
  • Synchronize scheduling data between BetterBeing and connected third-party calendar and video services.
  • Generate AI-assisted clinical notes and documentation at the practitioner's direction, using AI models deployed and processed within Canada.
  • Send service-related communications, including security alerts and account notifications.
  • Respond to support requests and improve platform reliability.
  • Comply with applicable legal obligations.

4. Sharing of Information

We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party sub-processors to assist in operating our platform, including cloud infrastructure, payment processing, and email delivery. All sub-processors are contractually obligated to handle information only as directed by us and in compliance with this policy.

4.2 Zoom

When you use the Zoom integration, certain data (such as meeting parameters) is transmitted to Zoom to create and manage meetings. Your use of Zoom is governed by Zoom’s Privacy Policy.

4.3 Research

BetterBeing does not disclose personal health information for research purposes from its own accord. Where a custodian directs us to disclose information for a research project, such disclosure is governed by the requirements of the applicable healthcare privacy statute, including PHIPA Part IV / s.44 (Ontario) and HIA Part 5 (Alberta) — which require, among other things, written approval by a research ethics board, a written research agreement with the researcher, and the custodian’s explicit instruction. We do not use customer data for our own research, product analytics that identify individuals, or model training.

4.4 Legal Requirements

We may disclose information if required to do so by law, regulation, court order, or government authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of BetterBeing, our users, or the public.

5. Third-Party Services

BetterBeing integrates with third-party services to provide additional functionality. Your use of these integrations is subject to their respective privacy policies. We are not responsible for the privacy practices of third parties.

Currently integrated third-party services include Zoom Video Communications, Inc. You may disconnect any third-party integration at any time through your account settings, which will revoke BetterBeing’s access to the associated data and delete any stored authorization tokens.

6. Data Retention

6.1 Account Information (Practitioner / Administrator)

We retain practitioner and administrator account information for as long as the account is active. Upon account deletion or written request, we delete or anonymize account information within 30 days, except where retention is required by law (e.g., financial records for tax and audit purposes — typically 6 years).

6.2 Clinical Records (Patient PHI)

Personal health information of practitioners’ clients is held by the practitioner or clinic in its capacity as the health information custodian. Provincial law and professional regulatory colleges require custodians to retain clinical records for extended periods — typically 10 years from the date of last service for adults, or 10 years past the patient’s 18th birthday for minors (specific durations vary by province and profession). Where BetterBeing acts as an agent or information manager, we retain clinical records on behalf of the custodian for the duration of their service agreement plus any additional retention period the custodian instructs us to apply. The custodian — not BetterBeing — determines when clinical records may be destroyed.

6.3 Audit Logs

Audit logs of access to and modification of personal health information are retained on an append-only basis for at least the lifetime of the associated clinical records, as required by PHIPA s.10 and HIA s.62. Audit logs cannot be deleted on individual request, since their integrity is itself a regulatory safeguard.

6.4 Backups and Integrations

Encrypted backups of all production data are retained on a documented schedule (see our Data Storage and Backup Policy, available on request). Data associated with the Zoom integration — meeting metadata and OAuth tokens — is deleted when the integration is disconnected or when the practitioner’s account is deleted.

7. Security

All data collected and processed by BetterBeing is stored on Canadian servers. We do not transfer personal information outside of Canada. We implement industry-standard technical and organizational safeguards, including AES-256 encryption at rest (including stored OAuth tokens), TLS encryption in transit, and role-based access controls. All artificial intelligence models used by BetterBeing are deployed and operated within Canada.

Where BetterBeing acts as a service provider to health information custodians under PHIPA (Ontario) or PIPA (Alberta), we are available to enter into a Data Processing Agreement (DPA) or equivalent arrangement as required by applicable law. Clinics and organizations requiring a DPA may contact us at admin@betterbeing.world.

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your information.

8. Breach Notification

If BetterBeing experiences a security breach that compromises personal information or personal health information, we will:

  • Notify affected health information custodians (clinics) without unreasonable delay and in any event within 72 hours of confirming the breach, with the information they need to discharge their own notification obligations under PHIPA s.12(2), HIA s.60.1, and other applicable statutes.
  • Cooperate with custodians in their notifications to affected individuals and to the applicable Information and Privacy Commissioner (Ontario IPC, Alberta OIPC, federal OPC, or other).
  • Where BetterBeing is the principal accountable organization (e.g., for practitioner account data under PIPEDA), notify affected individuals and the Office of the Privacy Commissioner of Canada in accordance with PIPEDA Division 1.1 (Breach of Security Safeguards Regulations).
  • Maintain a written record of all breaches affecting personal information for at least 24 months, as required by PIPEDA.

Our written incident response procedures are available to clinics on request as part of due-diligence review.

9. Your Rights

Under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation (including Alberta’s PIPA and Ontario’s PHIPA where applicable), you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Withdraw consent to the collection, use, or disclosure of your personal information (subject to legal and contractual restrictions).
  • Request deletion of your personal information.
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada.

To exercise any of these rights, contact us at admin@betterbeing.world.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

  • The right to data portability — receive your personal data in a structured, machine-readable format.
  • The right to restrict processing of your personal data in certain circumstances.
  • The right to object to processing based on legitimate interests.
  • The right to lodge a complaint with your local data protection authority.

EU/UK users may also exercise all rights listed above (access, correction, withdrawal of consent, deletion). To exercise any of these rights, contact us at admin@betterbeing.world.

10. Children’s Privacy and End-Client Data

10.1 Direct Use of BetterBeing

BetterBeing accounts (practitioner, clinic administrator, enterprise) are intended for use by licensed mental health professionals and authorized healthcare organizations. Account holders must be at least 18 years of age. We do not knowingly create direct user accounts for individuals under 18.

10.2 Minor Patients in the Care of a Custodian

Practitioners and clinics using BetterBeing frequently provide care to minors. Personal health information of minor patients is held by the practitioner or clinic in its capacity as the health information custodian; BetterBeing processes that information as an agent or information manager under the custodian’s direction. Consent and capacity for minor patients are governed by the applicable provincial framework (e.g., PHIPA does not set a fixed age of consent and instead applies a capacity test; HIA permits a parent or guardian to act on behalf of a minor lacking capacity). BetterBeing does not make consent or capacity determinations — the custodian does.

10.3 End-Client Rights and Lock-Box (Consent Directive)

End clients of practitioners using BetterBeing have rights under the applicable healthcare privacy statute, including (in Ontario) the right under PHIPA s.20 to issue a consent directive (sometimes called a “lock-box”) restricting the custodian from disclosing specific records, and rights under PHIPA s.52 and s.55 to access and correct their records. Equivalent rights exist under HIA in Alberta and other provincial frameworks. End clients should exercise these rights through their practitioner or clinic, which is the custodian. BetterBeing supports custodians in implementing consent directives and access/correction requests; where a custodian instructs us to restrict, disclose, or correct a specific record, we will do so promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of BetterBeing after any changes constitutes your acceptance of the revised policy.

12. Contact Us

Our Privacy Officer is accountable for compliance with this Privacy Policy and with applicable privacy legislation. If you have questions, concerns, or wish to exercise any of the rights described above, please contact:

Kun Chen, Privacy Officer
BetterBeing Inc.
78 Carrington Rise NW
Calgary, Alberta T3P 0Y8
Canada
Email: admin@betterbeing.world

If you are not satisfied with our response, you may file a complaint with the applicable regulator: the Office of the Privacy Commissioner of Canada (federal), the Information and Privacy Commissioner of Ontario (Ontario / PHIPA), or the Office of the Information and Privacy Commissioner of Alberta (Alberta / HIA / PIPA).