Privacy Policy

Introduction

Alpha Behavioral Health (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the “App”).

As a healthcare provider, we are also bound by HIPAA (Health Insurance Portability and Accountability Act) regulations regarding the protection of your health information.

Information We Collect & Store

We collect and store only the minimal information necessary to authenticate you and link your account to your patient record.

Stored in Our System:

  • Email address

  • Phone number

  • First and last name

  • Password (securely hashed)

  • A reference ID linking to your patient record

Stored Locally on Your Device:

  • Push notification tokens

  • Your selected app preferences (background theme, notification settings)

  • Cached appointment data for widget display

Information We Access But Do Not Store

When you use the App, we access information from Tebra, our practice management system, to display it to you. This information is retrieved in real-time and is NOT stored on our servers:

  • Appointment details and history

  • Provider information

  • Account balance and billing information

  • Service location addresses

  • Date of birth and demographic information

This data remains on Tebra’s secure, HIPAA-compliant servers. We simply display it temporarily within the App.

How We Use Your Information

We use the information we collect to:

  • Verify your identity through SMS verification

  • Display your upcoming appointments

  • Send appointment reminders via push notifications

  • Allow you to manage your appointments (cancel, change mode)

  • Display your account balance

  • Provide access to telehealth services

  • Connect you with your healthcare providers

  • Improve our App and services

Third-Party Services

We use trusted third-party services to operate our App.

Twilio

We use Twilio’s Verify service to send SMS verification codes to your phone number for authentication purposes. Twilio processes your phone number in accordance with their privacy policy.

Tebra (Practice Management)

Your health information is stored and managed in Tebra, our HIPAA-compliant electronic health records (EHR) system. This includes your patient records, appointment history, and billing information. Our App accesses this data via Tebra’s API to display it to you, but we do not copy or store this health data on our own servers.

Doxy.me (Telehealth)

When you access telehealth appointments, you are connected through Doxy.me, a HIPAA-compliant video conferencing platform.

Data Storage & Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Passwords are hashed using industry-standard algorithms before storage

  • All data transmission uses secure HTTPS connections

  • Health information remains on Tebra’s HIPAA-compliant servers — we do not store it

  • Local data on your device is stored in secure app storage

  • We use App Groups to securely share cached data between the main app and widget

Your login session expires after 30 days of inactivity, requiring re-authentication.

Push Notifications

With your permission, we send push notifications to remind you of upcoming appointments:

  • One day before your appointment (at 10:00 AM)

  • Three hours before your appointment

You can disable notifications at any time through your device settings or within the App preferences.

Widget

Our home screen widget displays your next upcoming appointment for quick access. This information is stored locally on your device using Apple’s App Groups feature and is only accessible by our App and widget extension.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Health records are retained in accordance with applicable healthcare regulations and our record retention policies.

When you log out, locally stored data on your device is cleared, including widget data and scheduled notifications.

Your Rights

You have the right to:

  • Access your personal and health information

  • Request correction of inaccurate information

  • Request deletion of your account (subject to legal retention requirements)

  • Opt out of push notifications

  • Revoke phone number verification by logging out

To exercise these rights, please contact us using the information below.

Children’s Privacy

Our App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information from your child, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy in the App. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Alpha Behavioral Health
Email: jeff@abh.care
Phone: 442-402-9818