Skip to main content

Privacy Policy

Last Updated: January 1, 2025

1. Introduction

At Resonia, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our music therapy platform.

As a HIPAA-compliant platform, we adhere to strict standards for protecting Protected Health Information (PHI) and Personal Health Information.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, professional credentials
  • Billing Information: Payment details processed securely through Stripe
  • Clinical Data: Session notes, treatment plans, client records (therapists only)
  • Session Data: Video/audio recordings, chat transcripts, therapy session metadata

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, session duration
  • Device Information: IP address, browser type, operating system
  • Analytics Data: Aggregated, de-identified usage statistics

3. How We Use Your Information

  • Provide and maintain the Resonia platform
  • Process payments and manage subscriptions
  • Facilitate therapy sessions between therapists and clients
  • Send important service updates and notifications
  • Improve our services through analytics and research
  • Comply with legal obligations and regulations
  • Detect and prevent fraud or security issues

4. HIPAA Compliance

Resonia is designed to be HIPAA-compliant. We implement administrative, physical, and technical safeguards to protect Protected Health Information (PHI):

  • Encryption: All PHI is encrypted at rest and in transit using AES-256 and TLS 1.3
  • Access Controls: Role-based access with multi-factor authentication
  • Audit Logs: Comprehensive logging of all PHI access
  • Business Associate Agreements: All subprocessors sign BAAs
  • Data Retention: Configurable retention policies per organization

5. Information Sharing

We do not sell your personal information. We only share information in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Service Providers: With vetted third parties who help operate our platform (all covered by BAAs)
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with a merger or acquisition (subject to continued privacy protections)

6. Data Security

We implement industry-leading security measures:

  • 256-bit AES encryption for data at rest
  • TLS 1.3 for data in transit
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response plan and breach notification procedures
  • SOC 2 Type II certification (in progress)

7. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Portability: Request export of your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@harmonia.app

8. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Duration of active account plus 7 years
  • Clinical records: Per state requirements (typically 7-10 years)
  • Billing records: 7 years per IRS requirements
  • Session recordings: Configurable by organization (default: 30 days)

9. Children's Privacy

Resonia is not intended for use by individuals under 13 years of age. If a child is receiving therapy services, their personal information is managed by their parent/guardian and therapist in compliance with HIPAA and applicable laws.

10. International Users

Resonia is based in the United States. If you access our services from outside the US, your information may be transferred to and stored in the US. We comply with applicable data protection laws, including GDPR for EU users.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email and/or a prominent notice on our platform. Your continued use of Resonia after such modifications constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: privacy@harmonia.app
  • Privacy Officer: privacy-officer@harmonia.app
  • Security Issues: security@harmonia.app
  • General Support: support@harmonia.app

13. State-Specific Rights

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access your personal information
  • Right to equal service and price

European Union Residents (GDPR)

EU residents have rights under the General Data Protection Regulation (GDPR):

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
Privacy Policy | Resonia