Effective Date: January 1, 2026
Last Updated: January 5, 2026

Introduction

Welcome to Revyv. This Privacy Policy describes how Carelabs Inc. ("Revyv," "we," "us," or "our") collects, uses, discloses, and protects information when you use our behavioral health and wellness platform, including our website (revyvcare.com), mobile applications, and related services (collectively, the "Services").

We are committed to protecting your privacy and maintaining the confidentiality and security of your information. This Privacy Policy applies to all users of our Services, including students, educators, counselors, administrators, parents, and healthcare providers.

Information We Collect

1. Information You Provide Directly

  • Account Information: Name, email address, password, phone number, role (student, educator, counselor, administrator, parent), school or organization affiliation.
  • Profile Information: Demographic information, grade level, preferences, emergency contact details (when applicable).
  • Health and Wellness Data: Self-reported mood data, behavioral health assessments, SEL activity participation, counseling session notes (entered by authorized providers), wellness goal tracking, mental health screening results.
  • Communication Data: Messages sent through the platform, support requests, feedback, and survey responses.
  • Payment Information: Billing details for subscription services (processed securely through third-party payment processors).

2. Information Collected Automatically

  • Device Information: Device type, operating system, browser type, unique device identifiers, IP address.
  • Usage Data: Pages viewed, features used, time spent on the platform, login frequency, interaction patterns, clickstream data.
  • Location Data: General location information derived from IP address (we do not collect precise geolocation without explicit consent).
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance user experience, analyze usage, and support authentication.

3. Information from Third Parties

  • School and Organization Data: Student information systems (SIS) integrations, rostering data, educational records (with appropriate consent and authorization).
  • Single Sign-On (SSO) Providers: Authentication data from Google, Microsoft, or other SSO providers when you use these services to log in.
  • Analytics Partners: Aggregated usage statistics and performance metrics (de-identified when possible).

How We Use Your Information

We use the information we collect to:

  • Provide and Improve Services: Deliver personalized wellness programs, mental health resources, SEL activities, and behavioral health support.
  • Support Educational and Therapeutic Outcomes: Enable counselors, educators, and parents to monitor student wellbeing, identify early intervention needs, and coordinate care.
  • Facilitate Communication: Connect students with counselors, enable parent-school collaboration, send notifications and reminders.
  • Ensure Safety and Security: Detect and prevent fraud, abuse, security incidents, and policy violations; respond to emergencies.
  • Analyze and Optimize: Conduct research and analytics to improve platform effectiveness, user experience, and outcomes (using de-identified or aggregated data when possible).
  • Comply with Legal Obligations: Meet regulatory requirements under HIPAA, FERPA, COPPA, state student privacy laws, and other applicable regulations.
  • Communicate with You: Send service updates, educational content, newsletters, and promotional materials (with opt-out options).

How We Share Your Information

We do not sell or rent your personal information. We share information only in the following circumstances:

1. With Your Consent

We share information when you explicitly authorize us to do so, such as when connecting with external healthcare providers or sharing progress reports with parents.

2. Within Educational Institutions

Authorized school personnel (counselors, administrators, educators) may access student data as necessary to fulfill their educational and support responsibilities, in accordance with FERPA and institutional policies.

3. Service Providers and Partners

We engage trusted third-party service providers to support platform operations, including:

  • Cloud hosting and infrastructure providers
  • Analytics and performance monitoring services
  • Payment processors
  • Customer support platforms
  • Email and communication services

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4. Legal Requirements and Safety

We may disclose information when required by law, legal process, or governmental request, or when we believe disclosure is necessary to:

  • Comply with applicable laws and regulations
  • Respond to subpoenas, court orders, or legal proceedings
  • Protect the rights, property, or safety of Revyv, our users, or the public
  • Prevent or investigate potential fraud, security incidents, or policy violations
  • Address imminent threats to health or safety (mandatory reporting obligations)

5. Business Transitions

In the event of a merger, acquisition, reorganization, or sale of assets, user information may be transferred as part of the transaction. We will notify you of any such change and provide options regarding your information.

Data Security and Protection

We implement industry-standard security measures to protect your information, including:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256).
  • Access Controls: Role-based access, multi-factor authentication, principle of least privilege.
  • Monitoring and Auditing: Continuous security monitoring, intrusion detection, regular security audits.
  • Incident Response: Established protocols for breach detection, containment, notification, and remediation.
  • Employee Training: Regular security and privacy training for all personnel with access to user data.
  • Data Minimization: We collect and retain only the information necessary to provide our Services.

While we strive to protect your information, no security system is completely impenetrable. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

Compliance with Privacy Laws

HIPAA (Health Insurance Portability and Accountability Act)

When Revyv acts as a Business Associate to covered healthcare entities, we comply with HIPAA requirements for protecting Protected Health Information (PHI). We enter into Business Associate Agreements (BAAs) with covered entities and implement appropriate safeguards.

FERPA (Family Educational Rights and Privacy Act)

When providing services to educational institutions, we comply with FERPA requirements for protecting student education records. We act as a school official with legitimate educational interests and protect student data accordingly.

COPPA (Children's Online Privacy Protection Act)

We comply with COPPA when collecting information from children under 13. We obtain verifiable parental consent before collecting personal information from children and provide parents with control over their children's information.

State Student Privacy Laws

We comply with state-level student privacy laws, including California's Student Online Personal Information Protection Act (SOPIPA), New York's Education Law 2-d, and similar laws in other states.

Your Privacy Rights and Choices

Access and Correction

You have the right to access and update your personal information through your account settings or by contacting us at privacy@revyvcare.com.

Deletion and Data Retention

You may request deletion of your account and associated data. We retain information as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Upon deletion request, we will delete or de-identify your information within 30 days, except where retention is required by law.

Opt-Out of Communications

You may opt out of promotional emails by clicking "unsubscribe" in any marketing email or adjusting your communication preferences in account settings. You cannot opt out of essential service communications.

Cookie Preferences

You can control cookie settings through your browser preferences. Note that disabling cookies may limit platform functionality.

Do Not Track

We currently do not respond to Do Not Track (DNT) browser signals but honor opt-out preferences communicated through our platform settings.

California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or shared
  • Right to opt out of the sale or sharing of personal information
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@revyvcare.com or call 1-800-REVYV-CARE.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing includes consent, contract performance, legal obligations, and legitimate interests.

Children's Privacy

Protecting children's privacy is paramount. We comply with COPPA and obtain verifiable parental consent before collecting information from children under 13. Parents and guardians have the right to:

  • Review their child's personal information
  • Request deletion of their child's information
  • Refuse further collection or use of their child's information

Schools may provide consent on behalf of parents for educational purposes under FERPA. We do not condition children's participation on providing more information than necessary.

International Data Transfers

Our Services are operated in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States. We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses when applicable.

Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or platform features. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to registered users
  • Displaying a prominent notice within the platform

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Carelabs Inc. (Revyv)
Privacy Office
Princeton, NJ
Email: privacy@revyvcare.com
Phone: 1-800-REVYV-CARE
Web: https://revyvcare.com/compliance/privacy.html

For HIPAA-related inquiries, contact our Privacy Officer at hipaa@revyvcare.com.

For FERPA-related inquiries regarding student records, contact your school's designated FERPA officer or our Education Privacy Team at ferpa@revyvcare.com.

This Privacy Policy is effective as of January 1, 2026. By using Revyv's Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.