Privacy Policy | Clinician Clubs

This Privacy Policy explains how Clinician Clubs, a product of The ABA Collective, LLC ("Clinician Clubs," "we," "us," or "our"), collects, uses, and shares information about you when you use our platform.

This Privacy Policy should be read together with our Terms & Conditions. Capitalized terms not defined here have the meanings given in the Terms & Conditions.

Important context:

Clinician Clubs is a software platform for licensed clinicians creating and delivering online education and community experiences. It is not a telehealth platform, and no clinical care or treatment is provided through the platform. Information shared on Clinician Clubs is not protected under HIPAA or similar healthcare privacy laws. Any risk associated with sharing information, including clinical or patient-related content, is the responsibility of the user who shared it.

Geographic scope:

Clinician Clubs is intended for users located in the United States. We do not offer the platform to residents of the European Union, European Economic Area, or United Kingdom, and we do not intentionally collect personal data from individuals in those regions. If you are located in the EU, EEA, or UK, please do not create an account or submit information through the platform.

1. Who We Are

Clinician Clubs is operated by The ABA Collective, LLC, a United States limited liability company. For the purposes of applicable privacy laws, The ABA Collective, LLC is the controller of personal data collected through the Clinician Clubs platform when you interact directly with us (creating an account, paying for a subscription, contacting support, or browsing the website).

Clinicians and creators who operate clubs on our platform ("Admins") are independent controllers of the personal data collected from their own Members inside their clubs. We are not responsible for how individual Admins manage or use data within their communities. If you are a Member and wish to exercise privacy rights over data collected inside a specific club, contact that club's Admin directly.

2. Scope of This Policy

This Privacy Policy applies when you:

Use the Clinician Clubs platform as an Admin or Member.
Visit clinicianclubs.com or related subdomains.
Communicate with us by email, support request, or other channel.
Participate in communities hosted on our platform.

If you interact with an Admin's community, the Admin's own privacy practices may also apply to your experience within that community.

3. What Information We Collect

A. Information You Provide Directly

Depending on how you use the platform, we may collect:

Account information: name, email address, username, and password (password is stored hashed; we never see your plaintext password).
Professional information: role (BCBA, SLP, OT, RD, LCSW, LMFT, psychologist, therapist, or other), specialty, and any licensing or credentialing information you choose to provide.
Continuing education and licensure details: BACB certificant number, ACE Provider number, license state, and related credentials relevant to CEU issuance and tracking.
Billing information: name, billing address, and payment card details. Payment card details are collected and stored by our payment processor, Stripe. We receive only limited payment metadata (last four digits of the card, card brand, billing country).
Profile information: profile photo, bio, display name, and any branding assets (logos, colors) you upload for your club.
Content you create or upload: posts, comments, messages, course modules, lessons, video uploads, worksheets, event details, and any other content you publish on the platform.
Communications: emails, support tickets, feedback, and survey responses you send us.

Important:

If you share patient information, identifiable clinical details, or Protected Health Information (PHI) on the platform, you do so at your own risk and in violation of our Terms. We do not provide HIPAA-compliant storage, transmission, or safeguards, and we do not sign Business Associate Agreements. Members should not share their own health information, diagnoses, or treatment details on the platform. Any such information is shared at your own risk and is not protected under HIPAA.

B. Information Collected Automatically

When you use the platform, we automatically collect:

Device and connection data: IP address, device type, operating system, browser type and version, and language preferences.
Usage data: pages viewed, features used, content interactions, session duration, referring URLs, and timestamps of activity.
Performance and error logs: technical events and errors used to diagnose and improve the platform.

This data helps us operate, secure, and improve the platform.

C. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

Strictly necessary cookies: required for authentication, session management, and core platform functionality. These cannot be disabled.
Functional cookies: remember your preferences and settings.
Analytics cookies: help us understand how the platform is used. We use Google Analytics and Vercel Analytics for this purpose.

We do not use cookies for third-party advertising, retargeting, or cross-site tracking of individual users.

You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent the platform from functioning properly.

Global Privacy Control:

Our website honors Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a request to opt out of any sharing of personal information for cross-context behavioral advertising purposes, to the extent applicable.

4. How We Use Your Information

We use your information to:

Create and manage your account and Admin/Member access.
Provide, operate, and maintain the platform and its features.
Process payments and manage subscriptions through Stripe.
Enable community features, communications, notifications, and event reminders.
Deliver continuing education certificates and maintain audit records, where applicable.
Improve platform performance, features, and user experience based on usage analytics.
Monitor for fraud, abuse, and Terms violations, and enforce our Terms.
Respond to your support requests, questions, and feedback.
Send you transactional emails (billing receipts, account notices, security alerts, product updates).
Send you marketing emails, which you can opt out of at any time (see Section 11).
Comply with legal obligations, including tax, accounting, and regulatory requirements.

5. Education-Only Platform Disclaimer

Clinician Clubs is strictly a platform for education, professional development, and community building. Consistent with our Terms & Conditions:

We do not provide medical advice, diagnosis, or treatment.
We do not facilitate clinician-patient relationships.
We do not ensure or monitor compliance with healthcare regulations.

Users are solely responsible for ensuring that any content they share complies with applicable laws, licensing board rules, and professional standards.

6. No HIPAA Protection

Clinician Clubs is not a HIPAA-covered entity or business associate.

We do not guarantee HIPAA compliance.
We do not enter into Business Associate Agreements (BAAs).
Any Protected Health Information (PHI) shared on the platform is shared at your own risk.

Admins and Members are independently responsible for their own HIPAA, state privacy law, and professional licensing board compliance.

7. How We Share Information

We share information only in the limited ways described below. We do not sell your personal data.

A. Service Providers (Subprocessors)

We share information with third-party service providers who help us operate the platform. Each service provider is bound by contractual obligations to protect your information and use it only for the purposes we specify. Our current service providers include:

Vercel: website and application hosting.
Supabase: database and authentication services.
Stripe: payment processing and Admin payouts (via Stripe Connect).
Vimeo: video content hosting for Admin-uploaded course videos.
SendGrid: transactional and marketing email delivery.
Cloudflare: domain management and content delivery network.
Google Analytics and Vercel Analytics: website usage analytics.

We may add or change service providers as our infrastructure evolves. Material changes will be reflected in updates to this Policy.

B. Integrations You Connect

If you connect third-party tools such as Zoom or Google Meet to your events, information is shared with those services under their own terms and privacy policies. Clinician Clubs is not responsible for how third-party tools handle your data.

C. Professional Advisors

We may share information with our legal, accounting, or compliance advisors when necessary.

D. Business Transfers

If Clinician Clubs or The ABA Collective, LLC is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any resulting changes to this Policy.

E. Legal Requirements

We may disclose information when we believe in good faith that disclosure is required by law, legal process, or to protect the rights, property, or safety of Clinician Clubs, our users, or others.

F. Aggregated or De-Identified Data

We may share aggregated or de-identified data (data that cannot reasonably be used to identify you) for analytics, research, marketing, or reporting purposes.

8. Data Storage and International Transfers

Your information is stored and processed in the United States on servers operated by our hosting and infrastructure providers. Because Clinician Clubs is not offered to residents of the EU, EEA, or UK, we do not engage in international data transfers subject to GDPR transfer mechanisms.

9. Data Retention

We retain different categories of information for different periods, based on the nature of the information and applicable legal requirements:

Account data: for as long as your account is active, plus up to 30 days after account deletion to allow for recovery.
Content you upload: for as long as it remains on the platform. Deleted content is typically removed from active systems within 30 days, though it may persist in encrypted backups for up to 90 days.
Billing and tax records: retained for seven (7) years, or longer if required by law.
Server logs and analytics data: typically retained for 30 to 90 days, depending on the provider.
Marketing and support communications: retained for as long as reasonably needed for the purpose for which they were collected.

We may retain information longer than the periods above when necessary to comply with legal obligations, resolve disputes, enforce our Terms, or prevent fraud.

10. Your Privacy Rights

Depending on where you live, you may have the following rights with respect to your personal information:

The right to know what personal information we collect, use, and share.
The right to access a copy of the personal information we hold about you.
The right to correct inaccurate personal information.
The right to request deletion of your personal information.
The right to opt out of the sale or sharing of personal information (we do not sell or share in this sense, but the right still applies).
The right to limit use and disclosure of sensitive personal information.
The right not to be discriminated against for exercising any of these rights.

How to exercise your rights:

Email info@ceulab.com with your request and the email address associated with your account. We may ask you to verify your identity before fulfilling the request. We will respond within forty-five (45) days of receipt. If we need more time, we will let you know.

Authorized agents:

You may designate an authorized agent to submit a request on your behalf. We will require the agent to provide proof of authorization and may require you to verify your identity directly.

11. California Residents

This section provides additional disclosures required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA").

Categories of personal information we collect:

In the twelve months preceding the Last Updated date above, we have collected the categories of personal information described in Section 3 of this Policy, including identifiers, commercial information, internet or other electronic network activity information, professional information, and inferences drawn from the foregoing.

Categories of sources:

We collect information directly from you, automatically through your use of the platform, and from our service providers.

Business and commercial purposes:

We use personal information for the purposes described in Section 4 of this Policy.

Categories we disclose:

We disclose personal information to the categories of service providers listed in Section 7A for the purposes described in Section 4. We do not sell personal information and do not share personal information for cross-context behavioral advertising.

Sensitive personal information:

We collect account login credentials, which are treated as sensitive personal information under the CCPA. We use this information only for the purposes of providing and securing the platform, and not for any purpose that would trigger the right to limit use.

Your California rights:

In addition to the rights listed in Section 10, California residents have the right not to be retaliated against or discriminated against for exercising CCPA rights. To submit a CCPA request, email info@ceulab.com.

12. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect the information we collect. These include encryption in transit (TLS), hashed passwords, access controls on our databases, and monitoring of our infrastructure.

However, no system is completely secure. You share information at your own risk, and you are responsible for maintaining the confidentiality of your account credentials.

Data breach notification:

In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

13. Children

Clinician Clubs is not intended for individuals under the age of 18, and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at info@ceulab.com.

14. Marketing Communications

We may send you marketing emails about Clinician Clubs features, educational resources, Clinical Boss programs, and related offerings. You can opt out of marketing emails at any time by clicking the unsubscribe link at the bottom of any marketing email, or by emailing info@ceulab.com.

Transactional emails (billing receipts, account security notifications, subscription changes, product updates, and similar operational messages) will continue even after you opt out of marketing.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify active users by email and update the Last Updated date at the top of this Policy. Continued use of the platform after the effective date of an updated Policy constitutes acceptance of those changes.

16. Contact Us

For questions, requests, or concerns about this Privacy Policy or how we handle your information, contact us at:

Clinician Clubs / The ABA Collective, LLC
Email: info@ceulab.com
Website: https://clinicianclubs.com