MyFoothold Privacy Policy
Effective Date: 06/03/2026 Last Updated: 06/13/2026
Section 1. Introduction and Scope
This Privacy Policy ("Policy") describes how Prometheus Services LLC, an Illinois limited liability company with its principal office at 701 Market St Ste 110 PMB1663 Saint Louis, MO 63101
United States ("we," "us," "our," or the "Operator"), collects, uses, discloses, and protects personal information in connection with the MyFoothold application, the website at myfoothold.app, and any related services, native mobile applications, or features (collectively, the "Service"). The Service is a clinical career-ecosystem platform designed for licensed clinicians, clinical supervisees, and clinical students in the United States.
This Policy applies to information collected from or about users who access or use the Service. It does not apply to third-party websites, applications, or services that may be linked to or referenced within the Service, nor does it govern the data handling practices of any subprocessor outside the scope described in Section 6.
By accessing or using the Service, you confirm that you have read and understood this Policy. Before you create an account, you must affirmatively check a box, presented with a conspicuous link to this Policy, indicating that you have read and agree to this Policy, and the account-creation control remains disabled until you do so. The same mechanism is used to obtain your re-acceptance whenever a revised version of this Policy is published. Each acceptance and re-acceptance is recorded with the document version, a timestamp, your IP address, and your user-agent. Your acknowledgments are recorded with a version stamp tied to this Policy, consistent with the Operator's consent-stamp practices.
Section 2. Information We Collect
We collect the categories of information described below. We collect only what is necessary to operate the Service, to serve you within your professional lifecycle, and to satisfy operational, security, and legal obligations. We do not knowingly collect information beyond the categories described in this section.
Account information. When you create an account, we collect your email address, a securely protected representation of your password (we never store passwords in plaintext), and optional pronouns. Additional email addresses you verify for portability or recovery purposes are also stored.
Profile information. You may add optional profile details, including a profile photo, a short bio, your pronouns, and professional specialty and modality tags. These details are optional and can be edited or removed at any time from your profile.
Location information. We collect your city, postal/ZIP code, and US state. Your city and postal code are kept private and are not shown to other users. Your state is used to connect you with supervisors and communities relevant to your area. Supervisors may optionally choose to display their city and state on their supervisor directory listing; this is off by default.
Date of birth. We collect your date of birth solely to verify that you meet the Service's eligibility requirement of being 18 years of age or older.
Identity profile information. Depending on the role and lifecycle stage you select, we collect your legal name, jurisdiction (US state), license code (for example, LCSW, LMSW, LSW-MSW), highest earned degree, optional credentials, and, for student-path users, your enrolled program, program institution, and expected graduation date. Where applicable, we collect a license number (optional) and license expiration data you provide for self-attestation purposes.
Verification documents. If you submit documentation to verify your license or credentials, we store those files in a private storage bucket accessible only to authorized reviewers.
Supervision information. If you participate in clinical or field-placement supervision through the Service, we collect supervision tracking entries, session logs you author, supervisor-supervisee relationship records, scheduling and calendar events, and process-recording labels. Free-text fields associated with these records are subject to the structural prohibition on client-identifying information described in Section 4.
Exam preparation information. If you use exam-prep features, we collect practice question attempts, performance metrics, agenda preferences, and topic-level progress signals.
Community information. If you post in community surfaces, we collect the posts, comments, and reactions you author. Community surfaces are subject to the structural prohibition on client-identifying information described in Section 4.
Messaging information. If you use messaging features, we collect the content of your 1:1 and group messages, conversation membership, read receipts, and conversation-state metadata such as archival status. Messaging is encrypted in transit and at rest at the storage layer; it is not end-to-end encrypted, and message content is accessible to the Operator at the storage layer for the limited purposes described in Section 3. Messaging information is subject to the structural prohibition on client-identifying information described in Section 4
Field placement information. If you participate as a student or field-placement role within a university tenant, we collect placement records, field-instructor pairings, clearance status flags, and tenant-context affiliations. The provisions of Section 17 regarding the Family Educational Rights and Privacy Act may apply to certain such records.
Legal acceptance records. When you accept or re-accept our Terms of Use and this Policy, we record the document version, a timestamp, your IP address, your user-agent, and your electronic signature, as evidence of your assent.
Technical information. We automatically collect technical information when you access the Service, including your Internet Protocol address, user-agent string, device identifiers (including mobile device identifiers if you use a native application), session cookies and similar identifiers, and telemetry events describing your interaction with the Service.
Connected-account tokens. If you connect a calendar or video account, we store the OAuth tokens for that connection, encrypted at the application layer, solely to maintain the integration you enabled.
Push notification tokens. If you enable push notifications on a native iOS or Android application, we collect the device push token issued by Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM) for delivery routing.
Section 3. How We Use Your Information
We use the information we collect for the following purposes, and only for these purposes:
Service operation. We use account, identity profile, supervision, exam-prep, community, messaging, field-placement, and technical information to operate the Service, including authenticating you, rendering content gated by your career stage and practice category, projecting your information into surfaces such as supervisor directory listings, processing your inputs, routing messages, scheduling events, recording acknowledgments, and otherwise delivering the functionality you request.
Account management. We use your contact information to administer your account, process role-change requests, support email portability, deliver password-recovery flows, and respond to inquiries.
Communications. We use your email address and push token, subject to your preferences, to send transactional and operational communications about the Service. We distinguish between transactional or relationship messages and marketing messages consistent with 15 U.S.C. § 7702(17) and 16 CFR § 316.3, and we honor opt-out preferences as described in Section 15.
Security and integrity. We use technical information, telemetry events, and account records to detect, prevent, investigate, and respond to fraud, abuse, security incidents, policy violations (including violations of the protected-health-information prohibitions described in Section 4), and other harmful or unlawful activity.
Product improvement and research. We use aggregated, de-identified, or pseudonymized telemetry to understand how the Service is used, to diagnose issues, to plan future capability, and to evaluate the effectiveness of features. We do not use your information to build behavioral advertising profiles, to engage in cross-context behavioral advertising, or to perform automated decision-making that produces legal or similarly significant effects on you.
Legal compliance. We use information as necessary to comply with applicable law, to respond to lawful requests from public authorities (including in connection with national security or law enforcement requirements), to enforce our Terms of Use, and to protect the rights, property, or safety of the Operator, our users, or others.
We neither sell nor share personal information as those terms are defined in applicable law. We do not engage in targeted advertising within the meaning of any applicable law.
Section 4. HIPAA Posture and Protected Health Information
This section describes the Operator's regulatory posture with respect to the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), and its implementing regulations at 45 CFR Parts 160 and 164. It defines what kinds of health-related information the Service does and does not handle, and the contractual and architectural commitments that support that posture.
Operator status. The Operator is not a HIPAA "covered entity" within the meaning of 45 CFR § 160.103. The Operator is not a "business associate" of any covered entity within the meaning of 45 CFR § 160.103. The Operator does not "create, receive, maintain, or transmit protected health information" on behalf of a covered entity for a function or activity regulated by the HIPAA Privacy, Security, or Breach Notification Rules. The Operator is a third-party platform vendor that provides professional-development, learning, supervision-tracking, exam-preparation, and community tools to individual clinicians and pre-clinicians in their personal professional capacity. Because the Operator is neither a covered entity nor a business associate, the Operator does not maintain a Notice of Privacy Practices pursuant to 45 CFR § 164.520, and references to such a notice in connection with the Service are not appropriate.
Two-tier rule for professional and health-related information. The Service distinguishes between two categories of information for purposes of this Policy:
**User Professional Data** refers to professional credentialing and career information about the user as a clinician, including license numbers and expiration dates, professional demographics, supervision-relationship records, supervision tracking- entries, exam history, and similar information. This information pertains to the user's professional practice and credentials, and is NOT protected health information (PHI) under HIPAA. The Service stores User Professional Data where operationally necessary to deliver requested functionality, under a "minimize, do not accumulate" posture: we collect only what is required, retain it only for as long as it is operationally useful or legally required, and avoid creating duplicate or shadow stores of the same information.
**Client PHI** refers to information that would identify a clinician's clients, including client names, contact details, demographics, identified diagnoses tied to a named or otherwise identifiable client, or any other information from which a client could reasonably be identified. Client PHI is structurally absent from the Service by design. The Service does not provide fields, surfaces, or workflows intended to receive Client PHI. The Service's data schemas, controlled-vocabulary enumerations, and free-text constraints are designed so that Client PHI cannot naturally be entered. Where free-text input is available (for example, community posts, forum posts, direct messages, supervision logs, and field-oversight notes), the Operator applies heuristic detection, automated flagging, and a server-side gate before mutations are accepted, and the Operator's Terms of Use prohibit the submission of Client PHI as a contractual matter.
Contractual prohibition on Client PHI. The Terms of Use cross-referenced in Section 21 prohibit users from submitting any information that would identify a clinician's clients. A user who submits Client PHI to the Service, intentionally or otherwise, is in breach of the Terms of Use and may be subject to content removal, acknowledgment revocation (which triggers the re-acknowledgment route guard described below), and account suspension or termination. The Operator retains the right to remove Client-PHI submissions and to take reasonable steps to mitigate harm, including secure deletion of the content from production systems and backups consistent with operational constraints.
Re-acknowledgment after a PHI violation. Where a user submits content that the Operator's moderation processes determine to contain Client PHI, the user's prior acknowledgment of the PHI policy may be revoked. Upon their next session, the user will be presented with the current PHI policy text and required to re-acknowledge before regaining access to PHI-relevant surfaces.
User Professional Data handling commitments. With respect to User Professional Data that we do store, we apply the security controls described in Section 7. We do not use User Professional Data for marketing, advertising, or product cross-sell purposes. We do not sell User Professional Data, share User Professional Data for cross-context behavioral advertising, or disclose User Professional Data except as described in Section 5.
Status changes. If at any future point the Operator's posture changes such that the Operator would become a HIPAA covered entity or business associate, including by entering a business-associate agreement with a covered entity, this Policy and the corresponding Terms of Use will be updated to reflect the new posture, and users will be notified consistent with Section 20.
Section 5. Sharing and Disclosure
We share personal information only as described in this section. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising or targeted advertising.
Subprocessors. We share personal information with the subprocessors listed in Section 6 to the extent necessary for them to perform services on our behalf. Subprocessors are bound by written agreements that restrict their use of personal information to the services we have engaged them to perform and that require appropriate confidentiality and security commitments.
With your direction or consent. We disclose information at your direction. For example, content you post in community surfaces is visible to other users of the community surface, content you post in tenant-affiliated surfaces is visible within that tenant's context, and information you provide to a paired supervisor or supervisee is visible to that counterparty consistent with the surfaces' design.
Legal requests and required disclosures. We may disclose personal information when we have a good-faith belief that disclosure is required by applicable law, regulation, legal process, or governmental request, including subpoenas, court orders, and law-enforcement requests. Where permitted by law, we will notify you of such requests prior to disclosure.
Protection of rights, property, and safety. We may disclose personal information when we believe in good faith that disclosure is necessary to enforce our Terms of Use, to investigate suspected violations of our policies, or to protect the rights, property, or safety of the Operator, our users, or the public.
Business transfers. If we are involved in a merger, acquisition, asset sale, financing, reorganization, bankruptcy, receivership, or other corporate transaction, personal information may be transferred to a successor or affiliate as part of that transaction. We will provide notice of any such transfer consistent with Section 20 and applicable law.
Public community content. Content you post in community or forum surfaces is, by design, visible to other authenticated users with access to that surface. Such content should not be treated as private. The structural prohibition on client PHI in Section 4 is especially important in this context.
Section 6. Subprocessors
We use the subprocessors listed below to provide the Service. Each subprocessor is contractually obligated to process personal information only on our documented instructions and to apply appropriate confidentiality, security, and breach-notification commitments. We periodically review subprocessor practices for alignment with this Policy.
Supabase Inc. Backend platform provider, including managed PostgreSQL database, authentication, file storage, and realtime messaging infrastructure. Data is stored within US regions of the Supabase platform. Substantially all personal information described in Section 2 is processed and stored by Supabase on our behalf.
Resend. Transactional and operational email-delivery provider. Receives recipient email address, message subject and body, and delivery metadata to send emails initiated by the Service.
Apple Push Notification service (APNs). Push notification routing for users of native iOS applications. Receives push tokens and notification payloads limited to titles and previews; the payload field discipline described in Section 4 governs what may appear in a push notification body.
Google Firebase Cloud Messaging (FCM). Push notification routing for users of native Android applications. Receives push tokens and notification payloads under the same payload discipline described above.
Vercel Inc. (Vercel). Hosting and content delivery for the web application, and aggregate product analytics. Processes request metadata, IP addresses, and routing information necessary to serve the Service. Through Vercel Analytics and Vercel Speed Insights, Vercel also processes anonymized, aggregate usage data (such as page views, referrer, and device or browser type) and performance metrics (Web Vitals) used to monitor and improve Service reliability. This analytics data is collected without cookies and is not used to build a persistent profile of any individual user. Vercel does not serve as a persistent store for the personal information described in Section 2.
Sentry. Error monitoring and crash-reporting provider. Receives diagnostic information when the Service encounters an error, including a user identifier (where logged-in), browser and device metadata, and a stack trace. Sentry processing is configured to scrub sensitive payload fields from error reports.
Daily.co (Daily). Real-time video and audio infrastructure for supervision session meetings. Receives meeting room identifiers and the live audio and video of participants who join a session. Rooms are created with random identifiers, logging is limited to identifiers, and recording is disabled.
Google LLC (Google Calendar). Calendar scheduling integration available to users who connect their Google account. Receives calendar availability queries and the metadata of supervision appointments the Service creates on the user's calendar. Event metadata is limited to a non-identifying title and a link back to the Service and does not include participant names. Access is granted by the user via OAuth and revocable at any time.
We may engage additional subprocessors in the future. Where we engage a new subprocessor that processes personal information, we will update this section in connection with the change-notification process described in Section 20.
Section 7. Data Security
We apply technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption. Personal information is encrypted in transit using current Transport Layer Security configurations. Personal information at rest is encrypted at the storage layer by our backend subprocessors.
Access controls. Database access is governed by row-level security policies that restrict access to a user's own information by default and grant access to other users' information only through narrowly scoped, server-defined functions consistent with the Service's role and permission model. Administrative access to production systems is restricted to a limited set of authorized personnel, is logged, and is granted on a least-privilege basis.
Support access posture. The Operator's personnel do not access ungated production user content during the ordinary course of operating the Service. Access to user content for support purposes occurs only upon a documented user request or in connection with a security or policy-enforcement investigation, and such access is logged.
Vulnerability management and monitoring. We apply security updates to our platform dependencies on a regular cadence, run dependency-vulnerability scans, and monitor for unusual patterns of access or use.
Breach notification. In the event of a breach of the security of the system within the meaning of the Illinois Personal Information Protection Act, 815 ILCS 530/10, we will provide notification to affected Illinois residents in the most expedient time possible and without unreasonable delay, consistent with the measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system. We will provide parallel notification under the breach-notification laws of other states in which affected residents reside, in accordance with the applicable statute.
FTC Health Breach Notification Rule. The Operator's analysis of its status under the FTC Health Breach Notification Rule, 16 CFR Part 318, is described in Section 19. Where any breach of security affects Service data, the Operator will provide notification consistent with applicable state breach-notification statutes, including the Illinois statute described above.
No system of electronic information storage is perfectly secure. We cannot guarantee that personal information will never be accessed by unauthorized parties. By using the Service, you acknowledge this residual risk.
Section 8. Data Retention and Deletion
We retain personal information only for as long as is reasonably necessary to fulfill the purposes for which we collected it, to provide the Service, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.
Account and identity records. We retain account and identity-profile information for as long as your account is active. If you request deletion of your account, we will delete or de-identify account and identity records consistent with the process described below.
Supervision, exam, and learning records. We retain supervision tracking entries, session logs, exam history, and learning progress for as long as your account is active. When you delete your account, this data is deleted along with the account, subject to standard backup retention periods described in our backup and deletion policies.
You are solely responsible for maintaining your own professional records in compliance with any regulatory framework that applies to you, including state licensing-board retention requirements, supervision-documentation rules, and continuing-education tracking obligations. The Service is a tool you use to organize this information; it is not a records-custody service, and we do not commit to retaining your data beyond the lifetime of your account. Before deleting your account, you may export your data using the export tools described in Section 9, and we encourage you to do so if you require the records for licensure verification or other professional purposes.
Community and messaging content. Content you post to community surfaces persists for as long as your account is active or until you delete it through available controls. Messages persist for as long as the conversation persists; conversation-level archival affects display but does not delete underlying records.
Telemetry and operational logs. Telemetry events and operational logs are subject to rotation. Detailed event data is retained for a limited period not exceeding 24 months in the ordinary course, with aggregated or de-identified summaries potentially retained longer for product-improvement and security purposes.
Backups. Backups of database content are retained for operational continuity. When you delete content from production, the corresponding records in backup snapshots are expunged in the ordinary backup-rotation cycle, which we target at no longer than 90 days in the standard case, subject to operational and legal-hold exceptions.
Deletion process. Account deletion may be initiated through the in-Service settings or by written request to the contact in Section 21. We process account-deletion requests on a target timeline of 30 days from confirmation, subject to operational requirements and legal-hold exceptions.
Section 9. Your Rights and Choices
Subject to applicable law and the limitations described in this Policy, you have the rights and choices described below. Where a right is granted by a specific state statute, the state-specific section of this Policy controls.
Access. You may request a copy of the personal information we hold about you. Substantial portions of your account, identity, supervision, exam, and learning records are also available through in-Service views and export controls.
Correction. You may correct inaccuracies in your account and identity-profile information through the profile-edit surface. Updates to your jurisdiction, license code, and degree are processed through the same surface and may trigger progressive unlock of capability-gated features consistent with the Service's Practice Category System.
Deletion. You may request deletion of your account and associated personal information as described in Section 8.
Export. You may request export of your account-associated personal and professional information in a structured, commonly used format. Exports are available through your settings, via the account information archive feature, or as an in-app request at the time you delete your account.
Acknowledgment and preferences. You may review your acknowledgment history within the Service. When a revised version of this Policy is published, you will be required to re-accept it before continuing to use the Service; if you decline, you must discontinue use of the Service.
Communication preferences. You may opt out of non-essential email and push communications through in-Service preference controls. Transactional and operational communications continue regardless of marketing preferences, consistent with Section 15.
Authorized agents. Where applicable law permits the use of an authorized agent to exercise rights on your behalf, we will honor properly documented agent requests consistent with the verification standards in the applicable statute.
To exercise these rights, please use the in-Service controls where available or contact us at the address in Section 21. We will respond consistent with the timing required by applicable law.
Section 10. California Privacy Rights
This section applies to consumers who are California residents within the meaning of the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, codified at Cal. Civ. Code §§ 1798.100 to 1798.199.100 (collectively, the "CCPA/CPRA").
Categories of personal information collected. In the preceding twelve months, we have collected the following categories of personal information as enumerated in Cal. Civ. Code § 1798.140(v): identifiers (account email address, IP address, device identifiers); customer records as described in Cal. Civ. Code § 1798.80(e) (name, account information); professional or employment-related information (license code, jurisdiction, supervisor or supervisee status); education information (enrolled program, institution, expected graduation for student users); internet or electronic network activity information (telemetry events, interactions with the Service); geolocation information limited to coarse, IP-derived location; audio, electronic, visual, or similar information (only to the extent embedded in messaging or community content the user chooses to upload); and inferences drawn from the foregoing limited to lifecycle-stage and capability-gating signals. We do not collect biometric information, precise geolocation, characteristics of protected classifications under California or federal law, or commercial information regarding purchasing or consuming histories.
Sensitive personal information. We may collect information that constitutes "sensitive personal information" within the meaning of Cal. Civ. Code § 1798.140(ae), including account credentials sufficient to access an account (the hashed password and recovery email). The Operator does not collect categories of sensitive personal information enumerated in Cal. Civ. Code § 1798.140(ae) other than account credentials. You have the right to limit the use of sensitive personal information consistent with Cal. Civ. Code § 1798.121.
Right to know. You have the right to request that we disclose the categories of personal information we have collected about you, the categories of sources from which the information was collected, our purposes for collecting it, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected about you, consistent with Cal. Civ. Code § 1798.110.
Right to delete. You have the right to request deletion of personal information we have collected from you, subject to the exceptions in Cal. Civ. Code § 1798.105(d).
Right to correct. You have the right to request that we correct inaccurate personal information consistent with Cal. Civ. Code § 1798.106.
Right to opt out of sale or sharing. Consistent with Cal. Civ. Code § 1798.120, you have the right to opt out of the sale of personal information and the sharing of personal information for cross-context behavioral advertising. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We have not sold or shared personal information for cross-context behavioral advertising in the preceding twelve months.
Right to limit use of sensitive personal information. Consistent with Cal. Civ. Code § 1798.121, you have the right to direct us to limit our use of your sensitive personal information to those uses necessary to perform the services reasonably expected by an average consumer.
Right to non-discrimination. Consistent with Cal. Civ. Code § 1798.125, we will not discriminate against you for exercising any of these rights.
Verifiable consumer requests. To exercise these rights, you may submit a request through the in-Service controls or by contacting us at the address in Section 21. We will verify your identity in a manner consistent with the implementing regulations at Cal. Code Regs. tit. 11, §§ 7060 to 7063, typically by confirming control of your account email address and, for sensitive requests, additional account-context information.
Section 11. Illinois Privacy Rights
The Operator is organized in Illinois and operates from a principal office in Illinois.
Personal Information Protection Act. With respect to Illinois residents, in the event of a "breach of the security of the system data" as defined in 815 ILCS 530/5, the Operator will provide notification to affected Illinois residents in the most expedient time possible and without unreasonable delay, consistent with 815 ILCS 530/10. Notification will include the information required under 815 ILCS 530/10(a)(1), including the toll-free numbers and addresses for consumer reporting agencies and the Federal Trade Commission, and a statement that the individual can obtain information from these sources about fraud alerts and security freezes. Where the Act requires notification to the Illinois Attorney General, we will provide such notification consistent with the statutory thresholds.
Biometric Information Privacy Act. The Service does not collect, capture, purchase, receive through trade, or otherwise obtain "biometric identifiers" or "biometric information" within the meaning of 740 ILCS 14/10. The Service does not use retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry. The Service does not derive biometric information from any biometric identifier. Accordingly, the consent, written-policy, retention-schedule, and destruction requirements of 740 ILCS 14/15 do not apply to the Service's operations as currently designed. If at any future point the Service introduces a feature that would collect or process biometric identifiers or biometric information within the meaning of the Act, this Policy will be updated, a separate biometric-information policy will be published, and the consent requirements of 740 ILCS 14/15(b) will be satisfied before any such collection commences.
Section 12. Children's Privacy
The Service is offered only to users who are 18 years of age or older. The Service is not directed to children under the age of 13 within the meaning of 15 U.S.C. § 6501(1) and is not designed or marketed to attract such children. We do not knowingly collect "personal information" from a "child" within the meaning of the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501 to 6506, and its implementing rule at 16 CFR Part 312.
If we become aware that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete the information from our systems and to terminate any associated account. Parents, guardians, or other persons with knowledge of an inadvertent collection are invited to contact us at the address in Section 21 so that we may act on that information.
The Service is also not intended for individuals between the ages of 13 and 17. Although such users are not "children" within the meaning of COPPA, the age requirement of 18 set forth in our Terms of Use applies.
Section 13. International Users and US-Only Scope
The Service is operated for users in the United States. The Operator's infrastructure subprocessors store and process personal information in US regions, including US regions of the Supabase platform. The Service is not directed to, nor intended for use by, individuals outside the United States.
If you access the Service from outside the United States, you do so at your own initiative and at your own risk. You acknowledge that your information will be processed in the United States and that US law, including the laws cited in this Policy, will apply to that processing. The Operator does not participate in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, the Swiss-US Data Privacy Framework, or any predecessor or successor framework, and does not offer assurances regarding the adequacy of US data-protection law from the perspective of any foreign jurisdiction. Users in the European Union, the European Economic Area, the United Kingdom, Switzerland, or other non-US jurisdictions should not use the Service.
The Operator's scope is currently limited to US clinicians and clinical students. The legal, licensure, and professional-association frameworks the Service is designed to support are US frameworks.
Section 14. Cookies and Tracking Technologies
The Service uses cookies and similar technologies only as necessary to operate the Service. The cookies we use fall into two categories:
Strictly necessary session cookies. These cookies maintain your authenticated session and store essential preferences such as theme selection. They cannot be disabled without rendering the Service nonfunctional. They are configured as HTTP-only where appropriate to mitigate cross-site scripting risk.
Authentication and security tokens. Certain HTTP-only tokens are stored in cookies to refresh your session consistent with our authentication subprocessor's framework.
We do not use third-party advertising cookies. We do not participate in cross-site tracking networks. The Service does not embed third-party advertising trackers, social-media tracking pixels, or behavioral-targeting beacons.
Do Not Track signals. Consistent with the disclosure obligation in Cal. Bus. & Prof. Code § 22575(b)(5), the Operator discloses that the Service does not respond to "Do Not Track" browser signals or similar mechanisms. The Operator's posture is that it does not engage in the tracking behavior that the Do Not Track signal was designed to limit, and therefore the signal has no operational effect on the Service.
Third-party tracking on the Service. Consistent with the disclosure obligation in Cal. Bus. & Prof. Code § 22575(b)(6), the Operator discloses that it does not knowingly permit other parties to collect personally identifiable information about an individual consumer's online activities over time and across different websites when the consumer uses the Service.
Section 15. Marketing Communications
The Operator distinguishes between transactional or relationship messages and commercial messages consistent with the CAN-SPAM Act, 15 U.S.C. §§ 7701 to 7713, and its implementing rule at 16 CFR Part 316.
Transactional or relationship messages. Messages whose primary purpose is to facilitate, complete, or confirm a transaction the user has agreed to, to provide warranty or safety information, to notify the user of changes to terms or membership status, or to deliver services as part of an agreed transaction are transactional or relationship messages within the meaning of 15 U.S.C. § 7702(17) and 16 CFR § 316.3. Account-administration emails, security notices, verification messages, supervision-relationship notifications, message-receipt notifications, connection-request notifications, content moderation outcomes, and similar communications operated by the Service are transactional or relationship messages. These messages will continue regardless of marketing-preference opt-outs because they are necessary to deliver the Service the user requested.
Commercial messages. Where the Operator sends a message whose primary purpose is the commercial advertisement or promotion of a product or service, that message is a commercial message subject to the requirements of 15 U.S.C. § 7704, including identification as advertisement, valid physical postal address, and a working opt-out mechanism honored within 10 business days consistent with 15 U.S.C. § 7704(a)(4)(A). The Operator does not currently send commercial messages in the ordinary course of operating the Service. Where the Operator does send commercial messages in the future, the user may opt out without affecting transactional or relationship messaging.
Per-category email cadence. The Service offers per-category cadence preferences for notification emails consistent with the in-Service notification preferences. Users may set each category to realtime delivery, daily digest, weekly digest, or off. Users may also pause all non-transactional email delivery through a master toggle. Transactional or relationship messages continue regardless of cadence selection.
Section 16. SMS and Push Notifications
SMS. The Service does not send SMS or text messages in the ordinary course of operating the Service. If at any future point the Service introduces SMS-based notifications, the Operator will obtain prior express written consent consistent with the Telephone Consumer Protection Act, 47 U.S.C. § 227, and the implementing rules at 47 CFR § 64.1200, will identify the sender, will support "STOP" and equivalent unsubscribe keywords, and will honor revocation of consent by any reasonable method as required by current FCC guidance.
Push notifications. Where you enable push notifications on a native iOS or Android application, the Service routes notifications through Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM), as applicable. Push notification payloads carry a title and a preview only; they do not crack underlying database payloads, and the structural protections that govern free-text fields described in Section 4 propagate through the push-fan-out layer. You may control push notifications through the in-Service notification settings and through your operating system's notification settings. Push delivery preferences include per-category cadence options consistent with the email preferences described in Section 15.
Push tokens. Push tokens are stored in association with your account and device identifier. Tokens are rotated on the platform's schedule and are deleted when you disable notifications, uninstall the application, or sign out. The Operator runs a periodic cleanup process for stale tokens.
Section 17. Educational Records and FERPA
This section applies only to users who participate in the Service through a tenant context affiliated with a university, college, or other educational institution, in connection with a field-placement or internship oversight program, and only with respect to records generated in that context.
FERPA framework. The Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and its implementing regulations at 34 CFR Part 99 ("FERPA"), govern the disclosure of "education records" maintained by an educational agency or institution. Education records are the records of the educational institution; FERPA rights run against the educational institution, not against a third-party platform provider.
School-official designation. Where the Operator provides services to an educational institution as a tenant, and where the institution has designated the Operator as a "school official with legitimate educational interests" within the meaning of 34 CFR § 99.31(a)(1)(i)(B), the Operator processes education records on the institution's behalf and under the institution's direction. In that capacity, the Operator (a) performs services for which the institution would otherwise use employees, (b) is under the direct control of the institution with respect to the use and maintenance of education records, and (c) uses education records only for the authorized purposes and does not redisclose them in violation of 34 CFR § 99.33(a). Where the Operator and an institution have entered into a written agreement governing the relationship, the terms of that agreement govern between the parties; this Policy describes the user-facing posture.
Allocation of rights. FERPA rights are exercised against the educational institution, not against the Operator. If you are a student user with a question about access to, correction of, or disclosure of records maintained in connection with your placement, please consult your institution's FERPA office.
Section 18. State-Specific Privacy Rights
In addition to the California-specific and Illinois-specific rights described above, residents of certain other states have rights under their state's comprehensive consumer privacy statutes. The Service's collection thresholds and data uses may or may not bring it within the scope of each statute; this section describes the rights that apply if the statute applies to the Operator with respect to the resident's information.
Virginia. The Virginia Consumer Data Protection Act, Va. Code Ann. § 59.1-575 et seq., grants Virginia consumers rights to access, correct, delete, obtain a portable copy of, and opt out of certain processing of personal data, including processing for targeted advertising, sale, or profiling in furtherance of decisions producing legal or similarly significant effects. The Operator does not engage in targeted advertising, does not sell personal data, and does not engage in such profiling.
Colorado. The Colorado Privacy Act, Colo. Rev. Stat. § 6-1-1301 et seq., grants Colorado consumers analogous rights, including a right to opt out of targeted advertising, sale, and profiling in furtherance of consequential decisions. The Act took effect July 1, 2023. The Operator does not engage in such processing.
Connecticut. The Connecticut Data Privacy Act, Conn. Gen. Stat. § 42-515 et seq., grants Connecticut consumers analogous rights. The Operator does not engage in targeted advertising, sale of personal data, or profiling in furtherance of consequential decisions.
Utah. The Utah Consumer Privacy Act, Utah Code § 13-61-101 et seq., grants Utah consumers a more limited set of rights, including a right to opt out of targeted advertising and sale. The Operator does not engage in either practice.
Texas. The Texas Data Privacy and Security Act, Tex. Bus. & Com. Code § 541.001 et seq., grants Texas consumers rights to access, correct, delete, obtain a portable copy of, and opt out of targeted advertising, sale, and profiling in furtherance of consequential decisions. The Texas Act applies broadly to entities processing personal data of Texans without a processing-volume threshold, subject to a small-business exemption. The Operator does not engage in such processing.
Other states. Residents of other states that have enacted comprehensive consumer privacy statutes (including, as of the drafting of this Policy, Oregon, Montana, Delaware, Iowa, New Jersey, New Hampshire, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and Nebraska, among others) have rights analogous to those described above. Where such statutes apply to the Operator with respect to a resident's information, the resident may exercise their rights by contacting us at the address in Section 21. We will respond consistent with the statute's verification standards and response timelines.
How to exercise state rights. State-resident rights may be exercised through the in-Service controls where available or by contacting us at the address in Section 21. We will verify the requester's identity in a manner consistent with the applicable statute and its implementing regulations.
Section 19. FTC Health Breach Notification Rule
The Federal Trade Commission's Health Breach Notification Rule, 16 CFR Part 318, requires "vendors of personal health records" and "PHR related entities" that are not subject to HIPAA to notify affected individuals and the Federal Trade Commission of a breach of security involving "PHR identifiable health information." The Rule, as amended by the FTC in 2024, applies to certain mobile health applications and other developers handling PHR identifiable health information.
Operator analysis. The Operator does not maintain personal health records within the meaning of 16 CFR § 318.2. The information the Service collects from users---professional license information, supervision relationships, supervision tracking entries, exam history, learning progress, and similar professional-credentialing and career-tracking data---is not "PHR identifiable health information" within the meaning of 16 CFR § 318.2. It does not relate to the user's past, present, or future physical or mental health condition, the provision of healthcare to the user, or payment for healthcare. It pertains instead to the user's professional practice and credentials as a clinician. On that basis, the FTC Health Breach Notification Rule does not apply to the Service.
Voluntary breach notification posture. Notwithstanding the Operator's analysis above, the Operator commits to provide users with timely notification of any security incident affecting their account information, consistent with applicable state breach-notification statutes and the Operator's own Section 7 commitments. The notification timing, format, and scope will be determined by the applicable state law(s) governing the affected user, and not by the FTC Health Breach Notification Rule.
Status changes. If at any future point the Operator's posture changes such that the Service would handle PHR identifiable health information within the meaning of the Rule, this Policy will be updated to reflect the new posture, and users will be notified consistent with Section 20.
Section 20. Changes to This Policy
We may update this Policy from time to time. The "Last Updated" date at the top of the Policy will reflect the most recent revision. We will retain prior versions of the Policy for reference where operationally feasible.
Material changes. Where a change is material, including any change that expands the categories of information collected, expands the purposes for which information is used, identifies a new subprocessor, or changes the rights you have under this Policy, we will provide notice in advance of the change taking effect through the in-Service notification system, by email to the address associated with your account, or both. Material changes also trigger re-acknowledgment under the per-section acknowledgment model.
Non-material changes. Non-material changes, such as clarifications of existing language, formatting improvements, or updates to contact information, take effect upon publication.
Acknowledgment versioning. Each version of this Policy carries a version stamp recorded in association with your acknowledgment. When a revised version is published, your prior acceptance will not satisfy the requirement for the new version, and you will be required to re-accept the revised version before continuing to use the Service before continuing to use the affected feature.
Re-acceptance of revised versions. When a revised version of this Policy is published, you will be required to review and affirmatively re-accept it through the same checkbox mechanism used at account creation before you may continue to use the Service. Your acceptance of a prior version does not satisfy this requirement. If you do not re-accept, you may not continue to use the Service, and you may export available data and terminate your account. subject to your right to discontinue use of the Service.
Section 21. Contact and Privacy Inquiries
Questions, comments, requests for the exercise of rights, and other privacy inquiries may be directed to:
Prometheus Services LLC
Attention: Privacy Inquiries
2501 Chatham Rd, Suite N
Springfield IL 62704
Email: [privacy@myfoothold.app]{.underline}
Phone: 314-272-3753
We will respond to inquiries within the timeframe required by applicable law. For statutorily defined consumer requests (including under the CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, and TDPSA), we will respond within the response window specified by the applicable statute, typically 45 days, with the right to extend by an additional 45 days where reasonably necessary and where notice of the extension is provided consistent with the statute.
For questions concerning the Operator's HIPAA posture, please see Section 4.
Section 22. Pilot-Specific Provisions
Pilot-stage qualification. The Operator's field-placement and tenant-grant functionality is in development. Where this section's terms would be material, the Operator and the institution may enter into a written addendum addressing FERPA, data security, and breach notification.
Payment information. We do not collect payment information during the pilot phase. We do not collect biometric identifiers or biometric information within the meaning of the Illinois Biometric Information Privacy Act, 740 ILCS 14/10. We do not collect government identifiers beyond the optional, user-provided license number described above.
Pilot end. At the conclusion of the pilot phase, if your account is not migrated to a generally available version of the Service, we will provide reasonable notice and an opportunity to export your information, after which retained personal information will be deleted or de-identified within 30 days, subject to legal-hold exceptions.