This Consumer Health Data Privacy Policy describes how TheraSignal collects, uses, and shares your health and biometric data. It is required under the Washington My Health My Data Act (MHMDA) and the Illinois Biometric Information Privacy Act (BIPA) and is separate from our HIPAA Privacy Policy.
The Washington My Health My Data Act (SB 1155, eff. March 31, 2024) gives Washington residents the right to opt-in before any consumer health data is collected or shared, the right to access and delete that data, and the right to sue if these rights are violated. TheraSignal will not collect or share your health data without your explicit opt-in consent.
"Consumer health data" under Washington MHMDA and similar laws means any personal information that identifies or could identify your physical or mental health condition, treatment, or prognosis — even if that information is not covered by HIPAA.
TheraSignal's product involves the following categories that qualify as consumer health data:
| Category | Examples | Applies To |
|---|---|---|
| Mental health inferences | Affect scores, emotional state labels (distress, insight, etc.), arousal patterns | All users with Live Session enabled |
| Facial geometry / biometric identifiers | Facial geometry measurements extracted from webcam frames during affect detection | Users who enable facial analysis |
| Voice biometrics | Voiceprint characteristics — pitch, energy, speech rate — extracted during live sessions | Users who enable audio analysis |
| Physiological inferences | Estimated heart rate, GSR (galvanic skin response), engagement scores derived from signal fusion | All Live Session users |
| Session analytics | Aggregated scores per session (overall affect, key moment counts, risk level) | All users |
TheraSignal collects consumer health data only with your explicit opt-in consent. The following data is collected during Live Sessions when you have consented:
Raw webcam frames and raw audio buffers are never transmitted to our servers. All signal processing happens in your browser (client-side). Only the resulting numerical scores are sent over an encrypted connection.
We use your consumer health data for the following purposes:
| Purpose | Data Used | Requires Consent |
|---|---|---|
| Real-time session analysis | All biometric scores during live session | ✅ Yes — opt-in required |
| Clinical session records | Aggregated session scores (non-raw biometric) | ✅ Yes — collection consent |
| Intervention recommendations | Key moment types and affect patterns | ✅ Yes — collection consent |
| Product improvement | Anonymized, aggregated analytics only | ✅ Yes — separate analytics consent |
| Marketing or advertising | N/A — We do not use health data for marketing | N/A — prohibited |
We do not use your health data to infer conditions you have not disclosed, to make employment or insurance decisions, or for any purpose not listed above.
Under Washington MHMDA, default = no collection. We will not collect or process your consumer health data without your explicit affirmative consent. This consent is separate from our Terms of Service and cannot be buried in fine print.
You are shown a clear consent form before any health data collection begins. That form discloses:
We retain your consumer health data only as long as necessary for the purpose it was collected.
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Raw biometric signals (facial geometry measurements, voiceprint data per frame) | 90 days from session date — then automatically deleted | Automated nightly cleanup job |
| Processed session scores (affect valence, arousal, engagement averages) | Duration of your account, or until you request deletion | Account deletion or explicit request |
| Key moments (flagged clinical events with timestamps) | Duration of your account | Account deletion or explicit request |
| Consent records (proof of your consent) | 7 years (legal compliance) | Not deletable — required for legal audit trail |
| Compliance audit log | 7 years (legal compliance) | Not deletable — required for legal compliance |
Under Illinois BIPA (740 ILCS 14/15(a)), biometric identifiers must be destroyed within 3 years of collection or when the purpose is fulfilled, whichever is earlier. TheraSignal uses a 90-day window as a best practice, which is more protective than the 3-year BIPA maximum. Raw sensor readings are automatically purged after 90 days.
Depending on your jurisdiction, you have the following rights regarding your consumer health data. Washington MHMDA, Illinois BIPA, and California CCPA each grant specific rights — we honor all of them regardless of where you are located.
To exercise any of these rights, contact us at privacy@therasignal.com or use the controls in your account settings.
We will respond to verified requests within 30 days (Washington MHMDA) or 45 days (CCPA) of receipt.
Illinois BIPA explicitly covers "facial geometry" and "voiceprints." TheraSignal's affect detection system captures both. BIPA requires written consent before any collection, a published retention/destruction schedule, and prohibits sale or profit from biometric identifiers. Private right of action: $1,000–$5,000 per violation.
TheraSignal's BIPA compliance program includes:
Biometric identifiers are destroyed:
This schedule is more protective than BIPA's 3-year maximum. The policy is enforced programmatically via an automated daily cleanup job, not just a policy document.
We implement technical and organizational safeguards appropriate for the sensitivity of health data:
For questions, access requests, deletion requests, or to exercise any of your privacy rights:
If you are a Washington resident and believe we have violated the MHMDA, you may also file a complaint with the Washington State Attorney General's Office.
If you are an Illinois resident and believe we have violated BIPA, you may bring a private civil action in state court under 740 ILCS 14/20.